OctoGate Version History

This overview lists the major changes and fixes in the current OctoGate version.

Release V4.5.33

• AD Interface: Support for CampusLAN calaVCE

Release V4.5.32

• HA Extension: Active handover to slave now possible
• Complete rework of the AD sync and LMZ paedML interface
• Additional security features: Failed login blocking
• Bug fix: WireGuard 2FA timeouts
• Completion of English translation
• Support for custom WireGuard private (public) keys
• Stability updates: Access point firmware

Release V4.5.31

• High Availability Update: Improved support for redundant HDDs and
  Config – Distribution for HA clusters
• Bug fixes for migration code

Release V4.5.30

• LMZ: Corrections to the AD interface Surf profiles
• Various bug fixes and stability optimizations
• Bug fix: Firewall rule configuration
• Bug fix: Creation of RADIUS server
• Feature: HTTPS Exceptions: Whitelist without Login
• Feature: Local groups can now be created even with an AD connection
• Feature: Automatic configuration and VPN pairing for installations / large-scale projects

Release V4.5.29

• Feature: High availability
• Bug fix: Content filter / blacklist / whitelist order
• Bug fix: Firewall page: Web page logic / usability
• Feature: Ability to define a proxy PAC per host group
• DNS – Reverse Zones from DHCP Leases: Now boot-persistent.
• Multi-AD feature extension
• Bug fix: WireGuard client config sometimes not updated in the service

Release V4.4.200

• WireGuard token feature with OctoVPN 1.5.0.9
• Wireless performance fixes
• New OctoGate app: Installation via QR code in the INFO dialog
• Support for multiple AD servers and domains
• Integration with Microsoft Azure Groups/Office 365
• New ECO Mode: Disabling features on limited hardware
• Support for client module / New: Configuration locations
• Bootloader tuning: Now 15 seconds faster
• Dashboard functionality expanded: Default dashboard per user group
• Standard dashboard for ‘normal users’
• Support for Proxmox, including version 8.2.2
• New version of demo data (in the Backup section)
• Load Balancer Module/Direct Proxy
• Duplicate checker for DNS zones and DHCP servers built into the web page
• Support for multiple DNS forwarders with any destination port
• New feature: Surf Simulator: Simulate a user’s surf filter
• Various cyclical housekeeping and cleanup routines developed: space savings
• Improvements to LMZ Migrator: Network setup and AD join support for proxy
• Support for multiple external connections via firewall, proxy, and load balancer
• Implementation of two new themes: Dark Mode 1/2
• Language support for AP Studio
• Security feature for firewall rules: Minimum requirements for specified parameters
• Bug fix: Screen flickering in the Interfaces table
• Support for WEBDAV/internal OwnCloud-like functionality
• Extensions and bug fixes for device bonding support
• Extension: HA failover/high availability
• Bug fix for firewall status LEDs (for rack models)
• New page: Reports, Analyses, Client Assignment for Proxy
• Two-factor authentication now also available for non-AD users (Admin, etc.)
• Bug fix: Active Directory passwords with many special characters
• Network switches and access points can now be deleted in the GUI
• Bug fix: Auto-renewal function for Let’s Encrypt certificates
• Bug fix: Special character check for SSIDs in configuration form
• Firewall page bug fix: Filter by chain
• Administration/System: Quick Switch: Quickly switch between multiple OctoGates
• LMIZ: Bug fix for blacklist/whitelist importer
• Bug fix: Routing tables with multiple external internet interfaces

Release V3.0.51

• Features:
  • New firmware for the access points
  • Preparation for the use of Nextcloud and Apple Caching Server
• Updates:
  • Improved Wi-Fi stability
• Fix:
  • Bug fix in the OctoGate Guest module

Release V3.0.50

• Features:
  • Support for AX-series access points (AX-3000, AX-3500)
    • Support for the Wi-Fi 6 standard
    • Up to 4x faster data transfer rates (compared to, for example, the AC-2000 access point)
  • Traffic Shaping: Bandwidth can be limited separately on all network interfaces
  • Support for the OpenID® Connect interface
    • Secure user authentication via a trusted authorization server
    • Web GUI for performing the necessary OpenID® Connect client configuration
    • OpenID® Connect interface for authenticating an OctoGate instance in a Univention environment
  • Web version of the OctoGate app available locally on every firewall
  • Support for classroom control functionality in the current version of the OctoGate app

• Updates:
  • SafeSearch: separate configuration options for YouTube and Google
  • Log processing: Performance boost and reduced disk space requirements through intelligent log processing
  • Network performance: Increased data throughput (up to 2x) through infrastructure optimizations

