Menu
▾
▴
packetfence-announce — This list is for public announcements regarding PacketFence. Moderated.
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
(2) |
Apr
(1) |
May
(5) |
Jun
|
Jul
(1) |
Aug
(1) |
Sep
|
Oct
|
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
(3) |
Aug
(1) |
Sep
(2) |
Oct
(2) |
Nov
(1) |
Dec
(3) |
| 2009 |
Jan
(2) |
Feb
(1) |
Mar
(2) |
Apr
(2) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(3) |
Sep
|
Oct
|
Nov
|
Dec
(4) |
| 2010 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(2) |
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
(2) |
| 2011 |
Jan
(1) |
Feb
(1) |
Mar
(4) |
Apr
|
May
(2) |
Jun
(2) |
Jul
|
Aug
(1) |
Sep
(1) |
Oct
(1) |
Nov
(2) |
Dec
(2) |
| 2012 |
Jan
|
Feb
(1) |
Mar
(1) |
Apr
(6) |
May
|
Jun
(5) |
Jul
|
Aug
(2) |
Sep
(2) |
Oct
(3) |
Nov
|
Dec
|
| 2013 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
(3) |
Aug
(5) |
Sep
(2) |
Oct
|
Nov
|
Dec
(1) |
| 2014 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(3) |
Jun
(3) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
(3) |
Nov
(1) |
Dec
(2) |
| 2015 |
Jan
|
Feb
(1) |
Mar
(1) |
Apr
(2) |
May
(2) |
Jun
(1) |
Jul
(2) |
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2016 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
(2) |
May
(1) |
Jun
(2) |
Jul
(1) |
Aug
|
Sep
|
Oct
(1) |
Nov
(5) |
Dec
(1) |
| 2017 |
Jan
(1) |
Feb
|
Mar
|
Apr
(1) |
May
(2) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
|
From: Ludovic M. <lma...@in...> - 2016-04-19 22:25:16
|
The Inverse team is pleased to announce the immediate availability of
PacketFence 6.0.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from previous versions is strongly advised.
What is PacketFence?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* powerful BYOD (Bring Your Own Device) capabilities
* state-of-the art devices fingerprinting with Fingerbank
* multiple enforcement methods including Role-Based Access Control
(RBAC) and hotspot-style
* compliance checks for endpoints present on your network
* integration with various vulnerability scanners, intrusion detection
solutions, security agents and firewalls
* bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:http://packetfence.org/about.html
Changes Since Previous Release
*New Features*
* Fully redesigned frontend and backend of the captive portal
* Parking state for unregistered devices (where it will have a longer
DHCP lease time and will only access a lightweight portal)
* CentOS 7 and Debian 8 (Jessie) support
* RADIUS support for Avaya switches
* New filter engine to return custom answers in pfdns
* Redirect URL are defined in Role by Web Auth URL switch
configuration (Cisco)
* Added support for Captive-Portal DHCP attribute (RFC7710)
* Added Google Project Fi as a SMS carrier for SMS signup option
* FreeRADIUS 3 support with Redis integration
*Enhancements*
* Added ability to expire users
* Automatically update all the Fingerbank databases (Redis, p0f, SQLite3)
* Do not allow the TRACE method to be used in any of the web processes
* Can now limit the maximum unregdate an administrator can set to a person
* Added option to disable the accounting recording in the SQL tables
* Added caching of the latest accounting request for use in access
reevaluation
* Reduced the number of webservices calls during RADIUS accounting
* Added configuration for Apache 2.4 with Template Toolkit
* Added a timer for each RADIUS request (radius audit log)
*
Assign the voice role to VoIP devices when PacketFence detects them
* Renamed VLAN to Role in admin GUI violation
* Unregistering a node from a secure connection to an unsecured one is
now managed by the VLAN filters
* Location history of a node now shows the role instead of the VLAN id
* Documentation to configure Cisco switches with Identity Networking
Policy
* Trigger violation on source or destination IP address only if they
are in the trapping range networks
* Performance improvement for VoIP detection
* Added new RADIUS filter return option (random number in a range)
* Reinstated iplog (iplog_history and iplog_archive) rotation/cleanup
jobs performed by pfmon
* An asynchronous LDAP lookup is now done on each 802.1x request to
populate the person fields for that user
*Bug Fixes*
* Compute unregistration date for secure connections
* Fixed unescape value in LDAP search
* Fixed Apache 2.4 core dump
* Fixed update locationlog from accounting start with the wrong
connection type
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-6.0.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-6.0.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the sources:http://packetfence.org/download.html
Documentation about the installation and configuration of PacketFence is
also available:http://packetfence.org/support/index.html#/documentation
How Can I Help?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(http://packetfence.org/support/index.html#/community)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
tos...@in... <mailto:su...@in...>
You can also fill our online form (http://inverse.ca/#contact) and a
representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
lma...@in... :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
|
|
From: Ludovic M. <lma...@in...> - 2016-02-17 21:15:01
|
The Inverse team is pleased to announce the immediate availability of
PacketFence 5.7.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from previous versions is strongly advised.
What is PacketFence ?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* powerful BYOD (Bring Your Own Device) capabilities
* state-of-the art devices fingerprinting with Fingerbank
* multiple enforcement methods including Role-Based Access Control
(RBAC) and hotspot-style
* compliance checks for endpoints present on your network
* integration with various vulnerability scanners, intrusion detection
solutions, security agents and firewalls
* bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:http://www.packetfence.org/about/overview.html
Changes Since Previous Release
*New Features*
* DNS based enforcement as a new enforcement mode for routed networks
* Captive portal authentication now supports SAML authentication
* It is now possible to search for nodes that are online based on
RADIUS accounting
* Integration with Suricata MD5 extraction module to scan against
OPSWAT Metascan online scanner
*Enhancements*
*
Support for floating devices on HP ProCurve switches
* RADIUS CoA support added to Brocade switches
* The NULL authorization source can now be combined with other sources
* Added possibility to trigger Firewall Single Sign-On when an
endpoint changes status
* The username on a captive portal will no longer be stripped unless
required otherwise
* Improved UDP reflector documentation
* Improved vendor specific attributes in radius filters
*
Now able to specify on which LDAP attribute we should match for
SponsorEmail
* Now able to strip a username in LDAP source even if not present in
RADIUS request
*Bug Fixes (bug Id is denoted with #id)*
* Fixed incorrect provisioning that ignored broadcast state of
provisioned SSID
* Present a login page without login form when a blackhole source is
used on the portal profile (#1021)
* Fixed incorrect provisioning templates that required entering a
password twice (#1119)
* Fixed ambiguous SQL accounting stored procedure that could return
duplicate results
* Fixes incorrect IPv6 DHCP processing in pfdhcplistener
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-5.7.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-5.7.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the
sources:http://www.packetfence.org/development/sourcecode.html
Documentation about the installation and configuration of PacketFence is
also available:http://www.packetfence.org/documentation/
How Can I Help ?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
tos...@in... <mailto:su...@in...>
You can also fill our online form (http://www.inverse.ca/#contact) and a
representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
lma...@in... :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
|
|
From: Ludovic M. <lma...@in...> - 2016-01-13 23:26:45
|
The Inverse team is pleased to announce the immediate availability of
PacketFence 5.6.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from previous versions is strongly advised.
