Download PacketFence 3.2.0

An NAC system can be used to secure a network environment, among other things. This allows network devices to be blocked automatically, based on pre-set policies, if an undesirable situation occurs. Think of unknown network devices of visitors, a worm that is trying to spread, or an authorized device that has been supplied with another operating system via a boot flop or live CD. PacketFence is one such nac system with support for 802.1x and vlan isolation, which allows a network device to be placed in the correct vlan after analysis. For more information, please refer to this page and to the 32nd [In]Secure Magazine, in which an article about this package can be found. The developers of Inverse have released version 3.2.0 with the following changes and improvements:

Security

• Reflected Cross-site scripting (XSS) in Web Admin printing system (#1362)

New Hardware Support

• Ruckus Wireless Controllers

New Features

• OpenVAS Vulnerability Assessment integration for client-side policy compliance
• Bandwidth violations based on RADIUS accounting information
• Billing engine integration for allowing the use of a payment gateway to gain network access.

Enhancements

• Migrated our documentation from a binary-only ODT to a flexible asciidoc format
• Code and tests refactoring
• Minor documentation update for Aruba Controllers
• Performance: avoiding some redundant operations on startup
• A DHCP listener will run by default on the management interface
• pfcmd_vlan is now able to run arbitrary methods on network devices
• Debug statement with the resolved SSID now available to troubleshoot SSID problems live
• Added getSwitchLocation to pfcmd_vlan which fetches SNMP sysLocation on switch (#1250, Thanks to Maikel!)
• Introduced more aggressive exception-based configuration error handling
• Introduced new trigger types (nessus and openvas) and removed the scan type
• Added the capability to use dots in trigger id
• Added a new config flag: registration.guests_self_registration to control if self-registered guests are enabled (#1361)
• Made it easier to override preregistered guest usernames (default is email)
• Added a new config flag: vlan.trap_limit to enable/disable the trap limit feature
• RADIUS captive portal authentication can now target several RADIUS servers for fault tolerance
• Added a multi-threaded EAP test script in t/stress-test/
• Performance: node_view query optimized for 100x+ gain in environments where MySQL is taking a lot of CPU
• Performance: faster command line response time (15%+ with bin/pfcmd)
• Our FreeRADIUS module packetfence.pm now logs in radius’ log instead of syslog (related to #1377)
• Performance: ~2x FreeRADIUS performance by avoiding superfluous queries

Bug Fixes

• Buttons in graphs.php or type ifoctetshistoryswitch, ifoctetshistoryuser, ifoctetshistorymac (#1110)
• Web Admin usability fixes (#1071)
• Small typo error in node.pm log message (#1357)
• Interpolation issue in pf::web::custom’s code which is disabled by default (#1358)
• Allow more than one SNMPv3 EngineID per user (#1354)
• OS and violation classes properly displayed in printer-friendly tables in the Web Admin
• Disabled config ownership tests because of too many false positives (#1345)
• Passthrough doesn’t work with domains without an ending slash (#1368)
• Returning exit status 0 on command line tools when asked to show help
• pfcmd’s general help is now sent to standard ouput instead of standard error
• Globally disabled privilege detection in hardware requiring Telnet / SSH. All except Trapeze. (#1370)
• Thread crash with floating network devices with VoIP through SSH transport (#1369)
• MAC-Auth / 802.1X translation fixes for the Cisco Catalyst 3550
• No more obscure error message if no management interface is defined in pf.conf
• pfcmd exit status now more consistent regarding config
• No more “Can’t call method “tag” on an undefined value” on broken pf.conf configuration (#1352)
• More reliable SSID extraction in Called-Station-Id (#1379)
• Fixed FreeRADIUS crashes in heavily loaded environments (#1377)

translations

• Updated Brazilian Portuguese (pt_BR) translation (Thanks to Diego de Souza Lopes)
• Updated Brazilian Portuguese (pt_BR) Admin guide translation (Thanks to Diego de Souza Lopes)

… and more. See the ChangeLog file for the complete list of changes and the UPGRADE file for notes about upgrading. Both files are in the PacketFence distribution.