Release V3.0.48

• Feature: 2048-bit certificate for mobile devices
• Update: Captive portal page with a new design
• Fix: Apple devices with iOS versions less than or equal to 13 can now be filtered again
• Fix: Wi-Fi – Stability improvements

Release V3.0.47

• Feature: New system for configuring routers
• Feature: New diagnostic mode for detecting and resolving runtime issues
• Update: Access Point (AP) firmware updated (latest version of the OpenWrt system)
• Update: Access Point (AP) bootloader updated (fixes rare timeout issues)
• Update: WLAN driver updated
• Update: General improvement in Wi-Fi stability
• Update: Increased the number of users per AP that can connect (to 80)
• Fix: “OCTO WLAN” SSID is no longer broadcast

Note: Starting with version 3.0.47, our Asus devices are no longer supported.

Release V3.0.46

• Fix: Wi-Fi stability

Release V3.0.44

• Fix: Configurations causing the app to malfunction
• Fix: Access Points – Various bug fixes (timeout issues)
• Fix: Safesearch (Google) improvements
• Fix: SQUID – Optimized SSL scanning
• Fix: RADIUS – Improved EAP support
• Fix: WebGUI – Widget updates/adjustments to current browser requirements
• Fix: WebGUI – Validation checks revised

• Feature: Access Points – New and clearer status messages
• Feature: Relution
• Feature: Web – PHP update

Release V3.0.43

• Fix: Squid – Crashes on Opteron processors
• Feature: BYOD Classes – Logout Function for OctoGate APP

Release V3.0.42

• Fix: Web Proxy – Improved logging of web pages with long URL lines
• Fix: Voucher Network, malfunction when the client’s IP changes
• Fix: Migration to MySQL 5.7 as database, automatic repair programs in case of errors
• Fix: Support for Play Store / iTunes during HTTPS scanning
• Fix: Performance – Improved web browsing
• Fix: Troubleshooting AC-2000 in large installations > 60 access points
• Fix: Troubleshooting – AC-1000 operational stability

• Feature: Support for OctoGate app
• Feature: Support for AC-2000
• Feature: Support for WLAN Cloud / WLAN – Hybrid Mode (Access Points are controlled via the cloud behind OG)
• Feature: BYOD (Bring Your Own Device) – Control via paedML School Console
• Feature: New groupware: Tine 2018 with out-of-office function, etc.
• Feature: Support for iOS 12 with MDM (ECDH encryption)
• Feature: Support for a fourth Wi-Fi SSID, also in the web interface

Release V3.0.41

• Feature: OctoGroupware / Tine upgrade
• Feature: Support for new token generators for user authentication via VPN or WebVPN
• Feature: Support for AC-2000
• Fix: Performance improvements for AC-1000
• Fix: Various bug fixes and improvements
• Feature: BYOD functionality for LMZ customers
• Feature: CentralCloud support
• Feature: Optional support for 4 SSIDs via OctoGate
• Feature: Support for the OctoGate app

Release V3.0.39

• Fix: Some Active Directory configurations prevented login via the voucher page
• Fix: Not all devices were redirected to the captive portal, so authentication could not take place in some cases
• Fix: MPP occasionally delivered empty emails
• Fix: WebGUI SMTP relay memory issue
• Fix: WebGUI backend sometimes caused high CPU load

Release V3.0.38

• Fix: Access points could no longer be maintained after an SQL database malfunction
• Feature: Root certificates are available for guests – octo.octo/der and octo.octo/crt
• Feature: SSL libraries updated. Elliptic curves. This improves compatibility
  with specific websites (HTTPS, e.g., datev.de)
• Feature: OctoGuest – Redirect to original destination page after voucher entry
• Feature: Centralized daily distribution of website URLs to OctoGates that are to be excluded from the SSL scan (e.g., Apple Store)
• Feature: BringYourOwnDevice – Functionality for the SNV product from INL AG
• Bug Fix AC-1000: Resolves connection issues if the network’s nameserver cannot resolve the OctoGate
• Feature: Transparent HTTPS scanning in the voucher – WLAN can be enabled or disabled separately
• Feature: When creating a voucher code, you can now specify whether HTTPS scanning should be enabled for the user or not.
• Feature: LMZ: Access to SharePoint / MySites can now be enabled from all Wi-Fi networks via a firewall rule.
  Detailed documentation will follow from LMZ.
• Fix: VPN clients could be accidentally deleted in the GUI by activating a data filter
  in the display component
• Feature: Wi-Fi Access Point Client Isolation: Optional isolation of Wi-Fi clients from one another for
  increased security.
• Fix: MySQL database shutdown due to insufficient main memory.
• Fix: NTP client updated. New servers set up.
• Feature: WebGUI – New design.
• Feature: WebGUI: New setting for a maintenance window. Within this time period
  (e.g., once a week), OctoGate performs maintenance tasks on the system (file system, updates).
  Please check this setting and adjust it if necessary. Known issues for this release can be found here.

