VPN Gate Review

Let us start our VPN Gate review by first noting that it is an experimental research project of the University of Tsukuba, Graduate School in Japan and not a commercial VPN service.  It is an offshoot of the main project, SoftEther VPN, which is a free, open source, cross platform, multi-protocol VPN software. The purpose of this research is to investigate and expand the knowledge of the metrics of a randomly distributed VPN network with decentralized control.  Yes, this technical babble sounds like a university research project.

VPN Gate ReviewPut more simply, they want to observe the performance of their software, SoftEther VPN as it is used to randomly generate a worldwide VPN network using only volunteers.  This means that unlike traditional VPN services which have company servers distributed across data centers with related blocks of IP addresses from the same ISP, VPN Gate’s servers (IP addresses) are randomly spread all over the world and operated by volunteers.  They call these servers, VPN Gate Public VPN Relay Servers.  Also, unlike commercial VPN services, the VPN Gate service is completely free and does not require registration to use it.

The VPN Gate Research Project

The research was designed to overcome three problems faced by many Internet users.  The first of which was the growing government censorship being imposed by governments like China, Iran, Syria, and others.  The second was the lack of browsing anonymity due to websites tracking your IP address for targeted marketing campaigns or installation of malware for more nefarious reasons.  The third was to protect users on public Wi-Fi’s or other unsecured networks from packet sniffers, ARP spoofing, or network operators.   Each of the problems is solved by use of a VPN which led to the VPN Gate project using random public VPN relay servers. VPN Bypass of Government Firewall Using random VPN servers from across the world provides IP addresses that are not tied to a single ISP.  This makes it nearly impossible to block the service by restricting a range of IP addresses which is one of the favorite censorship methods employed by firewalls like The Great Firewall of China.  The above image shows how accessing a VPN service outside of the government’s firewall can allow you to contact destinations that would otherwise be blocked.  Next, each VPN server on the network has the ability to route your traffic to the Internet and thus protect your true IP address.  Finally, VPN Gate servers support SSL-VPN (SoftEther VPN) protocol, L2TP/IPsec protocol, OpenVPN protocol and Microsoft SSTP protocol to ensure that your Internet traffic is always encrypted and thus protected from third party interception.

SoftEther VPN

As we previously stated, the VPN Gate project is the child project of the SoftEther VPN project which was also developed by the Graduate School of the University of Tsukuba, Japan.  SoftEther VPN is a easy-to-use multi-protocol VPN software.  It is free to use and open source.  It runs on Windows, Linux, Mac OS X, FreeBSD, and Solaris.  SoftEther VPN uses HTTP over SSL (HTTPS) protocol in order to establish a VPN tunnel.  This protocol uses TCP Port: 443 as its destination.  This makes the SoftEther VPN (SSL-VPN) traffic protocol nearly transparent to almost all firewalls, proxy servers, and NATs as they pass HTTPS traffic as the de-facto standard for secure Internet transactions. SoftEther Supported Clients

SoftEther VPN Server supports not only VPN over HTTPS protocol but also the L2TP/IPsec, OpenVPN, MS-SSTP, L2TPv3 and EtherIP protocols.  They are many of the standard protocols used with most VPNS.  This means your iPhone, iPad, Android, Windows Mobile and other mobile devices can also use their built in VPN protocols to connect to the VPN Gate network of servers.  As you can see in the above diagram SoftEther VPN server has built in clone servers for MS-SSTP and OpenVPN.  You can also use Cisco Systems or other VPN routers like edge VPN products that use L2TPv3/IPsec or EtherIP/IPsec in order to connect to their network.

VPN Gate and Your Anonymity

VPN Gate has what they call their Anti-Abuse Policy which explicitly states:

We always keep VPN Connections Logs of VPN Gate Public VPN Relay Servers for three or more months

In this they make it crystal clear that they store connection logs from every one of their VPN Gate Servers to guard against any abuse of the system.  These are transferred using an SSL encrypted syslog type protocol.  They also state that they will turn over such logs to the proper authorities in the event that criminal activities are identified.  These connection logs contain the following information:

  • Date and time
  • ID, IP address and hostname of destination VPN Server
  • Type of action (connect or disconnect)
  • Raw IP address and hostname of the source VPN client computer
  • Type of VPN protocols (SSL-VPN, L2TP, OpenVPN or SSTP)
  • VPN Client software – name, version and id (If available)
  • Number of packets and bytes during a VPN connection, and debug information of communication errors

