Software update: PacketFence 3.4.0

An NAC system can be used to secure a network environment. This allows, based on pre-set policies, network devices to be automatically blocked if an undesirable situation occurs. Think of unknown network devices of visitors, a worm that is trying to spread or an authorized device that is equipped with a different operating system via a boot flop or live CD. PacketFence is such a nac system, with support for 802.1x and vlan isolation, which allows a network device to be placed in the correct vlan after analysis. For more information, please refer to this page and to the 32nd [In]Secure Magazine, in which an article about this package can be found. The developers of Inverse have released version 3.4.0 with the following changes and improvements:

Security

• Fixed a reflected cross-site scripting (XSS) vulnerability in Web Admin guest management (#1454)

New Hardware Support

• H3C S5120 series supports MAC-Authentication and 802.1X with or without VoIP
• Added Role support for all Cisco Wireless (WLC) models
• Brocade 6400 series supports MAC-Authentication and 802.1X with or without VoIP
• Brocade RF Switches support (Wireless controller)

New Features

• Debian packages (#1066, #1067, #1463)
• Support for up to 100 custom VLANs (Defaults to 5 see relevant FAQ entry to enable more)
• Node bulk importation now allow you to define default values ​​for pid, category and voip in pf.conf
• New graphics showing bandwidth consumed by os class and the top 25 bandwidth consumers

Enhancements

• Minor refactoring and cleanup
• Debian support: arp binary location now configurable ([services].arp_binary)
• Log the switch IP when a trap is skipped due to a dynamic uplink fetch not working
• Performance improvements by reducing the number of forked process (mostly beneficial to pfdhcplistener)
• Captive portal supports being behind an HTTP-based load balancer (see captive_portal.loadbalancers_ip config)

Bug Fixes

• Fix guest management Inline
• RADIUS-based Disconnects not working for Aruba, AeroHIVE. Introduced in 3.3.2. (#1437)
• Interface configuration errors in the Web Admin (or on the CLI when editing the vip field)
• Debian support: radiusd is started even if disabled
• ‘uninitialized value’ warnings in checkup phase (pfcmd checkup)
• Got rid of the unused (unuseful) logs/pfdhcplistener_log files. See logs/packetfence.log instead.
• pfdhcplistener doesn’t hang anymore
• pid (username) of the form ‘domain\\user’ are now allowed (#1253)
• Guest account import didn’t work on files with Windows line terminators (\r\n)
• configurator.pl fixes in non-english environment (#1418)
• Process management fixes (#1464)

…and more. See the ChangeLog file for the complete list of changes and the UPGRADE file for notes about upgrading. Both files are in the PacketFence distribution.