PowerON Platforms are No More

If you’re a follower of this website, you are undoubtedly familiar with PowerON Platforms as I have promoted their products extensively over the years. Dynamic Profile Configurator (DPC) is a clever solution that enables Always On VPN client configuration provisioning and management using Active Directory group policy. They recently introduced a cloud-based centralized reporting solution for organizations with multiple VPN servers. I worked closely with PowerON and influenced many of the features of these great technologies.

Out of Business

Sadly, I learned recently that PowerON Platforms has entered insolvency. Effective October 16, 2024, PowerON Platforms now cease to exist. If you are a current customer of theirs, you likely have received a notification email already.

The Future

Many of my customers have asked what will become of DPC and their cloud-based reporting solution. Here is some additional information.

DPC

Fortunately, DPC will live on through open source. My good friend and primary developer of DPC, Leo D’Arcy, is currently working on refactoring the software to meet open-source specifications. Although I don’t have a timeline for when the software will be available for download, I hope it will be soon.

You can follow the GitHub repository for the open-source DPC here.

If you have a current DPC license, the product should continue to work without issue. You can upgrade to the open-source version of DPC in the future if you choose to. You will likely encounter problems if you use DPC with a trial license. If this happens, contact me directly, and I’ll assist you.

Reporting

The PowerON Platforms Always On VPN reporting solution is dead and will not continue. If you were using this product, I would suggest deleting the resource group you created in Azure for this and the PowerBI application installed for it.

In addition, Always On VPN administrators should remove the reporting agent software from their VPN servers. You can do this on GUI installations using the Add or Remove Programs control panel app.

If you’ve installed the reporting agent on Server Core systems, you can remove it by running the following PowerShell command.

Get-WmiObject -Class Win32_Product | Where-Object {$_.IdentifyingNumber -Match ‘{FFFC6424-82BB-49C5-9112-2C1436717C9C}’ } |  Invoke-WmiMethod -Name Uninstall

Support

With PowerON Platforms out of business, their products are no longer supported. However, if you have issues with DPC or have any questions, please don’t hesitate to contact me. I’ll provide as much support as I can.

Additional Information

Always On VPN Dynamic Profile Configurator (DPC) Open Source on GitHub

Microsoft Deprecates Legacy VPN Protocols

It’s long overdue, but Microsoft has finally announced the formal deprecation of the Point-to-Point Tunnel Protocol (PPTP) and the Layer 2 Tunneling Protocol (L2TP) in Windows Server Routing and Remote Access (RRAS) Servers. Both protocols have long since been replaced with more secure alternatives such as the Secure Socket Tunneling Protocol (SSTP) and Internet Key Exchange version 2 (IKEV2). However, many organizations have RRAS servers configured using these legacy protocols to support ad-hoc, on-demand access for non-managed users and devices.

Deprecated Protocols

There are a few reasons why Microsoft has deprecated these legacy protocols. Consider the following.

PPTP

It’s been widely known for many years that PPTP is broken and terribly insecure. Using this VPN protocol today is tremendously risky.

L2TP

L2TP is still considered secure, for the most part. However, it has been replaced with IKEv2, which is more secure and efficient.

Future Support

Although Microsoft made the announcement recently, the protocols will still be included in Windows Server 2025 when released later this year. However, Microsoft may remove these protocols from future Windows Server releases.

Always On VPN

Those who have deployed Microsoft Always On VPN are likely already using modern, secure VPN protocols, so this deprecation announcement won’t impact them. Although PPTP and L2TP are technically supported with Always On VPN, they are not commonly configured.

Recommendations

Administrators using Windows Server RRAS for VPN access using PPTP are encouraged to migrate to another protocol immediately. Those continuing to use L2TP should consider migrating soon.

Additional Information

Always On VPN Protocol Recommendations for Windows Server RRAS

Always On VPN Security Updates October 2024

Microsoft has released the October 2024 security updates, and numerous issues may impact Always On VPN administrators. Although many CVEs affect Always On VPN-related services that are Remote Code Execution (RCE) vulnerabilities, none are critical this cycle.

RRAS Updates

This month, Microsoft has provided 12 updates for the Windows Server Routing and Remote Access Service (RRAS), commonly deployed to support Always On VPN deployments. Most of these CVEs involve overflow vulnerabilities (heap and stack), input validation weaknesses, and buffer over-read and overflow vulnerabilities. All are rated important, and there are no known exploits currently.

CVE-2024-38212

CVE-2024-38261

CVE-2024-38265

CVE-2024-43453

CVE-2024-43549

CVE-2024-43564

CVE-2024-43589

CVE-2024-43592

CVE-2024-43593

CVE-2024-43607

CVE-2024-43608

CVE-2024-43611

Related Updates

In addition to the updates above, Microsoft also released fixes for security vulnerabilities in various related services that are important to Always On VPN administrators.

Windows Network Address Translation (NAT)

The following CVEs address denial of service vulnerabilities in the Network Address Translation (NAT) service.

CVE-2024-43562

CVE-2024-43565

Certificate Services

Always On VPN administrators will also find updates for CVEs affecting various certificate services-related components.

CVE-2024-43545OCSP Denial of Service Vulnerability

CVE-2024-43541Simple Certificate Enrollment Protocol (SCEP) Denial of Service Vulnerability

CVE-2024-43544Simple Certificate Enrollment Protocol (SCEP) Denial of Service Vulnerability

Recommendations

Always On VPN administrators are encouraged to update systems as soon as possible. However, since none of the CVEs is rated Critical, updates can be applied during standard update windows.

Additional Information

Microsoft October 2024 Security Updates