PacketFence
Project News for PacketFence
-
PacketFence 3.5.1 released!
The Inverse Team is pleased to announce the immediate availability of PacketFence 3.5.1. This is a minor release with enhancements and important bug fixes. This release is considered ready for production use so upgrading to 3.5.1 is advised.
=== What is PacketFence ? ===
PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks.
Among the features provided by PacketFence, there are:
* Powerful BYOD (Bring Your Own Device) workflows
* Simple and efficient guests management
* Multiple enforcement methods with Role-Based Access Control (RBAC)
* Compliance checks for computers present on your network
* Integration with various vulnerability scanners and intrusion detection solutions
* Bandwidth accounting for all devices
A complete overview of the solution is available from http://www.packetfence.org/about/overview.html
=== Changes Since Previous Release ===
Enhancements
* Configuration item to notify of guest sponsorships by email: guests_self_registration.sponsorship_cc
* Developers guide was migrated from Docbook into the asciidoc format
* Important database performance improvement in VoIP and fingerprint checks
* Improved pfdhcplistener process surveillance (#1490)
Bug Fixes
* FreeRADIUS watchdog updated for 3.5.0 changes (#1514)
* debian packages improvements regarding FreeRADIUS configuration
* cosmetic fix in `pfcmd service ... status` regarding pfdhcplistener (#1515)
* Guests are not able to confirm registration in some cases - take 2 (#1302)
* Sponsored guests regressions (#1505)
* Keep the PID on node_deregister (#1501)
* Handle the release_date on violation modify (#1474)
* Billing screen does not appear when billing feature is enabled (#1525)
* Web extension point regression (#1507)
* Command parsing issue with `pfcmd person` (#1523)
* pfdhcplistener process name identifies listened to interface (#1478)
* Guest management login and authentication regressions (#1518)
* FreeRADIUS documentation aligned with current practices
* More characters are allowed in password types on CLI and WebAdmin (#848)
* illegal characters in webservices user / pass not properly escaped (#1516)
Translations
* Updated Spanish (es) translation (Thanks to Dominique Couot)
* Updated French (fr) translation (Thanks to Dominique Couot)
... and more. See the ChangeLog file for the complete list of changes and the UPGRADE file for notes about upgrading. Both files are in the PacketFence distribution.
=== Getting PacketFence ===
PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release from:
http://www.packetfence.org/download/releases.html
or by getting the sources using the instructions at http://www.packetfence.org/development/sourcecode.html
Documentation about the installation and configuration of PacketFence is available from:
http://www.packetfence.org/documentation/
=== How Can I Help ? ===
PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
* Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
=== Getting Support ===
For any questions, do not hesitate to contact us by writing to support@...
You can also fill our online form (http://www.inverse.ca/about/contact.html) and a representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution.
Cheers!
2012-09-06 07:02:14 PDT by plaxx
-
PacketFence 3.4.0 released!
The Inverse Team is pleased to announce the immediate availability of PacketFence 3.4.0. This is a major release with new features and important bug fixes. This release is considered ready for production use and contains a security fix so upgrading to 3.4.0 is advised.
=== What is PacketFence ? ===
PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks.
Among the features provided by PacketFence, there are:
* Powerful BYOD (Bring Your Own Device) workflows
* Simple and efficient guests management
* Multiple enforcement methods with Role-Based Access Control (RBAC)
* Compliance checks for computers present on your network
* Integration with various vulnerability scanners and intrusion detection solutions
* Bandwidth accounting for all devices
A complete overview of the solution is available from http://www.packetfence.org/about/overview.html
=== Changes Since Previous Release ===
Security
* Fixed a reflected cross-site scripting (XSS) vulnerability in Web Admin guest management (#1454)
New Hardware
* H3C S5120 series supports MAC-Authentication and 802.1X with or without VoIP
* Added Role support for all Cisco Wireless (WLC) models
* Brocade 6400 series supports MAC-Authentication and 802.1X with or without VoIP
* Brocade RF Switches support (Wireless controller)
New Features
* Debian packages (#1066, #1067, #1463)
* Support for up to 100 custom VLANs (Defaults to 5 see relevant FAQ entry to enable more)
* Node bulk importation now allow you to define default values for pid, category and voip in pf.conf
* New graphics showing bandwidth consumed by os class and the top 25 bandwidth consumers
Enhancements
* Minor refactoring and cleanup
* Debian support: arp binary location now configurable ([services].arp_binary)
* Log the switch IP when a trap is skipped due to a dynamic uplink fetch not working
* Performance improvements by reducing the number of forked process (mostly beneficial to pfdhcplistener)
* Captive portal supports being behind an HTTP-based load balancer (see captive_portal.loadbalancers_ip config)
Bug Fixes
* Fix guest management Inline
* RADIUS-based Disconnects not working for Aruba, AeroHIVE. Introduced in 3.3.2. (#1437)
* Interface configuration errors in the Web Admin (or on the CLI when editing the vip field)
* Debian support: radiusd is started even if disabled
* 'uninitialized value' warnings in checkup phase (pfcmd checkup)
* Got rid of the unused (unuseful) logs/pfdhcplistener_<int> log files. See logs/packetfence.log instead.
