25. Roadmap

25.1. VT AIR 23.10.1

  • Web Application Firewall:

Modsecurity our WAF module has been announced to be End of Life for 2024. It will be replaced with Coraza, which also offers a SPOA connector for HAProxy. This way we do not need Nginx for WAF anymore and can directly connect HAProxy to the WAF engine which will speed up the processing of traffic.

  • Web Application Firewall Custom Error Page:

We want to implement the ability to show a custom error page in case a WAF rule blocks traffic. This can be combined with a HAProxy ACL for example the hostname.

  • Rename LTE in GUI:

With the support of 5G we will rename all the Menu entries of LTE in the GUI to something more generic like Cellular. This way we are also future ready if there will be other cellular standards in the future.

  • Multiple Zero Tier One:

Currently we have support for a single zero tier one instance. We want to extend that to multiple zero tier one instances.

  • WPA Supplicant

We have been using a generic WPA Supplicant service name for wired connections. We will migrate to the existing template for wired connections called wpa_supplicant-wired@INTNAME

  • Diagnostics Firewall Rule Page

Improve the Firewall Rule Page for large setups as it blocks the webgui at the moment while loading the rules.

  • Minor Kernel Update:

The .04 and .10 releases always contain a new Kernel. The .04 release contains a new Long Term Support Kernel LTS. The .10 release contains a minor update for the used LTS Kernel.

25.2. Long Term

  • MPTCP:

Multipath TCP offers multiple connections between two hosts and also adjusts the send rate and balances the degree of congestion within each sub-flow to improve throughput/resource utilisation. We want to explore the ability to connect two VT AIR with MPTCP for SDWAN.

  • Dynamic Charting Framework:

A dynamic charting framework would allow us to chart arbitrary data from the OS that can be read like states, CPU utilization and so on.

  • Web Filter connection to Intrusion Protection:

We want to forward decrypted Web Filter traffic to the Intrusion Protection engine. This would allow us to also check encrypted web traffic that is decrypted by the Web Filter against the IPS Ruleset.

  • WLAN Client Support:

We want to explore the possiblity of adding support for WLAN modules so VT AIR can participate as a WLAN client in networks.