PacketFence 12.1 released

November 22, 2022

The Inverse team is pleased to announce the immediate availability of PacketFence 12.1 - a major release bringing tons of improvements!

Single-Sign-On for the admin interface

The PacketFence admin interface now has support for Single-Sign-On (SSO) using SAML, OAuth2 as well as supporting MFA using TOTP and Akamai MFA.

Fingerbank in the PacketFence Connector

The PacketFence Connector now supports running the Fingerbank Collector to perform device profiling using all the traffic a PacketFence connector sees.

Unbound dynamic PSK support for OpenWiFi

The OpenWiFi integration now supports dynamic unbound PSK which allows individual users to authenticate against PacketFence with their personal WPA2 key.

Here’s the complete list of changes included in this release:

New Features

• Added unbound dynamic PSK support to the OpenWiFi module
• Added Single-Sign-On capability for the admin interface login (SAML/OAuth/MFA/etc)
• Improved PacketFence forwarder integration to mirror DNS packets from a Windows DNS server
• Support for the Fingerbank Collector on the PacketFence Connector

Enhancements

• More flexibility in the definition of the RADIUS servers in an Eduroam source
• Allow to import only DB or configuration during import
• Debian package for PacketFence Connector
• Removed the savedsearch table.
• Removed jQuery dependency in captive portal.
• Present the dynamic PSK on the status page when appropriate
• Manage pfconfig.conf through upgrade scripts instead of packaging
• Improve WebAuth support on Extreme controllers
• Allow users to upload files from the admin instead of uploading them manually via SCP/SSH
• Added new radius attribute vpn detection for fortigate
• Fixed valid_mac that identify some ip address as mac
• Support for hardware token like yubikey for Akamai MFA
• Added sms/phone call as default method in configuration

Bug Fixes

• Fixed issue with pfconnector where it would reuse a dynamic reverse that isn’t active anymore (Pfconnector server active dyn reverse cache checks can fail #7218)
• Fixed RADIUS deauth through pfconnector-remote in a cluster where it was logging as failed although it succeeded
• When a rule match is ‘any’ and has no conditions the rule is always successful (#3768)
• Fix issue with database upgrade (#7283)
• Fix issue Sponsor registration: notes field can’t be used on captive portal #6385
• Better error handling when performing a deauth on the previous switch. (captive portal redirect page return Caught exception in captiveportal::Controller::Root->dynamic_application “Can’t use string (“0”) as a HASH ref while “strict refs” in use at /usr/local/pf/lib/pf/enforcement.pm line 206 #6985)
• Fixes possible Clickjacking for netdata reverse proxy (#7338)
• Don’t resync config files unnecessarily during restarts (Cluster resync on restart - pf12.1 #7360)

See the complete list of changes and the upgrade guide file for notes about upgrading.

This release is considered ready for production use and upgrading from previous versions is strongly advised.