You can subscribe to this list here.
2006 |
Jan
|
Feb
|
Mar
(2) |
Apr
(1) |
May
(5) |
Jun
|
Jul
(1) |
Aug
(1) |
Sep
|
Oct
|
Nov
(1) |
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2007 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2008 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
(3) |
Aug
(1) |
Sep
(2) |
Oct
(2) |
Nov
(1) |
Dec
(3) |
2009 |
Jan
(2) |
Feb
(1) |
Mar
(2) |
Apr
(2) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(3) |
Sep
|
Oct
|
Nov
|
Dec
(4) |
2010 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(2) |
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
(2) |
2011 |
Jan
(1) |
Feb
(1) |
Mar
(4) |
Apr
|
May
(2) |
Jun
(2) |
Jul
|
Aug
(1) |
Sep
(1) |
Oct
(1) |
Nov
(2) |
Dec
(2) |
2012 |
Jan
|
Feb
(1) |
Mar
(1) |
Apr
(6) |
May
|
Jun
(5) |
Jul
|
Aug
(2) |
Sep
(2) |
Oct
(3) |
Nov
|
Dec
|
2013 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
(3) |
Aug
(5) |
Sep
(2) |
Oct
|
Nov
|
Dec
(1) |
2014 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(3) |
Jun
(3) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
(3) |
Nov
(1) |
Dec
(2) |
2015 |
Jan
|
Feb
(1) |
Mar
(1) |
Apr
(2) |
May
(2) |
Jun
(1) |
Jul
(2) |
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
(1) |
2016 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
(2) |
May
(1) |
Jun
(2) |
Jul
(1) |
Aug
|
Sep
|
Oct
(1) |
Nov
(5) |
Dec
(1) |
2017 |
Jan
(1) |
Feb
|
Mar
|
Apr
(1) |
May
(2) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2019 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2023 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
From: Ludovic M. <lma...@in...> - 2016-04-19 22:25:16
|
The Inverse team is pleased to announce the immediate availability of PacketFence 6.0.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. What is PacketFence? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: * powerful BYOD (Bring Your Own Device) capabilities * state-of-the art devices fingerprinting with Fingerbank * multiple enforcement methods including Role-Based Access Control (RBAC) and hotspot-style * compliance checks for endpoints present on your network * integration with various vulnerability scanners, intrusion detection solutions, security agents and firewalls * bandwidth accounting for all devices A complete overview of the solution is available from the official website:http://packetfence.org/about.html Changes Since Previous Release *New Features* * Fully redesigned frontend and backend of the captive portal * Parking state for unregistered devices (where it will have a longer DHCP lease time and will only access a lightweight portal) * CentOS 7 and Debian 8 (Jessie) support * RADIUS support for Avaya switches * New filter engine to return custom answers in pfdns * Redirect URL are defined in Role by Web Auth URL switch configuration (Cisco) * Added support for Captive-Portal DHCP attribute (RFC7710) * Added Google Project Fi as a SMS carrier for SMS signup option * FreeRADIUS 3 support with Redis integration *Enhancements* * Added ability to expire users * Automatically update all the Fingerbank databases (Redis, p0f, SQLite3) * Do not allow the TRACE method to be used in any of the web processes * Can now limit the maximum unregdate an administrator can set to a person * Added option to disable the accounting recording in the SQL tables * Added caching of the latest accounting request for use in access reevaluation * Reduced the number of webservices calls during RADIUS accounting * Added configuration for Apache 2.4 with Template Toolkit * Added a timer for each RADIUS request (radius audit log) * Assign the voice role to VoIP devices when PacketFence detects them * Renamed VLAN to Role in admin GUI violation * Unregistering a node from a secure connection to an unsecured one is now managed by the VLAN filters * Location history of a node now shows the role instead of the VLAN id * Documentation to configure Cisco switches with Identity Networking Policy * Trigger violation on source or destination IP address only if they are in the trapping range networks * Performance improvement for VoIP detection * Added new RADIUS filter return option (random number in a range) * Reinstated iplog (iplog_history and iplog_archive) rotation/cleanup jobs performed by pfmon * An asynchronous LDAP lookup is now done on each 802.1x request to populate the person fields for that user *Bug Fixes* * Compute unregistration date for secure connections * Fixed unescape value in LDAP search * Fixed Apache 2.4 core dump * Fixed update locationlog from accounting start with the wrong connection type Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-6.0.0for the complete change log. See the UPGRADE file for notes about upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-6.0.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources:http://packetfence.org/download.html Documentation about the installation and configuration of PacketFence is also available:http://packetfence.org/support/index.html#/documentation How Can I Help? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: * Documentation reviews, enhancements and translations * Feature requests or by sharing your ideas * Participate in the discussion on mailing lists (http://packetfence.org/support/index.html#/community) * Patches for bugs or enhancements * Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing tos...@in... <mailto:su...@in...> You can also fill our online form (http://inverse.ca/#contact) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 :: http://inverse.ca Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |
From: Ludovic M. <lma...@in...> - 2016-02-17 21:15:01
|
The Inverse team is pleased to announce the immediate availability of PacketFence 5.7.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: * powerful BYOD (Bring Your Own Device) capabilities * state-of-the art devices fingerprinting with Fingerbank * multiple enforcement methods including Role-Based Access Control (RBAC) and hotspot-style * compliance checks for endpoints present on your network * integration with various vulnerability scanners, intrusion detection solutions, security agents and firewalls * bandwidth accounting for all devices A complete overview of the solution is available from the official website:http://www.packetfence.org/about/overview.html Changes Since Previous Release *New Features* * DNS based enforcement as a new enforcement mode for routed networks * Captive portal authentication now supports SAML authentication * It is now possible to search for nodes that are online based on RADIUS accounting * Integration with Suricata MD5 extraction module to scan against OPSWAT Metascan online scanner *Enhancements* * Support for floating devices on HP ProCurve switches * RADIUS CoA support added to Brocade switches * The NULL authorization source can now be combined with other sources * Added possibility to trigger Firewall Single Sign-On when an endpoint changes status * The username on a captive portal will no longer be stripped unless required otherwise * Improved UDP reflector documentation * Improved vendor specific attributes in radius filters * Now able to specify on which LDAP attribute we should match for SponsorEmail * Now able to strip a username in LDAP source even if not present in RADIUS request *Bug Fixes (bug Id is denoted with #id)* * Fixed incorrect provisioning that ignored broadcast state of provisioned SSID * Present a login page without login form when a blackhole source is used on the portal profile (#1021) * Fixed incorrect provisioning templates that required entering a password twice (#1119) * Fixed ambiguous SQL accounting stored procedure that could return duplicate results * Fixes incorrect IPv6 DHCP processing in pfdhcplistener Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-5.7.0for the complete change log. See the UPGRADE file for notes about upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-5.7.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources:http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available:http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: * Documentation reviews, enhancements and translations * Feature requests or by sharing your ideas * Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) * Patches for bugs or enhancements * Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing tos...@in... <mailto:su...@in...> You can also fill our online form (http://www.inverse.ca/#contact) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 :: http://inverse.ca Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |
From: Ludovic M. <lma...@in...> - 2016-01-13 23:26:45
|
