To: [email protected]Subject: Ingate Firewall: Removed PPTP tunnels not deactivated
From: Per Cederqvist <ceder@ingate.com.>
Date: Thu, 27 Jan 2005 11:40:38 +0100
Message-ID: <x3llafjgt5.fsf@rapture.ingate.se.>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/21.3.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: ClamAV 0.80/622/Wed Dec 8 14:36:53 2004
clamav-milter version 0.80j
on usagi.ingate.se
X-Virus-Status: Clean
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.4 (usagi.ingate.se [193.180.23.12]); Thu, 27 Jan 2005 11:40:41 +0100 (CET)
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Product: Ingate Firewall
Versions: 4.1.3 and earlier
Tracking ID: 1826
Summary
=======
Active PPTP tunnels in Ingate Firewall are not deactivated when a
PPTP user is disabled.
If a user has an active PPTP connection to an Ingate Firewall, and
that user is disabled on the Firewall, the active PPTP connection is
not disconnected, but lives on unharmed. Only when the user
disconnects does the block take effect; the next time he tries to
connect, he is not allowed to set up a connection.
Impact
======
If a user is being disabled by the firewall administrator while he has
an active tunnel, that tunnel can live on. He can thus have access to
the resources protected by the firewall for a long time after he was
disabled.
Workaround
==========
When you disable a PPTP user, also turn off the PPTP server and apply
the configuration. This will tear down all PPTP connections. Then
enable the PPTP server and apply the configuration again.
Solution
========
Ingate will provide a fix for this problem in a future upgrade. No
release date has been set yet.
Thanks
======
Thanks to Neil Watson at Voicegenie who reported this problem.
Further updates on this issue will be sent to our mailing list
http://lists.ingate.com/mailman/listinfo/productinfo
Further questions regarding this issue can be directed to
[email protected].
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD4DBQFB+MEUTl5zjNKUYI4RAvmoAJjVt7scBKr8dJGiPpb8feXsn8UfAJ91i/SP
NHd+u6v51uZCbKSgy/22pQ==
=eF2N
-----END PGP SIGNATURE-----
