PacketFence v6.1.0

New Features

• Added support for CoovaChilli capable equipment
• Added page to visualize the status of the services on all cluster members
• Added support for RADIUS Change of Authorization on Meraki
• Added configurable actions to be executed at the end of a portal module
• Automatic registration of devices is now configurable from the GUI on a per profile basis
• Added switch and switch group in violation trigger
• Added switch group as a portal profile filter
• Moved RADIUS audit log in its own module
• Saved searches support for the RADIUS audit log module
• The portal now supports RADIUS Challenge Response authentication

Enhancements

• Added module to redirect to internal or external pages within the portal modules configuration
• Added configuration checkup for cluster.conf
• Added ability to limit the number of logins when creating a local account
• Added choice of sending either RADIUS CoA or Disconnect when deauthenticating a device
• Admin interface is now available on all members of the cluster without the need of being the master
• FreeRADIUS now logs to a separate file per process (authentication, accounting, load-balancer)
• Improved performance of the online/offline search

Bug Fixes

• Fix profile filter saving incorrectly on Debian Jessie
• Numerous improvements to i18n in the portal and administration GUI
• Fixed e-mail registration not working when activating access through a proxy or firewall
• Authentication log (auth_log) will now be cleaned automatically via pfmon (#1511)
• Fixes incorrect graphite aggregation of metrics when data should not be averaged

PacketFence v6.0.3

Bug Fixes

• Fixed example in vlan filters showing incorrect operand for user_name
• Fixed the display of the aup when printing a user
• Fixed email_instructions blocking email registration
• Fixed FreeRADIUS dynamic clients hanging the server when the database fails to respond (#1500)
• Fixed violation_add when applying one through bulk actions (#1510)
• Fixed sessions remembering failed authentication sources
• Fixed to listen to DHCPREQUEST in registration network when in cluster mode

PacketFence v6.0.2

Bug Fixes

• Fixed pfdns to prevent pid file deletion when a child dies (#1444)
• PacketFence will now handle the case where a source in the session is not available anymore
• Fixed missing PID when using device registration (#1447)
• Fingerbank update will no longer sync all servers anymore
• VoIP detection flags default will now be undef in admin interface
• Suricata renamed to suricata_event in violations.conf.example
• The captive portal will now handle User Agent strings properly
• PacketFence will now delete the user (not device) session after activating sponsor
• Fixed incorrect MAC address formatting in the reporting section of the GUI
• Fixed "reuse dot1x credentials" in captive portal
• Fixed incorrect SNMP traps handling
• Fixed incorrect MAC address handling in radius accounting
• Added a check to database backup script for mariadb
• Fixed unregistration date handling when using email registration

PacketFence v6.0.1

Bug Fixes

• Added back the option to set the logo in a portal profile
• Fixed Blackhole and Null authentication portal modules (#1439)
• Added missing username field in Debian maintenance crontab
• Fixed web authentication web form release in captive portal
• Validate configuration identifiers so they don't contain invalid characters (#1417)
• Fixed incorrect samba handling of "%h" in server name
• Fixed registration ACL computing for Cisco WLC and 2960 in web authentication
• Adjust pfdetect startup order to allow Snort / Suricata to start
• Fixed pfsetvlan compilation error
• Fixed violations internationalization
• Fix incorrect rogue dhcp detection

PacketFence v6.0.0

New Features

• Fully redesigned frontend and backend of the captive portal
• Parking state for unregistered devices (where it will have a longer DHCP lease time and will only access a lightweight portal)
• CentOS 7 and Debian 8 (Jessie) support
• RADIUS support for Avaya switches
• New filter engine to return custom answers in pfdns
• Redirect URL are defined in Role by Web Auth URL switch configuration (Cisco)
• Added support for Captive-Portal DHCP attribute (RFC7710)
• Added Google Project Fi as a SMS carrier for SMS signup option
• FreeRADIUS 3 support with Redis integration

Enhancements

• Added ability to expire users
• Automatically update all the Fingerbank databases (Redis, p0f, SQLite3)
• Do not allow the TRACE method to be used in any of the web processes
• Can now limit the maximum unregdate an administrator can set to a person
• Added option to disable the accounting recording in the SQL tables
• Added caching of the latest accounting request for use in access reevaluation
• Reduced the number of webservices calls during RADIUS accounting
• Added configuration for Apache 2.4 with Template Toolkit
• Added a timer for each RADIUS request (radius audit log)
• Assign the voice role to VoIP devices when Packet``Fence detects them
• Renamed VLAN to Role in admin GUI violation
• Unregistering a node from a secure connection to an unsecured one is now managed by the VLAN filters
• Location history of a node now shows the role instead of the VLAN id
• Documentation to configure Cisco switches with Identity Networking Policy
• Trigger violation on source or destination IP address only if they are in the trapping range networks
• Performance improvement for VoIP detection
• Added new RADIUS filter return option (random number in a range)
• Reinstated iplog (iplog_history and iplog_archive) rotation/cleanup jobs performed by pfmon
• An asynchronous LDAP lookup is now done on each 802.1x request to populate the person fields for that user