The Inverse team is pleased to announce the immediate availability of PacketFence 5.6.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: * powerful BYOD (Bring Your Own Device) capabilities * state-of-the art devices fingerprinting with Fingerbank * multiple enforcement methods including Role-Based Access Control (RBAC) and hotspot-style * compliance checks for endpoints present on your network * integration with various vulnerability scanners, intrusion detection solutions, security agents and firewalls * bandwidth accounting for all devices A complete overview of the solution is available from the official website:http://www.packetfence.org/about/overview.html Changes Since Previous Release *New Features* * New RADIUS auditing report allows troubleshooting from the GUI * The email authorization source now allows to set roles based on the email used to register * New switch groups now allows to assign settings to multiple switches at once * DHCP filters now allow arbitrary rules to perform actions based on DHCP fingerprinting * Cisco switches login access can now be authenticated through PacketFence * The filter engine configuration can now be edited through the admin GUI *Enhancements* * New dedicated search feature for violations in the nodes panel * New pfcmd pfqueue command allows managing the queue from the command line * New option to specify the authentication source to use depending on the RADIUS realm * Upgrade Config::IniFiles to allow faster loading of configuration files * Performance improvements to the filtering engine by avoiding unnecessary database lookups * New columns bypass_vlan and bypass_role are allowed to be import for nodes * Service start/stop order can now be configured through the admin GUI * Pagination can now be defined by the user in the admin GUI search results * The pfdns service now forks to process multiple requests in parallel * Added configurable timeout for send/receive operations on the OMAPI socket * The authorization process will now test if the role changed before reevaluating access * New option to add date based VLAN filter condition (is before date, is after date) * pfconfig backend can now be cleared via pfcmd * Improved RADIUS accounting handling for better performance *Bug Fixes (bug Id is denoted with #id)* * Remove old entries in ipset session * Always reevaluate the access if the order come from the admin gui (#1056) * Portal profiles templates are now properly synced between members of a cluster (#942) * Process requests properly when running a pfdhcplistener on an interface that has networks with and without dhcpd activated * Violation trigger from web admin will now override grace period (#1028) * Fix queue task counters out of sync when a task expires * Reworked the configuration backends to prevent a race condition of the configuration namespaces in active/active cluster (#1067) * Define each internal network to NAT instead of a global rule when passthroughs are enabled (#1118) Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-5.6.0for the complete change log. See the UPGRADE file for notes about upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-5.6.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources:http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available:http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: * Documentation reviews, enhancements and translations * Feature requests or by sharing your ideas * Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) * Patches for bugs or enhancements * Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing tos...@in... <mailto:su...@in...> You can also fill our online form (http://www.inverse.ca/#contact) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 :: http://inverse.ca Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |
From: Ludovic M. <lma...@in...> - 2015-12-18 20:00:46
|
Hello everybody, The 2015 year has been a great one for PacketFence. We've seen the v5 release which brought Fingerbank and WMI integration, multimaster and PKI support, a brand new dashboard and much more. PacketFence did set the bar high for the competition. We prepare to do this once again with the upcoming v6 release of PacketFence. So far, here is what we plan to include in it: 1. *Performance Improvements* - a never-ending task! We want to keep making PacketFence slimmer and faster. We've seen, in some of our deployments in 2015, PacketFence handling more than 1,500 authentications per second - that's a lot but we can do more and we will have to handle more as the number of endpoints per user will keep increasing; 2. *Flexible Captive Portal* - highly personalized captive portal should be created in a couple of mouse-clicks, and PacketFence will allow you to do that. We will provide new templates and CSS files to ease that process, while improving the appearance of the current default portal and making it responsive for all endpoints; 3. *Administration Interface Improvements* - You might recall that in PacketFence v4, we came up with a brand new Web admin interface for PacketFence - based on the Catalyst and Bootstrap frameworks. We'll proceed with a nice revamp of the Web interface by upgrading Bootstrap, restructuring the JavaScript code, introducing configuration wizards and simplifying the current administration modules we have; 4. *Logging**and Auditing *- a critical feature in any important software solution. With the addition of the RADIUS auditing log for PacketFence v5.6, a fair amount of work has already been accomplished but more is to come for v6 for complete traceability of events occurring on a network and easing the process to get that information quickly; 5. *Better Reports* - PacketFence already comes with some reports but there is a need to expose a lot more information that PacketFence has on the network, its endpoints and users through nice reports. We plan to add many more for v6 - we have listened to you; 6. *Flexible API* - the current version of PacketFence already include many APIs but we plan to add more to ease the integration process with MDM, IDS and firewall solutions. It will also allow people to integrate their homemade solutions with PacketFence without relying on fragile database accesses. Work has already started and it'll keep us pretty busy! Finally, the Inverse team would like to wish you all Happy Holidays - let the 2016 year be a great one for PacketFence once again! Best regards, -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 :: http://inverse.ca Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |
From: Ludovic M. <lma...@in...> - 2015-11-23 18:48:02
|
The Inverse team is pleased to announce the immediate availability of PacketFence 5.5.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: * powerful BYOD (Bring Your Own Device) capabilities * state-of-the art devices fingerprinting with Fingerbank * multiple enforcement methods including Role-Based Access Control (RBAC) and hotspot-style * compliance checks for endpoints present on your network * integration with various vulnerability scanners, intrusion detection solutions, security agents and firewalls * bandwidth accounting for all devices A complete overview of the solution is available from the official website:http://www.packetfence.org/about/overview.html Changes Since Previous Release *New Features* * New device detection through TCP fingerprinting * New DHCPv6 fingerprinting through Fingerbank * New RADIUS filter engine to return custom attributes based on rules * Security Onion integration * Paypal payment is now supported in the captive portal * Stripe payment and subscriptions are now supported in the captive portal *Enhancements* * New pfqueue service based on Redis to manage asynchronous tasks * Memcached has been replaced by Redis for all caching * pfdetect can now be configured through the administration interface * Added ability to detect hostname changes using the information in the DHCP packets * Added the ability to create not equal conditions in LDAP sources * DoS mitigation on the captive portal through mod_evasive * Load balancing in an active/active process now uses a dedicated process * Authentication and accounting are now in two different RADIUS processes * Reworked violation triggers creation in the administration interface so it’s more user friendly * Added the ability to create combined violation triggers which allow to trigger a violation based off multiple attributes of a node * Suricata alerts can now trigger a violation based on the alert category or description instead of only the ID of the alert * Added ability to e-mail device owner as a violation action * The PacketFence syslog parser (pfdetect) has been reworked to allow multiple logs to be parsed concurrently * New ntlm_auth wrapper will log authentication latency to StatsD automatically * Handle Microsoft Windows based captive-portal detection mechanisms * Manage pfdhcplistener status with keepalived and run pfdhcplistener on all cluster’s members * New portal profile filter (sub connection type) * Added switch IP and description in the available columns in the node list view * Use SNMP to determine the ifIndex based on the NAS-Port-Id * Improved metrics now track SQL queries, LDAP queries, and more granular metrics in RADIUS AAA * Added support for Nessus 6 scan engine * Added documentation for the Cisco iOS XE switches * Reworked existing billing providers to be PCI compliant * Billing providers are now part of the authentication sources * Billing tiers are now stored in the configuration instead of the source code files * Billing sources can now be used with other authentication sources on the same portal profile * DHCP packet processing is now fully done asynchronously to allow more PPS in the pfdhcplistener *Bug Fixes (bug Id is denoted with #id)* * Fixed log rotation issue with the carbon daemons * Fixed LLDP phone detection if only telephone capability is enabled (#964) * Fixed keepalived and iptables configuration for portal interfaces * Fixed improper httpd status code being set * Removed the node delete button * Fixed detection if the device asks for a portal per URI * Fixed 3Com switches ifIndex calculation in stack mode using SNMP * Not-found users will now be cached when using the caching in an LDAP source (#978) * Updating a node puts an invalid entry in the voip field Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-5.5.0for the complete change log. See the UPGRADE file for notes about upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-5.5.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources:http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available:http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: * Documentation reviews, enhancements and translations * Feature requests or by sharing your ideas * Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) * Patches for bugs or enhancements * Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing tos...@in... <mailto:su...@in...> You can also fill our online form (http://www.inverse.ca/#contact) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 :: http://inverse.ca Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |
From: Ludovic M. <lma...@in...> - 2015-10-01 20:34:11
|
