The Inverse team is pleased to announce the immediate availability of 
PacketFence v10.1. This is a major release with new features, enhancements and 
bug fixes. This release is considered ready for production use and upgrading 
from previous versions is strongly advised.

What is PacketFence?

PacketFence is a fully supported, trusted, Free and Open Source Network Access 
Control (NAC) solution. Boasting an impressive feature set, PacketFence can be 
used to effectively secure small to very large heterogeneous networks.

Among the features provided by PacketFence, there are:

powerful BYOD (Bring Your Own Device) capabilities
multiple enforcement methods including Role-Based Access Control (RBAC) and 
built-in network behaviour anomaly detection
state-of-the art devices identification with Fingerbank
compliance checks for endpoints present on your network
integration with various vulnerability scanners, intrusion detection solutions, 
security agents and firewalls
bandwidth accounting for all devices
... and many more!
A complete overview of the solution is available from the official website: <>

Changes Since Previous Release

New Features

Live log viewer from admin interface
Fully tenant-aware admin interface
Support for MS-CHAP authentication for CLI/VPN access
New pfcertmanager service that generates certificate files from configuration

EAP configuration template - add a way to define multiples EAP profiles in 
New action for AD/LDAP sources to set role when user is not found
Provide an advanced LDAP condition to allow custom LDAP queries
The captive portal can now feed HTTP client hints to the Fingerbank collector
Added ability to enable/disable a network anomaly detection policy (#5403)
Return the portal IP if the QNAME matches one of the portal FQDN for registered 
devices using inline enforcement
Individual source rules can be disabled
Support for Dell N1500 starting from
CoA support for Ubiquiti Unifi AP
Added a way to define the Unifi AP by IP or IP range
Use the value of an LDAP attribute as a role
Added the return of the LDAP/RADIUS attributes to use them in RADIUS filter
The /api/v1/radius_attributes endpoint is now searchable
Proxy the captive portal detection URL when the device is registered
Choose which EAP profile to use based on the realm
LDAP's basedn can be defined in the authentication sources rules
New hooks for the RADIUS filter engine in eduroam virtual server
Redefined "restart" in the service manager to allow "PartOf" in systemd scripts
Set role from source authentication rule option (needs #5459)
Flatten the RADIUS request for the authentication sources (attributes like 
RADIUS request attributes / username are part of the common attributes
Support of multiples LDAP servers in FreeRADIUS ldap_packetfence configuration 
Copy outer User-Name attribute in PacketFence-Outer-User attribute to be able 
to use it in the authentication rules
Copy the LDAP-UserDN attribute in PacketFence-UserDN attribute to be able to 
use it in the authentication rules
Added a way to extend the LDAP filter for searchattributes configuration
Documentation for EAP profile selection
Documentation for regex realm
Documentation for new action/condition in LDAP authentication
Moved the VLAN filters example as default disabled VLAN filter
Use PUT for node reevaluate_access to fix issue with admin_role actions mapping
OpenID pid mapping is now configurable
Can map OpenID attributes to a person attributes
Allow to create authentication rules based on OpenID attributes
Bug Fixes

Fixes Fortinet Fortigate returnAuthorizeVPN function (#5409)
Barracuda NG firewall SSO SSH fails (#4828)
Impossible to set multiple access level in administration rule (#5440)
Fixed when its running behind a proxy (#3425 )
Fix vendor attributes not being sent from Switch Template (#5453)
Fixed issue authorizing a user in web-auth on Unifi when the node has its date 
set to '0000-00-00 00:00:00'
<> for the 
complete change log.

See the Upgrade guide for notes about upgrading: 

Getting PacketFence

PacketFence is free software and is distributed under the GNU GPL. As such, you 
are free to download and try it by either getting the new release or by getting 
the sources: 
Documentation about the installation and configuration of PacketFence is also 

How Can I Help?

PacketFence is a collaborative effort in order to create the best Free and Open 
Source NAC solution. There are multiple ways you can contribute to the project:

Documentation reviews, enhancements and translations
Feature requests or by sharing your ideas
Participate in the discussion on mailing lists 
Patches for bugs or enhancements
Provide new translations of remediation pages

Getting Support

For any questions, do not hesitate to contact us by writing to <>
You can also fill our online form ( 
<>) and a representative from Inverse will contact 

Inverse offers professional services to organizations willing to secure their 
wired and wireless networks with the PacketFence solution.
PacketFence-devel mailing list

Reply via email to