Project homepage: https://www.packetfence.org/
Please report bugs to: http://www.packetfence.org/bugs/
Interested in contributing to the project? http://www.packetfence.org/support/community.html
This is a list of noteworthy changes across releases. For more details and developer visible changes see the ChangeLog file. For a list of compatibility related changes see the UPGRADE.asciidoc file.
-
New Apply violation bulk action
-
The same bulk actions for nodes are now available for users
-
New WRIX data management
-
Added PacketFence provisioning agent for Android
-
Support Hotspot for Cisco WLC and Aruba IAP
-
Support for Huawei AC6605 wireless controller
-
Support for Enterasys V2110 wireless controller
-
Support for Juniper EX2200 and EX4200 switches
-
Inline layer 3 support
-
New pfbandwidthd daemon for inline layer 3 accounting
-
New violation type based on time usage from RADIUS accounting information
-
New violation type based on bandwidth usage from pfbandwidthd information
-
New Mirapay online payment as a billing option
-
Billing tiers can now be defined with a real usage duration (instead of simply a timeout)
-
Billing: A confirmation email is sent when purchasing a tier
-
New status page with options to extend the network access (when billing is enabled with access duration) and to unregister any node associated to the current user
-
Integration of mod_qos in the Apache configuration of the captive portal
-
New pfcmd "cache" command
-
New pfcmd "configreload" command
-
Mandatory fields during registration are now configured per portal profile
-
Expanded fields for person field
-
Allow pfcmd error/warning/success messages colors to be configurable
-
Allow rules on username for null authentication sources
-
Landing page of Web admin interface now depends on the user’s access rights
-
Reevaluate access when changing the role of multiple nodes (#1757)
-
Each portal profile can now use its own set of locales
-
Added a new URI filter for portal profiles
-
Switches configuration page is now paginated
-
LLDP support for 3Com 4000 Series
-
Multiple DNS server in the network configuration
-
Allow alias interface as captive portal
-
MAC Authentication support for Enterasys D2 switch
-
Added support for JSON-RPC and msgpack RPC over HTTP for webservices
-
Made msgpack the default RPC for RADIUS
-
Improved performance of webservices by preloading Perl modules
-
Regexp filter for LDAP source is now case-insensitive
-
Improved maintenance database script
-
Preserve and restore the URL fragment when the web session expires in Web admin (#1780)
-
Logging is now separated and configurable for each service
-
Added missing redirect_url paramater when editing a violation in the Web admin
-
Complete rewrite of captive portal as a Catalyst application
-
Added a section documenting eduroam support to the Admin guide
-
Controller IP address can be determined dynamically
-
Added a file backing for the cache to decrease cache misses
-
Allow advanced search of nodes by OS type (#1790)
-
The PF RPC client can be configured in the conf/radiusd/radiusd.conf
-
Added PacketFence radius dictionary
-
Fixed retrieval of ifIndex in Cisco Catalyst 2950 module
-
Fixed Snort and Suricata services management
-
Fixed issue when saving a users search in Web admin
-
Fixed JavaScript error with IE8 on Web admin users page
-
Fixed Web admin access restrictions for users and nodes creation
-
Fixed SQL query of connection types report in Web admin
-
Fixed blank page with WISPr on OS X
-
Fixed nodes simple search by IP address
-
Fixed access reevaluation when changing the status of a pending node
-
Fixed network access for users with no "set role" action (#1778)
-
Fixed conversion of wildcards to regular expressions in domains passthroughs
-
Fixed display of last IP address of nodes when end_time is in the future
-
Fixed XSS issues in Web admin
-
Fixed extractSsid for Cisco Aironet and Cisco Aironet WDS
-
Portal profiles can now be filtered by switches
-
Proxy interception support
-
New pfcmd "fixpermissions" command
-
Added a "Null" authentication source for simple "Click to connect" portals
-
Displayed columns of nodes are now customizable
-
Create a single node or import multiple nodes from a CSV file from the Web admin interface
-
LDAP authentication sources can now filter by group membership using a second LDAP query
-
Extended definition of access durations
-
FreeRADIUS no longer needs to be restarted after adding a switch
-
New customizable ACLs for the Web admin interface
-
Force10 switches support
-
Improved error messages in RADIUS modules
-
Simple search for nodes now includes IP address
-
Search by MAC address for nodes and users now accepts any MAC format
-
Improved starting delay when using inline mode
-
Added memcached as a managed service
-
Added CoA support for Xirrus access point
-
Improved validation of VLAN management
-
Updated FontAwesome to version 3.2.1
-
Each portal profile can now have a different redirection URL
-
Initial destination URL is now respected with Firefox
-
An Htpasswd source can now define sponsors
-
Improved display of pie charts (limit of legend labels and highlight of table rows)
-
Creation of users is now performed from the users page (was on the configuration page)
-
Validate file path when saving an Htpasswd authentication source
-
Improved validation of a sponsor’s email address
-
Allow actions depending on authentication source type
-
Modified logrotate so it uses copytruncate instead of restarting the services.
