The Inverse team is pleased to announce the immediate availability of
PacketFence v10.1. This is a major release with new features, enhancements and
bug fixes. This release is considered ready for production use and upgrading
from previous versions is strongly advised.
What is PacketFence?
PacketFence is a fully supported, trusted, Free and Open Source Network Access
Control (NAC) solution. Boasting an impressive feature set, PacketFence can be
used to effectively secure small to very large heterogeneous networks.
Among the features provided by PacketFence, there are:
powerful BYOD (Bring Your Own Device) capabilities
multiple enforcement methods including Role-Based Access Control (RBAC) and
hotspot-style
built-in network behaviour anomaly detection
state-of-the art devices identification with Fingerbank
compliance checks for endpoints present on your network
integration with various vulnerability scanners, intrusion detection solutions,
security agents and firewalls
bandwidth accounting for all devices
... and many more!
A complete overview of the solution is available from the official website:
https://packetfence.org/about.html <https://packetfence.org/about.html>
Changes Since Previous Release
New Features
Live log viewer from admin interface
Fully tenant-aware admin interface
Support for MS-CHAP authentication for CLI/VPN access
New pfcertmanager service that generates certificate files from configuration
Enhancements
EAP configuration template - add a way to define multiples EAP profiles in
FreeRADIUS
New action for AD/LDAP sources to set role when user is not found
Provide an advanced LDAP condition to allow custom LDAP queries
The captive portal can now feed HTTP client hints to the Fingerbank collector
Added ability to enable/disable a network anomaly detection policy (#5403)
Return the portal IP if the QNAME matches one of the portal FQDN for registered
devices using inline enforcement
Individual source rules can be disabled
Support for Dell N1500 starting from 6.6.0.10
CoA support for Ubiquiti Unifi AP
Added a way to define the Unifi AP by IP or IP range
Use the value of an LDAP attribute as a role
Added the return of the LDAP/RADIUS attributes to use them in RADIUS filter
The /api/v1/radius_attributes endpoint is now searchable
Proxy the captive portal detection URL when the device is registered
Choose which EAP profile to use based on the realm
LDAP's basedn can be defined in the authentication sources rules
New hooks for the RADIUS filter engine in eduroam virtual server
Redefined "restart" in the service manager to allow "PartOf" in systemd scripts
Set role from source authentication rule option (needs #5459)
Flatten the RADIUS request for the authentication sources (attributes like
radius_request.User-Name)
RADIUS request attributes / username are part of the common attributes
Support of multiples LDAP servers in FreeRADIUS ldap_packetfence configuration
file
Copy outer User-Name attribute in PacketFence-Outer-User attribute to be able
to use it in the authentication rules
Copy the LDAP-UserDN attribute in PacketFence-UserDN attribute to be able to
use it in the authentication rules
Added a way to extend the LDAP filter for searchattributes configuration
Documentation for EAP profile selection
Documentation for regex realm
Documentation for new action/condition in LDAP authentication
Moved the VLAN filters example as default disabled VLAN filter
Use PUT for node reevaluate_access to fix issue with admin_role actions mapping
OpenID pid mapping is now configurable
Can map OpenID attributes to a person attributes
Allow to create authentication rules based on OpenID attributes
Bug Fixes
Fixes Fortinet Fortigate returnAuthorizeVPN function (#5409)
Barracuda NG firewall SSO SSH fails (#4828)
Impossible to set multiple access level in administration rule (#5440)
Fixed pf-maint.pl when its running behind a proxy (#3425 )
Fix vendor attributes not being sent from Switch Template (#5453)
Fixed issue authorizing a user in web-auth on Unifi when the node has its date
set to '0000-00-00 00:00:00'
See https://github.com/inverse-inc/packetfence/compare/v10.0.0...v10.1.0
<https://github.com/inverse-inc/packetfence/compare/v10.0.0...v10.1.0> for the
complete change log.
See the Upgrade guide for notes about upgrading:
https://packetfence.org/doc/PacketFence_Upgrade_Guide.html
<https://packetfence.org/doc/PacketFence_Upgrade_Guide.html>
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As such, you
are free to download and try it by either getting the new release or by getting
the sources: https://packetfence.org/download.html
<https://packetfence.org/download.html>
Documentation about the installation and configuration of PacketFence is also
available: https://packetfence.org/support/index.html#/documentation
<https://packetfence.org/support/index.html#/documentation>
How Can I Help?
PacketFence is a collaborative effort in order to create the best Free and Open
Source NAC solution. There are multiple ways you can contribute to the project:
Documentation reviews, enhancements and translations
Feature requests or by sharing your ideas
Participate in the discussion on mailing lists
(https://packetfence.org/support/index.html#/community
<https://packetfence.org/support/index.html#/community>)
Patches for bugs or enhancements
Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing to
supp...@inverse.ca <mailto:supp...@inverse.ca>
You can also fill our online form (https://inverse.ca/#contact
<https://inverse.ca/#contact>) and a representative from Inverse will contact
you.
Inverse offers professional services to organizations willing to secure their
wired and wireless networks with the PacketFence solution.
_______________________________________________
PacketFence-devel mailing list
PacketFence-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-devel