* pfdhcplistener doesn't hang anymore
* pid (username) of the form 'domain\\user' are now allowed (#1253)
* Guest account import didn't work on files with Windows line terminators (\r\n)
* configurator.pl fixes in non-english environment (#1418)
* Process management fixes (#1464)
Translations
* Updated Spanish (es) translation (Thanks to Juan Camilo Valencia)
* Updated Dutch (nl) translation (Tnanks to zappo)
... and more. See the ChangeLog file for the complete list of changes and the UPGRADE file for notes about upgrading. Both files are in the PacketFence distribution.
=== Getting PacketFence ===
PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release from:
http://www.packetfence.org/download/releases.html
or by getting the sources from the official monotone server using the instructions at http://www.packetfence.org/development/source_code_repository.html
Documentation about the installation and configuration of PacketFence is available from:
http://www.packetfence.org/documentation/
=== How Can I Help ? ===
PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
* Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
=== Getting Support ===
For any questions, do not hesitate to contact us by writing to support@...
You can also fill our online form (http://www.inverse.ca/about/contact.html) and a representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution.
Enjoy our first summer release! I've heard it's best served with sangria.
2012-06-13 18:13:17 PDT by plaxx
-
PacketFence 3.3.2 released!
The Inverse Team is pleased to announce the immediate availability of PacketFence 3.3.2. This is a minor release with critical bug fixes. This release is considered ready for production use. Upgrading to 3.3.2 is strongly advised to users of a 3.3.x version.
=== What is PacketFence ? ===
PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks.
Among the features provided by PacketFence, there are:
* Powerful BYOD (Bring Your Own Device) workflows
* Simple and efficient guests management
* Multiple enforcement methods with Role-Based Access Control (RBAC)
* Compliance checks for computers present on your network
* Integration with various vulnerability scanners and intrusion detection solutions
* Bandwidth accounting for all devices
A complete overview of the solution is available from http://www.packetfence.org/about/overview.html
=== Changes Since Previous Release ===
New Hardware
* HP Procurve 5300 series now identified as supported (thanks to the community!)
Bug Fixes
* critical fix for deauthentication affecting AeroHIVE, Aruba, Cisco Wireless, Motorola and Ruckus. Introduced in 3.3.0 (#1426)
* Web Admin no longer showing errors in popup dialogs. Introduced in 3.0.3 (#1420)
* violation trigger parser now more tolerant of trailing spaces
* 'add user' renamed 'add admin' for consistency (#1381, Thanks to Joao Moreira)
* apache tests under pfcmd checkup fails if modules generates warnings (#1283, Thanks to Philipp Snizek)
* another shot at 'named not started if using inline enforcement only'
* trap_limit feature fixes: local traps ignored and continue processing if no action (#1405)
* false positive error reporting on the Web Admin on specific User-Agents (#1408)
* saner axis in dashboard graphics
... and more. See the ChangeLog file for the complete list of changes and the UPGRADE file for notes about upgrading. Both files are in the PacketFence distribution.
=== Getting PacketFence ===
PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release from:
http://www.packetfence.org/download/releases.html
or by getting the sources from the official monotone server using the instructions at http://www.packetfence.org/development/source_code_repository.html
Documentation about the installation and configuration of PacketFence is available from:
http://www.packetfence.org/documentation/
=== How Can I Help ? ===
PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
* Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
=== Getting Support ===
For any questions, do not hesitate to contact us by writing to support@...
You can also fill our online form (http://www.inverse.ca/about/contact.html) and a representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution.
2012-04-23 07:38:42 PDT by plaxx
-
PacketFence 3.3.0 released!
The Inverse Team is pleased to announce the immediate availability of PacketFence 3.3.0. This is a major release with new features, new hardware support, enhancements, bug fixes and updated translations. This release is considered ready for production use.
=== What is PacketFence ? ===
PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks.
Among the features provided by PacketFence, there are:
* Powerful BYOD (Bring Your Own Device) workflows
* Simple and efficient guests management
* Multiple enforcement methods with Role-Based Access Control (RBAC)
* Compliance checks for computers present on your network
* Integration with various vulnerability scanners and intrusion detection solutions
* Bandwidth accounting for all devices
A complete overview of the solution is available from http://www.packetfence.org/about/overview.html
=== Changes Since Previous Release ===
New Hardware
* AlliedTelesis AT8000GS Switches using 802.1x/Mac Authentication without VoIP
* Added 802.1X/MAC Authentication support for HP 2500/2600 switches (no VoIP)
* Cisco WLC/WiSM product line now supports RADIUS Disconnect (RFC3576) to perform de-authentication
New Features
* Introduction of Role-based Access Control. Supported on AeroHIVE, Aruba, Meru and Motorola (initial implementation)
* Wireless de-authentication in Master / Local configuration supported for Aruba controllers (or other Disconnect-Message implementations)
* New guest self-registration mode: Sponsored. Guests accesses are approved through a 'sponsor'
* New guest self-registration option: Pre-registered guests. They can register in advance through the portal. Email and sponsor modes supported right now
Enhancements
* New database-driven custom VLAN assignment strategy example
* Slightly more helpful installer.pl
* Added a virtual IP (vip) parameter for interfaces in configuration which overrides auto-detection (#1396)
* More logging
* Simplified inline mode with DNS rewrite (DNAT). Fixes several issues and annoyances. (#1374, #1387)
* New parameter available to control what information is mandatory to be provided by a guest signing-up (guests_self_registration.mandatory_fields)
* New parameter available to control default field to use as pid for guests (guests_self_registration.guest_pid)
* Node categories were moved from node into configuration on the Web Admin
* New per-category configuration to control maximum number of devices allowed per user (max_nodes_per_pid)
* Daemon startup time logged. Allows for easier troubleshooting of slow-to-restart setups.
