VPN Gate Anti-Abuse Policy
Anyone can hide their IP addresses by using VPN Gate
Public VPN Relay Servers.
Most of users are expected to utilize this function for
rightful purpose. However, a few users might abuse this
function for wrong purpose. To counter such abuses, the VPN
Gate Project defines the anti-abuse policy as followings.
Custody and Disclosure Policy of VPN Connection Logs
We always keep VPN Connections Logs of VPN Gate Public
VPN Relay Servers for three or more months
An access log entry will be recorded when an anonymous
user connects to / disconnects from one of VPN
Gate Public VPN Servers. An access log entry will be
stored on the log file of the VPN Gate Public VPN Server.
The same information will be transmitted to our logging
server, by syslog-like protocol with SSL-encrypted
communication. Similarly, accesses to the Public VPN Relay
Servers list on the VPN Gate web server will be logged as
same as below.
A VPN Connection Log entry contains:
- Date and time
- ID, IP address and hostname of destination VPN
Server
- Type of action (connect or disconnect)
- Raw IP address and hostname of the source VPN client
computer
- Type of VPN protocols (SSL-VPN, L2TP, OpenVPN or
SSTP)
- VPN Client software-name, version and id (If available)
- Number of packets and bytes during a VPN connection,
and debug information of communication errors
- Log records of destination HTTP/HTTPS hostnames
(FQDNs), IP addresses, host names and port
numbers of VPN Gate communications through VPN sessions
No other information will be transmitted to us nor be
recorded on our logging server.
Disclosure to Police, Prosecutors, Lawyers or Courts
It is necessary to avoid abusing users who exploit VPN
Gate to hide their IP address for wrongdoing. An in case of
such abusing were occurred, it is necessary to trace the
source IP address of such illegal user. Analyzing VPN
Connection Log is helpful to investigate the source global
IP address of him.
We will disclosure the VPN Connection Logs to a
policeman, a prosecutor, a lawyer or a court who is
authorized by applicable laws.
If you are a policeman, a prosecutor, a lawyer or a court
who is authorized to and wants to request the disclosure of
VPN Connection Logs, contact us with the following e-mail
address. You need to attach the information which describes
the date and time of the target logs, concerned VPN Server's
IP address and other materials for reference.
Custody and Disclosure of VPN Packet Logs
Each VPN Gate Public VPN Relay Server keeps Packet Logs
In VPN Gate Experiment Service, a lot of volunteers (who
are joining to this experiment) provides the VPN relaying
functions on their computers. On each computer of each
volunteer, the VPN Server Program always records
packet-headers for every VPN users. You can see the packet
log in order to know what kind of communications were
established via the VPN server by a specific VPN user.
Packet Logs on each VPN servers will be kept for two or
more weeks at least on the disk. They contains all TCP/IP
headers of all communication initiated
by VPN users. After two weeks pass, log files might be
compressed or deleted to save the disk free space.
When a VPN Gate user communicates with an HTTP server via
a VPN Gate Public VPN Relay Server, a part of the VPN
Session ID will be appended on the User-Agent value on the
HTTP request header. This partial Session ID will be used to
identify the VPN Session which was related to the abuse
incident.
How to request disclosing Packet Logs?
If you are a policeman, a prosecutor, a lawyer or a court
who is authorized to and wants to request the disclosure of
VPN Packet Logs, you must contact to the operator of the
target VPN server. The contact address is listed on
the VPN Severs List page. If your
target VPN server is not on the list, or you cannot find the
contact address, instead you have to contact the ISP who is
responsible to manage the IP address. You can reach the
appropriate administrator of the target VPN server via ISP
if you are authorized by laws.
We don't have any VPN Packet Logs which are saved on each
volunteer's VPN Gate Servers. No packet logs are to be
submitted to us from each Public VPN Relay Servers. Do not
request us to disclose a specific VPN Packet Log which is
stored on a specific relay server. We do not hold such a log
in our facility, so we cannot respond such a request.
We can help to analyze Packet Logs if requested by
authorities
If you are a policeman, a prosecutor, a lawyer or a court
who is authorized to and wants to analyze the contents of
obtained Packet Log files, we can help you to analyze the
Packet Logs within rational and practical efforts if we can
afford.
If you are a policeman, a prosecutor, a lawyer or a court
who is authorized to and wants to request the analyzing of
VPN Connection Logs, contact us with the following e-mail
address.
How to block any using of VPN Gate Service by your
employees?
If you are a network administrator of the company and you
want to prohibit using VPN Gate of each employee, you can
block VPN Gate with the following steps.
- Block accesses to the URL https://www.vpngate.net/ by
your firewall.
- Block accesses to all URLs on
the Mirrors Sites List
by your firewall.
- If you conducted the above steps, an employee can
still use VPN Gate by bringing the
VPN Gate Client
from outside somehow.
In order to avoid such a use, block any packets of TCP
or UDP on your firewall except necessary communication
for your company's business.
(Advanced firewall products can do that. For example,
some firewalls can decrypt SSL communication to apply
white-lists.)
- If you conducted all the above steps, your employees
can use 3G or LTE wireless-provider devices to bypass
your firewall's restriction to use VPN Gate Service.
It is very difficult to block such using. If you want to
block this, you have to purchase an anechoic chamber.
Any Suggestions?
It is our difficult challenge to promote rightful uses of
VPN Gate and to avoid wrongful abuses of VPN Gate at the
same time.
If you have any suggestions, please
feedback us on the forum.
|