PacketFence v10.1 released and more recognition from Gartner!

June 17, 2020

The Inverse team is pleased to announce the immediate availability of PacketFence v10.1. This is a major release bringing tons of improvements! PacketFence is once again featured in the 2020 Gartner Market Guide for Network Access Control. This release is considered ready for production use and upgrading from previous versions is strongly advised.

Here are the changes included in this release:

New Features

• Live log viewer from admin interface
• Fully tenant-aware admin interface
• Support for MS-CHAP authentication for CLI/VPN access
• New pfcertmanager service that generates certificate files from configuration

Enhancements

• EAP configuration template - add a way to define multiples EAP profiles in FreeRADIUS
• New action for AD/LDAP sources to set role when user is not found
• Provide an advanced LDAP condition to allow custom LDAP queries
• The captive portal can now feed HTTP client hints to the Fingerbank collector
• Added ability to enable/disable a network anomaly detection policy (#5403)
• Return the portal IP if the QNAME matches one of the portal FQDN for registered devices using inline enforcement
• Individual source rules can be disabled
• Support for Dell N1500 starting from 6.6.0.10
• CoA support for Ubiquiti Unifi AP
• Added a way to define the Unifi AP by IP or IP range
• Use the value of an LDAP attribute as a role
• Added the return of the LDAP/RADIUS attributes to use them in RADIUS filter
• The /api/v1/radius_attributes endpoint is now searchable
• Proxy the captive portal detection URL when the device is registered
• Choose which EAP profile to use based on the realm
• LDAP’s basedn can be defined in the authentication sources rules
• New hooks for the RADIUS filter engine in eduroam virtual server
• Redefined “restart” in the service manager to allow “PartOf” in systemd scripts
• Set role from source authentication rule option (needs #5459)
• Flatten the RADIUS request for the authentication sources (attributes like radius_request.User-Name)
• RADIUS request attributes / username are part of the common attributes
• Support of multiples LDAP servers in FreeRADIUS ldap_packetfence configuration file
• Copy outer User-Name attribute in PacketFence-Outer-User attribute to be able to use it in the authentication rules
• Copy the LDAP-UserDN attribute in PacketFence-UserDN attribute to be able to use it in the authentication rules
• Added a way to extend the LDAP filter for searchattributes configuration
• Documentation for EAP profile selection
• Documentation for regex realm
• Documentation for new action/condition in LDAP authentication
• Moved the VLAN filters example as default disabled VLAN filter
• Use PUT for node reevaluate_access to fix issue with admin_role actions mapping
• OpenID pid mapping is now configurable
• Can map OpenID attributes to a person attributes
• Allow to create authentication rules based on OpenID attributes

Bug Fixes

• Fixes Fortinet Fortigate returnAuthorizeVPN function (#5409)
• Barracuda NG firewall SSO SSH fails (#4828)
• Impossible to set multiple access level in administration rule (#5440)
• Fixed pf-maint.pl when its running behind a proxy (#3425 )
• Fix vendor attributes not being sent from Switch Template (#5453)
• Fixed issue authorizing a user in web-auth on Unifi when the node has its date set to ‘0000-00-00 00:00:00’

See the complete list of changes and the UPGRADE.asciidoc file for notes about upgrading.