The Inverse team is pleased to announce the immediate availability of PacketFence 5.4.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: * powerful BYOD (Bring Your Own Device) capabilities * state-of-the art devices fingerprinting with Fingerbank * multiple enforcement methods including Role-Based Access Control (RBAC) and hotspot-style * compliance checks for endpoints present on your network * integration with various vulnerability scanners, intrusion detection solutions, security agents and firewalls * bandwidth accounting for all devices A complete overview of the solution is available from the official website:http://www.packetfence.org/about/overview.html Changes Since Previous Release *New Features* * PacketFence now supports SCEP integration with Microsoft's Network Enrollment Device Service during the device on-boarding process when using EAP-TLS * Improved integration with social media networks (email address lookups from Github and Facebook sources, kickbox.io support, etc.) * External HTTP authentication sources support which allows an HTTP-based external API to act as an authentication source to PacketFence * Introduced a 'packetfence_local' PKI provider to allow the use of locally generated TLS certificates to be used in a PKI provider / provisionner flow * New filtering engine for the portal profiles allowing complex rules to determine which portal will be displayed * Added the ability to define custom LDAP attributes in the configuration * Add the ability to create "administrative" or "authentication" purposes rules in authentication sources * Added support for Cisco SG300 switches *Enhancements* * RADIUS Diffie-Hellman key size has been increased to 2048 bits to prevent attacks such as Logjam * HAProxy TLS configuration has been restricted to modern ciphers * Improved error message in the profile management page * Allow precise error messages from the authentication source when providing invalid credentials on the captive portal * Aruba WiFi controllers now support wired RADIUS MAC authentication and 802.1X * Added Kickbox.io authentication source which can allow a new Null type source with email validation * Now redirecting to HTTP for devices that do not support self-signed certificates on the captive portal if needed * httpd.portal now serves static content directly (without going through Catalyst engine) * Introduction of a new configuration parameter (captive_portal.wispr_redirection) to allow enabling/disabling captive-portal WISPr redirection capabilities * File transfers through the webservices are now atomic to prevent corruption * New web API call to release all violations for a device * Added better error message propagation during a cluster synchronization * Added additional in-process caching for pfconfig proxied configuration * The server hostname is now displayed in the admin info box * Added a warning in the configurator when the user is configuring multiple interfaces in the same network * Added synchronization of the Fingerbank data in an active/active cluster * Client IP and MAC address are now available though direct variables in the captive portal templates * The IPlog can now be updated through RADIUS accounting * Devices in the registration VLAN may now be allowed to reach an Active Directory Server * Added an option to centralize deauthentication on the management node of an active/active cluster * Added the option to use only the management node as the DNS server in active/active clustering * Improved Ruckus ZoneDirector documentation regarding external captive portal * pfconfig daemon can now listen on an alternative unix socket * Improved handling of updating the /etc/sudoers file in packaging * Improved roles handling on AeroHive devices *Bug Fixes (bug Id is denoted with #id)* * Fix case where status page links would be pointing to the wrong protocol (HTTP vs HTTPS) * set_unreg_date and set_access_duration actions now have the same priority when matching rule and actions (#816) * Fixes the database query hanging in the captive portal * The person attributes lookup will now be made on the stripped username if needed (#888) * Active/active load balancing will now be dispatched based on the Calling-Station-Id attribute. * Fix unaccessible portal preview when no internal network is defined (#790) * Fixed a case where the wrong portal profile can be instantiated on the first connection * Improved error message in the profile management page (#858) * Do not use the PacketFence multi-domain FreeRADIUS module unless there are domains configured in PacketFence (#868) * We now handle gracefully switches sending double Calling-Station-Id attributes (#864) * Prevent OMAPI from being configured on the DHCP server without a key (#851) * Switched to the memcached binary protocol to avoid memcached injection exploit * Fixed ipset error if the device switches from one inline network to another * Fixed wrong configuration parameters for redirect url (now a per-profile parameter) * Fix bug with validation of mandatory fields causing exceptions in signup * Made DHCP point DNS only on cluster IP if passthroughs are enabled in active/active clusters (#820) * Defined the maximum message size that SNMP get can return (fixes VOIP LLDP/CDP detection on switch stacks #738) Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-5.4.0for the complete change log. See the UPGRADE file for notes about upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-5.4.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources:http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available:http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: * Documentation reviews, enhancements and translations * Feature requests or by sharing your ideas * Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) * Patches for bugs or enhancements * Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing tos...@in... <mailto:su...@in...> You can also fill our online form (http://www.inverse.ca/#contact) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 :: http://inverse.ca Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |
From: Louis M. <lm...@in...> - 2015-07-24 17:27:49
|
ANN: PacketFence 5.3.1 The Inverse team is pleased to announce the immediate availability of PacketFence 5.3.1. This is a minor release containing important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. This is strictly a bug fix release. It corrects the following issues. Bug Fixes Fixed radiusd dying due to OOM caused by pf::statsd calling on pf::config Fixed incorrect whisper retention policy affecting metrics such as server load and memory use Fixed SMS and email registration case where using a different device to register may set an incorrect role Added delete session reason to status page logout Fixed incorrect HTML escaping in LDAP and AD authentication sources The radiusd bugfix is important enough on it’s own to warrant upgrading. If you are running 5.1, 5.2 or 5.3 you can get that same bug fix by running the pf-maint.pl script without upgrading. Versions older than 5.1 are not affected. Best regards, -- Louis Munro lm...@in... :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |
From: Louis M. <lm...@in...> - 2015-07-22 18:58:49
|
ANNOUNCING: PacketFence 5.3.0 The Inverse team is pleased to announce the immediate availability of PacketFence 5.3.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: • powerful BYOD (Bring Your Own Device) capabilities • state-of-the art devices fingerprinting with Fingerbank • multiple enforcement methods including Role-Based Access Control (RBAC) and hotspot-style • compliance checks for endpoints present on your network • integration with various vulnerability scanners, intrusion detection solutions, security agents and firewalls • bandwidth accounting for all devices A complete overview of the solution is available from the official website: http://www.packetfence.org/about/overview.html Changes Since Previous Release New Features • Support for Single Sign-On integration with the iboss platform • Support for web authentication for NATed clients • Support for MAC Authentication and 802.1x for Alcatel-Lucent switches • Support for the IBM StackSwitch G8052 switch Enhancements • New Powershell scripts to allow unregistering nodes for disabled accounts on Active Directory • Force a JSON response if the Accept header is set to 'application/json' • Fingerbank processing in pfdhcplistener is now asyncronous using the webservices • Integration of pfconfig commands in bin/pfcmd • Added web form registration to Ruckus Controllers • Improved database maintenance script to prevent prolonged locking of tables • Active/Active mode will now send gratuitous ARPs to update routers when changing master node Bug Fixes • Fixed multiple XSS vulnerabilities in the administration GUI • Fixed incorrect RADIUS realm detection when using windows computer authentication • Fixed an issue with pfdns returning the wrong IP when using active/active mode • Fixed an issue on Debian and Ubuntu where the GUI could not change some field values • Fixed incorrect graphite document root on Ubuntu • Fixed SMS bug where the list of carriers could be accidentally deleted See https://github.com/inverse-inc/packetfence/commits/packetfence-5.3.0 for the complete change log. See the UPGRADE file for notes about upgrading: https://github.com/inverse-inc/packetfence/tree/packetfence-5.3.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources: http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available: http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: • Documentation reviews, enhancements and translations • Feature requests or by sharing your ideas • Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) • Patches for bugs or enhancements • Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing to su...@in... You can also fill our online form (http://www.inverse.ca/#contact) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Louis Munro lm...@in... :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |
From: Louis M. <lm...@in...> - 2015-06-18 20:36:56
|
