VPN Gate Anti-Abuse Policy

Anyone can hide their IP addresses by using VPN Gate Public VPN Relay Servers.

Most of users are expected to utilize this function for rightful purpose. However, a few users might abuse this function for wrong purpose. To counter such abuses, the VPN Gate Project defines the anti-abuse policy as followings.

The following VPN Gate aggregated log servers are owned, operated, and managed by SoftEther Corporation, our joint research partner. The University of Tsukuba does not possess this information. Decisions regarding disclosure of the logs are, in principle, made by SoftEther Corporation.

Custody and Disclosure Policy of VPN Connection Logs

We always keep VPN Connections Logs of VPN Gate Public VPN Relay Servers for three or more months

An access log entry will be recorded when an anonymous user connects to / disconnects from one of VPN Gate Public VPN Servers. An access log entry will be stored on the log file of the VPN Gate Public VPN Server. The same information will be transmitted to our logging server, by syslog-like protocol with SSL-encrypted communication. Similarly, accesses to the Public VPN Relay Servers list on the VPN Gate web server will be logged as same as below.

A VPN Connection Log entry contains:

Date and time
ID, IP address and hostname of destination VPN Server
Type of action (connect or disconnect)
Raw IP address and hostname of the source VPN client computer
Type of VPN protocols (SSL-VPN, L2TP, OpenVPN or SSTP)
VPN Client software-name, version and id (If available)
Number of packets and bytes during a VPN connection, and debug information of communication errors
Log records of destination HTTP/HTTPS hostnames (FQDNs), IP addresses, host names and port numbers of VPN Gate communications through VPN sessions

No other information will be transmitted to us nor be recorded on our logging server.

Disclosure to Police, Prosecutors, Lawyers or Courts

It is necessary to avoid abusing users who exploit VPN Gate to hide their IP address for wrongdoing. An in case of such abusing were occurred, it is necessary to trace the source IP address of such illegal user. Analyzing VPN Connection Log is helpful to investigate the source global IP address of him.

We will disclosure the VPN Connection Logs to a policeman, a prosecutor, a lawyer or a court who is authorized by applicable laws.

If you are a policeman, a prosecutor, a lawyer or a court who is authorized to and wants to request the disclosure of VPN Connection Logs, contact us with the following e-mail address. You need to attach the information which describes the date and time of the target logs, concerned VPN Server's IP address and other materials for reference.

More details of our disclosure policy is on this page in Japanese.

Custody and Disclosure of VPN Packet Logs

Each VPN Gate Public VPN Relay Server keeps Packet Logs

In VPN Gate Experiment Service, a lot of volunteers (who are joining to this experiment) provides the VPN relaying functions on their computers. On each computer of each volunteer, the VPN Server Program always records packet-headers for every VPN users. You can see the packet log in order to know what kind of communications were established via the VPN server by a specific VPN user.

Packet Logs on each VPN servers will be kept for two or more weeks at least on the disk. They contains all TCP/IP headers of all communication initiated by VPN users. After two weeks pass, log files might be compressed or deleted to save the disk free space.

When a VPN Gate user communicates with an HTTP server via a VPN Gate Public VPN Relay Server, a part of the VPN Session ID will be appended on the User-Agent value on the HTTP request header. This partial Session ID will be used to identify the VPN Session which was related to the abuse incident.

How to request disclosing Packet Logs?

If you are a policeman, a prosecutor, a lawyer or a court who is authorized to and wants to request the disclosure of VPN Packet Logs, you must contact to the operator of the target VPN server. The contact address is listed on the VPN Severs List page. If your target VPN server is not on the list, or you cannot find the contact address, instead you have to contact the ISP who is responsible to manage the IP address. You can reach the appropriate administrator of the target VPN server via ISP if you are authorized by laws.

We don't have any VPN Packet Logs which are saved on each volunteer's VPN Gate Servers. No packet logs are to be submitted to us from each Public VPN Relay Servers. Do not request us to disclose a specific VPN Packet Log which is stored on a specific relay server. We do not hold such a log in our facility, so we cannot respond such a request.

We can help to analyze Packet Logs if requested by authorities

If you are a policeman, a prosecutor, a lawyer or a court who is authorized to and wants to analyze the contents of obtained Packet Log files, we can help you to analyze the Packet Logs within rational and practical efforts if we can afford.

If you are a policeman, a prosecutor, a lawyer or a court who is authorized to and wants to request the analyzing of VPN Connection Logs, contact us with the following e-mail address.

Disclosure of Logs in Accordance with the Act on Measures against Infringement of Rights, etc. Arising from the Distribution of Information by Specified Telecommunications (Japanese law)

If any posting or other transmission of information is made via VPN Gate, a person seeking relief under the Act on Measures against Infringement of Rights, etc. Arising from the Distribution of Information by Specified Telecommunications (a person claiming to be a victim) may need information such as the source IP address and port number at the provider with which the sender directly has a contract, in order to make a disclosure request under that Act or to initiate legal proceedings to obtain a court order or judgment under that Act against the provider with which the sender directly has a contract.

Where such a posting has been made through VPN Gate, and where, based on the necessity described above, it becomes necessary to obtain information such as the source IP address and port number from the connection logs of the VPN Gate relay server through which the communication passed, such information may be obtained. For example, this may occur when a person claiming to be a victim needs the source IP address, port number, or similar information in order to carry out procedures under the Act. In such a case, a disclosure request to obtain information from the aggregated logs described above cannot, in principle, be made under that Act. This is because the communication did not pass through VPN Gate's central log server, and VPN Gate's central log server does not fall under "specified telecommunications facilities" (Article 2, item 2). In principle, the computer of the VPN Gate relay server through which the communication passed must be treated as the "specified telecommunications facilities," and the administrator of that server must be treated as the "specified telecommunications service provider" (Article 2, item 4), and the disclosure request must therefore be made to that administrator.

However, this method takes a great deal of time. It is not uncommon for it to take considerable time to obtain the source IP address, port number, and similar information from the provider with which the sender directly has a contract, and in some cases this may make effective relief of rights difficult in practice.

Accordingly, in cases such as those described above, the administrators of VPN Gate may provide, to a person claiming to be a victim, information such as the source IP address and port number at the original provider from which the relevant transmission was made, as recorded on VPN Gate's central log server, in accordance with standards analogous to those of the Act, provided that the following two conditions are satisfied:

(1) The person claiming to be a victim has a reasonable ground to need to obtain the source IP address and port number at the provider with which the sender directly has a contract, for the purpose of obtaining relief of rights under the Act, and this is prima facie shown by supporting materials (materials equivalent in content and standard to those that must be submitted when making a disclosure request or initiating court proceedings under the Act).
(2) The source IP address and port number in question are one of a large number of IP addresses used by the ISP operating that IP address for assignment to users, and from the IP address itself, its reverse DNS hostname, or Whois information, it is impossible or extremely difficult for either the administrators of VPN Gate or the person claiming to be a victim to identify the individual or organization that was using that IP address at the relevant date and time. In other words, in order ultimately to identify the sender, the person claiming to be a victim is in a situation where, both theoretically and practically, they are compelled to newly undertake disclosure request procedures or court procedures under the Act.

If you believe that your case falls under (1) above, please contact us at the email address below. If, as a result, the IP address or similar information is found to fall under (2), we may provide information such as the source IP address and port number at the original provider from which the relevant transmission was made, as recorded on VPN Gate's central log server.

How to block any using of VPN Gate Service by your employees?

If you are a network administrator of the company and you want to prohibit using VPN Gate of each employee, you can block VPN Gate with the following steps.

Block accesses to the URL https://www.vpngate.net/ by your firewall.
Block accesses to all URLs on the Mirrors Sites List by your firewall.
If you conducted the above steps, an employee can still use VPN Gate by bringing the VPN Gate Client from outside somehow.
In order to avoid such a use, block any packets of TCP or UDP on your firewall except necessary communication for your company's business.
(Advanced firewall products can do that. For example, some firewalls can decrypt SSL communication to apply white-lists.)
If you conducted all the above steps, your employees can use 3G or LTE wireless-provider devices to bypass your firewall's restriction to use VPN Gate Service.
It is very difficult to block such using. If you want to block this, you have to purchase an anechoic chamber.

Any Suggestions?

It is our difficult challenge to promote rightful uses of VPN Gate and to avoid wrongful abuses of VPN Gate at the same time.

If you have any suggestions, please feedback us on the forum.

Copyright © 2026 VPN Gate Academic Experiment Project at National University of Tsukuba, Japan. All Rights Reserved. Joint research with SoftEther Corporation.
VPN Gate is based on SoftEther VPN Software which is developed by SoftEther VPN Project.
Flag Icons Supplier | About VPN Gate Academic Project | Support Forums | List of Mirror Sites | Compliance with Local Laws | University of Tsukuba Web Site | WinPcap for Windows 10