Release v3.0.37 (not an LMZ release)

• Feature: Content adaptation recognizes MiniProxy.php (heuristic)
• Feature: Content adaptation works with Google Translate
• Fix: Content adaptation no longer detects HTTPS on port 443
• Feature: Bring-your-own-device allows external control of the proxy
• Feature: WebGUI can control transparent proxies via the interface
• Feature: Guest system can use port forwarding
• Fix: Memory scaling for InnoDB and AntivirusProxy adjusted to 4GB RAM

Release v3.0.36

• Feature: ‘Notes’ field for access points
• Fix: WebGUI/OctoGate scan can now parse the date 0-0-0000.
• Feature: Viewer user SSH key can be downloaded via WebGUI
• Fix: RT-AC56U can be installed again

Release v3.0.35

• Improvement to the PDF virus scanner
• Adjustment of firewall rules
• Protection against Samacry / WannaCry
• New setup and diagnostic tool for the console (ALT F2)
• Viewer, user, and root access via console now possible
• Various security updates

Release v3.0.34

• Support for SHA-256 certificates with transparent SSL scanning
• Fix: new AC-1000 firmware for more reliable booting, even after multiple power cycles

Release v3.0.33

• Feature/Fix: Added CPU usage monitor
• Fix: Web server now sends the entire *.ozone.octogate.de certificate chain
• Fix: Web VPN can once again authenticate via NTLM
• Fix: Synchronization of the LDAP structure can now renew the LDAP handle
• Fix: Samba now allows 450 concurrent authentications on the ADS
• Feature: File system check can now be triggered manually
• Fix: File system check no longer requires user input
• Fix: Dhcrelay configuration now remains permanent

Release v3.0.32

• Feature: Darkstat-Packet can now track traffic per IP
• Feature: 64-bit kernel can be used optionally

Release v3.0.31

• Feature: Proxy log now performs better thanks to a new database driver
• Feature: Proxy log performs better thanks to log buffer and fewer messages
• Fix: Rejoin more reliable when domain connection is lost
• Fix: Guest system now also supports multiport/port ranges
• Feature: Web server can redirect to Relution (MDM package)

Release v3.0.30

• Fix: OctoRPC now writes log files via Syslog
• Feature: DNS cache with 16k entries
• Feature: Proxy allocates more memory for cache objects.

Release v3.0.29

• Feature: Import of AD objects now includes buffering and delta sync
• Fix: Network traffic logging can now be cleared
• Fix: LDAP handle is restored at runtime if lost
• Fix: Access to SSHD limited to specific users
• Fix: User octo_setup has a new password
• Feature: Expanded database cache limits disk I/O

Release v3.0.28

• Feature / Fix: Web server no longer responds to SSLv3 connections (Poodle vulnerability)
• Feature: Update to Samba 4. Enables massive parallelization of authentication on AD
• Feature: Guest portal is now recognized by Android devices
• Feature: Wireless router infrastructure further expanded/improved
• Fix: Guest system vouchers can now only be used for one device
• Fix: Guest portal now allows downloading of OctoGate root certificates again
• Fix: Sporadic timeouts during saving resolved (WebGUI)

Release v3.0.27

• Redesign: Wireless router management infrastructure modernized
• Feature: New firmware version for new RT-AC66U revisions
• Feature: New service for monitoring disk capacities
• Fix: Wi-Fi configuration via WebGUI is working again
• Fix: Blinkstick now alerts users to disk issues
• Fix: Further improvements in logging
• Fix: Internal system logger migrated to new version (syslog-ng v3.7)

Release v3.0.26

• Feature: Support for new router: AC-1000
• Fix: General improvements to the router service
• Fix: Optimized ADS list importer
• Fix: Improved logging for proxy and mail services
• Fix: Fixed display error in octo_setup

Release v3.0.25

• Feature: New configuration backup
• Fix: Optimization of DNS queries
• Fix: Stability update for MySQL databases

Release v3.0.24

• Fix: AD synchronization now imports blocklists differentially
• Fix: ICAP now supports the Whitelist-Only feature again
• Feature: “http://octo.octo” redirects to “https://hostname.ozone.octogate.de“

Release v3.0.23

• Fix: Memory leak in the setup program
• Feature: Caching for content filter database
• Feature: Infrastructure preparation for Octane