The Inverse team is pleased to announce the immediate availability of PacketFence 5.2.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: • powerful BYOD (Bring Your Own Device) capabilities • state-of-the art devices fingerprinting with Fingerbank • multiple enforcement methods including Role-Based Access Control (RBAC) and hotspot-style • compliance checks for endpoints present on your network • integration with various vulnerability scanners, intrusion detection solutions, security agents and firewalls • bandwidth accounting for all devices A complete overview of the solution is available from the official website: http://www.packetfence.org/about/overview.html Changes Since Previous Release New Features • Introducing support for the PacketFence PKI application to manage certificates and authenticate RADIUS using EAP-TLS. • Twitter OAuth is now supported as an authentication source. • New 'portal' interface type to spawn a captive-portal instance on selected interface. • Inline mode now provides an ipset per devices role allowing for better granularity in managing them. • Support for OpenWrt 14.07 with hostapd. Enhancements • Specific vhost for httpd.portal diagnostics. • Added option to disable logging of sensitive information when failing to execute a command through pf_run. • Support for Meraki APs using web authentication on the cloud controller. • Passwords are now obfuscated in the Switch configuration. • Introduced new 'ports.httpd_portal_modstatus' configuration parameter to limit modstatus to a single virtual host. Bug Fixes • Allow the usage of an external monitoring database when using an Active/Active cluster. • Validate that a provisioner is not used before deleting it through the administration interface. • Stopped logging database password on schema import failure. • Fixed incorrect error message when an external portal authenticated device hits the unknown state. See https://github.com/inverse-inc/packetfence/commits/packetfence-5.2.0 for the complete change log. See the UPGRADE file for notes about upgrading: https://github.com/inverse-inc/packetfence/tree/packetfence-5.2.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources: http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available: http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: • Documentation reviews, enhancements and translations • Feature requests or by sharing your ideas • Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) • Patches for bugs or enhancements • Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing to su...@in... You can also fill our online form (http://www.inverse.ca/#contact) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Louis Munro lm...@in... :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |
From: Louis M. <lm...@in...> - 2015-05-26 20:53:32
|
Announcement: PacketFence 5.1.0 The Inverse team is pleased to announce the immediate availability of PacketFence 5.1.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: • powerful BYOD (Bring Your Own Device) capabilities • state-of-the art devices fingerprinting with Fingerbank • multiple enforcement methods including Role-Based Access Control (RBAC) and hotspot-style • compliance checks for endpoints present on your network • integration with various vulnerability scanners, intrusion detection solutions, security agents and firewalls • bandwidth accounting for all devices A complete overview of the solution is available from the official website: http://www.packetfence.org/about/overview.html Changes Since Previous Release New Features • New activation_domain feature allowing to expose a different domain than PacketFence's name in email templates • Added Windows Management Instrumentation (WMI) as a scan engine • Multiple scan engine definitions based on the OS type and role • Scan definition based on portal profiles • New external command action in violation • New API methods for adding, viewing or modifying a person • New performance dashboard based on Graphite allows tracking of core performance metrics such as number and latency of RADIUS requests, number of httpd processes and authorization latency • Define range of network switches (CIDR) in switch configuration • Module for Cisco Aironet 1600 • Added ability to join an Active Directory domain directly from the administration interface • Added the ability to join multiple Active Directory domains for EAP-PEAP authentication Enhancements • Verify if the database schema matches the current version of PacketFence • Removed the unnecessary "Upstream" listing from the "Combination" menu item of Fingerbank section • Ability to search in Fingerbank "Local" "Devices" listing • Allow rules to match on both source and action • pfsetvlan and snmptrapd are now stopped by default as most users no longer require them • Improve the end process redirection on the captive portal • Refactor mandatory fields to be dynamic and update the person table with them • Moved raddb/sites-enabled/packetfence and raddb/sites-enabled/packetfence-tunnel in conf/radiusd • pfcmd can now validate that certificates used by Apache and FreeRADIUS are still valid • Added new SMS carrier for Switzerland • Ability to fix Fingerbank files permissions from pfcmd fixpermissions Bug Fixes • Fixes tables displaying bugs in Fingerbank menu items • Fixed search values not being preserved in some cases • Fixed switch access list field turning into an object reference • Fixed bad redirection to the portal at the end of the registration process • Better handling of Fingerbank errors See https://github.com/inverse-inc/packetfence/commits/packetfence-5.1.0 for the complete change log. See the UPGRADE file for notes about upgrading: https://github.com/inverse-inc/packetfence/tree/packetfence-5.1.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources: http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available: http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: • Documentation reviews, enhancements and translations • Feature requests or by sharing your ideas • Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) • Patches for bugs or enhancements • Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing to su...@in... You can also fill our online form (http://www.inverse.ca/#contact) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Louis Munro lm...@in... :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |
From: Louis M. <lm...@in...> - 2015-05-04 16:05:11
|
Hello list members, We just released a minor update. PF 5.0.2 is out. This release is a bug fix only. No new features were introduced. Enhancements Added availables options (submit unknowns and update database) to the Fingerbank Settings page. PacketFence will now leave clients.conf.inc empty if cluster mode is disabled. Bug Fixes PacketFence will longer unregister a device in pending state if the device is hitting the portal more than once while in "pending" state. Fixed broken violation release process. Fixed multiple lines returning from pfconfig. Fixed undefined variables in portal template files. Fixed provisioners OS detection with Fingerbank. If you are already running 5.0.1 you may get the same code and fixes by running the /usr/local/pf/addons/pf-maint.pl script which will apply the same patches. This release is merely a convenience for people upgrading from earlier releases or installing from scratch. See https://github.com/inverse-inc/packetfence/blob/stable/NEWS.asciidoc for details Best regards from Inverse, -- Louis Munro lm...@in... :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |
From: Louis M. <lm...@in...> - 2015-04-22 20:40:44
|
Hello list members, We just released a minor update. PF 5.0.1 is out. This release is a bug fix only. No new features were introduced. Enhancements • A number of strings have seen their translations improved. • The Debian and Ubuntu documentation has been split and made clearer. • Detailed which features may not work in active/active cluster mode in the documentation. Bug Fixes • Added missing CHI File driver. • Delete left over Config::Fingerprint module in Debian and Ubuntu. • Fixed pfmon not starting when running a standalone PF server. • Fixed broken OS reporting. • Added missing dependency on perl-SOAP-Lite for packetfence-remote-snort-sensor. • Updating iplog without a lease time now reset end_time to default (0000-00-00 00:00:00) to avoid "closing" a valid entry • fixed pfcmd watch emailing functionality. • dhcpd will now properly obey the "disabled" configuration. If you are already running 5.0.0 you may get the same code and fixes by running the /usr/local/pf/addons/pf-maint.pl script which will apply the same patches. This release is merely a convenience for people upgrading from earlier releases or installing from scratch. See https://github.com/inverse-inc/packetfence/blob/stable/NEWS.asciidoc for details Best regards from Inverse, -- Louis Munro lm...@in... :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |
From: Ludovic M. <lma...@in...> - 2015-04-16 14:16:54
|
