Community

Community support is offered through the mailing lists. You can subscribe to them and ask questions related to PacketFence.

The PacketFence community is very large and active so do not hesitate to subscribe to the mailing list and ask questions. However, please make sure to respect the following guidelines when posting a new message:

  • search for existing answers consult the archives for previously answered questions
  • consult the FAQ for previously answered questions
  • do not hijack threads don't generate a post by replying to somebody else's message and changing the subject and text; newsreader software will see your post as a part of the same thread and mix the two subjects, to everyone's confusion
  • send plain text message (no HTML or Rich Text) to avoid getting rejected by the spam filters
  • avoid replying to a message on top of the quoted text of the previous correspondence
  • be nice you are in effect asking a large group of people to give you some of their time and attention; ensure that your message is relevant to as many of the people receiving the message as possible

Internet Relay Chat (IRC)

Join us on IRC! We are in the #packetfence channel on the freenode network.

Please note that while available, IRC is not the preferred option for community support. We recommend using the mailing list.

Consulting Services

Network Access Control (NAC) projects are complex in nature because they usually involve many different technologies. We have done hundreds of large-scale deployment projects for prestigious organizations, all around the world. Let us help you make this deployment project a success by using our unmatched expertise!

If you are looking for a PacketFence expert to help you:

  • Install, configure, customize and optimize the solution to meet your needs
  • Perform a pre or post-implementation audit to make sure your PacketFence deployment performs optimally
  • Correct a specific issue with your installation or with components related to it
  • Migrate from a previous solution to PacketFence
  • Efficiently integrate PacketFence with in-house systems (Active Directory, RADIUS, etc.)
  • Develop specific features or add support to new networking equipment

Contact Us


Support Packages

Bronze
Silver
Gold
Platinum
Unlimited
Duration 1 year 1 year 1 year 1 year 1 year
Support Method Support Portal Support Portal / Phone Support Portal / Phone Support Portal / Phone Support Portal / Phone
Response Time 1 business day 4 business hours 2 hours 1 hour 1 hour
Support Hours From 8:00am
to 5:00pm EST/EDT - Monday to Friday
From 8:00am
to 5:00pm EST/EDT - Monday to Friday
24 / 7 24 / 7 24 / 7
Multi-Server No No Yes Yes Yes
Notifications None Security Security / Bug Fixes Security / Bug Fixes Security / Bug Fixes
Bug Fixes No No No Yes Yes
Included Incidents 5 10 30 75 Unlimited
Included Consulting Hours - - 2 4 Unlimited
Cost $750 USD
700 €
$1,500 USD
1400 €
$5,000 USD
4600 €
$10,000 USD
9200 €
Contact Us
Order Order Order Order
More incident credits are consumed when support is offered outside 8:00am to 5:00pm EST/EDT - Monday to Friday. Contact us for details.

Supported operating systems are:

  • Community ENTerprise Operating System (CentOS) 5+
  • Debian 4+ and Ubuntu 8+
  • openSUSE 10.3+
  • Red Hat Enterprise Linux 5+

The support packages do not include:

  • components installation
  • custom development
  • preventive system monitoring
  • training and documentation

The included consulting hours can be consumed for:

  • architecture design and review
  • migration from another system
  • performance tuning
  • best practices

Documentation

Installation Guide Read Online Download PDF
Network Devices Configuration Guide Read Online Download PDF
Clustering Quick Installation Guide Read Online Download PDF
Developer's Guide Read Online Download PDF
REST API v1 Read Online

FAQ

PacketFence and Eduroam

PacketFence integrates very well with Eduroam.

Here is a brief configuration example about how to integrate the PacketFence RADIUS with Eduroam. In this use case, we will assume that you are doing 802.1X with the inverse.ca domain, and that you have a Guest SSID doing MAC-based authentication - this is a common use case.

Configure proxy.conf correctly

First step is to configure your local realms and the Eduroam “wildcard” realm. We want to proxy user, INVERSE\user, and user@inverse.ca to our packetfence-tunnel, and proxy anything with user@domain to Eduroam. So lets see the configuration to add to your file:

realm INVERSE {
 authhost=LOCAL
 accthost=LOCAL
} 
realm inverse.ca {
 authhost=LOCAL
 accthost=LOCAL
}
realm DEFAULT {
 ignore_null = yes
 type = radius
 accthost = eduroam1.ns.utk.edu
 authhost = eduroam1.ns.utk.edu
 secret = SHARED-SECRET-UPSTREAM
 nostrip
}

Outer Tunnel Magic

We need to proxy at the outer tunnel level to send the PEAP tunnel. This is magically done using the DEFAULT realm previously configured.

Adjustments in the “packetfence” virtual server

Modify the post-auth section to look like the following:

post-auth {
 exec
 if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25) || (User-Name =~ /^.*\@.+/ && User-Name !~ /^.*\@inverse.ca/) ) {
 packetfence
 }
 Post-Auth-Type REJECT {
 attr_filter.access_reject
 }
} 

Adjustments in the “packetfence-tunnel” virtual server

Simply ensure that you have the following post-auth section:

post-auth {
 exec
 packetfence
 Post-Auth-Type REJECT {
 attr_filter.access_reject
 }
} 

Identity Privacy

A quick note about Identity Privacy. This feature is fully supported in these configurations. Since we execute the “packetfence” perl module only if we do MAC Authentication or in the inner-tunnel, we receive the proper credentials to update the last 802.1X username in the node table. More than that, we avoid credential spoofing with the outer-tunnel identity. You need to tell Eduroam users to use the user@domain format though.

January 25, 2011

Bugs

If you encounter a possible bug with PacketFence, you can access our github page.

Please make sure to respect the following guidelines when reporting a bug:

  • verify that the bug you found is not already known or even fixed in the trunk version
  • make the actual facts very clear; be precise, we need to be able to reproduce the problem
  • explain your speculations, if any
  • add a screenshot to the ticket if appropriate