The Inverse Team is pleased to announce the immediate availability of 
PacketFence 2.0.0. This is a major release bringing new features, new 
hardware support, performance enhancements, documentation update and 
other smaller changes. This release is considered ready for production use.

=== What is PacketFence ? ===

PacketFence is a fully supported, trusted, Free and Open Source network 
access control (NAC) system. Boosting an impressive feature set including:

  * Registration and remediation through a captive portal
  * Detection of abnormal network activities using Snort IDS
  * Proactive vulnerability scans using Nessus
  * Isolation of problematic devices
  * 802.1X for wired and wireless networks
  * Wireless integration for all provided features
  * Supports complex and heterogeneous environments
  * VoIP / IP Telephony support and more!

A set of screenshots is available from and a set of videos is 
available from

=== Changes Since Previous Release ===

New Hardware Support
  * SMC TigerStack 6128 L2 support in Port Security (feature sponsored 
by Seattle Pacific University)
  * HP ProCurve MSM710 Mobility Controller
  * Meru Networks MC3000 Wireless Controller
  * Juniper EX Series in MAC RADIUS (Juniper's MAC Authentication)

New Features
  * Simplification of the Wireless, Wired 802.1X and Wired MAC 
Authentication configuration. Because of a new FreeRADIUS module and a 
Web Service interface, everything is now using standard PacketFence 
proccesses and configuration files.
  * VoIP devices authorization over RADIUS (#1008)
  * Proxy interception. PacketFence can now operate in an environment 
where there is a client-side proxy configured. Check proxy-bypass in 
addons/ for details. (#1035)
  * Passthroughs support! You can now configure PacketFence to let your 
users reach specific websites even if they are in registration or 
isolation. (#772) (feature sponsored by Shippensburg University)
  * New pf::web::custom extension point to customize the captive 
portal's code without the usual maintenance burden on upgrades (#1045)
  * Bulk importation of nodes through CLI or Admin Web interface
  * New parameter in switches.conf to ease FreeRADIUS integration
  * Optional automatic configuration of FreeRADIUS' clients using 
switches.conf (see addons/freeradius-integration/README for details)
  * New 'pending' status for node. Allows for a wide range of captive 
portal workflows where an administrator approves network access (by 
email, SMS...)

  * New information available in Node Lookup (Connection Type, SSID, 
802.1X User-Name, ...)
  * FreeRADIUS module improvements (#1034) and major revamping
  * Easier installation process using yum groupinstall (#1089)
  * Faster Web Services layer running under mod_perl
  * Refactoring of the pf::vlan method names for more meaningful ones
  * Removed unnecessary database connections and duplicated code
  * 802.1X improvements (#995, #1002)
  * General code base improvements, refactoring (#914, #977, #1001, #973)
  * Usability improvements (#1006, #820, #1075)
  * Migrated to the new Emerging Threats rules for snort and added rules 
for botnets, malware, shellcode, trojan and worm by default (#1102)
  * New DHCP fingerprints (HP ProCurve Wireless, Ricoh MFP, 
Cisco/Linksys, Netgear, D-Link, Trendnet, Belkin Home Wireless Routers, 
Sony Ericsson, Android, Aruba Access Point, Avaya IP Phone, Gentoo Linux 
and Fedora Linux 13)
  * pfcmd_vlan's logging is now consistent with the rest of the system 
  * now handles DNS and DHCP basic configuration (#1112)

  * Merged Installation and Administration guides into a more coherent 
  * New documentation about DHCP and DNS services. Now easier to manage! 
  * New documentation about running in a routed environment
  * Improved documentation about Snort, Oinkmaster, and log rotation in 
Admin Guide
  * Improved documentation on violations (external remediation pages and 
redirect_url) in the Administration Guide

Bug fixes
  * Captive Portal remediation pages can be hosted externally again! (#1024)
  * Fixes to the SMC TigerStack 8824M and 8848M modules (see UPGRADE)
  * No error reporting when trying to change configuration files with 
bad rights (#1088)
  * Violation priorities are now enforced according to documentation (1 
= highest)
  * Wrong URL in the provided oinkmaster.conf (#1101)
  * MAC addresses of format xxxx.xxxx.xxxx properly recognized in pf::util

... and more. See the ChangeLog file for the complete list of changes 
and the UPGRADE file for notes about upgrading. Both files are in the 
PacketFence distribution.

=== Getting PacketFence ===

PacketFence is free software and is distributed under the GNU GPL. As 
such, you are free to download and try it by either getting the new 
release from:

or by getting the sources from the official monotone server using the 
instructions at

Documentation about the installation and configuration of PacketFence is 
available from:

=== How Can I Help ? ===

PacketFence is a collaborative effort in order to create the best Free 
and Open Source NAC solution. There are multiple ways you can contribute 
to the project:

  * Documentation reviews, enhancements and translations
  * Feature requests or by sharing your ideas
  * Participate in the discussion on mailing lists 
  * Patches for bugs or enhancements
  * Provide new translations of remediation pages

=== Getting Support ===

For any questions, do not hesitate to contact us by writing to

You can also fill our online form 
( and a representative from 
Inverse will contact you.

Inverse offers professional services to organizations willing to secure 
their wired and wireless networks with the PacketFence solution.

Ludovic Marcotte  ::  +1.514.755.3630  ::
Inverse inc. :: Leaders behind SOGo ( and PacketFence 

Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
Packetfence-announce mailing list

Reply via email to