The Inverse team is pleased to announce the immediate availability of PacketFence 5.0.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: * powerful BYOD (Bring Your Own Device) capabilities * state-of-the art devices fingerprinting with Fingerbank * multiple enforcement methods including Role-Based Access Control (RBAC) and hotspot-style * compliance checks for endpoints present on your network * integration with various vulnerability scanners, intrusion detection solutions, security agents and firewalls * bandwidth accounting for all devices A complete overview of the solution is available from the official website:http://www.packetfence.org/about/overview.html Changes Since Previous Release *New Features* * New active/active clustering mode. This allows HTTP and RADIUS load balancing and improves availability * Fingerbank integration for accurate devices fingerprinting. It is now easier than ever to share devices fingerprinting. * Built-in support for StatsD. This allows fine grained performance monitoring and can be used to create a dashboard using Graphite * Local database passwords are now encrypted using bcrypt by default on all new installations. The old plaintext mode is still supported for legacy installations and to allow migration to the new mode * Devices can now have a "bypass role" that allows the administrator to manage them completely manually. This allows for exceptions to the authorization rules * Support for ISC DHCP OMAPI queries. This allows PacketFence to dynamically query a dhcpd instance to establish IP to MAC mappings *Enhancements* * Completely rewritten pfcmd command. pfcmd is now much easier to extend and will allow us to integrate more features in the near future * Rewritten IP/MAC mapping (iplog). Iplog should now never overflow * New admin role action USERS_CREATE_MULTIPLE for finer grained control of the admin GUI. An administrative account can now be prevented from creating more than one other account * PacketFence will no longer start MySQL when starting * PacketFence will accept to start even if there are no internal networks * Added a new listening port to pfdhcplistener to listen for replicated traffic * Added a user named "default" in replacement of the admin one * Adds support for HP ProCurve 2920 switches * Iptables will now allow access to the captive portal from the production network by default * Major documentation rewrite and improvements *Bug Fixes* * Fixed violations applying portal redirection when using web authentication on a Cisco WLC * Registration and Isolation VLAN ids can now be any string allowed by the RFCs * Devices can no longer remain in "pending" state indefinitely Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-5.0.0for the complete change log. See the UPGRADE file for notes about upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-5.0.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources:http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available:http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: * Documentation reviews, enhancements and translations * Feature requests or by sharing your ideas * Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) * Patches for bugs or enhancements * Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing tos...@in... <mailto:su...@in...> You can also fill our online form (http://www.inverse.ca/#contact) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 ::http://inverse.ca Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |
From: Louis M. <lm...@in...> - 2015-03-06 21:10:36
|
The Inverse team is pleased to announce the immediate availability of PacketFence 4.7.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from 4.6.1 is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: • Powerful BYOD (Bring Your Own Device) capabilities • Simple and efficient guests management • Multiple enforcement methods with Role-Based Access Control (RBAC) • Compliance checks for endpoints present on your network • Integration with various vulnerability scanners, intrusion detection solutions and firewalls • Bandwidth accounting for all devices A complete overview of the solution is available from the official website: http://www.packetfence.org/about/overview.html Changes Since Previous Release New Features • The admin GUI is now customizable. • New category filter on portal profile allows to select a portal based on existing role of a device. • New PacketFence-config service allows effortless scaling to thousands of switches and reduces memory use. Enhancements • Nodes are now searchable by status • Removed SSLv3 and legacy ciper suites support from default httpd configuration to prevent POODLE exploit and FREAK attack. • Added an option to display Bypass VLAN of a node in the Admin GUI. • Added nested groups support for Active Directory. • It is now possible to check if a device has already authenticated as member of an Active-Directory domain prior to user authentication. • Improved portal language detection. • Devices will now avoid autocorrect / uppercasing the login field in the captive portal. • Now supports roaming without SNMP on Aerohive APs. Bug Fixes • Fixed broken default behaviour when receiving an SNMP trap. • Fixed email confirmation template for sponsor. • Fixed email subject encoding. • Fixes allowing a non-sponsored user to verify a sponsored email address. • Fixed invalid floating device creation where the MAC address was not normalized. • Fixed the date range search in node advanced search. See https://github.com/inverse-inc/packetfence/commits/packetfence-4.7.0 for the complete change log. See the UPGRADE file for notes about upgrading: https://github.com/inverse-inc/packetfence/tree/packetfence-4.7.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources: http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available: http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: • Documentation reviews, enhancements and translations • Feature requests or by sharing your ideas • Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) • Patches for bugs or enhancements • Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing to su...@in... You can also fill our online form (http://www.inverse.ca/about/contact.html) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. |
From: Ludovic M. <lma...@in...> - 2015-02-05 15:03:19
|
The Inverse team is pleased to announce the immediate availability of PacketFence 4.6.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from 4.5.1 is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: * Powerful BYOD (Bring Your Own Device) capabilities * Simple and efficient guests management * Multiple enforcement methods with Role-Based Access Control (RBAC) * Compliance checks for endpoints present on your network * Integration with various vulnerability scanners, intrusion detection solutions and firewalls * Bandwidth accounting for all devices A complete overview of the solution is available from the official website:http://www.packetfence.org/about/overview.html Changes Since Previous Release *New Features* * Added support for MAC authentication on the AeroHIVE Branch Router 100 * Added support for MAC authentication floating devices on Juniper EX series, and on the Cisco Catalyst series * Added a hybrid 802.1x + web authentication mode for Cisco Catalyst 2960 * Added a web notification when network access is granted * Added the ability to tag functions that are allowed to be exposed through the web API * Added WiFi autoconfiguration for Windows through packetfence-windows-agent * Added a "Chained" authentication source where a user must first login in order to register by SMS, Email or SponsorEmail * Added call to the web API from the VLAN filters * Added a way to retrieve user information after the first registration * Added the ability to filter profiles by connection type * Profiles can be matched by all or any of its filters * Can optionally cache the results of LDAP rule matching for a user * New portal profile parameter to set a retry limit for SMS-based activation * The information available from an OAuth source (first name, last name, ...) are now added to the person when registering * Allow limiting the user login attempts * Added Check Point firewall integration for Single Sign-On *Enhancements* * Added httpd.aaa service as a new API service for the exclusive use of RADIUS * More precisely define which DHCP message types we are listening for * Removed dead code referring to 'external' interface type which was no longer supported * Added VLAN filter in getNodeInfoForAutoReg and update/create person even if the device has been autoreg * Refactored the VLAN filter code to reduce code duplication * Added IMG path configuration parameter in admin * Added the ability to restrict the roles, access levels and access durations for admin users based on their role/access level * Reduced deadlocks caused by the cleaning of the iplog table * Reduced deadlocks caused by the cleaning of the locationlog table * Reorganized the portal profile configuration page * Added checkup on Apache filters and VLAN filters * Created a single LDAP connection when matching against multiple rules * Reduced the numbers of entries in iplog table (update end_time instead of closing and inserting a new line) * Now matching on language and not only language/country combination for violation templates (See UPGRADE guide) * PacketFence FreeRADIUS will return reject on "NAS-Prompt-User" Service-Type requests (Console login using RADIUS as backend) * PacketFence now allows limiting the number of times a user can request an sms message *Bug Fixes* * Fixed old MAC addresses being left on port-security enabled ports in a RADIUS + port-security environment * Fixed firewall rule that allows httpd.portal to be reached on management IP when pre-registration enabled * Fixed creating a new file from the Portal Profile GUI in a subdirectory * Improved log rotation handling * Fixed previewing templates in the admin GUI * Fixed bulk applying of roles and violations in the admin GUI * Fixed importing of nodes when no pid is given * Added a cleanup of trailing and leading spaces of the posted username during the login * Fixed wrong regex to detect ifindex in Cisco switches * Honor order of profiles when matching profile filters * Fixed URI based portal profiles * Fixed XSS vulnerabilities in the portal * Refresh node page after updating a node * Fixed multiple pfdhcplistener spawning * Fixed double display of the user page * Fixed displaying of rules description after updating source * Removed executable bit on some files which do not require it Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-4.6.0for the complete change log. See the UPGRADE file for notes about upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-4.6.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources:http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available:http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: * Documentation reviews, enhancements and translations * Feature requests or by sharing your ideas * Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) * Patches for bugs or enhancements * Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing tos...@in... <mailto:su...@in...> You can also fill our online form (http://www.inverse.ca/about/contact.html) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 :: http://inverse.ca Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |
From: Jason F. <xen...@go...> - 2014-12-19 15:24:31
|
Ludovic Marcotte wrote: > Hello, > > Since we are approaching the end of the year, we thought we should send > you a small update of the projects we have been working on at Inverse > for PacketFence. Um.. * W O W *... I am extremely excited for a number of these items. Is there an official roadmap of when features are expected? Or perhaps a priority list for features? The multimaster and dashboard enhancements are the immediate features I'll be cheering on, but the rest of this looks amazing as well. > As you can see with all these projects, the team has worked pretty hard! > > At the beginning of 2015, we will start integrating these solutions and > release the PacketFence v5 series gradually with these features. In the > meantime, all our developments are available on GitHub. Looks like 2015 is going to be a HUGE year for Inverse. Keep up the great work! > Thanks! > > -- > Ludovic Marcotte -- --------------------------- Jason 'XenoPhage' Frisvold xen...@go... --------------------------- "Any sufficiently advanced magic is indistinguishable from technology.\" - Niven's Inverse of Clarke's Third Law |
From: Ludovic M. <lma...@in...> - 2014-12-17 17:30:45
|
Hello, Since we are approaching the end of the year, we thought we should send you a small update of the projects we have been working on at Inverse for PacketFence. 1. *Multimaster Configuration*- while it is possible to separate and distribute components used in PacketFence on multiple servers, having multimaster support really simplify deployments on large-scale infrastructures. By integrating proven technologies such as HAProxy, MariaDB Galera Cluster, keepalived and others, we added horizontal deployment capabilities to PacketFence. You have more users to handle, you add an other server and it will automatically integrate the cluster and obtain its configuration! 2. *Fingerbank Integration*- a few months ago, we announced a major overhaul of the Fingerbank project. We have been working on integrating the new version in PacketFence itself. This will greatly ease the update and sharing process of fingerprints and also simplify their usage in PacketFence. The current Fingerbank database has 25 000 combinations and it's growing by thousands every week! 3. *Dashboard*- this project is a complete overhaul of the PacketFence dashboard which would allow easy integrating of performance indicators. The current dashboard lack such information and has issues coping with a large datasets. By integrating in PacketFence proven technologies such as Graphite, collectd and StatsD we can now generate stunning graphs while handling tons of data! Folks can also use their frontend if they prefer - as shown below with Tessera! 4. *PKI*- sometimes, organizations want to generate a per-device TLS certificate during the registration/on-boarding. To meet this requirement, we have created a small PKI solution that integrates with PacketFence's registration process. This project gives efficient yet elegant certificates management capabilities to PacketFence! 5. *Provisioning Agents*- While our current provisioning agents do the job for EAP-PEAP, they currently lack EAP-TLS support and the configuration is not automated within PacketFence. We have greatly improved them by adding EAP-TLS support, integration with our PKI and improved the configuration and management options from the Web administrative interface of PacketFence. 6. *Software Defined Networking (SDN)*- SDN and OpenFlow are interesting technologies and vendors are now pushing them on edge switches and WiFi controllers. We have developed an OpenDayLight plugin for PacketFence in order to support SDN-aware equipment. This allows PacketFence to push OpenFlow flows for network enforcement and thus, not rely on RADIUS or anything else. SDN will most likely play an important role in future network and PacketFence will be ready once again. 7. *WMI Integration*- PacketFence already integrates well with vulnerability scanners and MDM/security agents. We have extended our compliance check capabilities by adding Windows Management Instrumentation (WMI) support in PacketFence. This means that PacketFence is now able to execute a set of WMI scripts on endpoints and based on the results, proceed with an action such as auto-registering the device, quarantining it and more. 8. *Checkpoint Integration*- We currently support firewall-SSO with Barracuda, Fortigate and PaloAlto firewalls. This project extends our current support to include Checkpoint-based firewalls for SSO. As you can see with all these projects, the team has worked pretty hard! At the beginning of 2015, we will start integrating these solutions and release the PacketFence v5 series gradually with these features. In the meantime, all our developments are available on GitHub. Thanks! -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 :: http://inverse.ca Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |
From: Ludovic M. <lma...@in...> - 2014-11-10 18:19:38
|
The Inverse team is pleased to announce the immediate availability of PacketFence 4.5.1. This is a minor release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from 4.5.0 is advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: * Powerful BYOD (Bring Your Own Device) workflows * Simple and efficient guests management * Multiple enforcement methods with Role-Based Access Control (RBAC) * Compliance checks for endpoints present on your network * Integration with various vulnerability scanners, intrusion detection solutions and firewalls * Bandwidth accounting for all devices A complete overview of the solution is available from the official website: http://www.packetfence.org/about/overview.html Changes Since Previous Release *New Features* * Added compliance enforcement to OPSWAT GEARS provisioner *Enhancements* * Make Cisco web authentication sessions use less memory * Internationalized the provisioners templates *Bug Fixes* * Fix node pagination when sorting * Fix provisioners that were not enforced on external authentication sources * Fix IBM and Symantec provisioners configuration form See https://github.com/inverse-inc/packetfence/commits/packetfence-4.5.1 for the complete change log. See the UPGRADE file for notes about upgrading: https://github.com/inverse-inc/packetfence/tree/packetfence-4.5.1/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources: http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available: http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: * Documentation reviews, enhancements and translations * Feature requests or by sharing your ideas * Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) * Patches for bugs or enhancements * Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing to su...@in... <mailto:su...@in...> You can also fill our online form (http://www.inverse.ca/about/contact.html) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 :: http://inverse.ca Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |
From: Ludovic M. <lma...@in...> - 2014-10-27 17:50:53
|
*Malmö, Sweden and Montreal, Canada - October 27, 2014 - Anyfi Networks and Inverse today announced that they have successfully interoperability tested Anyfi's Software-Defined Wireless Networking (SWDN) Gateway with PacketFence.* ------------------------------------------------------------------------ PacketFence is a fully supported, free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful guest management options, 802.1X support and layer-2 isolation of problematic devices, it can be used to effectively secure small networks to very large heterogeneous networks. The Gateway is part of Anyfi's suite of SDN-based carrier Wi-Fi products enabling service providers and enterprises to build and manage large scale Wi-Fi networks with unprecedented security, flexibility and economies of scale. The Gateway, running as a virtual machine or on bare metal x86 hardware in a corporate data center or service provider core, terminates Wi-Fi over IP tunnels coming in from ultra thin access points. Access points can be from multiple vendors, installed anywhere there is Internet access, or even carried around as a 3G hotspot. While the Anyfi Gateway represents an entirely new class of product to interoperate with PacketFence, it connects on the same interfaces as a classic WLAN controller: RADIUS for AAA and Ethernet for payload data. "/It was a pleasure working with Anyfi on this integration, and from our perspective it was very similar to what we've previously done with WLAN controllers from Aruba, Meru, Extricom and Ruckus, commented Ludovic Marcotte, CEO of Inverse./" The combined solution is compatible with any access point integrating Anyfi.net software. This software is already available on request from many leading residential gateway vendors and Anyfi is working with partners to make it a standard component in Wi-Fi routers and APs. For the impatient there's CarrierWrt, a third party firmware for many popular Wi-Fi routers that comes with Anyfi.net software pre-integrated. About Anyfi Networks Anyfi Networks is the company behind the Software Defined Wireless Networking (SDWN) architecture and the Wi-Fi mobility platform Anyfi.net. Founded in 2009, it is leading the way in carrier-grade Wi-Fi services with a seamless and secure user experience. For more information please visit www.anyfinetworks.com <http://www.anyfinetworks.com/> or contact sa...@an... <javascript:linkTo_UnCryptMailto('ocknvq,ucnguBcpahkpgvyqtmu0eqo');>. About Inverse/PacketFence PacketFence is a fully supported, free and open source network access control (NAC) system. It can be used to effectively secure wired and wireless networks – from small to very large heterogeneous networks. The leader behind the PacketFence solution, Inverse provides integration and support services for PacketFence and has deployed the solution in numerous production environments where thousands of users are involved. Since 2003, Inverse has been the leader in Quebec for Open Source software development and deployments. For more information, please visit http://inverse.ca <http://inverse.ca/> and http://www.packetfence.org <http://www.packetfence.org/>. -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |
From: Ludovic M. <lma...@in...> - 2014-10-22 19:12:51
|
The Inverse team is pleased to announce the immediate availability of PacketFence 4.5.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from 4.4.0 is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: * Powerful BYOD (Bring Your Own Device) workflows * Simple and efficient guests management * Multiple enforcement methods with Role-Based Access Control (RBAC) * Compliance checks for endpoints present on your network * Integration with various vulnerability scanners, intrusion detection solutions and firewalls * Bandwidth accounting for all devices A complete overview of the solution is available from the official website:http://www.packetfence.org/about/overview.html Changes Since Previous Release *New Features* * Added provisioning support for Symantec SEPM, MobileIron and OPSWAT (see our press release <http://www.packetfence.org/news/2014/article/packetfence-integrates-with-opswat-gears-for-advanced-compliance-enforcement.html> and upcoming webinar <http://www.packetfence.org/news/2014/article/webinar-packetfence-and-opswat-gears.html> about it) * Added Barracuda firewall support for single sign-on * pfmon can now run tasks on different intervals * Added a way to reevaluate the access of a node from the admin interface * Added a "Blackhole" authentication source * Added a new violation to enforce provisioning of agents * Violation can now be delayed * Added portal profile filter based on switch-port couple *Enhancements* * Cache the ipset rule update to avoid unnecessary calls to ipset * Dynamically load violations and nodes for a user for display in admin gui * Dynamically load violations for a node for display in admin gui * Ensure only one pfmon is running at a time *Bug Fixes* * Fix issue with userMiscellaneous and userCustomFields not showing if user does not have NODES_READ privilege * Fix MAC detection from IP on the Catalyst portal when using web authentication on the WLC controller. * Fix timestamp resolution not catching sub second changes in file in cache layer * Fixed handling of expiration time on the captive portal’s status page Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-4.5.0for the complete change log. See the UPGRADE file for notes about upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-4.5.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources:http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available:http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: * Documentation reviews, enhancements and translations * Feature requests or by sharing your ideas * Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) * Patches for bugs or enhancements * Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing tos...@in... <mailto:su...@in...> You can also fill our online form (http://www.inverse.ca/about/contact.html) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 :: http://inverse.ca Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |
From: Ludovic M. <lma...@in...> - 2014-10-08 20:47:29
|
Hello, Over the past few months at Inverse, we completely reworked the Fingerbank (http://www.fingerbank.org) project. The idea to transform the Fingerbank project into a thorough device fingerprinting solution started from the development of PacketFence <http://www.packetfence.org>, our Network Access Control solution. PacketFence uses and collects more than only DHCP fingerprints to uniquely identify devices connected to a network. We build our database from DHCP fingerprints, but also MAC address patterns and browser User-Agents. We are already in the process of adding other fingerprinting technologies such as SSL options ordering , TCP-level checks, UAProf and more. While reworking the project, we also created a Web front-end application to our Fingerbank project. It is available from here: https://fingerbank.inverse.ca/ To automate the process of querying Fingerbank, we also provide a public Web API that developers can use for free. The API documentation is available here: https://fingerbank.inverse.ca/api_doc You can also download the whole database as a SQLite file from here: https://fingerbank.inverse.ca/download. We currently have over 4200 device fingerprints and we have a lot more to import in the next few days. The solution we put in place will allow us to grow our database much more efficiently. It will also allow easier contributions from the community. Finally, our Web API allows any application out there to query our database in order to properly identify devices. We encourage you to use our Fingerbank project and contribute to it. PacketFence will also soon be tightly integrated with the new Fingerbank project. If you have any question, please contact us at in...@in... <mailto:in...@in...>. Thanks! -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 ::http://inverse.ca Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |
From: Francis L. <fla...@in...> - 2014-09-11 13:16:25
|
The Inverse team is pleased to announce the immediate availability of PacketFence 4.4.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from 4.3.0 is strongly advised. What is PacketFence? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: Powerful BYOD (Bring Your Own Device) workflows Simple and efficient guests management Multiple enforcement methods with Role-Based Access Control (RBAC) Compliance checks for computers present on your network Integration with various vulnerability scanners and intrusion detection solutions Bandwidth accounting for all devices A complete overview of the solution is available from the official website: http://www.packetfence.org/about/overview.html Changes Since Previous Release New Features Added the possibility to search by computer name on the nodes page Added support for the Anyfi WiFi controller Show portal profiles directly on the admin gui Added local account authentication for EAP Added support for unreg date with dynamic year Added support for NetGear FSM7328S switches Added new network profile filter Added external captive portal support for AeroHIVE Added external captive portal support for Xirrus Added support for Dynamic Access lists on the Cisco Catalyst 2960 Added the ability to search switches Added support for Dlink DES3028 switches Added reuse 802.1x credential on the portal profile Added support for Mikrotik access point Added ability to create local accounts when registering with external authentication sources Enhancements Added support to configure either NATting or routed mode for inline layer 2 interfaces from the GUI Added informational messages in the GUI for inline interfaces Improvement of Inline Layer 3 (Inline L3 can only be defined behind Inline Layer 2 network) pfbandwidthd is now able to capture on all inline interfaces Added an option to set the timeout value for LDAP connections in authentication sources FreeRADIUS default configuration should now be more scalable and resilient to misbehaving devices Added the possibility to create rules using the username in OAuth authentication sources Added the RADIUS request to the vlan filter Moved from using Storable to Sereal to serialize cached data Refactored portal profile filters to make it easier to extend Improved support for Dlink DES 3526 switches Rewrited log format [] for device mac () for switch "" for userID Improve error handling of web api Raised ServerLimit on Apache httpd.portal, lowered httpd.portal Timeout and KeepAliveTimeout to improve responsiveness under load Do not overlay the controllerIp if one is already defined when creating a switch Verify the user roles level before creating a user via the admin gui Added test iplogs not closed in pftest Remove direct usage of Apache2 modules in captive portal Bug Fixes Fix issue when adding multiple portal profile filters causing the wrong type to be picked Fix issue when a trap is received for a switch that does not implement parseTrap() Fix issue when a role is changed in the administration interface and the node's access is not reevaluated Fix issue when a passthrough is not able to be resolved and would generate an invalid DNS response Fix missing files in logrotate file Fix issue when setting a port in trunk on a Cisco Catalyst 3560, 3750 and 3750G would fail Fix admin roles for bulk actions for nodes/users Fix issue where person was not updated in the database because of a case (non) match Fix send user password by email from the GUI Fix backward compatibility issue for gaming-registration that should redirect to device-registration Fix device-registration and status pages that were not accessible in inline mode when doing high-availability Fix filetype of wireless-profile.mobileconfig not being set properly Fix issue of iplog entries not being closed See https://github.com/inverse-inc/packetfence/commits/packetfence-4.4.0 for the complete change log. See the UPGRADE file for notes about upgrading: https://github.com/inverse-inc/packetfence/tree/packetfence-4.4.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources: http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available: http://www.packetfence.org/documentation/ How Can I Help? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: Documentation reviews, enhancements and translations Feature requests or by sharing your ideas Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) Patches for bugs or enhancements Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing to su...@in... You can also fill our online form (http://www.inverse.ca/about/contact.html) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. |
From: Stormont, S. (IMS) <Sto...@im...> - 2014-07-30 18:13:56
|