In addition to this, packet logs are kept on each VPN server for two or more weeks (most servers we observed say the are deleted after two weeks).  These contain the TCP/IP headers of all communications initiated by VPN users.  The problem with this is that there is no way of guaranteeing the identity of a server volunteer or that they are deleting these logs as this system has no centralized control and relies on the honor system.  VPN Gate says that they do not have access to these packet logs so can not provide them to authorities.  They do however say that if authorities do obtain these logs from a volunteer server, they will help them diagnose them. It is obvious from the previous disclosures that the VPN Gate service is primarily useful for those who need an anti-censorship tool or one that can protect them from hacking or spoofing tools when using public Wi-Fi’s.  There is the also the added protection against geographically targeted advertising provided by the random IP addresses assigned by the VPN Gate servers. However, if your main goal is privacy and anonymity, then this service presents you with some serious considerations.  First, your raw IP address is stored in the connection logs for up to four months.  This means you are not as anonymous as you think you are.  Additionally, the packet logging on the volunteer servers is dependent on individual server operators and the honor system.  Unfortunately as many of you already know, not everyone uses the Internet for honorable purposes.  We would not suggest you choose the VPN Gate service if anonymity and privacy is your goal.

VPN Gate Security

The first thing to take notice of when looking at the VPN Gate service security is that it is open source. This means it is open to peer evaluation and therefore can be checked for possible backdoors.  This is a positive point for their security.  Next, the SoftEther VPN software can run on many operating systems, such as Windows, Linux, FreeBSD, Solaris and Mac OS X.  Thus changes to it can be made independently of the OS and thus can be easily redistributed. VPN Gate provides access to some of the best cipher algorithms available for VPNs though a direct implementation of OpenSSL.  These include the following:

  • RC4 (128 bits)
  • AES128 (128 bits)
  • AES256 (256 bits)
  • DES (56 bits)
  • Triple-DES (168 bits)

The hashing algorithms for HMAC (Hash-based Message Authentication Code) are

  • SHA-1 (160 bits)
  • MD5 (128 bits)

It supports user identification methods from plain text passwords up to RSA (4096 – bit) authentication.  Theoretically this means that you have access to some of the best encryption in the VPN industry.  This means a SoftEther VPN system can be very secure if implemented with an 256-bit AES cipher using RSA 4096-bit key encryption, and SHA-1 HMAC.  In practice, these choices are left up to the volunteer server operators and based on usage of the service are primarily implemented using RC4-MD5 algorithms in the VPN Gate network.  This means that most volunteers seem to favor faster speed over greater encryption strength.  Still the security provided by the VPN Gate project is adequate for most uses but we probably would not use it for our most secure information.

How to connect to a VPN Gate Public Server?

The methods to connect are different depending on your operating system as follows.

  • Windows Supported VPN Protocols: SoftEther VPN (Recommended), L2TP/IPsec, OpenVPN and MS-SSTP
  • Mac OS X Supported VPN Protocols: L2TP/IPsec (Recommended) and OpenVPN
  • iPhone / iPad (iOS) Supported VPN Protocols: L2TP/IPsec (Recommended) and OpenVPN
  • Android Supported VPN Protocols: L2TP/IPsec (Recommended) and OpenVPN

Note, that although a variety of devices can be used to connect to a VPN Gate server, the VPN Gate plugin which automatically adds all of the current servers on their volunteer network can only be run on Windows.  The rest include illustrated guides for manually connecting to individual servers in their network.

Connecting with Windows

Connecting using Windows starts with the download of the SoftEther VPN Client with VPN Gate Client Plug-in build from the download page of the their website.  Once downloaded, you must unzip the files to a directory.  Next, run the vpngate client application file to start the installation setup.  Click next on the welcoming screen which is shown below left and then choose SoftEther VPN Client on the resultant screen and click next (below right image). SoftEther Client Selection On the next screen that comes up accept the end user license agreement and click next.  After another informational screen and then choosing the installation directory for the client software you will see the screen shown below left.  Selecting next on this screen will finally begin the installation itself.  This will result in the installation progress screen shown below right. SoftEther VPN Client Install Once this screen completes you will need to click finish.  Then the SoftEther VPN client will launch.  On first launch the client will show you a screen like the one below soliciting you to become a volunteer for the VPN Gate project.  Clicking ok on this screen will bring up another screen warning about the use of VPN services in your area. VPN Gate Volunteer Finally the client will install the VPN Gate plugin for servers and set up the virtual adapter for Windows as is shown below.  After this finishes, the client is fully installed and ready to use. VPN Gate Client Virtual Adapter Subsequent opening of the SoftEther VPN client for Windows will look similar to the screen image shown below.  Excess horizontal white space has been removed from this image. SoftEther Client Manager Clicking on VPN Gate Public Relay Servers will bring up the server connection page like the one which is shown below.  You can connect to any of the volunteer servers that are currently online in the VPN Gate network by double-clicking on it or selecting it and choosing the connect to the VPN server button. VPN Gate Server Connection It should be noted that these can vary and not all servers are available at all times.  As these are volunteer connections, nothing can be done about this.  For example, we wanted to test a connection in the UK with BBC iPlayer and this seemed to be a hit or miss proposition as one was not always available.  Also connections to the USA seemed to vary between about seven and two as well as did other countries. SoftEther VPN Client Connected Once a server has been selected the software closes the VPN Gate server page and returns to the SoftEther VPN Client Manger with the currently connected server now shown and highlighted as illustrated above. We would like to mention a few of the menu selections on this screen.  These include the following (from right to left):