What is PacketFence ?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* powerful BYOD (Bring Your Own Device) capabilities
* state-of-the art devices fingerprinting with Fingerbank
* multiple enforcement methods including Role-Based Access Control
(RBAC) and hotspot-style
* compliance checks for endpoints present on your network
* integration with various vulnerability scanners, intrusion detection
solutions, security agents and firewalls
* bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:http://www.packetfence.org/about/overview.html
Changes Since Previous Release
*New Features*
* New RADIUS auditing report allows troubleshooting from the GUI
* The email authorization source now allows to set roles based on the
email used to register
* New switch groups now allows to assign settings to multiple switches
at once
* DHCP filters now allow arbitrary rules to perform actions based on
DHCP fingerprinting
*
Cisco switches login access can now be authenticated through PacketFence
* The filter engine configuration can now be edited through the admin GUI
*Enhancements*
* New dedicated search feature for violations in the nodes panel
* New pfcmd pfqueue command allows managing the queue from the command
line
* New option to specify the authentication source to use depending on
the RADIUS realm
*
Upgrade Config::IniFiles to allow faster loading of configuration files
* Performance improvements to the filtering engine by avoiding
unnecessary database lookups
* New columns bypass_vlan and bypass_role are allowed to be import for
nodes
* Service start/stop order can now be configured through the admin GUI
* Pagination can now be defined by the user in the admin GUI search
results
* The pfdns service now forks to process multiple requests in parallel
* Added configurable timeout for send/receive operations on the OMAPI
socket
* The authorization process will now test if the role changed before
reevaluating access
* New option to add date based VLAN filter condition (is before date,
is after date)
* pfconfig backend can now be cleared via pfcmd
* Improved RADIUS accounting handling for better performance
*Bug Fixes (bug Id is denoted with #id)*
* Remove old entries in ipset session
* Always reevaluate the access if the order come from the admin gui
(#1056)
* Portal profiles templates are now properly synced between members of
a cluster (#942)
* Process requests properly when running a pfdhcplistener on an
interface that has networks with and without dhcpd activated
* Violation trigger from web admin will now override grace period (#1028)
* Fix queue task counters out of sync when a task expires
* Reworked the configuration backends to prevent a race condition of
the configuration namespaces in active/active cluster (#1067)
* Define each internal network to NAT instead of a global rule when
passthroughs are enabled (#1118)
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-5.6.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-5.6.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the
sources:http://www.packetfence.org/development/sourcecode.html
Documentation about the installation and configuration of PacketFence is
also available:http://www.packetfence.org/documentation/
How Can I Help ?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
tos...@in... <mailto:su...@in...>
You can also fill our online form (http://www.inverse.ca/#contact) and a
representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
lma...@in... :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
|
|
From: Ludovic M. <lma...@in...> - 2015-12-18 20:00:46
|
Hello everybody,
The 2015 year has been a great one for PacketFence. We've seen the v5
release which brought Fingerbank and WMI integration, multimaster and
PKI support, a brand new dashboard and much more. PacketFence did set
the bar high for the competition.
We prepare to do this once again with the upcoming v6 release of
PacketFence. So far, here is what we plan to include in it:
1. *Performance Improvements* - a never-ending task! We want to keep
making PacketFence slimmer and faster. We've seen, in some of our
deployments in 2015, PacketFence handling more than 1,500
authentications per second - that's a lot but we can do more and we
will have to handle more as the number of endpoints per user will
keep increasing;
2. *Flexible Captive Portal* - highly personalized captive portal
should be created in a couple of mouse-clicks, and PacketFence will
allow you to do that. We will provide new templates and CSS files to
ease that process, while improving the appearance of the current
default portal and making it responsive for all endpoints;
3. *Administration Interface Improvements* - You might recall that in
PacketFence v4, we came up with a brand new Web admin interface for
PacketFence - based on the Catalyst and Bootstrap frameworks. We'll
proceed with a nice revamp of the Web interface by upgrading
Bootstrap, restructuring the JavaScript code, introducing
configuration wizards and simplifying the current administration
modules we have;
4. *Logging**and Auditing *- a critical feature in any important
software solution. With the addition of the RADIUS auditing log for
PacketFence v5.6, a fair amount of work has already been
accomplished but more is to come for v6 for complete traceability of
events occurring on a network and easing the process to get that
information quickly;
5. *Better Reports* - PacketFence already comes with some reports but
there is a need to expose a lot more information that PacketFence
has on the network, its endpoints and users through nice reports. We
plan to add many more for v6 - we have listened to you;
6. *Flexible API* - the current version of PacketFence already include
many APIs but we plan to add more to ease the integration process
with MDM, IDS and firewall solutions. It will also allow people to
integrate their homemade solutions with PacketFence without relying
on fragile database accesses.
Work has already started and it'll keep us pretty busy!
Finally, the Inverse team would like to wish you all Happy Holidays -
let the 2016 year be a great one for PacketFence once again!
Best regards,
--
Ludovic Marcotte
lma...@in... :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
|
|
From: Ludovic M. <lma...@in...> - 2015-11-23 18:48:02
|
The Inverse team is pleased to announce the immediate availability of
PacketFence 5.5.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from previous versions is strongly advised.
What is PacketFence ?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* powerful BYOD (Bring Your Own Device) capabilities
* state-of-the art devices fingerprinting with Fingerbank
* multiple enforcement methods including Role-Based Access Control
(RBAC) and hotspot-style
* compliance checks for endpoints present on your network
* integration with various vulnerability scanners, intrusion detection
solutions, security agents and firewalls
* bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:http://www.packetfence.org/about/overview.html
Changes Since Previous Release
*New Features*
* New device detection through TCP fingerprinting
* New DHCPv6 fingerprinting through Fingerbank
* New RADIUS filter engine to return custom attributes based on rules
* Security Onion integration
* Paypal payment is now supported in the captive portal
* Stripe payment and subscriptions are now supported in the captive portal
*Enhancements*
* New pfqueue service based on Redis to manage asynchronous tasks
* Memcached has been replaced by Redis for all caching
* pfdetect can now be configured through the administration interface
* Added ability to detect hostname changes using the information in
the DHCP packets
* Added the ability to create not equal conditions in LDAP sources
* DoS mitigation on the captive portal through mod_evasive
* Load balancing in an active/active process now uses a dedicated process
* Authentication and accounting are now in two different RADIUS processes
* Reworked violation triggers creation in the administration interface
so it’s more user friendly
* Added the ability to create combined violation triggers which allow
to trigger a violation based off multiple attributes of a node
* Suricata alerts can now trigger a violation based on the alert
category or description instead of only the ID of the alert
* Added ability to e-mail device owner as a violation action
*
The PacketFence syslog parser (pfdetect) has been reworked to allow
multiple logs to be parsed concurrently
* New ntlm_auth wrapper will log authentication latency to StatsD
automatically
* Handle Microsoft Windows based captive-portal detection mechanisms
* Manage pfdhcplistener status with keepalived and run pfdhcplistener
on all cluster’s members
* New portal profile filter (sub connection type)
* Added switch IP and description in the available columns in the node
list view
* Use SNMP to determine the ifIndex based on the NAS-Port-Id
* Improved metrics now track SQL queries, LDAP queries, and more
granular metrics in RADIUS AAA
* Added support for Nessus 6 scan engine
* Added documentation for the Cisco iOS XE switches
* Reworked existing billing providers to be PCI compliant
* Billing providers are now part of the authentication sources
* Billing tiers are now stored in the configuration instead of the
source code files
* Billing sources can now be used with other authentication sources on
the same portal profile
* DHCP packet processing is now fully done asynchronously to allow
more PPS in the pfdhcplistener
*Bug Fixes (bug Id is denoted with #id)*
* Fixed log rotation issue with the carbon daemons
* Fixed LLDP phone detection if only telephone capability is enabled
(#964)
* Fixed keepalived and iptables configuration for portal interfaces
* Fixed improper httpd status code being set
* Removed the node delete button
* Fixed detection if the device asks for a portal per URI
* Fixed 3Com switches ifIndex calculation in stack mode using SNMP
* Not-found users will now be cached when using the caching in an LDAP
source (#978)
* Updating a node puts an invalid entry in the voip field
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-5.5.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-5.5.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the
sources:http://www.packetfence.org/development/sourcecode.html
Documentation about the installation and configuration of PacketFence is
also available:http://www.packetfence.org/documentation/
How Can I Help ?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
tos...@in... <mailto:su...@in...>
You can also fill our online form (http://www.inverse.ca/#contact) and a
representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
lma...@in... :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
|
|
From: Ludovic M. <lma...@in...> - 2015-10-01 20:34:11
|
The Inverse team is pleased to announce the immediate availability of
PacketFence 5.4.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from previous versions is strongly advised.
What is PacketFence ?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* powerful BYOD (Bring Your Own Device) capabilities
* state-of-the art devices fingerprinting with Fingerbank
* multiple enforcement methods including Role-Based Access Control
(RBAC) and hotspot-style
* compliance checks for endpoints present on your network
* integration with various vulnerability scanners, intrusion detection
solutions, security agents and firewalls
* bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:http://www.packetfence.org/about/overview.html
Changes Since Previous Release
*New Features*
*
PacketFence now supports SCEP integration with Microsoft's Network
Enrollment Device Service during the device on-boarding process when
using EAP-TLS
* Improved integration with social media networks (email address
lookups from Github and Facebook sources, kickbox.io support, etc.)
