Hello Linux Geeksters. As you may know, PacketFence is an open-source network access control (NAC) solution, providing a captive-portal for registration and remediation feature, centralized wired and wireless managements, support for 802.1X, layer-2 isolation and problematic devices, used for securing all kinds of networks, from small to large.
The latest version available is PacketFence 5.0.0, which has been recently released, coming with a huge list of changes.
- New active/active clustering mode. This allows HTTP and RADIUS load balancing and improves availability
- Fingerbank integration for accurate devices fingerprinting. It is now easier than ever to share devices fingerprinting.
- Built-in support for StatsD. This allows fine grained performance monitoring and can be used to create a dashboard using Graphite
- Local database passwords are now encrypted using bcrypt by default on all new installations. The old plaintext mode is still supported for legacy installations and to allow migration to the new mode
- Devices can now have a “bypass role” that allows the administrator to manage them completely manually. This allows for exceptions to the authorization rules
- Support for ISC DHCP OMAPI queries. This allows PacketFence to dynamically query a dhcpd instance to establish IP to MAC mappings
- Completely rewritten pfcmd command. pfcmd is now much easier to extend and will allow us to integrate more features in the near future
- Rewritten IP/MAC mapping (iplog). Iplog should now never overflow
- New admin role action USERS_CREATE_MULTIPLE for finer grained control of the admin GUI. An administrative account can now be prevented from creating more than one other account
- PacketFence will no longer start MySQL when starting
- PacketFence will accept to start even if there are no internal networks
- Added a new listening port to pfdhcplistener to listen for replicated traffic
- Added a user named “default” in replacement of the admin one
- Adds support for HP ProCurve 2920 switches
- Iptables will now allow access to the captive portal from the production network by default
- Major documentation rewrite and improvements
- Fixed violations applying portal redirection when using web authentication on a Cisco WLC
- Registration and Isolation VLAN ids can now be any string allowed by the RFCs
- Devices can no longer remain in “pending” state indefinitely
In this article I will show you how to install PacketFence 5.0.0 on Ubuntu, Linux Mint, Pinguy OS, Elementary OS, Deepin, Peppermint, LXLE, Linux Lite, Debian, Sparky Linux and other Ubuntu and Debian derivative systems.
In order to successfully install PacketFence 5.0.0 on Ubuntu, Debian and derivative systems, we have to download the packages from the project’s website and install it via command-line. I prefer gdebi over dpkg due to the fact that it also handles dependencies. Like this:
$ sudo apt-get install gdebi
$ wget http://www.packetfence.org/downloads/PacketFence/debian/pool/precise/p/packetfence/packetfence_5.0.0_all.deb
$ sudo gdebi packetfence_5.0.0_all.deb
Optional, to remove packetfence, do:
$ sudo apt-get remove packetfence