v3.0.0 – release date 2024-05-13

Starting with release 3.0.0 Tosibox Virtual Central Lock is newly named as Tosibox HUB. The product is the same and upgrade paths from Virtual Central Lock to HUB are offered automatically. There are no deviations or removed features.

Changes and new features
•    Microsoft Azure Marketplace delivery
•    HUB underlying operating system and libraries are upgraded
•    Improved software update process

o  HUB installation process is more robust and provides progress on UI
o    SW updates are checked automatically once a day
o    If new update is found a notification is shown on the UI
o    HUB will check for Azure and AWS specific extensions
o    HUB can warn about extensions coming from unknown sources
o    HUB will notify if reboot is required after SW update.
o    Ongoing SW update is displayed on the SW Update page until done
o    Ongoing SW update gives a warning on Reboot page

•    HUB has received new audit events to complement increased functionality such as Node added or removed, VPN limit is near or has exceeded limit set in license, SW update is available, started or completed
•    HUB can send its status and settings to TosiControl for network monitoring, when feature is enabled
•    VMWare ESXi environment HW version setting is changed from 7 (ESXi/ESX 4.x) to 14 (ESXi 6.7)
•    VPN throughput is increased in Microsoft Azure and Amazon AWS environments where certain HUB installations were experiencing packet drop rates due to small socket buffer size
•    Used VPN connection protocol is displayed in the management user interface, either relayed TCP or direct UDP
•    HUB has a new favicon
•    VPN tunnel name is validated and certain special characters are no longer accepted
•    Confirmation is asked when clicking Reboot button
•    Added ability to configure LAN device path for the http(s) service
•    Email alerts has a new field for configuring TLS security for enforcing connection security scheme
•    Copy to clipboard button was added to copy the generated Remote matching code
•    Network device list items are now clickable web links opening the configured web service
•    Internet connection field on Status page is renamed as Tosibox Cloud
•    Static routes MTU field is not supported and has been removed
•    User can choose to display login password as asterisks or plain text
•    Removed Blowfish option as the preferred cipher for VPN data encryption from UI option. Blowfish can no longer be selected for new Node and Key tunnels.
•    HUB activation process is more robust and verbose
Bug fixes
•    Access Groups has a new Compatibility level setting to overcome an issue in Access Groups, IP address with netmask behaves differently than IP ranges when data is communicated to Locks. If compatibility level is "legacy" IP address with netmask is not transferred to Locks. If compatibility level is "default" IP address with netmask is transferred to Locks in the Access Group
•    Resolved certain Netmask and IP range address issues in Access Groups when migrating from older systems
•    Resolved issue when modifying VLAN interface HUB would not reconnect affected VPNs as was expected
•    Resolved issue where setting up new HUB installations with static IP address was broken
•    Resolved issue where static routes might not be deleted from the system after being deleted from the UI
•    Resolved issue where alert sending failed for anyone else but first recipient if recipient list contained spaces
•    Resolved issue where alert sending failed when using TLS security with specific type of mail servers due to bug in certificate management
•    Static route view validates against adding clearly malformed routes such as invalid IP/netmask/gateway and combination of those

Removed features
•    Dropped support for Microsoft Hyper-V on Windows Server 2016
•    Dropped support for scripting installation on Microsoft Azure and Amazon AWS cloud platforms

v2.6.2 – release date 2023-10-02 (Virtual Central Lock only)

Enhanced IP-to-IP mode instructions

The new IP-to-IP mode introduced in Virtual Central Lock 2.6.1 has been enhanced for better usability. This mode is specifically created to enable point-to-point communication between IP endpoints within LAN networks behind Tosibox Nodes. For more details, refer to the User Manual or the Helpdesk article "Working with the Access Groups IP-to-IP mode".


  • IP-to-IP mode is off by default when creating new Access Groups
  • Clarified the IP-to-IP mode user interface description

v2.6.1 – release date 2023-08-22 (Virtual Central Lock only)

Supported virtualisation platforms

  • VMWare vSphere/ESXi v7.0 GA
  • Microsoft Hyper-V on Windows Server 2016 and 2019
  • Linux KVM
  • Microsoft Azure Cloud
  • Amazon AWS Cloud

Support for TosiControl management UI

Virtual Central Lock is a central component in network management with TosiControl. Access controls created with the Access Groups can be monitored on TosiControl. Virtual Central Lock also sends a list of network elements and their status information for centralized device management. TosiControl integration requires explicit user approval on the Advanced Settings page.

IP-to-IP mode

IP-to-IP mode allows creating connections on IP level from the LAN side of one Node to the LAN side of another Node. With the IP-to-IP mode it is possible to limit access between the LAN side devices even if there are more devices present on the Node LANs. IP-to-IP mode is an extension of Access Groups.

Stability and scalability improvements

Especially large but also smaller Virtual Central Lock deployments gain performance improvement from improved memory management and enhanced file system and internal routines.