Release v3.0.22

• Fix: Improved content filter performance
• Fix: ICAP stability upgrades
• Feature: Additional support routines for VMware
• Feature: MTU adjustable in dedicated line mode
• Feature: Includes OctoScan version 3.3.9

Release v3.0.21

• Fix: DNS cache optimizations
• Feature: Active Directory interface enhancements
• Feature: New console setup tool. Accessible via ALT F2
• Feature: MTU adjustable in dedicated line mode

Release v3.0.20

• Redesign: Active Directory interface for external applications (SNV, paedML, INiS)
• Fix: Hardware clock synchronization via NTP was consuming too much processing time.
• Feature: MySQL tuning
• Fix: User/group name length in Active Directory was limited to 45 characters
• Fix: Reduction of system load
• Fix: Performance of the report filter function
• Feature: Support for port lists and port ranges in the firewall – Kern
• Feature: Configuration version is now displayed on the GUI status page (confdeploy version)
• Feature: Switch of GUI communication from proprietary JavaScript encryption to HTTPS
• Fix: Several minor bugs in the status display (Web GUI)
• Feature: More detailed configuration options for the transparent proxy
• Fix: Downloading a VPN client was impossible when there were a large number of clients
• Feature: OctoGuest voucher keys are now only 6 characters long (letters)
• Fix: Cleanup function for voucher database
• Fix: Various bug fixes in the OctoGuest module
• Feature: Improved internal service monitoring function
• Fix: Various DHCP functionalities
• Fix: Internal file parser
• Feature: OwnCloud module added
• Redesign: OctoGate HA (High Availability) function reimplemented
• Fix: OctoFax security settings
• Fix: Performance optimization of internal logging
• Feature: Read-only – SSH user for FH diagnostics, login upon request (data protection)
• Feature: New OctoGate CA with SHA256 digest
• Feature: New firmware version (1.1.3) for all routers. Improved NTP handling
• Fix: Mail backup with encryption
• Fix: Improved SSL proxy support
• Fix: Processes in the Active Directory interface are now parallelized
• Fix: Active Directory synchronization can now import mixed-mode users
• Feature: Active Directory synchronization can now also create VPN users and send them via email

Release v3.0.19

• Feature: New hardware support for the DESK series
• Feature: Wireless router support for TL-WR841N-v8 and TL-WR841N-v9 routers
• Fix: Transparent proxy on Wi-Fi routers was not working
• Redesign: OctoGuest
• Fix: DNS resolution issues
• Fix: Web GUI browser IE11: Prompt to enable compatibility mode
• Feature: Web GUI automatically displays the registration dialog when a new system is installed
• Fix: Privacy features in reporting
• Fix: Log compression now compliant with data protection regulations
• Fix: MySQL Firewall – Log consolidation function

Release v3.0.18

• Support for new Wi-Fi routers: TL-WR841N, TL-WA7510N
• Support for the Blinkstick
• Automatic creation of CDDs for the Secure VPN server
• Migration of Watchcat to the RO area
• The user manual has been updated
• System migrated to new IP range (INT = 10.45.10.0/24)
• New tool for detecting and resolving IP conflicts at runtime
• More robust VPN routing in case of unexpected issues
• Monitoring of Active Directory connections optimized
• Abstraction layer for storage devices implemented (/dev/octo/*)
• Runtime analysis tools have been optimized (sysstat)
• Backup strategies have been expanded and optimized (shared, sysstat)
• Support for large MySQL tables (innodb, 10GB)
• Search function error in firewall reports fixed (search by source and destination IP)

Release v3.0.17

• Hotfix: Support for IDE drives (older hardware)

Release v3.0.16

• Support for Hyper-V
• Automatic mounting of storage devices (USB)
• New module for configuring the OctoGate (USB stick)
• Blinkstick: Warnings/messages from the kernel module have been fixed
• Reliable detection of available Ethernet devices (/sys/class/net/*)
• The AP daemon is now enabled by default
• AP daemon: Configuration updated (Radius keys, interfaces, etc.)
• AP daemon: more robust settings for the VPN tunnel (openvpn.apd)
• AP daemon: Reliable deletion of entries from the ARP table
• WebGUI: Fixed hiding of SSIDs (Wi-Fi router)
• WebGUI: Display of the real MAC address (Wi-Fi router)
• PF: Support for empty (ANY) input and output interfaces (port forwarding)
• PF: AD configuration no longer
• Support for SSLBUMP in whitelist-only cases (Icap)
• Migration: New devel repository for developer testing (octo_fwupdate –devel)
• Conflict with Kobil token generator and LMZ Radius configuration has been resolved
• Squid template for server-side SSLBUMP has been updated