The Inverse team is pleased to announce the immediate availability of PacketFence v11.1 - a major release bringing many improvements!
PacketFence v11 now fully supports multi-factor authentication for its captive portal, CLI and VPN. Advanced integration with Akamai MFA is now included as well as generic support for any TOTP solutions.
Automation of Upgrades
Upgrading from v11 to v11.1 is fully automated for standalone installations. No more scripts to run nor database schema changes to apply - all is done for you, in a snap!
PacketFence has unified the three reporting sections in to a single configuration and added bar-graphs, sankey-diagrams and scatter-charts in order to visualize different datasets or the same data in different dimensions. It includes a MySQL/MariaDB script mode that allows multi-statement SQL transactions, making it even easier to extend its reporting with custom configurations. Several new reports for accounting, authentication, nodes and roles are also now included.
Automated Integration Tests
More automated tests were added in PacketFence v11.1 through Venom. More specifically, an EAP-TLS test covering our PKI infrastructure was added together with a pfcron test covering all maintenance jobs PacketFence does. These extend the automated tests coverage in PacketFence further to ensure greater quality and stability for each new release and help us continue our effort to shorten the time between releases.
… and more!
PacketFence v11 provides additional important improvements such as MikroTik DHCP MAC authentication support, the automated generation of the supported equipment page for the PacketFence website, refactoring of authentication sources and much more.
Here’s the complete list of changes included in this release:
Support for Akamai MFA in VPN/CLI RADIUS authentication and on the captive portal
Support for TOTP MFA in VPN/CLI RADIUS authentication and on the captive portal
Automation of upgrades for standalone installations (#6583)
MikroTik DHCP MAC authentication support
Allow to use the sAMAccountName from the searchattributes in MSCHAP machine authentication (#6586)
Improve the Data Access Layer to work in MariaDB’s default sql_mode
New command pfcmd mariadb [mariadb options]
Deauth request can be made on the previous equipment the device was connected
Allow the bulk import of config items to be async
Remove unused/deprecated sources (AuthorizeNet, Instagram, Twitter, Pinterest, and Mirapay) (#6560)
Automation of supported equipment page on PacketFence website (#6611)
Use Venom 1.0.0 through Ansible to run integration tests (#6573)
Import script will migrate the networks configuration if the new IP is in the same subnet (#6636)
EAP-TLS integration tests using manual deployment and SCEP protocol (#6647)
Added a monit check to ensure winbindd is still connected (11.1 - AD failover doesn’t work #6655)