Error: “Gateway is not Reachable” or Connection Goes Down After the VPN Tunnel is Established

  • Citrix Virtual Adapter is registered as an Ethernet adapter. Starting with Windows 8, the WCMSVC (Windows Connection Manager) disconnects low speed connections because an Ethernet Adapter is seen as more reliable and provides better performance compared to other adapters. That’s the reason, Wi-Fi, 3G/4G adapters get disconnected. But those connections are needed for actual communication with VPN gateway, VPN plugin shows “Gateway is not reachable”.

  • Related:

    • No Related Posts

    Citrix Cloud Licensing – Same device name shows with multiple device ID's and consumes multiple licenses

    Multiple Device IDs are seen in Citrix Cloud Licensing if user device is configured for random hardware address.

    MAC addresses connected to the network that generates the different Device IDs.


    Qualcomm Wi-Fi card has this option.

    You can experiment the same with following

    Open Wi-Fi Properties and click on Configure…

    Click on Advanced and then Network Address , add a new MAC address and click on OK.

    Logon to Cloud Workspace and launch any application/desktop.

    Check license detail in cloud. You will see new Device ID for the same endpoint for that user.

    Change Network address again and logon to Cloud Workspace and launch any app/desktop.

    Check license detail in cloud. You will see another Device ID for the same endpoint for that user.

    Related:

    • No Related Posts

    Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability

    On February 26th, 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets. This vulnerability could allow an unauthenticated, adjacent attacker to decrypt Wi-Fi frames without the knowledge of the Wireless Protected Access (WPA) or Wireless Protected Access 2 (WPA2) Pairwise Temporal Key (PTK) used to secure the Wi-Fi network.

    The vulnerability exists because after an affected device handles a disassociation event it could send a limited number of Wi-Fi frames encrypted with a static, weak PTK. An attacker could exploit this vulnerability by acquiring these frames and decrypting them with the static PTK. A successful exploit could allow the attacker to decrypt Wi-Fi frames without the knowledge of the security session establishment used to secure the Wi-Fi network.

    Multiple Cisco wireless products are affected by this vulnerability.

    Cisco will release software updates that address this vulnerability. There are no workarounds that addresses this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure

    Security Impact Rating: Medium

    CVE: CVE-2019-15126

    Related:

    Offline Cryptographic Attacks Targeting the Wi-Fi Protected Access 2 Protocol

    On August 4, 2018, Jens Steube from the Hashcat project published an article introducing a new method to obtain cryptographic information from wireless traffic that can then be used by an attacker to attempt the offline recovery of the preshared key (PSK) used to secure a Wi-Fi network.

    Both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access 2 (WPA2) protocols are known to be susceptible to offline cryptographic attacks when a PSK is used as an authentication mechanism. This is not a new vulnerability or a new attack against these protocols. This is a new vector that allows an attacker to obtain the information required to attempt an offline attack against the PSK.

    This new method is different from the existing attacks against the PSK because it does not require an attacker to wait for an Extensible Authentication Protocol over LAN (EAPOL) authentication exchange, capture it, and proceed to attempt an offline PSK recovery. This new vector allows an attacker to extract the required information from a single wireless frame transmitted during a roaming event. The following conditions for this capture apply:

    • The frame contains a Robust Security Network-Pairwise Master Key Identification (RSN-PMKID) option
    • The wireless infrastructure is configured to use WPA2 with a PSK mode of authentication
    • The wireless infrastructure supports the Proactive Key Caching (PKC) fast roaming option (PMKID roaming)

    The wireless frame can be acquired by passively listening to traffic from the wireless network during the roaming.

    It is important to note that this method does not make it easier or faster to recover the PSK for a Wi-Fi network. Instead, it is easier for an attacker to collect the information required to conduct a subsequent offline cryptographic attack. The likelihood of a successful recovery of the PSK is highly dependent on the complexity of the PSK in use.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180809-wpa2

    Security Impact Rating: Informational

    Related:

    • No Related Posts

    Advisory Sophos Wireless affected by WPA and WPA2 vulnerabilities with key reinstallation attacks (KRACKs)

    A vulnerability in the WPA2 protocol has been discovered and could allow an attacker to read encrypted information. This attack affects all WPAWPA2 protected WI-Fi Networks as the vulnerability is with the Wi-Fi WPA/WPA2 standard and not any individual products or implementations.

    The following CVE IDs have been assigned to document these vulnerabilities in the WPA/WPA2 protocol:

    Sophos products affected:

    • Sophos UTM Wireless
    • Sophos Firewall Wireless
    • Sophos Central Wireless

    All Sophos wireless products are affected: Wireless Protection in XG Firewall, Sophos UTM as well as Sophos Central Managed Wireless. Sophos will release patches as soon as they are made available.

    The Wireless team is currently working on the necessary patch and after full implementation and testing on our solutions, we will be able to release a fix. This process can take a number of days.

    The below list shows the scheduled patched version to correct the WPA/WPA2 vulnerability and expected release dates. All dates and version numbers are subject to change.

    • Sophos UTM:
      • 9.5 SR 2 (9.505) : 2017-10-20
      • 9.4 SR 3 (9.415) : 2017-11-06
    • Sophos Firewall:
      • v16.5 : 2017-10-20 (AP firmware)
      • v17.0: 2017-10-23
    • Cloud Wireless: 2017-10-20
    • Cyberoam UTM: Cyberoam is not affected by this vulnerability
    • Apply patches as soon as they are available. Sophos will update this article whenever a patch is released to fix the vulnerability.
    • Customers can reduce their exposure to the vulnerabilities by disabling the Fast Roaming options and disabling Mesh.
    • Exposure to these vulnerabilities can be reduced by patching the wireless client or the access point. In most cases a patch for the wireless client will greatly reduce the chances of being attacked, even if the AP is still vulnerable. Microsoft and many other vendor’s have released patches that help block against these exploits.

    If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

    This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

    Related:

    • No Related Posts