Sorry for the amount of detail, but we are trying to setup PacketFence and wanted to include as much info as possible to help diagnose our issue. We have PacketFence installed on a server (172.22.0.3). We have three interfaces defined in PacketFence: Management (172.22.0.3/23), Isolation (12.22.2.3/23), and Registration (172.22.38.3/23). Those interfaces are plugged into our core Extreme Networks Summit switch into matching VLANs: "Internal_Appliances" (172.22.0.1/23), "MAC_Isolation" (172.22.2.1/23), and "MAC_Registration" (172.22.38.1/23). That switch is then uplinked to our desktop switch, where we have created a "MAC_Isolation" (172.22.2.2/23), "MAC_Registration" (172.22.38.2/23), MAC_Temp (no IP), and "Desktops" (172.22.34.2/23). We want the ports to eventually end up in the "Desktops" VLAN after authorization. The steps below were performed on the Extreme switch to which the desktops are connected, using Port 5:13 as our test. create vlan MAC_Registration config vlan "MAC_Registration" tag 369 create vlan MAC_Temp enable snmp access configure snmp add trapreceiver 172.22.0.3 community public vr VR-DEFAULT configure vlan MAC_Registration add ports 5:13 untagged configure ports 5:13 vlan MAC_Registration lock-learning disable snmp traps port-up-down ports 5:13 configure radius netlogin primary server 172.22.0.3 1812 client-ip 172.22.32.2 vr VR-Default configure radius netlogin primary shared-secret (password) enable radius netlogin configure netlogin vlan MAC_Temp enable netlogin mac configure netlogin dynamic-vlan enable configure netlogin dynamic-vlan uplink-ports 4:45 configure netlogin mac authentication database-order radius enable netlogin ports 5:13 mac configure netlogin ports 5:13 mode port-based-vlans configure netlogin ports 5:13 no-restart Now, every 5 minutes, these messages show up in the switch log and the test desktop in question doesn't show up in the nodes in PacketFence. 07/30/2014 13:47:39.42 <Info:nl.ClientAuthFailure> Slot-1: Authentication failed for Network Login MAC user 3C970EADB66B Mac 3C:97:0E:AD:B6:6B port 5:13 07/30/2014 13:47:39.42 <Warn:AAA.RADIUS.noServResp> Slot-1: No response from server 172.22.0.3 trying local. 07/30/2014 13:47:39.42 <Warn:AAA.RADIUS.noServerResp> Slot-1: No servers responding 07/30/2014 13:47:36.42 <Warn:AAA.RADIUS.resendPkt> Slot-1: Resend request to Authentication Server address 172.22.0.3 current request count is 2 07/30/2014 13:47:33.41 <Warn:AAA.RADIUS.resendPkt> Slot-1: Resend request to Authentication Server address 172.22.0.3 current request count is 1 The results of "show netlogin" and "show radius" on the switch returns the following: Slot-1 Stack.4 # show netlogin NetLogin Authentication Mode : web-based DISABLED; 802.1x DISABLED; mac-based ENABLED NetLogin VLAN : "MAC_Temp" NetLogin move-fail-action : Deny NetLogin Client Aging Time : 5 minutes Dynamic VLAN Creation : Enabled Dynamic VLAN Uplink Ports : 4:45 ------------------------------------------------ Web-based Mode Global Configuration ------------------------------------------------ Base-URL : network-access.com Default-Redirect-Page : ENABLED; http://www.extremenetworks.com Logout-privilege : YES Netlogin Session-Refresh : ENABLED; 3 minute(s) 0 second(s) Refresh failures allowed : 0 Reauthenticate on refresh: Disabled Authentication Database : Radius, Local-User database Proxy Ports : 80(http),443(https) ------------------------------------------------ ------------------------------------------------ 802.1x Mode Global Configuration ------------------------------------------------ Quiet Period : 60 Supplicant Response Timeout : 30 Re-authentication period : 3600 Max Re-authentications : 3 RADIUS server timeout : 30 EAPOL MPDU version to transmit : v1 Authentication Database : Radius ------------------------------------------------ ------------------------------------------------ MAC Mode Global Configuration ------------------------------------------------ MAC Address/Mask Password (encrypted) Port(s) -------------------- ------------------------------ ------------------------ Default <not configured> any Re-authentication period : 0 (Re-authentication disabled) Authentication Database : Radius ------------------------------------------------ Port: 5:13, Vlan: MAC_Registration, State: Enabled, Authentication: mac-based Guest Vlan <Not Configured>: Disabled Authentication Failure Vlan <Not Configured>: Disabled Authentication Service-Unavailable Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User 3c:97:0e:ad:b6:6b 0.0.0.0 No MAC 0 ----------------------------------------------- (B) - Client entry Blackholed in FDB Number of Clients Authenticated : 0 Slot-1 Stack.5 # show radius Switch Management Radius: disabled Switch Management Radius server connect time out: 3 seconds Switch Management Radius Accounting: disabled Switch Management Radius Accounting server connect time out: 3 seconds Netlogin Radius: enabled Netlogin Radius server connect time out: 3 seconds Netlogin Radius Accounting: disabled Netlogin Radius Accounting server connect time out: 3 seconds Primary Netlogin Radius server: Server name : IP address : 172.22.0.3 Server IP Port: 1812 Client address: 172.22.38.2 (VR-Default) Shared secret : 2\q;sJ;@F=8Bjn Access Requests : 13752 Access Accepts : 0 Access Rejects : 0 Access Challenges : 0 Access Retransmits: 9168 Client timeouts : 4584 Bad authenticators: 0 Unknown types : 0 Round Trip Time : 0 ________________________________ Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error. |
From: Ludovic M. <lma...@in...> - 2014-06-26 19:21:42
|
The Inverse team is pleased to announce the immediate availability of PacketFence 4.3.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from 4.2 is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: * Powerful BYOD (Bring Your Own Device) workflows * Simple and efficient guests management * Multiple enforcement methods with Role-Based Access Control (RBAC) * Compliance checks for computers present on your network * Integration with various vulnerability scanners and intrusion detection solutions * Bandwidth accounting for all devices A complete overview of the solution is available from the official website:http://www.packetfence.org/about/overview.html Changes Since Previous Release *New Features* * Added MAC authentication support for Edge-corE 4510 * Added support for Ruckus External Captive Portal * Support for Huawei S2700, S3700, S5700, S6700, S7700, S9700 switches * Added support for LinkedIn and Windows Live as authentication sources * Support for 802.1X on Juniper EX2200 and EX4200 switches * Added support for the Netgear M series switches * Added support to define SNAT interface to use for passthrough * Added Nessus scan policy based on a DHCP fingerprint * Added support to unregister a node if the username is locked or deleted in Active Directory * Fortinet FortiGate and PaloAlto firewalls integration * New configuration parameters in switches.conf to use mapping by VLAN and/or mapping by role *Enhancements* * When validating an email confirmation code, use the same portal profile initially used by to register the device * Removed old iptables code (ipset is now always used for inline enforcement) * MariaDB support * Updated WebAPI method * Use Webservices parameters from PacketFence configuration * Use WebAPI notify from pfdhcplistener (faster) * Improved Apache SSL configuration forbids SSLv2 use and prioritzes better ciphers * Removed CGI-based captive portal files * For device registration use the source used to authenticate for calculating the role and unregdate (bugid:1805) * For device registration, we set the "NOTES" field of the node with the selected type of device (if defined) * On status page check the portal associated to the user and authenticate on the sources included in the portal profile * Merge pf::email_activation and pf::sms_activation to pf::activation * Removed unused table switchlocation * Deauthentication and firewall enforcement can now be done throught the web API * Added support to configure high-availability from within the configurator/webadmin * Changed the way we're handling DNS blackholing when unregistered in inline enforcement mode (using DNAT rather than REDIRECT) * Now handling rogue DHCP servers based both on the server IP and server MAC address *Bug Fixes* * Fixed pfdetectd not starting because of stale pid file * Fixed SQL join with iplog in advanced search of nodes * Fixed unreg date calculation in Catalyst captive portal * Fixed allowed_device_types array in device registration page (bugid:1809) * Fixed VLAN format to comply with RFC 2868 * Fixed possible double submission of the form on the billing page * Fixed db upgrade script to avoid duplicate changes to locationlog table See the ChangeLog file for the complete list of changes:https://github.com/inverse-inc/packetfence/tree/packetfence-4.3.0/ChangeLog See the UPGRADE file for notes about upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-4.3.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources:http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available:http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: * Documentation reviews, enhancements and translations * Feature requests or by sharing your ideas * Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) * Patches for bugs or enhancements * Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing tos...@in... <mailto:su...@in...> You can also fill our online form (http://www.inverse.ca/about/contact.html) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 :: http://inverse.ca Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |
From: hasan a. <has...@gm...> - 2014-06-07 20:57:44
|
Hi; /etc/init.d/NetworkManager stop /sbin/chkconfig NetworkManager off also in /etc/sysconfig/network-scripts/ifcfg-ethX ( where X is the Network Interface ) adjust NM_CONTROLLED to “no”. 2014-06-04 21:28 GMT+03:00 John Wagner <jw...@hu...>: > New to Linux, running Centos 6, and new to PacketFence. The admin guide > for v4.2.0 says to disable resolvconf. Googling has not produced an > answer. Please tell me how to disable resolvconf. > > > > Thank You, > > John Wagner > > Network Administrator > > Huntington University > > > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/NeoTech > _______________________________________________ > PacketFence-announce mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-announce > > |