*
External HTTP authentication sources support which allows an
HTTP-based external API to act as an authentication source to
PacketFence
* Introduced a 'packetfence_local' PKI provider to allow the use of
locally generated TLS certificates to be used in a PKI provider /
provisionner flow
* New filtering engine for the portal profiles allowing complex rules
to determine which portal will be displayed
* Added the ability to define custom LDAP attributes in the configuration
* Add the ability to create "administrative" or "authentication"
purposes rules in authentication sources
* Added support for Cisco SG300 switches
*Enhancements*
* RADIUS Diffie-Hellman key size has been increased to 2048 bits to
prevent attacks such as Logjam
* HAProxy TLS configuration has been restricted to modern ciphers
* Improved error message in the profile management page
* Allow precise error messages from the authentication source when
providing invalid credentials on the captive portal
*
Aruba WiFi controllers now support wired RADIUS MAC authentication
and 802.1X
* Added Kickbox.io authentication source which can allow a new Null
type source with email validation
* Now redirecting to HTTP for devices that do not support self-signed
certificates on the captive portal if needed
* httpd.portal now serves static content directly (without going
through Catalyst engine)
* Introduction of a new configuration parameter
(captive_portal.wispr_redirection) to allow enabling/disabling
captive-portal WISPr redirection capabilities
* File transfers through the webservices are now atomic to prevent
corruption
* New web API call to release all violations for a device
* Added better error message propagation during a cluster synchronization
* Added additional in-process caching for pfconfig proxied configuration
* The server hostname is now displayed in the admin info box
* Added a warning in the configurator when the user is configuring
multiple interfaces in the same network
* Added synchronization of the Fingerbank data in an active/active cluster
* Client IP and MAC address are now available though direct variables
in the captive portal templates
* The IPlog can now be updated through RADIUS accounting
* Devices in the registration VLAN may now be allowed to reach an
Active Directory Server
* Added an option to centralize deauthentication on the management
node of an active/active cluster
* Added the option to use only the management node as the DNS server
in active/active clustering
*
Improved Ruckus ZoneDirector documentation regarding external
captive portal
* pfconfig daemon can now listen on an alternative unix socket
* Improved handling of updating the /etc/sudoers file in packaging
*
Improved roles handling on AeroHive devices
*Bug Fixes (bug Id is denoted with #id)*
* Fix case where status page links would be pointing to the wrong
protocol (HTTP vs HTTPS)
* set_unreg_date and set_access_duration actions now have the same
priority when matching rule and actions (#816)
* Fixes the database query hanging in the captive portal
* The person attributes lookup will now be made on the stripped
username if needed (#888)
* Active/active load balancing will now be dispatched based on the
Calling-Station-Id attribute.
* Fix unaccessible portal preview when no internal network is defined
(#790)
* Fixed a case where the wrong portal profile can be instantiated on
the first connection
* Improved error message in the profile management page (#858)
*
Do not use the PacketFence multi-domain FreeRADIUS module unless
there are domains configured in PacketFence (#868)
* We now handle gracefully switches sending double Calling-Station-Id
attributes (#864)
* Prevent OMAPI from being configured on the DHCP server without a key
(#851)
* Switched to the memcached binary protocol to avoid memcached
injection exploit
* Fixed ipset error if the device switches from one inline network to
another
* Fixed wrong configuration parameters for redirect url (now a
per-profile parameter)
* Fix bug with validation of mandatory fields causing exceptions in signup
* Made DHCP point DNS only on cluster IP if passthroughs are enabled
in active/active clusters (#820)
* Defined the maximum message size that SNMP get can return (fixes
VOIP LLDP/CDP detection on switch stacks #738)
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-5.4.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-5.4.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the
sources:http://www.packetfence.org/development/sourcecode.html
Documentation about the installation and configuration of PacketFence is
also available:http://www.packetfence.org/documentation/
How Can I Help ?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
tos...@in... <mailto:su...@in...>
You can also fill our online form (http://www.inverse.ca/#contact) and a
representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
lma...@in... :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
|
|
From: Louis M. <lm...@in...> - 2015-07-24 17:27:49
|
ANN: PacketFence 5.3.1 The Inverse team is pleased to announce the immediate availability of PacketFence 5.3.1. This is a minor release containing important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. This is strictly a bug fix release. It corrects the following issues. Bug Fixes Fixed radiusd dying due to OOM caused by pf::statsd calling on pf::config Fixed incorrect whisper retention policy affecting metrics such as server load and memory use Fixed SMS and email registration case where using a different device to register may set an incorrect role Added delete session reason to status page logout Fixed incorrect HTML escaping in LDAP and AD authentication sources The radiusd bugfix is important enough on it’s own to warrant upgrading. If you are running 5.1, 5.2 or 5.3 you can get that same bug fix by running the pf-maint.pl script without upgrading. Versions older than 5.1 are not affected. Best regards, -- Louis Munro lm...@in... :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |
|
From: Louis M. <lm...@in...> - 2015-07-22 18:58:49
|
ANNOUNCING: PacketFence 5.3.0 The Inverse team is pleased to announce the immediate availability of PacketFence 5.3.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: • powerful BYOD (Bring Your Own Device) capabilities • state-of-the art devices fingerprinting with Fingerbank • multiple enforcement methods including Role-Based Access Control (RBAC) and hotspot-style • compliance checks for endpoints present on your network • integration with various vulnerability scanners, intrusion detection solutions, security agents and firewalls • bandwidth accounting for all devices A complete overview of the solution is available from the official website: http://www.packetfence.org/about/overview.html Changes Since Previous Release New Features • Support for Single Sign-On integration with the iboss platform • Support for web authentication for NATed clients • Support for MAC Authentication and 802.1x for Alcatel-Lucent switches • Support for the IBM StackSwitch G8052 switch Enhancements • New Powershell scripts to allow unregistering nodes for disabled accounts on Active Directory • Force a JSON response if the Accept header is set to 'application/json' • Fingerbank processing in pfdhcplistener is now asyncronous using the webservices • Integration of pfconfig commands in bin/pfcmd • Added web form registration to Ruckus Controllers • Improved database maintenance script to prevent prolonged locking of tables • Active/Active mode will now send gratuitous ARPs to update routers when changing master node Bug Fixes • Fixed multiple XSS vulnerabilities in the administration GUI • Fixed incorrect RADIUS realm detection when using windows computer authentication • Fixed an issue with pfdns returning the wrong IP when using active/active mode • Fixed an issue on Debian and Ubuntu where the GUI could not change some field values • Fixed incorrect graphite document root on Ubuntu • Fixed SMS bug where the list of carriers could be accidentally deleted See https://github.com/inverse-inc/packetfence/commits/packetfence-5.3.0 for the complete change log. See the UPGRADE file for notes about upgrading: https://github.com/inverse-inc/packetfence/tree/packetfence-5.3.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources: http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available: http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: • Documentation reviews, enhancements and translations • Feature requests or by sharing your ideas • Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) • Patches for bugs or enhancements • Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing to su...@in... You can also fill our online form (http://www.inverse.ca/#contact) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Louis Munro lm...@in... :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |
|
From: Louis M. <lm...@in...> - 2015-06-18 20:36:56
|