  • Help – contains about information
  • Tools – the main tool here is an internal speed test for your current connection, these seem to be conservative estimates to us as they consistently showed slower speeds than the speedtest.net site.
  • Smart Card – allows selected smart cards and tokens to be used with the service
  • Virtual Adapter – allows you to create, delete, enable, or disable a virtual driver.
  • View – change how the client software displays data ie, detail or icon view
  • Edit – no real use
  • Connect -various options for the current connection
    • allows you to disconnect from, view the real time status of, or change the properties of the current connection
    • allows you to close the client to the tray below or exit the client completely

Once the SoftEther VPN Client manager is installed, connections can be made with a few simple clicks.

VPN Gate Speed Test

VPN Gate was not one of the fastest VPN services on our speed tests as is the case with many free VPN services.  The speed of our Internet connection dropped by about 80% when connected through the VPN Gate servers in New York.   This was typical of other connections that we also tested with some dropping by even more. VPN Gate Speed Test Some loss in connection speed is expected because of the extra security offered by the encrypted connection.  However 80% is a significant decrease and if you have a slow ISP speed to start with, this could make your Internet connection speeds closer to the older (less than 1 Mbps) ones of the past.  Because of the inconsistencies in ISP speeds, your performance could vary so be sure to test it yourself.  Although no policy exists regarding P2P traffic, we do not recommend it because of performance and logging issues.  It could even be blocked by some volunteer operators.

VPN Gate Review: Conclusion

VPN Gate was launched in the privacy space three years ago as a research project of the Graduate School of University of Tsukuba, Japan.  It is an experimental project designed to expand the knowledge of “Global Distributed Public VPN Relay Servers”.  VPN Gate is a model of a free VPN service composed of a global network of volunteer relay servers. It is a child project of another research project, SoftEther VPN, developed by the same group.  SoftEther VPN is a free and open source, cross-platform software that provides support for multiple VPN protocols.  The primary protocol used by this software is SSL-VPN or VPN over HTTPS but it also supports the OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3 and EtherIP protocols.  Additionally, it can be installed on Windows, Linux, FreeBSD, Solaris and Mac OS X.  The relay servers used by VPN Gate project are set up using this software.  The VPN Gate project has developed a VPN Gate plug in for the SoftEther Client for Windows which will create a simple GUI to make connection to servers in their network easier for Windows users.  Other platforms will need to be manually setup using the built in apps for each particular device.  They have guides to show you how to do this for most major platforms. What I liked most about the VPN Gate service:

  • It uses custom open source software, SoftEther VPN
  • It’s free to use until they close the project
  • It has support for the SSL-VPN, OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3, and EtherIP protocols
  • It has client software to make it easier for Windows users to access their service

Ideas to improve the service:

  • Develop software for iOS and Android, Mac OS X, and Linux
  • Less logging of personal identity information

The VPN Gate service does not have the greatest performance we have ever seen in a VPN service.  Loss in connection speed through the service was typically 80-90%.  Depending on your original ISP, this could slow your Internet almost to the point of unusability.  The countries that you can connect through are limited by where the public volunteers are located.  The service is somewhat unreliable as we were not able to connect to a number of their public relay servers.  This could be due to restrictions that their volunteer operators have imposed that we have no knowledge of as these can be set according to an individual operator’s preferences.  The actual encryption strength used by the service is also dependent on the volunteer operators as well with most that we saw opting for RC4-MD5 stream encryption.  The service logs quite a bit of info including your real IP address so will not be good for those seeking real privacy on the Internet. Their service is primarily designed to overcome censorship from restrictive governments like China and Iran.  Their service will help secure your data when connecting through W-Fi hotspots by keeping it encrypted through a secured tunnel.  It can also protect you from unwanted targeted marketing or even some malware attacks by using a virtual IP address when connected.  If you are on a very strict budget and can deal with the other issues mentioned, the VPN Gate service could be for you.  Test it out and see what you think. Visit VPN Gate