-
Now comes with a corosync compatible barnyard2 init script in addons.
-
Unreg the node when you come from a secure connection to an open connection
-
Allow a self-registered node by SMS to go back to the registration page
-
Sponsor email authentication source can refuse email addresses of the local domain (as the email source)
-
Updated German (de) translation
-
RADIUS configuration files are no longer replaced when updating packages
-
Fixed match of Htpasswd authentication source (#1714)
-
Fixed creation of users without a role (#1721)
-
Fixed expiration date of registration to the end of the day (#1722)
-
Fixed caching issue when editing authentication sources (#1729)
-
Allow rules with dashes (#1730)
-
Fixed vconfig setting the wrong name_type
-
Fixed help text in Web admin (#1724)
-
Removed references to unavailable snort rules (#1715)
-
Fixed LDAP regexp condition not considering all attribute values (#1737)
-
Fixed sort by phone number and nodes count when performing an advanced search on users (#1738)
-
Fixed users searches not being saved in the proper namespace
-
Fixed handling of form submit when saving a user search
-
Fixed self-registration of multiple unverified devices
-
Fixed duplicate entries in advanced search of nodes
-
Fixed advanced search by node category
-
Fixed reordering of conf sections and groups (#1749)
-
Fixed pid of SMS-registered devices (was "admin" in certain circumstances)
-
Fixed saving of allow local domain option when disabled in an email authentication source
-
The allow local domain option of the email source will now only affect the user who registers by email
-
Fixed ifoctetshistoryuser command to use the correct query when just a user is given
-
Fixed network-detection for IE 8
-
Fixed SQL query of SSID report in Web admin
-
New Polish (pl_PL) translation (thanks to Maciej Uhlig <maciej.uhlig@us.edu.pl>)
-
Improved display of filters and sources (DynamicTable) in portal profile editor
-
Ensure the VLAN naming scheme is set on start up
-
When no authentication source is associated to the default portal profile, all available sources are used
-
Phone number is now editable from the user editor
-
Updated fingerprints of gaming devices (Xbox)
-
Moved pfmon to a single process daemon and added the ability to restart itself upon error
-
Added new test tool bin/pftest
-
Improved SQL query in pf::node when matching a valid MAC
-
Allow change of owner in node editor (with auto-completion)
-
iptables management by packetfence is now optional
-
Allow advanced search of users and nodes by notes (#1701)
-
Added better error/warning messages when adding a violation with pfcmd
-
Output the violation id for pfcmd violation add command when the json option is supplied
-
Fixed XML encoding of RADIUS attributes in SOAP request
-
Fixed retrieval of user role for gaming devices
-
Fixed SQL query of connection types report in Web admin
-
Fixed issue with anonymous LDAP bind failing with searches
-
Fixed email subject when self-registering by email
-
Fixed empty variables of preregistration email template
-
Fixed detection of guest-only authentication sources when no source is associated to the portal
-
Fixed stylesheet for Firefox and IE when printing user access credentials
-
Fixed display of IP address in advanced search of nodes
-
Fixed advanced search of nodes by violation
-
Fixed advanced search of users by sponsor
-
Fixed various caching issues
-
Fixed various logged warnings
-
Fixed various authentication issues (#1693, #1695)
-
Improved validation of sponsor’s email
-
Self-registration by sponsor now works without having to define an email authentication source
-
Fetching VLAN for dot1x connections is now limited to internal authentication sources
-
Splitted internal and external classes in dropdown menu of authentication types
-
Show error message when trying to delete a source used by the portal profiles
-
Documentation of the vip parameter for management interface
-
Authentication is now limited to internal sources
-
DynamicTable widget now allows to drag’n’drop under last row
-
Connections on port 443 are now accepted for self-registration (#1679)
-
Use virtual ip when available for SNAT
-
Remote conformity scan engines (Nessus/OpenVAS) can now scan devices in unregistrated state on inline networks
-
Returned per-switch role (if configured) for "Role mapping by switch role" rather than sending the user role
-
Added new regexp operator for strings in authentication rules
-
Automatic landing on the sign-in page if no internal/oauth authentication source is used by the portal profile
-
Self-registration is now enabled when a profile has at least one external authentication source
-