Bug Fixes

• Compute unregistration date for secure connections
• Fixed unescape value in LDAP search
• Fixed Apache 2.4 core dump
• Fixed update locationlog from accounting start with the wrong connection type

PacketFence v5.7.0

New Features

• DNS based enforcement as a new enforcement mode for routed networks
• Captive portal authentication now supports SAML authentication
• It is now possible to search for nodes that are online based on RADIUS accounting
• Integration with Suricata MD5 extraction module to scan against OPSWAT MetaScan online scanner

Enhancements

• Support for floating devices on HP Procurve switches
• RADIUS CoA support added to Brocade switches
• The NULL authorization source can now be combined with other sources
• Added possibility to trigger Firewall Single Sign-On when an endpoint changes status
• The username on a captive portal will no longer be stripped unless required otherwise
• Improved UDP reflector documentation
• Improved vendor specific attributes in radius filters
• Now able to specify on which LDAP attribute we should match for SponsorEmail
• Now able to strip a username in LDAP source even if not present in RADIUS request

Bug Fixes

• Fixed incorrect provisioning that ignored broadcast state of provisioned SSID
• Present a login page without login form when a blackhole source is used on the portal profile ([#1021](https://github.com/inverse-inc/packet
  fence/issues/1021))
• Fixed incorrect provisioning templates that required entering a password twice (#1119)
• Fixed ambiguous SQL accounting stored procedure that could return duplicate results
• Fixes incorrect IPv6 DHCP processing in pfdhcplistener

PacketFence v5.6.1

Enhancements

• pfcmd will now validate the violation configuration in checkup
• pfdns cached entries will now expire after 24 hours

Bug Fixes (bug Id is denoted with #id)

• Fix duplicate open entries in locationlog for voip devices
• Avoid circular dependency when loading pf::Authentication::Source::StripeSource (1160)
• Fix incorrect Cisco switch ACL number
• Removed use of pf::class modules which caused compilation errors
• Fixed an incorrect reload of the cached configuration (1157)

PacketFence v5.6.0

New Features

• New RADIUS auditing report allows troubleshooting from the GUI
• The email authorization source now allows to set roles based on the email used to register
• New switch groups now allows to assign settings to multiple switches at once
• DHCP filters now allow arbitrary rules to perform actions based on DHCP fingerprinting
• Cisco switches login access can now be authenticated through PacketFence
• The filter engine configuration can now be edited through the admin GUI

Enhancements

• New dedicated search feature for violations in the nodes panel
• New pfcmd pfqueue command allows managing the queue from the command line
• New option to specify the authentication source to use depending on the RADIUS realm
• Upgrade Config::IniFiles to allow faster loading of configuration files
• Performance improvements to the filtering engine by avoiding unnecessary database lookups
• New columns bypass_vlan and bypass_role are allowed to be import for nodes
• Service start/stop order can now be configured through the admin GUI
• Pagination can now be defined by the user in the admin GUI search results
• The pfdns service now forks to process multiple requests in parallel
• Added configurable timeout for send/receive operations on the OMAPI socket
• The authorization process will now test if the role changed before reevaluating access
• New option to add date based VLAN filter condition (is before date, is after date)
• pfconfig backend can now be cleared via pfcmd
• Improved RADIUS accounting handling for better performance

Bug Fixes (bug Id is denoted with #id)

• Remove old entries in ipset session
• Always reevaluate the access if the order come from the admin gui (#1056)
• Portal profiles templates are now properly synced between members of a cluster (#942)
• Process requests properly when running a pfdhcplistener on an interface that has networks with and without dhcpd activated
• Violation trigger from web admin will now override grace period (#1028)
• Fix queue task counters out of sync when a task expires
• Reworked the configuration backends to prevent a race condition of the configuration namespaces in active/active cluster (#1067)
• Define each internal network to NAT instead of a global rule when passthroughs are enabled (#1118)

PacketFence v5.5.2

Enhancements

• pf::CHI::compute_with_undef now supports cache options
• Use the fingerbank cache instead of caching its result globally.
• Update dependency to 2.1 for fingerbank.

Bug Fixes (bug Id is denoted with #id)

• Completed renaming of trap to reevaluate_access in violations.conf.example
• Fixed deauthentication source IP not detected properly when no vip is assigned on the management interface (#1035)
• Use proper API client when triggering a violation within pf::fingerbank

PacketFence v5.5.1

Bug Fixes

• pfdns will now resolve its own domain correctly
• Fixed missing violation_view_top call in radius filter
• Fixed equals operator in LDAP rule