VPN Gate Anti-Abuse Policy

Anyone can hide their IP addresses by using VPN Gate Public VPN Relay Servers.

Most of users are expected to utilize this function for rightful purpose. However, a few users might abuse this function for wrong purpose. To counter such abuses, the VPN Gate Project defines the anti-abuse policy as followings.

 

Custody and Disclosure Policy of VPN Connection Logs

We always keep VPN Connections Logs of VPN Gate Public VPN Relay Servers for three or more months

An access log entry will be recorded when an anonymous user connects to / disconnects from one of VPN Gate Public VPN Servers. An access log entry will be stored on the log file of the VPN Gate Public VPN Server. The same information will be transmitted to our logging server, by syslog-like protocol with SSL-encrypted communication. Similarly, accesses to the Public VPN Relay Servers list on the VPN Gate web server will be logged as same as below.

A VPN Connection Log entry contains:

  • Date and time
  • ID, IP address and hostname of destination VPN Server
  • Type of action (connect or disconnect)
  • Raw IP address and hostname of the source VPN client computer
  • Type of VPN protocols (SSL-VPN, L2TP, OpenVPN or SSTP)
  • VPN Client software-name, version and id (If available)
  • Number of packets and bytes during a VPN connection, and debug information of communication errors

No other information will be transmitted to us nor be recorded on our logging server.

Disclosure to Police, Prosecutors, Lawyers or Courts

It is necessary to avoid abusing users who exploit VPN Gate to hide their IP address for wrongdoing. An in case of such abusing were occurred, it is necessary to trace the source IP address of such illegal user. Analyzing VPN Connection Log is helpful to investigate the source global IP address of him.

We will disclosure the VPN Connection Logs to a policeman, a prosecutor, a lawyer or a court who is authorized by applicable laws.

If you are a policeman, a prosecutor, a lawyer or a court who is authorized to and wants to request the disclosure of VPN Connection Logs, contact us with the following e-mail address. You need to attach the information which describes the date and time of the target logs, concerned VPN Server's IP address and other materials for reference.

 

Custody and Disclosure of VPN Packet Logs

Each VPN Gate Public VPN Relay Server keeps Packet Logs

In VPN Gate Experiment Service, a lot of volunteers (who are joining to this experiment) provides the VPN relaying functions on their computers. On each computer of each volunteer, the VPN Server Program always records packet-headers for every VPN users. You can see the packet log in order to know what kind of communications were established via the VPN server by a specific VPN user.

Packet Logs on each VPN servers will be kept for two or more weeks at least on the disk. They contains all TCP/IP headers of all communication initiated by VPN users. After two weeks pass, log files might be compressed or deleted to save the disk free space.

When a VPN Gate user communicates with an HTTP server via a VPN Gate Public VPN Relay Server, a part of the VPN Session ID will be appended on the User-Agent value on the HTTP request header. This partial Session ID will be used to identify the VPN Session which was related to the abuse incident.

How to request disclosing Packet Logs?

If you are a policeman, a prosecutor, a lawyer or a court who is authorized to and wants to request the disclosure of VPN Packet Logs, you must contact to the operator of the target VPN server. The contact address is listed on the VPN Severs List page. If your target VPN server is not on the list, or you cannot find the contact address, instead you have to contact the ISP who is responsible to manage the IP address. You can reach the appropriate administrator of the target VPN server via ISP if you are authorized by laws.

We don't have any VPN Packet Logs which are saved on each volunteer's VPN Gate Servers. No packet logs are to be submitted to us from each Public VPN Relay Servers. Do not request us to disclose a specific VPN Packet Log which is stored on a specific relay server. We do not hold such a log in our facility, so we cannot respond such a request.

We can help to analyze Packet Logs if requested by authorities

If you are a policeman, a prosecutor, a lawyer or a court who is authorized to and wants to analyze the contents of obtained Packet Log files, we can help you to analyze the Packet Logs within rational and practical efforts if we can afford.

If you are a policeman, a prosecutor, a lawyer or a court who is authorized to and wants to request the analyzing of VPN Connection Logs, contact us with the following e-mail address.

 

How to block any using of VPN Gate Service by your employees?

If you are a network administrator of the company and you want to prohibit using VPN Gate of each employee, you can block VPN Gate with the following steps.

  1. Block accesses to the URL http://www.vpngate.net/ by your firewall.
  2. Block accesses to all URLs on the Mirrors Sites List by your firewall.
  3. If you conducted the above steps, an employee can still use VPN Gate by bringing the VPN Gate Client from outside somehow.
    In order to avoid such a use, block any packets of TCP or UDP on your firewall except necessary communication for your company's business.
    (Advanced firewall products can do that. For example, some firewalls can decrypt SSL communication to apply white-lists.)
  4. If you conducted all the above steps, your employees can use 3G or LTE wireless-provider devices to bypass your firewall's restriction to use VPN Gate Service.
    It is very difficult to block such using. If you want to block this, you have to purchase an anechoic chamber.

 

Any Suggestions?

It is our difficult challenge to promote rightful uses of VPN Gate and to avoid wrongful abuses of VPN Gate at the same time.

If you have any suggestions, please feedback us on the forum.

 

SoftEther VPN Project & VPN Gate Project contact number: +1 (650) 282-4455