  • Improved robustness and bug fixes to Access Groups
  • Tightened firewall rules for DHCP
  • Fixed stability issue with Nodes where 1:1 NAT is used
  • Fixed rare issue where NTP service failed to start
  • Improved robustness for software update process
  • Latest underlaying OS security and 3rd party library updates

v2.4.3 (Central Lock) - release date 2023-05-29

  • Updated third party libraries to support more secure TLS 1.1 connectivity.
  • Indication in the user interface whether connection is a relayed (TCP) or direct VPN connection (UDP)
  • Starting with Android Mobile Client 2.0.3 and iOS Mobile Client 2.1 connectivity with Central Lock is supported only in this release.

v2.6.0.1 (Virtual Central Lock) - release date 2022-12-13

  • Resolved Access Groups issue affecting "Allow traffic between Locks" and "Allow L2 traffic between Keys" settings changing from enabled to disabled by itself when updating to version 2.6.0

  • v2.6.0 – release date 2022-11-16 (Virtual Central Lock only)
  • Supported virtualisation platforms
  • VMWare vSphere/ESXi v7.0 GA
  • Microsoft Hyper-V on Windows Server 2016 and 2019
  • Linux KVM
  • Microsoft Azure Cloud
  • Amazon AWS Cloud
  • Redesigned access rights management
  • Access Groups has been redesigned from the ground up. Access rights management is based on sets of devices and users that are grouped to create access rules called Access Groups. Access Group can consist of one or several device and user sets. Access Groups UI is modernised, graphical and mouse operated based on drag and drop gestures. All the familiar features from previous releases are supported. New Access Groups UI is fully backwards compatible, all upgraded systems will retain already created Access Groups.
  • Greatly enhanced cybersecurity
  • Virtual Central Lock underlying operating system and libraries are upgraded. Connectivity is utilising latest major VPN libraries contributing to greatly enhanced system security.
  • New audit trail events
  • Audit trail stores various actions such as system state and configuration changes. Actions can be traced, filtered and exported on the Logs view. Virtual Central Lock has received new audit events to complement increased functionality such as "System started" and "System shutdown".
  • Improved software update process
  • There are different types of updates
  • -System upgrade – Major release containing foundational changes to the platform and applications
  • -Software update – Minor release containing updates to selected parts of the system
  • Https login for web UI
  • Web UI access can be made via secure https protocol. Https encrypts traffic between the end user device and the web server and provides increased security. If https is enabled, it is used when accessing from the Virtual Central Lock LAN or over VPN connection.
  • Revised documentation
  • Virtual Central Lock user manual is revised thoroughly. For example, it has a section for installation and system requirements, Access Rights Management is explained in detail, all audit trail events, and email alerts are listed.
  • Bug fixes
  • VPNs are not cut-off when creating or deleting VLANs
  • Status page shows selected Lock and Sub Lock
  • Protocol ICMP ping is now allowed in access group
  • Renaming device in "Network devices" list does not result in unnecessary "Link protocol invalid" error anymore

v2.5.2 – release date 2022-06-28 (Virtual Central Lock only)

VPN Usage Logs export

VPN Usage Logs report Key user statistics from selected VPN connection. Logs can be used for tracking the amount of data transferred over the traced VPN connections. VPN Usage Log Export is used to generate reports of the data. Data can be filtered based on most important criteria such as Key or Lock name and session opening or closing time. Fixed timezone usage with log entries.

Updated system libraries and security fixes

VCL is more secure than ever. Release introduces several OS level CVE fixes and library updates including CVE-2020-1971, CVE-2020-25684, CVE-2020-25683, CVE-2020-25686, CVE-2020-25687, CVE-2020-25681, CVE-2019-14834, CVE-2020-25682, CVE-2020-25685.

Stability and scalability improvements

Large VCL deployments gain considerable performance improvement due to enhanced messaging and device polling routines. Maximum user and device limit is increased notably.

Improvements in Access Groups

Access Groups are fine tuned with several bug fixes and improvements. Clarified that connection between Keys works only in layer 2. Any Lock and Node connected over layer 3 will always have access to VCL Web UI. "Default for layer 2 Keys" setting works now, layer 2 Keys and Locks are added to the defined group.

Bug fixes

  • Fixed issue where Keys can change from layer 3 to layer 2 because of a sw bug and user loses access to VCL.

  • Fixed issue where IP address or IP address range in Access Group can have global effect even though it shouldn’t.

  • Fixed issues where connection names can get scrambled between VCL and the Key Manager in the Key software.

  • Fixed issue where Web UI could be broken when adding blank static route.

  • Fixed issue where manually added devices that are outside the IP range are not shown correctly in Web UI

  • Network devices list refresh fixed without the need to reload the Status page. Edit and remove buttons work again.

  • Fixed issues where duplicate system alerts were sent or no alerts were sent at all.

  • Added password copy option when new administrator user password is generated.

  • VCL native Chromium browser upgraded and is now in kiosk mode. Browser extensions cannot be installed anymore.

  • v2.5.1 – release date 2021-10-11 (Virtual Central Lock only)

    Fixed issues
  • Rare incident in Access Groups can cause the firewall not configured with the new settings, recently created IP/MAC items should be recreated manually

  • Stability improvement in VPN connection management

For complete list of release notes go to our Knowledge Base