LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Development page

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

PacketFence 2.2.0 released

[Posted May 4, 2011 by corbet]

From:  Olivier Bilodeau <obilodeau-AT-inverse.ca>
To:  lwn-AT-lwn.net, editors-AT-h-online.com
Subject:  ANN: PacketFence 2.2.0
Date:  Tue, 03 May 2011 14:43:31 -0400
Message-ID:  <4DC04CD3.4000802@inverse.ca>
Archive-link:  Article, Thread 


The Inverse Team is pleased to announce the immediate availability of 
PacketFence 2.2.0. This is a major release bringing new hardware 
support, new features, enhancements, documentation updates, bug fixes 
and new translations. This release is considered ready for production use.

=== What is PacketFence ? ===

PacketFence is a fully supported, trusted, Free and Open Source network 
access control (NAC) system. Boosting an impressive feature set including:

  * Registration and remediation through a captive portal
  * Detection of abnormal network activities using Snort IDS
  * Proactive vulnerability scans using Nessus
  * Isolation of problematic devices
  * 802.1X for wired and wireless networks
  * Wireless integration for all provided features
  * Supports complex and heterogeneous environments
  * VoIP / IP Telephony support and more!

A set of screenshots is available from 
http://www.packetfence.org/tour/screenshots.html and a set of videos is 
available from http://www.packetfence.org/tour/videos.html

=== Changes Since Previous Release ===

New Hardware Support
  * Motorola RF Switches (Wireless Controllers)
  * 3Com Switches 4200G, E4800G and E5500G now supports MAC 
Authentication and 802.1X
  * Dlink DGS 3100 Switches

New features
  * Captive Portal network access detection is more accurate and way 
faster (javascript-based)
  * Easier integration and configuration of FreeRADIUS 2.x using our new 
packetfence-freeradius2 RPM
  * Apache configuration is automatically adjusted on startup based on 
system resources to avoid performance degradation on heavy workloads (#1204)
  * New reports: Nodes per SSID (#1126) and Connection-Type (#1125)
  * User-Agent violation support completely re-written. It is now easier 
than ever to block devices or old browsers from your network. (#769, #1192)
  * Administrators can now modify and preview remediation pages from the 
Web Admin
  * VoIP autodetection in Wired 802.1X and Wired MAC Authentication can 
now use CDP / LLDP if available (#1175)
  * Kerberos Authentication on the Captive Portal (Thanks to Brad 
Lhotsky from NIH)

Enhancements
  * Moved several configuration files from conf/templates/ into conf/ 
(#1166)
  * SSL certificate configuration for httpd is now in a separate file 
that is not overwritten by packages making it easier to maintain (#1207)
  * 3Com Super Stack 4500 now uses SNMP for MAC authorization 
(port-security)
  * OS Class ID are now visible when viewing DHCP Fingerprints (#1181)
  * Log levels can be changed without a restart (#748)
  * Process ID information in the logs for some daemons
  * Captive Portal minor usability improvements
  * Reorganized default violation classes to be more coherent and 
self-documented
  * More violation classes validation on startup (#992)
  * Improved database configuration error reporting
  * DHCP fingerprints sharing now allows submitter to send computer 
name, user-agent and a contact email to help us identify the devices 
better (#983)
  * Meru module now supports firmware version identification
  * Improvements in the logrotate script (#1198)
  * MAC address format xxxx-xxxx-xxxx supported in our FreeRADIUS' module
  * Removed unused configuration parameters (#767)
  * Refactoring of the code base (#1058)
  * New DHCP fingerprint for Cisco SPA series IP Phone, Mikrotik, 
Freebox, AeroHive Hive AP, Ubuntu Server, Suse Linux Desktop 11, 
Synology NAS, Polycom Conference IP Phone and Generic Intel PXE

Documentation
  * Improvement to the samba configuration provided in the 
administration guide to fix uid mapping issues (#1205)
  * FAQ entry: Active directory integration in registration network
  * Updated Developer documentation regarding how to support new 
wireless hardware
  * Wired 802.1X and MAC Authentication corrections in Network Devices Guide
  * Minor corrections to the Administration Guide (#743)

Bug Fixes
  * Fixed an important problem with VoIP in Wired 802.1X and Wired MAC 
Authenication modes (#1202)
  * Fixed important Nortel support regressions (introduced in 2.1.0: 
#1183, #1195)
  * Fixed an issue with the Meru module: If the controller sent SNMP 
traps to PacketFence a thread would crash. Hopefully this configuration 
is not required and is rarely done. Regression prevention tests have 
been added.
  * Fixed an issue with pfcmd-initiated VLAN re-evaluation if you assign 
VLANs based on a client's connection-type (which is not the default)
  * Fixed DHCP fingerprint sharing upload form
  * Violation grace no longer ignores time modifiers like minutes (#1154)
  * Fixed OS id not visible when dhcp-fingerprint view is filtered (#1180)
  * Fixed rare case of Web Admin user account corruption causing 
homepage to become status/dashboard instead of status/dashboard.php (#1196)
  * Warning avoidance in Extreme Network modules
  * installer and configurator scripts no longer output passwords on the 
terminal (#1021)
  * Fixed warnings and improved error reporting in our FreeRADIUS module 
(#1176)
  * Fixed broken person lookups if username is an email address (#1206)
  * Fixed Web Admin which referred to an inexistent Meru MC3000 module 
(it was renamed Meru::MC in 2.0.1)
  * Fixed overly aggressive Web Administration password validation (#1209)

Translations
  * New German (de) translation (Thanks to Tino Matysiak of Meetyoo 
Conferencing)

... and more. See the ChangeLog file for the complete list of changes 
and the UPGRADE file for notes about upgrading. Both files are in the 
PacketFence distribution.

=== Getting PacketFence ===

PacketFence is free software and is distributed under the GNU GPL. As 
such, you are free to download and try it by either getting the new 
release from:

http://www.packetfence.org/download/releases.html

or by getting the sources from the official monotone server using the 
instructions at 
http://www.packetfence.org/development/source_code_reposi...

Documentation about the installation and configuration of PacketFence is 
available from:

http://www.packetfence.org/documentation/

=== How Can I Help ? ===

PacketFence is a collaborative effort in order to create the best Free 
and Open Source NAC solution. There are multiple ways you can contribute 
to the project:

  * Documentation reviews, enhancements and translations
  * Feature requests or by sharing your ideas
  * Participate in the discussion on mailing lists 
(http://www.packetfence.org/support/community.html)
  * Patches for bugs or enhancements
  * Provide new translations of remediation pages

=== Getting Support ===

For any questions, do not hesitate to contact us by writing to 
support@inverse.ca

You can also fill our online form 
(http://www.inverse.ca/about/contact.html) and a representative from 
Inverse will contact you.

Inverse offers professional services to organizations willing to secure 
their wired and wireless networks with the PacketFence solution.

This release introduces several new changes that we were quite excited 
about and we hope you'll enjoy all of it.

-- 
Olivier Bilodeau
obilodeau@inverse.ca  ::  +1.514.447.4918 *115  ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)
(Log in to post comments)

Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds