Let us start our VPN Gate review by first noting that it is an experimental research project of the University of Tsukuba, Graduate School in Japan and not a commercial VPN service. It is an offshoot of the main project, SoftEther VPN, which is a free, open source, cross platform, multi-protocol VPN software. The purpose of this research is to investigate and expand the knowledge of the metrics of a randomly distributed VPN network with decentralized control. Yes, this technical babble sounds like a university research project.
Put more simply, they want to observe the performance of their software, SoftEther VPN as it is used to randomly generate a worldwide VPN network using only volunteers. This means that unlike traditional VPN services which have company servers distributed across data centers with related blocks of IP addresses from the same ISP, VPN Gate’s servers (IP addresses) are randomly spread all over the world and operated by volunteers. They call these servers, VPN Gate Public VPN Relay Servers. Also, unlike commercial VPN services, the VPN Gate service is completely free and does not require registration to use it.
The VPN Gate Research Project
The research was designed to overcome three problems faced by many Internet users. The first of which was the growing government censorship being imposed by governments like China, Iran, Syria, and others. The second was the lack of browsing anonymity due to websites tracking your IP address for targeted marketing campaigns or installation of malware for more nefarious reasons. The third was to protect users on public Wi-Fi’s or other unsecured networks from packet sniffers, ARP spoofing, or network operators. Each of the problems is solved by use of a VPN which led to the VPN Gate project using random public VPN relay servers.
SoftEther VPN
As we previously stated, the VPN Gate project is the child project of the SoftEther VPN project which was also developed by the Graduate School of the University of Tsukuba, Japan. SoftEther VPN is a easy-to-use multi-protocol VPN software. It is free to use and open source. It runs on Windows, Linux, Mac OS X, FreeBSD, and Solaris. SoftEther VPN uses HTTP over SSL (HTTPS) protocol in order to establish a VPN tunnel. This protocol uses TCP Port: 443 as its destination. This makes the SoftEther VPN (SSL-VPN) traffic protocol nearly transparent to almost all firewalls, proxy servers, and NATs as they pass HTTPS traffic as the de-facto standard for secure Internet transactions.
SoftEther VPN Server supports not only VPN over HTTPS protocol but also the L2TP/IPsec, OpenVPN, MS-SSTP, L2TPv3 and EtherIP protocols. They are many of the standard protocols used with most VPNS. This means your iPhone, iPad, Android, Windows Mobile and other mobile devices can also use their built in VPN protocols to connect to the VPN Gate network of servers. As you can see in the above diagram SoftEther VPN server has built in clone servers for MS-SSTP and OpenVPN. You can also use Cisco Systems or other VPN routers like edge VPN products that use L2TPv3/IPsec or EtherIP/IPsec in order to connect to their network.
VPN Gate and Your Anonymity
VPN Gate has what they call their Anti-Abuse Policy which explicitly states:
We always keep VPN Connections Logs of VPN Gate Public VPN Relay Servers for three or more months
In this they make it crystal clear that they store connection logs from every one of their VPN Gate Servers to guard against any abuse of the system. These are transferred using an SSL encrypted syslog type protocol. They also state that they will turn over such logs to the proper authorities in the event that criminal activities are identified. These connection logs contain the following information:
- Date and time
- ID, IP address and hostname of destination VPN Server
- Type of action (connect or disconnect)
- Raw IP address and hostname of the source VPN client computer
- Type of VPN protocols (SSL-VPN, L2TP, OpenVPN or SSTP)
- VPN Client software – name, version and id (If available)
- Number of packets and bytes during a VPN connection, and debug information of communication errors
In addition to this, packet logs are kept on each VPN server for two or more weeks (most servers we observed say the are deleted after two weeks). These contain the TCP/IP headers of all communications initiated by VPN users. The problem with this is that there is no way of guaranteeing the identity of a server volunteer or that they are deleting these logs as this system has no centralized control and relies on the honor system. VPN Gate says that they do not have access to these packet logs so can not provide them to authorities. They do however say that if authorities do obtain these logs from a volunteer server, they will help them diagnose them. It is obvious from the previous disclosures that the VPN Gate service is primarily useful for those who need an anti-censorship tool or one that can protect them from hacking or spoofing tools when using public Wi-Fi’s.
There is the also the added protection against geographically targeted advertising provided by the random IP addresses assigned by the VPN Gate servers. However, if your main goal is privacy and anonymity, then this service presents you with some serious considerations. First, your raw IP address is stored in the connection logs for up to four months. This means you are not as anonymous as you think you are. Additionally, the packet logging on the volunteer servers is dependent on individual server operators and the honor system. Unfortunately as many of you already know, not everyone uses the Internet for honorable purposes. We would not suggest you choose the VPN Gate service if anonymity and privacy is your goal.
VPN Gate Security
The first thing to take notice of when looking at the VPN Gate service security is that it is open source. This means it is open to peer evaluation and therefore can be checked for possible backdoors. This is a positive point for their security. Next, the SoftEther VPN software can run on many operating systems, such as Windows, Linux, FreeBSD, Solaris and Mac OS X. Thus changes to it can be made independently of the OS and thus can be easily redistributed. VPN Gate provides access to some of the best cipher algorithms available for VPNs though a direct implementation of OpenSSL. These include the following:
- RC4 (128 bits)
- AES128 (128 bits)
- AES256 (256 bits)
- DES (56 bits)
- Triple-DES (168 bits)
The hashing algorithms for HMAC (Hash-based Message Authentication Code) are
- SHA-1 (160 bits)
- MD5 (128 bits)
It supports user identification methods from plain text passwords up to RSA (4096 – bit) authentication. Theoretically this means that you have access to some of the best encryption in the VPN industry. This means a SoftEther VPN system can be very secure if implemented with an 256-bit AES cipher using RSA 4096-bit key encryption, and SHA-1 HMAC. In practice, these choices are left up to the volunteer server operators and based on usage of the service are primarily implemented using RC4-MD5 algorithms in the VPN Gate network. This means that most volunteers seem to favor faster speed over greater encryption strength. Still the security provided by the VPN Gate project is adequate for most uses but we probably would not use it for our most secure information.
How to connect to a VPN Gate Public Server?
The methods to connect are different depending on your operating system as follows.
- Windows Supported VPN Protocols: SoftEther VPN (Recommended), L2TP/IPsec, OpenVPN and MS-SSTP
- Mac OS X Supported VPN Protocols: L2TP/IPsec (Recommended) and OpenVPN
- iPhone / iPad (iOS) Supported VPN Protocols: L2TP/IPsec (Recommended) and OpenVPN
- Android Supported VPN Protocols: L2TP/IPsec (Recommended) and OpenVPN
Note, that although a variety of devices can be used to connect to a VPN Gate server, the VPN Gate plugin which automatically adds all of the current servers on their volunteer network can only be run on Windows. The rest include illustrated guides for manually connecting to individual servers in their network.
Connecting with Windows
Connecting using Windows starts with the download of the SoftEther VPN Client with VPN Gate Client Plug-in build from the download page of the their website. Once downloaded, you must unzip the files to a directory. Next, run the vpngate client application file to start the installation setup. Click next on the welcoming screen which is shown below left and then choose SoftEther VPN Client on the resultant screen and click next (below right image).
- Help – contains about information
- Tools – the main tool here is an internal speed test for your current connection, these seem to be conservative estimates to us as they consistently showed slower speeds than the speedtest.net site.
- Smart Card – allows selected smart cards and tokens to be used with the service
- Virtual Adapter – allows you to create, delete, enable, or disable a virtual driver.
- View – change how the client software displays data ie, detail or icon view
- Edit – no real use
- Connect -various options for the current connection
- allows you to disconnect from, view the real time status of, or change the properties of the current connection
- allows you to close the client to the tray below or exit the client completely
Once the SoftEther VPN Client manager is installed, connections can be made with a few simple clicks.
VPN Gate Speed Test
VPN Gate was not one of the fastest VPN services on our speed tests as is the case with many free VPN services. The speed of our Internet connection dropped by about 80% when connected through the VPN Gate servers in New York. This was typical of other connections that we also tested with some dropping by even more.
VPN Gate Review: Conclusion
VPN Gate was launched in the privacy space three years ago as a research project of the Graduate School of University of Tsukuba, Japan. It is an experimental project designed to expand the knowledge of “Global Distributed Public VPN Relay Servers”. VPN Gate is a model of a free VPN service composed of a global network of volunteer relay servers. It is a child project of another research project, SoftEther VPN, developed by the same group. SoftEther VPN is a free and open source, cross-platform software that provides support for multiple VPN protocols. The primary protocol used by this software is SSL-VPN or VPN over HTTPS but it also supports the OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3 and EtherIP protocols. Additionally, it can be installed on Windows, Linux, FreeBSD, Solaris and Mac OS X. The relay servers used by VPN Gate project are set up using this software. The VPN Gate project has developed a VPN Gate plug in for the SoftEther Client for Windows which will create a simple GUI to make connection to servers in their network easier for Windows users. Other platforms will need to be manually setup using the built in apps for each particular device. They have guides to show you how to do this for most major platforms. What I liked most about the VPN Gate service:
- It uses custom open source software, SoftEther VPN
- It’s free to use until they close the project
- It has support for the SSL-VPN, OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3, and EtherIP protocols
- It has client software to make it easier for Windows users to access their service
Ideas to improve the service:
- Develop software for iOS and Android, Mac OS X, and Linux
- Less logging of personal identity information
The VPN Gate service does not have the greatest performance we have ever seen in a VPN service. Loss in connection speed through the service was typically 80-90%. Depending on your original ISP, this could slow your Internet almost to the point of unusability. The countries that you can connect through are limited by where the public volunteers are located. The service is somewhat unreliable as we were not able to connect to a number of their public relay servers. This could be due to restrictions that their volunteer operators have imposed that we have no knowledge of as these can be set according to an individual operator’s preferences. The actual encryption strength used by the service is also dependent on the volunteer operators as well with most that we saw opting for RC4-MD5 stream encryption. The service logs quite a bit of info including your real IP address so will not be good for those seeking real privacy on the Internet. Their service is primarily designed to overcome censorship from restrictive governments like China and Iran. Their service will help secure your data when connecting through W-Fi hotspots by keeping it encrypted through a secured tunnel. It can also protect you from unwanted targeted marketing or even some malware attacks by using a virtual IP address when connected. If you are on a very strict budget and can deal with the other issues mentioned, the VPN Gate service could be for you. Test it out and see what you think.