DHCPatriot 5.3.0 has been released

Arguably the most important new feature in this build is the floating IP support implemented with Virtual Router Redundancy Protocol (VRRP). This is the last piece of the puzzle in making the DHCPatriot completely high availability.DHCPatriot logo

Previously, the router would need to be changed to force authentication traffic to one DHCPatriot device or the other in the case of outage. Using VRRP allows a third IP address to “float” between the two devices. This allows the router to be configured to force authentication traffic to this third IP address. The IP address never goes down as long as at least one DHCPatriot device is functional.

Other enhancements in this version include: Searchable Option 82 information that is stored with the sessions; Template based configuration of static address definitions in standard DHCP for quick configuration of ONT networks, for example; Optional protection of the authentication page against automated clients via a simple math problem; Checking stored credentials against the RADIUS server during an un-suspend operation; Optionally send RADIUS ALIVE (interim-update) packets upon DHCP client lease renewal; Optional RADIUS forwarding to external devices that need a RADIUS accounting stream.

Patch notes for this release:

  1. Floating IP (VRRP) implemented. It is now possible to add a third IP address to the DHCPatriot system that will float between the two devices. This IP address should be used with the captive portal page and possibly as the destination address when administrating the machine. Restrictions to using VRRP are that the DHCPatriot system devices must both be in the same subnet and the floating IP must be in that same subnet as well.
    empty_pixel
  2. Optional simple page for protecting the database from being accessed by pre-auth / unauthenticated automated clients such as Weatherbug. This page asks a simple math problem before proceeding to the actual authentication page for pre-auth users. The page has no images and no database access. Automated clients such as Weatherbug will not answer the question and proceed to the login page. Users attempting to authenticate on the network will answer the question and proceed. When a large number of unauthenticated devices is encountered, this page will prevent automated port 80 access from crippling the DHCPatriot system.
    empty_pixel
  3. CLI user was changed to be API user in the administrators configuration to prevent future confusion.
    empty_pixel
  4. Fixed a problem with the TFTP File Maintenance where if two files were exactly the same, then the MD5 hash would match causing the delete and show file functions to possibly show or delete the wrong file. I repaired this by using the file name as the key instead.
    empty_pixel
  5. Fixed a problem with auto-generated forms where previously executed delete commands would try to execute again if using next, back, first, last, or show all as well as when using limit displayed entries.
    empty_pixel
  6. In the config menu, if a ipv6 address was entered without the CIDR at the end, such as 2620:0:2e50:e4::226 instead of 2620:0:2e50:e4::226/64 it would not assume 64 and would not complain. This caused the address settings for IPv6 not to work. It now assumes a prefix of 64 if none was entered.
    empty_pixel
  7. View address usage and usage graphs now decrement the number of available IPs for excluded IPs, sticky IPs and static IPs. The count of available addresses is decreased by 1 for each of these type of IP exclusions or assignments that fall within the subnet. If the IP is currently in use, the available address count is not reduced for that IP address.
    empty_pixel
  8. Leading and trailing white space will now be trimmed from form input. This should help with copy/paste situations. Presently these characters are removed: space, tab, new line, carriage return, NUL-byte and vertical tab.
    empty_pixel
  9. Smartmon tools (www.smartmontools.org) have been added to the DHCPatriot system. We can use these tools to better diagnose potential hard drive problems in the field.
    empty_pixel
  10. ISC DHCP 4.2.5-P1 has been installed.
    empty_pixel
  11. Idle time out on Administration interface increased to 10 hours. Previously it was 4 hours. Some people would have the interface timeout throughout the day.
    empty_pixel
  12. Log entries from dhcp devices that are talking more frequently than once per second will now have their logs ignored. Entries will only be recorded once per second. Any more than that is not useful information as seconds is the resolution of the DHCP lease. This further increases the level of performance.
    empty_pixel
  13. The DHCPatriot now verifies RADIUS credentials before an “unsuspend” is performed in Auth DHCP Actions->Suspend User. This will prevent confusion in customer service as well as help customers to have a better experience. Previously, it was possible to “unsuspend” a user when their stored password did not match, or they were disabled on the RADIUS server. This created some confusion and customer callbacks that will not be avoided.
    empty_pixel
  14. It is now possible to delete RADIUS assigned static IP addresses. They are shown in the same list as the Sticky IP assignments. The delete link is functional and will remove them. Keep in mind that if they are still assigned to the user in RADIUS that they will likely reappear at some point in the future.
    empty_pixel
  15. Sticky IPs now work in the standard DHCP without being an authenticated MAC address. Previously, unless the mac belonged to a valid authenticated user, the sticky IP would not function even if it was a standard sticky IP. This has been fixed.
    empty_pixel
  16. It is now possible to suspend individual devices by the MAC address via the remote access API.
    empty_pixel
  17. Option 82 information can now be searched under Auth DHCP Reports -> Search Session as well as Standard DHCP Reports -> Search Sessions. Please note that searching by option 82 may significantly increase the duration to receive results. This is especially true of high traffic systems.
    empty_pixel
  18. RADIUS Alive packet [Acct-Status-Type -> interim-update] now supported. Turning this setting on in System Configuration -> General Setup will cause the DHCPatriot system to send an Alive packet each time the lease is renewed. This could be problematic on systems with many broken devices sending lots of renews rapidly. We will keep an eye on this situation and evaluate if some per-second limit needs to be implemented at some point in the future.
    empty_pixel
  19. A long standing problem with system stability was found and repaired. The DHCPatriot system should now have no problem booting back up successfully during software installs. Previously, occasionally during an update the system would fail to boot properly requiring a physical power cycle.
    empty_pixel
  20. Forwarding of RADIUS accounting packets to one or more arbitrary destinations has been added. A new type of server (AFOR) has been added to the authentication setup. The DHCPatriot does not wait for an accounting response with these types of destinations. This feature can be used for sending accounting data to Sandvine or Procera traffic shapers or various CALEA devices, for example.
    empty_pixel
  21. Scripted mass adding of standard DHCP static IP assignments is now possible. Access this functionality via Standard DHCP Actions -> Static IP Assignment and then clicking on: ‘If you wish to add multiple entries using scripted parameters, click here’. Follow the onscreen instructions to easily add as many entries or as few as you need.
    empty_pixel
  22. Corrected a problem where if Option82 information was received that contained a single quote (‘) that would cause a problem with writing to the database. Option 82 information received via DHCP is now sanitized before being written to the database.
    empty_pixel
  23. Corrected a problem where if more than one device existed for a username and the either had a sticky address by username or a static address assigned by RADIUS, only one random device would effectively be assigned to the address. Now all devices that should be assigned to the address are assigned to it correctly.
    empty_pixel