The Inverse team is pleased to announce the immediate availability of PacketFence 5.2.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: • powerful BYOD (Bring Your Own Device) capabilities • state-of-the art devices fingerprinting with Fingerbank • multiple enforcement methods including Role-Based Access Control (RBAC) and hotspot-style • compliance checks for endpoints present on your network • integration with various vulnerability scanners, intrusion detection solutions, security agents and firewalls • bandwidth accounting for all devices A complete overview of the solution is available from the official website: http://www.packetfence.org/about/overview.html Changes Since Previous Release New Features • Introducing support for the PacketFence PKI application to manage certificates and authenticate RADIUS using EAP-TLS. • Twitter OAuth is now supported as an authentication source. • New 'portal' interface type to spawn a captive-portal instance on selected interface. • Inline mode now provides an ipset per devices role allowing for better granularity in managing them. • Support for OpenWrt 14.07 with hostapd. Enhancements • Specific vhost for httpd.portal diagnostics. • Added option to disable logging of sensitive information when failing to execute a command through pf_run. • Support for Meraki APs using web authentication on the cloud controller. • Passwords are now obfuscated in the Switch configuration. • Introduced new 'ports.httpd_portal_modstatus' configuration parameter to limit modstatus to a single virtual host. Bug Fixes • Allow the usage of an external monitoring database when using an Active/Active cluster. • Validate that a provisioner is not used before deleting it through the administration interface. • Stopped logging database password on schema import failure. • Fixed incorrect error message when an external portal authenticated device hits the unknown state. See https://github.com/inverse-inc/packetfence/commits/packetfence-5.2.0 for the complete change log. See the UPGRADE file for notes about upgrading: https://github.com/inverse-inc/packetfence/tree/packetfence-5.2.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources: http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available: http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: • Documentation reviews, enhancements and translations • Feature requests or by sharing your ideas • Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) • Patches for bugs or enhancements • Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing to su...@in... You can also fill our online form (http://www.inverse.ca/#contact) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Louis Munro lm...@in... :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |
|
From: Louis M. <lm...@in...> - 2015-05-26 20:53:32
|
Announcement: PacketFence 5.1.0 The Inverse team is pleased to announce the immediate availability of PacketFence 5.1.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: • powerful BYOD (Bring Your Own Device) capabilities • state-of-the art devices fingerprinting with Fingerbank • multiple enforcement methods including Role-Based Access Control (RBAC) and hotspot-style • compliance checks for endpoints present on your network • integration with various vulnerability scanners, intrusion detection solutions, security agents and firewalls • bandwidth accounting for all devices A complete overview of the solution is available from the official website: http://www.packetfence.org/about/overview.html Changes Since Previous Release New Features • New activation_domain feature allowing to expose a different domain than PacketFence's name in email templates • Added Windows Management Instrumentation (WMI) as a scan engine • Multiple scan engine definitions based on the OS type and role • Scan definition based on portal profiles • New external command action in violation • New API methods for adding, viewing or modifying a person • New performance dashboard based on Graphite allows tracking of core performance metrics such as number and latency of RADIUS requests, number of httpd processes and authorization latency • Define range of network switches (CIDR) in switch configuration • Module for Cisco Aironet 1600 • Added ability to join an Active Directory domain directly from the administration interface • Added the ability to join multiple Active Directory domains for EAP-PEAP authentication Enhancements • Verify if the database schema matches the current version of PacketFence • Removed the unnecessary "Upstream" listing from the "Combination" menu item of Fingerbank section • Ability to search in Fingerbank "Local" "Devices" listing • Allow rules to match on both source and action • pfsetvlan and snmptrapd are now stopped by default as most users no longer require them • Improve the end process redirection on the captive portal • Refactor mandatory fields to be dynamic and update the person table with them • Moved raddb/sites-enabled/packetfence and raddb/sites-enabled/packetfence-tunnel in conf/radiusd • pfcmd can now validate that certificates used by Apache and FreeRADIUS are still valid • Added new SMS carrier for Switzerland • Ability to fix Fingerbank files permissions from pfcmd fixpermissions Bug Fixes • Fixes tables displaying bugs in Fingerbank menu items • Fixed search values not being preserved in some cases • Fixed switch access list field turning into an object reference • Fixed bad redirection to the portal at the end of the registration process • Better handling of Fingerbank errors See https://github.com/inverse-inc/packetfence/commits/packetfence-5.1.0 for the complete change log. See the UPGRADE file for notes about upgrading: https://github.com/inverse-inc/packetfence/tree/packetfence-5.1.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources: http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available: http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: • Documentation reviews, enhancements and translations • Feature requests or by sharing your ideas • Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) • Patches for bugs or enhancements • Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing to su...@in... You can also fill our online form (http://www.inverse.ca/#contact) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. -- Louis Munro lm...@in... :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |
|
From: Louis M. <lm...@in...> - 2015-05-04 16:05:11
|
Hello list members, We just released a minor update. PF 5.0.2 is out. This release is a bug fix only. No new features were introduced. Enhancements Added availables options (submit unknowns and update database) to the Fingerbank Settings page. PacketFence will now leave clients.conf.inc empty if cluster mode is disabled. Bug Fixes PacketFence will longer unregister a device in pending state if the device is hitting the portal more than once while in "pending" state. Fixed broken violation release process. Fixed multiple lines returning from pfconfig. Fixed undefined variables in portal template files. Fixed provisioners OS detection with Fingerbank. If you are already running 5.0.1 you may get the same code and fixes by running the /usr/local/pf/addons/pf-maint.pl script which will apply the same patches. This release is merely a convenience for people upgrading from earlier releases or installing from scratch. See https://github.com/inverse-inc/packetfence/blob/stable/NEWS.asciidoc for details Best regards from Inverse, -- Louis Munro lm...@in... :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |
|
From: Louis M. <lm...@in...> - 2015-04-22 20:40:44
|
Hello list members, We just released a minor update. PF 5.0.1 is out. This release is a bug fix only. No new features were introduced. Enhancements • A number of strings have seen their translations improved. • The Debian and Ubuntu documentation has been split and made clearer. • Detailed which features may not work in active/active cluster mode in the documentation. Bug Fixes • Added missing CHI File driver. • Delete left over Config::Fingerprint module in Debian and Ubuntu. • Fixed pfmon not starting when running a standalone PF server. • Fixed broken OS reporting. • Added missing dependency on perl-SOAP-Lite for packetfence-remote-snort-sensor. • Updating iplog without a lease time now reset end_time to default (0000-00-00 00:00:00) to avoid "closing" a valid entry • fixed pfcmd watch emailing functionality. • dhcpd will now properly obey the "disabled" configuration. If you are already running 5.0.0 you may get the same code and fixes by running the /usr/local/pf/addons/pf-maint.pl script which will apply the same patches. This release is merely a convenience for people upgrading from earlier releases or installing from scratch. See https://github.com/inverse-inc/packetfence/blob/stable/NEWS.asciidoc for details Best regards from Inverse, -- Louis Munro lm...@in... :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |
|
From: Ludovic M. <lma...@in...> - 2015-04-16 14:16:54
|
The Inverse team is pleased to announce the immediate availability of
PacketFence 5.0.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from previous versions is strongly advised.
What is PacketFence ?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* powerful BYOD (Bring Your Own Device) capabilities
* state-of-the art devices fingerprinting with Fingerbank
* multiple enforcement methods including Role-Based Access Control
(RBAC) and hotspot-style
* compliance checks for endpoints present on your network
* integration with various vulnerability scanners, intrusion detection
solutions, security agents and firewalls
* bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:http://www.packetfence.org/about/overview.html
Changes Since Previous Release
*New Features*
* New active/active clustering mode. This allows HTTP and RADIUS load
balancing and improves availability
* Fingerbank integration for accurate devices fingerprinting. It is
now easier than ever to share devices fingerprinting.