Authentication sources of portal profiles are now displayed in a sortable table
-
Sort actions of a violation in reverse order to set the role before auto registration
-
Added hostapd configuration in the Network Devices Configuration Guide
-
Version number is now sent when submiting dhcp and useragents fingerprints
-
External authentication sources of portal profiles are not respected
-
A portal profile can have multiple external authentication sources of the same type
-
Port 443 on the management interface is not open when gaming registration is enable
-
Crash of FreeRADIUS with SOAP::Lite prior to version 1.0
-
Wrong permissions on the logs files causes an error with the log action of violations
-
Error with violations with tainted chain in pfmailer and action_log subroutines
-
Triggering a violation with a trap action doesn’t reevaluate access
-
authentication.conf and profiles.conf are overwritten when updating PacketFence
-
First element of button groups is not properly displayed
-
Sponsors are not extracted from LDAP sources
-
New buttons to clone a switch, a floating device, and a violation
-
New version number in the top navigation bar
-
Form toggle fields don’t support all variations
-
Counters and graphs for today are empty
-
Maintenance interval is not respected in pfmon
-
Optgroup labels in select menus are hidden when build multiple times
-
Callbacks are performed on every ReadConfig
-
Guest modes don’t show up on captive portal
-
Authentication source is not respected when matching actions in register.cgi
-
Replaced bind with pfdns - PacketFence’s own DNS server
-
Rewrote Oauth2 support (based on ipset sessions)
-
New counters bellow line graphs of reports
-
Support for anonymous bind in LDAP authentication sources
-
Added support for date and time conditions in authentication sources
-
Added "is not" condition on connection type
-
Extend simple search of nodes to match MAC, owner and computer name
-
Added search and display of the a user’s telephone number
-
Can now have multiple external authentication sources
-
Increased speed of loading configuration from the cache
-
Each portal profile can now use a list of authentication sources
-
A switch definition can now be easily cloned
-
Switches are now ordered by IP address
-
LDAP SSL and STARTTLS now works as expected.
-
Re-evaluate network access when changing a node status
-
Re-evaluate network access when closing a violation
-
Missing unit when interval is zero
-
Switch with empty inlineTrigger rises an exception
-
Web admin sets triggerInline while libs expect inlineTrigger
-
Condition on user email doesn’t work for email sources
-
Sponsors can’t be validated
-
Node search by person name is broken (#1652)
-
Can’t enable VoIP from switch configuration form (#1663)
-
Maximum number of nodes per user is not respected by role
-
Routed networks are not properly sorted (#1666)
-
Can’t edit notes of a node (#1667)
-
pfdetect_remote and pfarp_remote fix
-
Line graphs now automatically switch to a month-based view when the period covers more than 90 days
-
Debian 7.0 (Wheezy) packages
-
Default values override defined values in violations.conf
-
Wrong version of pf::vlan::custom
-
Groups in configuration files are not ordered under their respective section
-
mysqld is not enabled at startup
-
memcached is not enabled at startup
-
Access duration action doesn’t honor default values in web admin
-
Types in networks.conf are missing the "vlan-" prefix
-
Default pid in node table and config module must be "admin", not "1"
-
No warning when stopping httpd.admin
-
Match not performed by type in mobile-confirmation.cgi
-
Authentication rule condition on connection type doesn’t work
-
Authentication rule condition on SSID doesn’t work
-
Access level is lost when editing a user
-
Catchall rules won’t work in a htpasswd source
-
Minor visual improvements to the web admin interface
-
Statics routes not added on PacketFence restart
-
Brand new Perl-based Web administrative interface using the Catalyst framework
-
New violation actions to set the node’s role and deregister it
-
Support for scanning dot1x connections for auto-registration by EAP-Type
-
Support for auto registering dot1x node based of the EAP-Type
-
New searchable MAC Addresses module to query all existing OUI prefixes
-
New advanced search capabilities for nodes and users
-
New memory object caching subsystem for configuration files
-
Ubuntu packages (12.04)
-
Authentication sources can now be managed directly from the GUI
-
Roles (previously called categories) are now computed dynamically using authentication sources
-
Portal profiles and portal pages are now managed from the GUI
-
Fingerprints and User Agents modules are now searchable