PacketFence 3.0 released
September 21, 2011

A major release bringing new hardware support, several shiny new features, enhancements, a ton of bug fixes and updated translations.

This release is considered ready for production use.

Release highlights In a nutshell, we have a redesigned captive portal, complete guest management including self-registration of devices by email activation or SMS and pre-registered guest creation by administrators. Also added a new feature to allow PacketFence to secure network access on unmanageable (consumer) devices (so-called inline enforcement). Bandwidth tracking with RADIUS accounting, RedHat Enterprise Linux (RHEL) / CentOS 6 support and several usability improvements are in there as well. Finally we took the big three-point-ohh opportunity to fix several things that annoyed us but that were breaking changes.

Important upgrade notice

  • BACKUP YOUR /usr/local/pf/ BEFORE UPGRADING. Several path changed with this release and an rpm upgrade will REMOVE your templates and remediation pages. See UPGRADE for more information.
  • We removed the central concept of mode (arp, dhcp or vlan). Now PacketFence can operate in multiple modes simultaneously. This new concept is called enforcement and is specified per interface in pf.conf.
  • Removed support for Apache prior to version 2.2.0 (#828)
  • Removed support for jpgraph 1.x, 2.x which bumps our depedencies to PHP 5.1

New Hardware Support

  • Avaya/Nortel switches now support the floating network device feature
  • Avaya Wireless Controller support
  • Dlink DWL Access-Point support
  • LG-Ericsson iPecs 4500 support for port-security and MAC Authentication / 802.1X
  • Netgear FGS Series support for port-security

New Features

  • Major update to the captive portal look and feel! More modern and professional. Cleaner XHTML/CSS makes customization a lot easier than before. Also, all user-visible URLs are now clean and short (no more cgi-bin/… clutter). (#980, #982, #1114)
  • Flexible guest handling (covering temporary passwords, self-registration, pre-registration, extension API, etc.)
  • Introduced in-line support: firewall based access control with captive portal. Use this complementary technique when you cannot use VLAN enforcement. (#1227)
  • Ability to view log files from the Web Administration interface (#1080)
  • PacketFence now takes care of the local firewall configuration on the server
  • Captive portal authentication modules are versioned, validated on startup and have customizable names
  • New default_auth parameter will be the default authentication module selected if you have multiple authentication back-end enabled in auth
  • Simplification of the captive portal translation (#822, #1114)
  • RADIUS Accounting for tracking node bandwidth usage
  • RedHat Enterprise Linux 6 / CentOS 6 support (#1244)
  • Snort 2.9.x support

Enhancements

  • Captive portal usability improvements for both users and administrators
  • pfcmd and web administration performance improvements by avoiding duplicate loading of some configuration files
  • Configuration simplification (#1051, #1182)
  • FreeRADIUS package now does the certificate boostrapping process (#1226)
  • Named isolation and registration zones now automatically generated on startup based on networks.conf’s DNS entry (#1105)
  • Simplified Apache configuration
  • Improved installer.pl and configurator.pl
  • Included the jpgraph PHP library. Simplifies installation from source.
  • More start-up validation in pfcmd checkup (#1031, #1191, #1252)
  • Improved error-handling, reduced number of Perl warnings, added tests (#1266)
  • Improved Filesystem Hierarchy Standard (FHS) compliance (#762)
  • Improves PHP 5.3.x support, relates to distro portability too (#1211, #1244, #1251: Thanks to Philipp Snizek)
  • Migrated bin/flip.pl into a bin/pfcmd_vlan subcommand
  • Added ldap port option to Web Admin LDAP (AD) authentication
  • New controllerIp network device parameter will make it simpler to support wireless hardware working in bridged mode
  • New DHCP fingerprints for Mac OS X Lion, Fedora 14, Polycom, Aastra, LifeSize, Nortel, Polycom and Snom Conferencing and VoIP, Ubuntu 11.04, Belkin Wireless Router, HP ProCurve switches, Androids, Zebra, Kyocera, HP and Xerox printers, NEC Projectors, Polycom Video Conferencing and Paradox Card Access module
  • Developer documentation to add Floating Network Devices support to switches
  • Minor usability improvements

Bug Fixes

  • Fixed issues with several switches if node MAC address falls into an Hex to ASCII printable range (#1098)
  • Renaming Nortel ERS modules (#1238)
  • Fixed Avaya/Nortel switches problems on ERS2500 / ERS4500 (at least)
  • Fixed OS violations regression introduced in 2.2.0
  • Fixed nessus scans don’t work with bin/pfcmd as a setuid/setgid (#1087)
  • Fixed custom VLAN assignments relying on connection_type failing on "unknown" nodes (#1231)
  • Fixed problematic default grace period for System scan violation
  • Fixed configurator.pl does not show interfaces without IP address (#1221)
  • Fixed issue to detect the shell prompt MeruOS 4.1 or greater (#1232)
  • Fixed issues with wireless hardware not sending a NAS-Port parameter (#1229)
  • Fixed Apache configuration problems on non RHEL / CentOS platforms
  • Fixed other cases of warnings from our FreeRADIUS module
  • jpgraph version bump to 3.0.7. Fixes RHEL 6 issues. (#1244)
  • Fixed silent failure when deleting a person with associated nodes (#1265)
  • Fixed encoding issues in the captive portal (#1115)
  • Fixed redirect loop on the captive portal if VLAN reassignment failed (#1260)
  • Fixes issues with accentuated characters and single quotes in some captive portal strings
  • Fixed accidental stop/restart of services because administrative where done in GET instead of POST (#1119)
  • Fixed help not visible in the Web Admin when using Internet Explorer (#1256)
  • Fixed missing exportation icon in the Web Admin when using Internet Explorer (#1255)
  • Cisco C3560 now heritates the Cisco C2960 code
  • Fixed distro portability problems (#1185, #1187, #1248)
  • Fixed snort pidpath (#1258)
  • Additional fixes to nessus scans
  • Interim fixes (#1239, #1240, #1263, #1268, #1269)
  • Missing "named" in the pfcmd help

Translations

  • Updated Spanish (es) translation (Thanks to Juan Camilo Valencia)

… and more. See the ChangeLog file for the complete list of changes and the UPGRADE file for notes about upgrading. Both files are in the PacketFence distribution.

We told you our next release was going to be big! Have fun with this one and let us know how it goes!

Back to 2011