* Built-in support for StatsD. This allows fine grained performance
monitoring and can be used to create a dashboard using Graphite
* Local database passwords are now encrypted using bcrypt by default
on all new installations. The old plaintext mode is still supported
for legacy installations and to allow migration to the new mode
* Devices can now have a "bypass role" that allows the administrator
to manage them completely manually. This allows for exceptions to
the authorization rules
*
Support for ISC DHCP OMAPI queries. This allows PacketFence to
dynamically query a dhcpd instance to establish IP to MAC mappings
*Enhancements*
* Completely rewritten pfcmd command. pfcmd is now much easier to
extend and will allow us to integrate more features in the near future
* Rewritten IP/MAC mapping (iplog). Iplog should now never overflow
* New admin role action USERS_CREATE_MULTIPLE for finer grained
control of the admin GUI. An administrative account can now be
prevented from creating more than one other account
*
PacketFence will no longer start MySQL when starting
*
PacketFence will accept to start even if there are no internal networks
* Added a new listening port to pfdhcplistener to listen for
replicated traffic
* Added a user named "default" in replacement of the admin one
*
Adds support for HP ProCurve 2920 switches
* Iptables will now allow access to the captive portal from the
production network by default
* Major documentation rewrite and improvements
*Bug Fixes*
* Fixed violations applying portal redirection when using web
authentication on a Cisco WLC
* Registration and Isolation VLAN ids can now be any string allowed by
the RFCs
* Devices can no longer remain in "pending" state indefinitely
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-5.0.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-5.0.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the
sources:http://www.packetfence.org/development/sourcecode.html
Documentation about the installation and configuration of PacketFence is
also available:http://www.packetfence.org/documentation/
How Can I Help ?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
tos...@in... <mailto:su...@in...>
You can also fill our online form (http://www.inverse.ca/#contact) and a
representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
lma...@in... :: +1.514.755.3630 ::http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
|
|
From: Louis M. <lm...@in...> - 2015-03-06 21:10:36
|
The Inverse team is pleased to announce the immediate availability of PacketFence 4.7.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from 4.6.1 is strongly advised. What is PacketFence ? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: • Powerful BYOD (Bring Your Own Device) capabilities • Simple and efficient guests management • Multiple enforcement methods with Role-Based Access Control (RBAC) • Compliance checks for endpoints present on your network • Integration with various vulnerability scanners, intrusion detection solutions and firewalls • Bandwidth accounting for all devices A complete overview of the solution is available from the official website: http://www.packetfence.org/about/overview.html Changes Since Previous Release New Features • The admin GUI is now customizable. • New category filter on portal profile allows to select a portal based on existing role of a device. • New PacketFence-config service allows effortless scaling to thousands of switches and reduces memory use. Enhancements • Nodes are now searchable by status • Removed SSLv3 and legacy ciper suites support from default httpd configuration to prevent POODLE exploit and FREAK attack. • Added an option to display Bypass VLAN of a node in the Admin GUI. • Added nested groups support for Active Directory. • It is now possible to check if a device has already authenticated as member of an Active-Directory domain prior to user authentication. • Improved portal language detection. • Devices will now avoid autocorrect / uppercasing the login field in the captive portal. • Now supports roaming without SNMP on Aerohive APs. Bug Fixes • Fixed broken default behaviour when receiving an SNMP trap. • Fixed email confirmation template for sponsor. • Fixed email subject encoding. • Fixes allowing a non-sponsored user to verify a sponsored email address. • Fixed invalid floating device creation where the MAC address was not normalized. • Fixed the date range search in node advanced search. See https://github.com/inverse-inc/packetfence/commits/packetfence-4.7.0 for the complete change log. See the UPGRADE file for notes about upgrading: https://github.com/inverse-inc/packetfence/tree/packetfence-4.7.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources: http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available: http://www.packetfence.org/documentation/ How Can I Help ? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: • Documentation reviews, enhancements and translations • Feature requests or by sharing your ideas • Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) • Patches for bugs or enhancements • Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing to su...@in... You can also fill our online form (http://www.inverse.ca/about/contact.html) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. |
|
From: Ludovic M. <lma...@in...> - 2015-02-05 15:03:19
|
The Inverse team is pleased to announce the immediate availability of
PacketFence 4.6.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from 4.5.1 is strongly advised.
What is PacketFence ?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* Powerful BYOD (Bring Your Own Device) capabilities
* Simple and efficient guests management
* Multiple enforcement methods with Role-Based Access Control (RBAC)
* Compliance checks for endpoints present on your network
* Integration with various vulnerability scanners, intrusion detection
solutions and firewalls
* Bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:http://www.packetfence.org/about/overview.html
Changes Since Previous Release
*New Features*
* Added support for MAC authentication on the AeroHIVE Branch Router 100
* Added support for MAC authentication floating devices on Juniper EX
series, and on the Cisco Catalyst series
* Added a hybrid 802.1x + web authentication mode for Cisco Catalyst 2960
* Added a web notification when network access is granted
* Added the ability to tag functions that are allowed to be exposed
through the web API
*
Added WiFi autoconfiguration for Windows through
packetfence-windows-agent
*
Added a "Chained" authentication source where a user must first
login in order to register by SMS, Email or SponsorEmail
* Added call to the web API from the VLAN filters
* Added a way to retrieve user information after the first registration
* Added the ability to filter profiles by connection type
* Profiles can be matched by all or any of its filters
* Can optionally cache the results of LDAP rule matching for a user
* New portal profile parameter to set a retry limit for SMS-based
activation
* The information available from an OAuth source (first name, last
name, ...) are now added to the person when registering
* Allow limiting the user login attempts
* Added Check Point firewall integration for Single Sign-On
*Enhancements*
* Added httpd.aaa service as a new API service for the exclusive use
of RADIUS
* More precisely define which DHCP message types we are listening for
* Removed dead code referring to 'external' interface type which was
no longer supported
* Added VLAN filter in getNodeInfoForAutoReg and update/create person
even if the device has been autoreg
* Refactored the VLAN filter code to reduce code duplication
* Added IMG path configuration parameter in admin
* Added the ability to restrict the roles, access levels and access
durations for admin users based on their role/access level
* Reduced deadlocks caused by the cleaning of the iplog table
* Reduced deadlocks caused by the cleaning of the locationlog table
* Reorganized the portal profile configuration page
* Added checkup on Apache filters and VLAN filters
* Created a single LDAP connection when matching against multiple rules
* Reduced the numbers of entries in iplog table (update end_time
instead of closing and inserting a new line)
* Now matching on language and not only language/country combination
for violation templates (See UPGRADE guide)
*
PacketFence FreeRADIUS will return reject on "NAS-Prompt-User"
Service-Type requests (Console login using RADIUS as backend)
*
PacketFence now allows limiting the number of times a user can
request an sms message
*Bug Fixes*
* Fixed old MAC addresses being left on port-security enabled ports in
a RADIUS + port-security environment
* Fixed firewall rule that allows httpd.portal to be reached on
management IP when pre-registration enabled
* Fixed creating a new file from the Portal Profile GUI in a subdirectory
* Improved log rotation handling
* Fixed previewing templates in the admin GUI
* Fixed bulk applying of roles and violations in the admin GUI
* Fixed importing of nodes when no pid is given
* Added a cleanup of trailing and leading spaces of the posted
username during the login
* Fixed wrong regex to detect ifindex in Cisco switches
* Honor order of profiles when matching profile filters
* Fixed URI based portal profiles
* Fixed XSS vulnerabilities in the portal
* Refresh node page after updating a node
* Fixed multiple pfdhcplistener spawning
* Fixed double display of the user page
* Fixed displaying of rules description after updating source
* Removed executable bit on some files which do not require it
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-4.6.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-4.6.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the
sources:http://www.packetfence.org/development/sourcecode.html
Documentation about the installation and configuration of PacketFence is
also available:http://www.packetfence.org/documentation/
How Can I Help ?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
tos...@in... <mailto:su...@in...>
You can also fill our online form
(http://www.inverse.ca/about/contact.html) and a representative from
Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
lma...@in... :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
|
|
From: Jason F. <xen...@go...> - 2014-12-19 15:24:31
|
Ludovic Marcotte wrote: > Hello, > > Since we are approaching the end of the year, we thought we should send > you a small update of the projects we have been working on at Inverse > for PacketFence. Um.. * W O W *... I am extremely excited for a number of these items. Is there an official roadmap of when features are expected? Or perhaps a priority list for features? The multimaster and dashboard enhancements are the immediate features I'll be cheering on, but the rest of this looks amazing as well. > As you can see with all these projects, the team has worked pretty hard! > > At the beginning of 2015, we will start integrating these solutions and > release the PacketFence v5 series gradually with these features. In the > meantime, all our developments are available on GitHub. Looks like 2015 is going to be a HUGE year for Inverse. Keep up the great work! > Thanks! > > -- > Ludovic Marcotte -- --------------------------- Jason 'XenoPhage' Frisvold xen...@go... --------------------------- "Any sufficiently advanced magic is indistinguishable from technology.\" - Niven's Inverse of Clarke's Third Law |
|
From: Ludovic M. <lma...@in...> - 2014-12-17 17:30:45
|
Hello,
Since we are approaching the end of the year, we thought we should send
you a small update of the projects we have been working on at Inverse
for PacketFence.
