Software update: PacketFence 6.4.0

An NAC system can be used to secure a network environment. This allows network devices to be automatically blocked, based on pre-set policies, if an undesirable situation occurs. Think of unknown network devices of visitors, a worm that is trying to spread or an authorized device that is equipped with a different operating system via a boot flop or live CD. PacketFence is one such nac system, with support for 802.1x and vlan isolation, which allows a network device to be placed in the correct vlan after analysis. For more information, please refer to this page and to the 32nd [In]Secure Magazine, in which an article about this package can be found. The developers have released version 6.4.0 with the following changes:

New Features

• Added Mojo Networks WiFi equipment support
• Made Web admin reports more interactive
• Support authentication through Eduroam
• Allow to create different portal templates based on the browser locale

Enhancements

• Improved IP log performance
• Added fault tolerance on RADIUS monitoring scripts
• Improved the database and maintenance backup script
• Added password caching support for Novell eDirectory
• Improved caching of LDAP users data
• Improved clustering documentation
• Added RADIUS command line interface support on port 1812
• Removed useless htaccess file search for each HTTP request
• Turned off HTTP KeepAlive to avoid connections holding onto Apache processes
• Added Cisco MSE documentation
• Ability to query ‘iplog_archive’ table for detailed IP/MAC history
• Now also display the status for sub services from the Web interface
• Requests made with username ‘dummy’ will not be recorded in the RADIUS audit log anymore
• More lightweight p0f processing
• Removed useless logging in pfdns.log
• Added an activation timeout on sponsor source
• Improved captive portal logging
• Allow the OAuth landing page template to be customizable
• Use RESTful call for RADIUS accounting instead of Perl
• Optimized getting node information from the database
• New action generateconfig for pfcmd service command
• Added memory limitation for httpd.portal processes
• Added predefined search in RADIUS audit log and DHCP Option 82 log
• Improved display of fingerprinting informations in the nodes search
• Allow captiveportal::Form::Authentication to be customize
• Default config overlay for switches.conf, profiles.conf, pfqueue.conf and violations.conf
• Optimized queries for finding open violations

Bug Fixes

• Fixed floating devices in active/active clusters
• Fixed and improved syntax of pfcmd ipmachistory
• Fixed wrong bandwidth calculation on RADIUS accounting
• Fixed empty Calling-Station-Id in RADIUS accounting
• Make sure connection caches are cleared after forking
• Added a workaround for DHCP clients that do not respect short lease times
• Added namespace parameter in WMI rule
• Fixed non-working switch ranges with external portal
• Joining a domain will sometimes return a 500 even though it succeeded
• Cisco WLC ignores our CoA requests but accepts our Disconnect Requests
• pfdetect: pipe is closing when no content
• Condition is a Phone in RADIUS audit log is not working properly
• Condition AutoRegistration in RADIUS audit log is not working properly
• Configurator: Status on the services doesn’t work
• Invalid SQL for iplog_cleanup_sql
• Added request cache support
• Added stack trace logging
• Removed redundant SQL indexes
• Removed unused code in pf::locationlog
• Fixed missing fields in RADIUS audit log
• Fixed RADIUS audit log hours selection