* if VoIP is configured to be enabled and the network hardware doesn't support it, PacketFence will log a warning
* Firewall and Captive Portal more restrictive by default if you are not using guest access
* Performance improvement for the RADIUS accouting (#1414)
* New hook to make it easier to rewrite RADIUS Access-Accept packets
Bug Fixes
* Proxy Bypass issues in environment with Virtual IP (#1385)
* Cisco 2950 802.1X Reauthenticate without VoIP issue (#1388)
* RADIUS identity privacy fix (#1390)
* Cisco MAB EAP was not properly working (#1391)
* CoA RADIUS secret is lower cased (#1392)
* Username length on the Web Admin is no longer limited to 15 characters
* Potential (not-validated) cross-site scripting (XSS) in captive portal
* Mandatory MAC lookup in the self-registered guests pages
* Cancel button problems on SMS confirmation page (#1393)
* Documented the fact that you need to configure credentials in packetfence-soh.pm for Statement of Health (SoH) support
* Fixed port-security + VoIP support for the HP wired product line
* Minor Administration Guide updates
* Fixed CSS for mobiles devices
* This is the last release to destroy your dhcpd lease file on upgrades
Translations
* Updated Brazilian Portuguese (pt_BR) translation (Thanks to Diego de Souza Lopes)
... and more. See the ChangeLog file for the complete list of changes and the UPGRADE file for notes about upgrading. Both files are in the PacketFence distribution.
=== Getting PacketFence ===
PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release from:
http://www.packetfence.org/download/releases.html
or by getting the sources from the official monotone server using the instructions at http://www.packetfence.org/development/source_code_repository.html
Documentation about the installation and configuration of PacketFence is available from:
http://www.packetfence.org/documentation/
=== How Can I Help ? ===
PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
* Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
=== Getting Support ===
For any questions, do not hesitate to contact us by writing to support@...
You can also fill our online form (http://www.inverse.ca/about/contact.html) and a representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution.
2012-04-13 10:46:50 PDT by plaxx
-
PacketFence's Google Summer of Code (GSoC)
Work all summer long on a hard-core Network Security project written in Perl!
Students: You can make 5000 $USD contributing to our open source project and learn a lot along the way!
What is PacketFence?
PacketFence is a Free and Open Source network access control (NAC) system. Boasting an impressive feature set including a captive-portal for registration and remediation, guest management, centralized wired and wireless management, 802.1X support, layer-2 and 3 isolation of problematic devices, integration with the Snort IDS, Nessus or OpenVAS vulnerability scanners; PacketFence can be used to effectively secure networks.
Mainly developed in Perl with some PHP, Web (HTML/CSS/Javascript) and SQL, PacketFence leverages components from famous open source projects like Snort, Apache's HTTPD, Net-SNMP, FreeRADIUS, mod_perl, MySQL, DHCPd, Bind (named), OpenVAS and more.
Why choose PacketFence? Because the project is awesome!
But also because we are doing our development on modern collaboration tools like git/github and using a pragmatic development strategy focused on delivering value.
Iterative code reviews and mentor availability is guaranteed. We have delivered several major releases over the year and promise that your code will not languish in a 3rd party repository for years before being included. Your code might even be released during the summer!
Lastly, you will be working on enterprise-level network access control technologies exactly as if you are part of the team! Imagine your resume after the summer!
Here's a quick overview of our Ideas:
* Create a multi-platform agent that would perform client-side security checks
* Android-based application for Wireless security auto-configuration
* Web administration interface rewrite
* Initial configuration Web-based instead of through command line
* nmap integration as a scanning engine
* IF-MAP integration
* Active - Active clustering support
* Experiments in data visualization
* New authentication schemes
* Stealth mode - PacketFence in gather-only operation (just added!)
* Your own idea!
Ideas page and GSoC info: http://goo.gl/lgcp6
Apply: http://www.google-melange.com/gsoc/org/google/gsoc2012/packetfence (Hurry up! Application ends: April 06 at 19:00 UTC http://everytimezone.com/#2012-4-6,1860,6be)
Source code: https://github.com/inverse-inc/packetfence
Get in touch with us now!
irc://irc.freenode.net/packetfence
@packetfence on twitter
obilodeau@...
Please help us get the word out by forwarding this email to your students, friends or favorite social site.
2012-04-03 08:29:59 PDT by plaxx