1.
*Multimaster Configuration*- while it is possible to separate and
distribute components used in PacketFence on multiple servers,
having multimaster support really simplify deployments on
large-scale infrastructures. By integrating proven technologies such
as HAProxy, MariaDB Galera Cluster, keepalived and others, we added
horizontal deployment capabilities to PacketFence. You have more
users to handle, you add an other server and it will automatically
integrate the cluster and obtain its configuration!
2.
*Fingerbank Integration*- a few months ago, we announced a major
overhaul of the Fingerbank project. We have been working on
integrating the new version in PacketFence itself. This will greatly
ease the update and sharing process of fingerprints and also
simplify their usage in PacketFence. The current Fingerbank database
has 25 000 combinations and it's growing by thousands every week!
3.
*Dashboard*- this project is a complete overhaul of the PacketFence
dashboard which would allow easy integrating of performance
indicators. The current dashboard lack such information and has
issues coping with a large datasets. By integrating in PacketFence
proven technologies such as Graphite, collectd and StatsD we can now
generate stunning graphs while handling tons of data! Folks can also
use their frontend if they prefer - as shown below with Tessera!
4.
*PKI*- sometimes, organizations want to generate a per-device TLS
certificate during the registration/on-boarding. To meet this
requirement, we have created a small PKI solution that integrates
with PacketFence's registration process. This project gives
efficient yet elegant certificates management capabilities to
PacketFence!
5.
*Provisioning Agents*- While our current provisioning agents do the
job for EAP-PEAP, they currently lack EAP-TLS support and the
configuration is not automated within PacketFence. We have greatly
improved them by adding EAP-TLS support, integration with our PKI
and improved the configuration and management options from the Web
administrative interface of PacketFence.
6.
*Software Defined Networking (SDN)*- SDN and OpenFlow are
interesting technologies and vendors are now pushing them on edge
switches and WiFi controllers. We have developed an OpenDayLight
plugin for PacketFence in order to support SDN-aware equipment. This
allows PacketFence to push OpenFlow flows for network enforcement
and thus, not rely on RADIUS or anything else. SDN will most likely
play an important role in future network and PacketFence will be
ready once again.
7.
*WMI Integration*- PacketFence already integrates well with
vulnerability scanners and MDM/security agents. We have extended our
compliance check capabilities by adding Windows Management
Instrumentation (WMI) support in PacketFence. This means that
PacketFence is now able to execute a set of WMI scripts on endpoints
and based on the results, proceed with an action such as
auto-registering the device, quarantining it and more.
8.
*Checkpoint Integration*- We currently support firewall-SSO with
Barracuda, Fortigate and PaloAlto firewalls. This project extends
our current support to include Checkpoint-based firewalls for SSO.
As you can see with all these projects, the team has worked pretty hard!
At the beginning of 2015, we will start integrating these solutions and
release the PacketFence v5 series gradually with these features. In the
meantime, all our developments are available on GitHub.
Thanks!
--
Ludovic Marcotte
lma...@in... :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
|
|
From: Ludovic M. <lma...@in...> - 2014-11-10 18:19:38
|
The Inverse team is pleased to announce the immediate availability of
PacketFence 4.5.1. This is a minor release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from 4.5.0 is advised.
What is PacketFence ?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* Powerful BYOD (Bring Your Own Device) workflows
* Simple and efficient guests management
* Multiple enforcement methods with Role-Based Access Control (RBAC)
* Compliance checks for endpoints present on your network
* Integration with various vulnerability scanners, intrusion detection
solutions and firewalls
* Bandwidth accounting for all devices
A complete overview of the solution is available from the official
website: http://www.packetfence.org/about/overview.html
Changes Since Previous Release
*New Features*
* Added compliance enforcement to OPSWAT GEARS provisioner
*Enhancements*
* Make Cisco web authentication sessions use less memory
* Internationalized the provisioners templates
*Bug Fixes*
* Fix node pagination when sorting
* Fix provisioners that were not enforced on external authentication
sources
* Fix IBM and Symantec provisioners configuration form
See https://github.com/inverse-inc/packetfence/commits/packetfence-4.5.1 for
the complete change log.
See the UPGRADE file for notes about
upgrading: https://github.com/inverse-inc/packetfence/tree/packetfence-4.5.1/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the
sources: http://www.packetfence.org/development/sourcecode.html
Documentation about the installation and configuration of PacketFence is
also available: http://www.packetfence.org/documentation/
How Can I Help ?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
to su...@in... <mailto:su...@in...>
You can also fill our online form
(http://www.inverse.ca/about/contact.html) and a representative from
Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
lma...@in... :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
|
|
From: Ludovic M. <lma...@in...> - 2014-10-27 17:50:53
|
*Malmö, Sweden and Montreal, Canada - October 27, 2014 - Anyfi Networks and Inverse today announced that they have successfully interoperability tested Anyfi's Software-Defined Wireless Networking (SWDN) Gateway with PacketFence.* ------------------------------------------------------------------------ PacketFence is a fully supported, free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful guest management options, 802.1X support and layer-2 isolation of problematic devices, it can be used to effectively secure small networks to very large heterogeneous networks. The Gateway is part of Anyfi's suite of SDN-based carrier Wi-Fi products enabling service providers and enterprises to build and manage large scale Wi-Fi networks with unprecedented security, flexibility and economies of scale. The Gateway, running as a virtual machine or on bare metal x86 hardware in a corporate data center or service provider core, terminates Wi-Fi over IP tunnels coming in from ultra thin access points. Access points can be from multiple vendors, installed anywhere there is Internet access, or even carried around as a 3G hotspot. While the Anyfi Gateway represents an entirely new class of product to interoperate with PacketFence, it connects on the same interfaces as a classic WLAN controller: RADIUS for AAA and Ethernet for payload data. "/It was a pleasure working with Anyfi on this integration, and from our perspective it was very similar to what we've previously done with WLAN controllers from Aruba, Meru, Extricom and Ruckus, commented Ludovic Marcotte, CEO of Inverse./" The combined solution is compatible with any access point integrating Anyfi.net software. This software is already available on request from many leading residential gateway vendors and Anyfi is working with partners to make it a standard component in Wi-Fi routers and APs. For the impatient there's CarrierWrt, a third party firmware for many popular Wi-Fi routers that comes with Anyfi.net software pre-integrated. About Anyfi Networks Anyfi Networks is the company behind the Software Defined Wireless Networking (SDWN) architecture and the Wi-Fi mobility platform Anyfi.net. Founded in 2009, it is leading the way in carrier-grade Wi-Fi services with a seamless and secure user experience. For more information please visit www.anyfinetworks.com <http://www.anyfinetworks.com/> or contact sa...@an... <javascript:linkTo_UnCryptMailto('ocknvq,ucnguBcpahkpgvyqtmu0eqo');>. About Inverse/PacketFence PacketFence is a fully supported, free and open source network access control (NAC) system. It can be used to effectively secure wired and wireless networks – from small to very large heterogeneous networks. The leader behind the PacketFence solution, Inverse provides integration and support services for PacketFence and has deployed the solution in numerous production environments where thousands of users are involved. Since 2003, Inverse has been the leader in Quebec for Open Source software development and deployments. For more information, please visit http://inverse.ca <http://inverse.ca/> and http://www.packetfence.org <http://www.packetfence.org/>. -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |
|
From: Ludovic M. <lma...@in...> - 2014-10-22 19:12:51
|
The Inverse team is pleased to announce the immediate availability of
PacketFence 4.5.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from 4.4.0 is strongly advised.
