1.5.4. Release 1.2.5-2

Release date: 03.02.2025

Welcome to the 1.2.5 OpenNAC Enterprise release.

In this release, our focus has been on enhancing functionality, improving user experience, and addressing bug fixes across all components.

1.5.4.1. OpenNAC Improvements

This section describes all changes that affect the OpenNAC Enterprise solution.

1.5.4.1.1. General

These are the changes in this release that affect all components.

Bugs fixed

• Resolved an issue in NextGen Portal where the Farm tab was displayed even when the Status message was Installing. The tab is now hidden during installation.

1.5.4.1.2. ON Core

These are the changes in this release that affect the ON Core component.

Functionalities

• Improved session retrieval in Captive WebAuth Workflows by using the MAC address provided by the WLC when the session is not found via IP.

• Removed the Domain column from the Captive Instances view, as it no longer provides relevant information after the removal of the Captive Domains view.

• Added line breaks to properly format the mobile payload on the server, ensuring better readability..

• Implemented PHP unit tests.

• Created a healthcheck called UNPROCESSED_PAYLOADS to verify the existence of payloads. Refer to the Healthcheck List section fo more information.

• Configured specific timeout and retry parameters for radclient in RADIUS healthcheck to prevent excessive delays when RADIUS is down, improving check accuracy and response time.

• Added an option in build-acl.php to recreate all ACLs instead of only adding new ones..

• Replaced Open Cloud Factory with Cipherbit across the system to reflect the new brand identity.

• Refined user device selection in Captive Workflows by discarding visibility connections (e.g., DHCP packets) to prevent incorrect device association when the IP address is shared between multiple devices. Introduced an additional verification step, using the LastEval field hash, to ensure MAC addresses are valid when passed via URL in dot1x workflows.

• Removed VPNGW warning messages from the farm nodes in NextGen Portal to reduce unnecessary alerts and improve clarity.

Bugs fixed

• Fixed issue where nodes without an IP were being included in the farm population; these nodes are now properly ignored.

• Fixed issue where the inventory was being unintentionally modified during node population; inventory files are now preserved and not edited in this version.

• Resolved issue with user device profiling in visual mode.

• Fixed application error caused by duplicated ACLs; added logging in opennac-api to notify admins of the issue.

• Ensured that HTTPS is always sent as the protocol in agent payloads for legacy agents.

• Fixed issue preventing Kibana views from being exported via the portal.

• Corrected problem where Redis data was getting corrupted when purging expired guest users.

1.5.4.1.3. ON Captive

These are the changes in this release that affect the ON Captive component.

Bugs fixed

• Corrected issue in Captive Workflows where the language selector did not apply the defined languages, resulting in the configuration not being displayed.

1.5.4.1.4. ON Analytics & ON Aggregator

These are the changes in this release that affect the ON Analytics and ON Aggregator components.

Functionalities

• Refactored the dashboard with new metrics and visualizations for total, compliant, and non-compliant VPN connections, unique devices, OS distribution, and time evolution. Also, analyzed the usage of the third party vpn Elasticsearch index for optimization. Refer to the Third Party VPN section for more information.

1.5.4.2. Documentation Changes

These are the documentation changes in this release.

• Updated images with the new OpenNAC Enterprise by Cipherbit logo.

• New troubleshooting section intended for resolve issues related to 1.2.5 update process. Refer to the Update Troubleshooting for 1.2.5 for more information.

• New section Agent Troubleshooting added where it is explained in subsection How to except the Agent Soluble executable in antivirus software how to except the OpenNAC agent executable file in Kaspersky Endpoint Detection and Response antivirus.

• SNMP OIDs table updated. Refer to the SNMP OIDs table section for more information.

• Improvement of the documentation concerning Services Status Checks and creation of a new section Services Status Checks Script with the script to check the status of the services via SNMP.

We greatly appreciate user feedback and ratings as they play a crucial role in delivering user-oriented content. Please, continue sharing your valuable insights to help us improve and meet your needs. You can do so by clicking on the smiley face at the bottom of the documentation page and leaving your feedback. Thank you for your contribution!