PacketFence v5.5 released
November 23, 2015

The Inverse team is pleased to announce the immediate availability of PacketFence 5.5.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised.

Here are the changes included in this release:

New Features

  • New device detection through TCP fingerprinting
  • New DHCPv6 fingerprinting through Fingerbank
  • New RADIUS filter engine to return custom attributes based on rules
  • Security Onion integration
  • Paypal payment is now supported in the captive portal
  • Stripe payment and subscriptions are now supported in the captive portal

Enhancements

  • New pfqueue service based on Redis to manage asynchronous tasks
  • Memcached has been replaced by Redis for all caching
  • pfdetect can now be configured through the administration interface
  • Added ability to detect hostname changes using the information in the DHCP packets
  • Added the ability to create not equal conditions in LDAP sources
  • DoS mitigation on the captive portal through mod_evasive
  • Load balancing in an active/active process now uses a dedicated process
  • Authentication and accounting are now in two different RADIUS processes
  • Reworked violation triggers creation in the administration interface so it is more user friendly
  • Added the ability to create combined violation triggers which allow to trigger a violation based off multiple attributes of a node
  • Suricata alerts can now trigger a violation based on the alert category or description instead of only the ID of the alert
  • Added ability to e-mail device owner as a violation action
  • The PacketFence syslog parser (pfdetect) has been reworked to allow multiple logs to be parsed concurrently
  • New ntlm_auth wrapper will log authentication latency to StatsD automatically
  • Handle Microsoft Windows based captive-portal detection mechanisms
  • Manage pfdhcplistener status with keepalived and run pfdhcplistener on all cluster members
  • New portal profile filter (sub connection type)
  • Added switch IP and description in the available columns in the node list view
  • Use SNMP to determine the ifIndex based on the NAS-Port-Id
  • Improved metrics now track SQL queries, LDAP queries, and more granular metrics in RADIUS AAA
  • Added support for Nessus 6 scan engine
  • Added documentation for the Cisco iOS XE switches
  • Reworked existing billing providers to be PCI compliant
  • Billing providers are now part of the authentication sources
  • Billing tiers are now stored in the configuration instead of the source code files
  • Billing sources can now be used with other authentication sources on the same portal profile
  • DHCP packet processing is now fully done asynchronously to allow more PPS in the pfdhcplistener

Bug Fixes (bug Id is denoted with #id)

  • Fixed log rotation issue with the carbon daemons
  • Fixed LLDP phone detection if only telephone capability is enabled (#964)
  • Fixed keepalived and iptables configuration for portal interfaces
  • Fixed improper httpd status code being set
  • Removed the node delete button
  • Fixed detection if the device asks for a portal per URI
  • Fixed 3Com switches ifIndex calculation in stack mode using SNMP
  • Not-found users will now be cached when using the caching in an LDAP source (#978)
  • Updating a node puts an invalid entry in the voip field

See the complete list of changes and the UPGRADE.asciidoc file for notes about upgrading.

Back to 2015