What is PacketFence ?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* Powerful BYOD (Bring Your Own Device) workflows
* Simple and efficient guests management
* Multiple enforcement methods with Role-Based Access Control (RBAC)
* Compliance checks for endpoints present on your network
* Integration with various vulnerability scanners, intrusion detection
solutions and firewalls
* Bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:http://www.packetfence.org/about/overview.html
Changes Since Previous Release
*New Features*
*
Added provisioning support for Symantec SEPM, MobileIron and OPSWAT
(see our press release
<http://www.packetfence.org/news/2014/article/packetfence-integrates-with-opswat-gears-for-advanced-compliance-enforcement.html>
and upcoming webinar
<http://www.packetfence.org/news/2014/article/webinar-packetfence-and-opswat-gears.html>
about it)
* Added Barracuda firewall support for single sign-on
* pfmon can now run tasks on different intervals
* Added a way to reevaluate the access of a node from the admin interface
* Added a "Blackhole" authentication source
* Added a new violation to enforce provisioning of agents
* Violation can now be delayed
* Added portal profile filter based on switch-port couple
*Enhancements*
* Cache the ipset rule update to avoid unnecessary calls to ipset
* Dynamically load violations and nodes for a user for display in
admin gui
* Dynamically load violations for a node for display in admin gui
* Ensure only one pfmon is running at a time
*Bug Fixes*
* Fix issue with userMiscellaneous and userCustomFields not showing if
user does not have NODES_READ privilege
* Fix MAC detection from IP on the Catalyst portal when using web
authentication on the WLC controller.
* Fix timestamp resolution not catching sub second changes in file in
cache layer
* Fixed handling of expiration time on the captive portal’s status page
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-4.5.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-4.5.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the
sources:http://www.packetfence.org/development/sourcecode.html
Documentation about the installation and configuration of PacketFence is
also available:http://www.packetfence.org/documentation/
How Can I Help ?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
tos...@in... <mailto:su...@in...>
You can also fill our online form
(http://www.inverse.ca/about/contact.html) and a representative from
Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
lma...@in... :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
|
|
From: Ludovic M. <lma...@in...> - 2014-10-08 20:47:29
|
Hello, Over the past few months at Inverse, we completely reworked the Fingerbank (http://www.fingerbank.org) project. The idea to transform the Fingerbank project into a thorough device fingerprinting solution started from the development of PacketFence <http://www.packetfence.org>, our Network Access Control solution. PacketFence uses and collects more than only DHCP fingerprints to uniquely identify devices connected to a network. We build our database from DHCP fingerprints, but also MAC address patterns and browser User-Agents. We are already in the process of adding other fingerprinting technologies such as SSL options ordering , TCP-level checks, UAProf and more. While reworking the project, we also created a Web front-end application to our Fingerbank project. It is available from here: https://fingerbank.inverse.ca/ To automate the process of querying Fingerbank, we also provide a public Web API that developers can use for free. The API documentation is available here: https://fingerbank.inverse.ca/api_doc You can also download the whole database as a SQLite file from here: https://fingerbank.inverse.ca/download. We currently have over 4200 device fingerprints and we have a lot more to import in the next few days. The solution we put in place will allow us to grow our database much more efficiently. It will also allow easier contributions from the community. Finally, our Web API allows any application out there to query our database in order to properly identify devices. We encourage you to use our Fingerbank project and contribute to it. PacketFence will also soon be tightly integrated with the new Fingerbank project. If you have any question, please contact us at in...@in... <mailto:in...@in...>. Thanks! -- Ludovic Marcotte lma...@in... :: +1.514.755.3630 ::http://inverse.ca Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |
|
From: Francis L. <fla...@in...> - 2014-09-11 13:16:25
|
The Inverse team is pleased to announce the immediate availability of PacketFence 4.4.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from 4.3.0 is strongly advised. What is PacketFence? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: Powerful BYOD (Bring Your Own Device) workflows Simple and efficient guests management Multiple enforcement methods with Role-Based Access Control (RBAC) Compliance checks for computers present on your network Integration with various vulnerability scanners and intrusion detection solutions Bandwidth accounting for all devices A complete overview of the solution is available from the official website: http://www.packetfence.org/about/overview.html Changes Since Previous Release New Features Added the possibility to search by computer name on the nodes page Added support for the Anyfi WiFi controller Show portal profiles directly on the admin gui Added local account authentication for EAP Added support for unreg date with dynamic year Added support for NetGear FSM7328S switches Added new network profile filter Added external captive portal support for AeroHIVE Added external captive portal support for Xirrus Added support for Dynamic Access lists on the Cisco Catalyst 2960 Added the ability to search switches Added support for Dlink DES3028 switches Added reuse 802.1x credential on the portal profile Added support for Mikrotik access point Added ability to create local accounts when registering with external authentication sources Enhancements Added support to configure either NATting or routed mode for inline layer 2 interfaces from the GUI Added informational messages in the GUI for inline interfaces Improvement of Inline Layer 3 (Inline L3 can only be defined behind Inline Layer 2 network) pfbandwidthd is now able to capture on all inline interfaces Added an option to set the timeout value for LDAP connections in authentication sources FreeRADIUS default configuration should now be more scalable and resilient to misbehaving devices Added the possibility to create rules using the username in OAuth authentication sources Added the RADIUS request to the vlan filter Moved from using Storable to Sereal to serialize cached data Refactored portal profile filters to make it easier to extend Improved support for Dlink DES 3526 switches Rewrited log format [] for device mac () for switch "" for userID Improve error handling of web api Raised ServerLimit on Apache httpd.portal, lowered httpd.portal Timeout and KeepAliveTimeout to improve responsiveness under load Do not overlay the controllerIp if one is already defined when creating a switch Verify the user roles level before creating a user via the admin gui Added test iplogs not closed in pftest Remove direct usage of Apache2 modules in captive portal Bug Fixes Fix issue when adding multiple portal profile filters causing the wrong type to be picked Fix issue when a trap is received for a switch that does not implement parseTrap() Fix issue when a role is changed in the administration interface and the node's access is not reevaluated Fix issue when a passthrough is not able to be resolved and would generate an invalid DNS response Fix missing files in logrotate file Fix issue when setting a port in trunk on a Cisco Catalyst 3560, 3750 and 3750G would fail Fix admin roles for bulk actions for nodes/users Fix issue where person was not updated in the database because of a case (non) match Fix send user password by email from the GUI Fix backward compatibility issue for gaming-registration that should redirect to device-registration Fix device-registration and status pages that were not accessible in inline mode when doing high-availability Fix filetype of wireless-profile.mobileconfig not being set properly Fix issue of iplog entries not being closed See https://github.com/inverse-inc/packetfence/commits/packetfence-4.4.0 for the complete change log. See the UPGRADE file for notes about upgrading: https://github.com/inverse-inc/packetfence/tree/packetfence-4.4.0/UPGRADE.asciidoc Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources: http://www.packetfence.org/development/sourcecode.html Documentation about the installation and configuration of PacketFence is also available: http://www.packetfence.org/documentation/ How Can I Help? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: Documentation reviews, enhancements and translations Feature requests or by sharing your ideas Participate in the discussion on mailing lists (http://www.packetfence.org/support/community.html) Patches for bugs or enhancements Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing to su...@in... You can also fill our online form (http://www.inverse.ca/about/contact.html) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. |
|
From: Stormont, S. (IMS) <Sto...@im...> - 2014-07-30 18:13:56
|
Sorry for the amount of detail, but we are trying to setup PacketFence and wanted to include as much info as possible to help diagnose our issue.
We have PacketFence installed on a server (172.22.0.3). We have three interfaces defined in PacketFence: Management (172.22.0.3/23), Isolation (12.22.2.3/23), and Registration (172.22.38.3/23). Those interfaces are plugged into our core Extreme Networks Summit switch into matching VLANs: "Internal_Appliances" (172.22.0.1/23), "MAC_Isolation" (172.22.2.1/23), and "MAC_Registration" (172.22.38.1/23).
That switch is then uplinked to our desktop switch, where we have created a "MAC_Isolation" (172.22.2.2/23), "MAC_Registration" (172.22.38.2/23), MAC_Temp (no IP), and "Desktops" (172.22.34.2/23). We want the ports to eventually end up in the "Desktops" VLAN after authorization.
The steps below were performed on the Extreme switch to which the desktops are connected, using Port 5:13 as our test.
create vlan MAC_Registration
config vlan "MAC_Registration" tag 369
create vlan MAC_Temp
enable snmp access
configure snmp add trapreceiver 172.22.0.3 community public vr VR-DEFAULT
configure vlan MAC_Registration add ports 5:13 untagged
configure ports 5:13 vlan MAC_Registration lock-learning
disable snmp traps port-up-down ports 5:13
configure radius netlogin primary server 172.22.0.3 1812 client-ip 172.22.32.2 vr VR-Default
configure radius netlogin primary shared-secret (password)
enable radius netlogin
configure netlogin vlan MAC_Temp
enable netlogin mac
configure netlogin dynamic-vlan enable
configure netlogin dynamic-vlan uplink-ports 4:45
configure netlogin mac authentication database-order radius
enable netlogin ports 5:13 mac
configure netlogin ports 5:13 mode port-based-vlans
configure netlogin ports 5:13 no-restart
Now, every 5 minutes, these messages show up in the switch log and the test desktop in question doesn't show up in the nodes in PacketFence.
