PacketFence v11 released
September 2, 2021

The Inverse team is pleased to announce the immediate availability of PacketFence v11 - a breakthrough release in network security!

RHEL v8 and Debian 11 Support

PacketFence v11 now fully supports Red Hat Enterprise Linux 8 (RHEL v8) and Debian 11. Both operating systems bring major performance, stability, and security improvements to PacketFence for many years to come. RHEL v8 alternatives such as AlmaLinux, Oracle Linux, and Rocky Linux can be used.

Google Workspace Integration

PacketFence v11 now natively integrates with Google Workspace for LDAP-based authentication. Moreover, PacketFence now provides a Google Workspace Chromebook provisioner to automatically onboard organization-owned Chromebook devices and assign them a role. PacketFence can now also raise a security event when a Chromebook becomes inactive and provides a way to import all activated Chromebooks part of an organization.

Microsoft Azure Integration

PacketFence now integrates with Microsoft Azure Active Directory for authenticating users on the captive portal, the admin interface, and performing 802.1X user authentication using EAP-TTLS PAP. Greatly enhances the integration possibilities of PacketFence in Azure-based Cloud environments.

Automation of Upgrades

Starting from PacketFence v11, upgrades are fully automated. No more scripts to run, database schema changes to apply, and more. This release also provides a way to export your v10.3 installation and migrate to v11 in a snap!

Logs Forwarding

PacketFence now supports forwarding of all database-stored logs. That means that the RADIUS audit log, DHCP audit log, DNS audit log, and admin access audit log can be fully exported to a remote syslog server - ensuring compliance with more security regulations.

… and more!

PacketFence v11 provides additional important features such as SCEP support for Microsoft Intune and AirWatch, Venom tests for Inline L3, massive performance improvements to the admin interface, multi-tenancy improvements, and much more.

Here’s the complete list of changes included in this release:

New Features

  • Red Hat Enterprise Linux 8 and Debian 11 support
  • Microsoft Azure AD authentication and authorization support (#6380)
  • Google Workspace integration for LDAP and Chromebooks
  • Automation of upgrades from 10.3 and above (#6438)
  • Forwarding support for audit logs stored in database


  • Microsoft Intune SCEP support (#6360)
  • Venom inline L3 (PR #6266)
  • Massively improved web admin performance
  • LDAP source now supports client certificates
  • AirWatch SCEP documentation
  • Rewrite the username of the request from RADIUS preProcess filter (#6293)
  • Upgrade to golang 1.16.3 (#6343)
  • pfpki: configure OCSP to listen on specific interfaces (#5825)
  • Get maintenance patches through package manager (#6378)
  • Adjust Intune integration to support pagination of the managed devices (#6135)
  • Add an option to force the vip as the default gateway on layer2 registration network (#6406)
  • Firewall SSO is tenant aware (#6384)
  • Added conditions on owner information in the RADIUS filters (#6324)
  • CLI access support for Avaya Switches (#6398)
  • Authorize a MAC address on all APs of the switch group when using the Unifi module (#6134)
  • Macro documentation for filter engine (#6392)
  • Expose the source directory of documentation from Caddy (#6315)
  • Audit successful admin login in the admin audit log. (#6345)
  • Allow users to resend the SMS pin
  • Improve the speed of retrieving switches (#6321)

Bug Fixes

  • Configurator sets valid_from field to current time in place of 1970-01-01 00:00:00
  • Support switch_group in advanced filters (#6379)
  • Authentication rule condition basedn matching does not work (Authentication rule condition basedn matching does not work #6402)
  • Filter netdata incoming connection (#6303)
  • CLI switch access for Avaya ERS Switches (#6399)
  • Avoid duplicate log entries “User has authenticated on the portal”
  • Backup DB using MariaDB-backup does not work on standalone installations (#6424)
  • Normalize connection_sub_type to use the numeric value (#6326)
  • Expired switches for all tenants (#6024)

See the complete list of changes and the upgrade guide file for notes about upgrading.

Back to 2021