07/30/2014 13:47:39.42 <Info:nl.ClientAuthFailure> Slot-1: Authentication failed for Network Login MAC user 3C970EADB66B Mac 3C:97:0E:AD:B6:6B port 5:13
07/30/2014 13:47:39.42 <Warn:AAA.RADIUS.noServResp> Slot-1: No response from server 172.22.0.3 trying local.
07/30/2014 13:47:39.42 <Warn:AAA.RADIUS.noServerResp> Slot-1: No servers responding
07/30/2014 13:47:36.42 <Warn:AAA.RADIUS.resendPkt> Slot-1: Resend request to Authentication Server address 172.22.0.3 current request count is 2
07/30/2014 13:47:33.41 <Warn:AAA.RADIUS.resendPkt> Slot-1: Resend request to Authentication Server address 172.22.0.3 current request count is 1
The results of "show netlogin" and "show radius" on the switch returns the following:
Slot-1 Stack.4 # show netlogin
NetLogin Authentication Mode : web-based DISABLED; 802.1x DISABLED; mac-based ENABLED
NetLogin VLAN : "MAC_Temp"
NetLogin move-fail-action : Deny
NetLogin Client Aging Time : 5 minutes
Dynamic VLAN Creation : Enabled
Dynamic VLAN Uplink Ports : 4:45
------------------------------------------------
Web-based Mode Global Configuration
------------------------------------------------
Base-URL : network-access.com
Default-Redirect-Page : ENABLED; http://www.extremenetworks.com
Logout-privilege : YES
Netlogin Session-Refresh : ENABLED; 3 minute(s) 0 second(s)
Refresh failures allowed : 0
Reauthenticate on refresh: Disabled
Authentication Database : Radius, Local-User database
Proxy Ports : 80(http),443(https)
------------------------------------------------
------------------------------------------------
802.1x Mode Global Configuration
------------------------------------------------
Quiet Period : 60
Supplicant Response Timeout : 30
Re-authentication period : 3600
Max Re-authentications : 3
RADIUS server timeout : 30
EAPOL MPDU version to transmit : v1
Authentication Database : Radius
------------------------------------------------
------------------------------------------------
MAC Mode Global Configuration
------------------------------------------------
MAC Address/Mask Password (encrypted) Port(s)
-------------------- ------------------------------ ------------------------
Default <not configured> any
Re-authentication period : 0 (Re-authentication disabled)
Authentication Database : Radius
------------------------------------------------
Port: 5:13, Vlan: MAC_Registration, State: Enabled, Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
MAC IP address Authenticated Type ReAuth-Timer User
3c:97:0e:ad:b6:6b 0.0.0.0 No MAC 0
-----------------------------------------------
(B) - Client entry Blackholed in FDB
Number of Clients Authenticated : 0
Slot-1 Stack.5 # show radius
Switch Management Radius: disabled
Switch Management Radius server connect time out: 3 seconds
Switch Management Radius Accounting: disabled
Switch Management Radius Accounting server connect time out: 3 seconds
Netlogin Radius: enabled
Netlogin Radius server connect time out: 3 seconds
Netlogin Radius Accounting: disabled
Netlogin Radius Accounting server connect time out: 3 seconds
Primary Netlogin Radius server:
Server name :
IP address : 172.22.0.3
Server IP Port: 1812
Client address: 172.22.38.2 (VR-Default)
Shared secret : 2\q;sJ;@F=8Bjn
Access Requests : 13752 Access Accepts : 0
Access Rejects : 0 Access Challenges : 0
Access Retransmits: 9168 Client timeouts : 4584
Bad authenticators: 0 Unknown types : 0
Round Trip Time : 0
________________________________
Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.
|
|
From: Ludovic M. <lma...@in...> - 2014-06-26 19:21:42
|
The Inverse team is pleased to announce the immediate availability of
PacketFence 4.3.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from 4.2 is strongly advised.
What is PacketFence ?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* Powerful BYOD (Bring Your Own Device) workflows
* Simple and efficient guests management
* Multiple enforcement methods with Role-Based Access Control (RBAC)
* Compliance checks for computers present on your network
* Integration with various vulnerability scanners and intrusion
detection solutions
* Bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:http://www.packetfence.org/about/overview.html
Changes Since Previous Release
*New Features*
* Added MAC authentication support for Edge-corE 4510
* Added support for Ruckus External Captive Portal
* Support for Huawei S2700, S3700, S5700, S6700, S7700, S9700 switches
*
Added support for LinkedIn and Windows Live as authentication sources
* Support for 802.1X on Juniper EX2200 and EX4200 switches
* Added support for the Netgear M series switches
* Added support to define SNAT interface to use for passthrough
* Added Nessus scan policy based on a DHCP fingerprint
* Added support to unregister a node if the username is locked or
deleted in Active Directory
*
Fortinet FortiGate and PaloAlto firewalls integration
* New configuration parameters in switches.conf to use mapping by VLAN
and/or mapping by role
*Enhancements*
* When validating an email confirmation code, use the same portal
profile initially used by to register the device
* Removed old iptables code (ipset is now always used for inline
enforcement)
* MariaDB support
* Updated WebAPI method
*
Use Webservices parameters from PacketFence configuration
* Use WebAPI notify from pfdhcplistener (faster)
* Improved Apache SSL configuration forbids SSLv2 use and prioritzes
better ciphers
* Removed CGI-based captive portal files
* For device registration use the source used to authenticate for
calculating the role and unregdate (bugid:1805)
* For device registration, we set the "NOTES" field of the node with
the selected type of device (if defined)
* On status page check the portal associated to the user and
authenticate on the sources included in the portal profile
* Merge pf::email_activation and pf::sms_activation to pf::activation
* Removed unused table switchlocation
* Deauthentication and firewall enforcement can now be done throught
the web API
* Added support to configure high-availability from within the
configurator/webadmin
* Changed the way we're handling DNS blackholing when unregistered in
inline enforcement mode (using DNAT rather than REDIRECT)
* Now handling rogue DHCP servers based both on the server IP and
server MAC address
*Bug Fixes*
* Fixed pfdetectd not starting because of stale pid file
* Fixed SQL join with iplog in advanced search of nodes
* Fixed unreg date calculation in Catalyst captive portal
* Fixed allowed_device_types array in device registration page
(bugid:1809)
* Fixed VLAN format to comply with RFC 2868
* Fixed possible double submission of the form on the billing page
* Fixed db upgrade script to avoid duplicate changes to locationlog table
See the ChangeLog file for the complete list of
changes:https://github.com/inverse-inc/packetfence/tree/packetfence-4.3.0/ChangeLog
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-4.3.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the
sources:http://www.packetfence.org/development/sourcecode.html
Documentation about the installation and configuration of PacketFence is
also available:http://www.packetfence.org/documentation/
How Can I Help ?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
tos...@in... <mailto:su...@in...>
You can also fill our online form
(http://www.inverse.ca/about/contact.html) and a representative from
Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
lma...@in... :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
|
|
From: hasan a. <has...@gm...> - 2014-06-07 20:57:44
|
Hi; /etc/init.d/NetworkManager stop /sbin/chkconfig NetworkManager off also in /etc/sysconfig/network-scripts/ifcfg-ethX ( where X is the Network Interface ) adjust NM_CONTROLLED to “no”. 2014-06-04 21:28 GMT+03:00 John Wagner <jw...@hu...>: > New to Linux, running Centos 6, and new to PacketFence. The admin guide > for v4.2.0 says to disable resolvconf. Googling has not produced an > answer. Please tell me how to disable resolvconf. > > > > Thank You, > > John Wagner > > Network Administrator > > Huntington University > > > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/NeoTech > _______________________________________________ > PacketFence-announce mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-announce > > |