TheVPNGat

eAcademi
cEx
per
imentPr
ojectwant
svol
unt
eer
stopr
ovi
deVPN
ser
ver
s.

I
fyouhaveaWindowscomput
er,
pleaseki
ndl
yprovi
dey
ourcomput
erasaPubl
i
c
VPNRelaySer
ver
,andj
oint
oVPNGat eExper
iment
.

Set
upofPubl
icVPNRel ayServ
erisveryeasy.Aft
erthesetupwil
lbecomplet
ed,
your
comput
erwil
lberegist
eredonthePubli
cVPNRel aySer
versLi
stpage.Any
oneonthe
worl
dcancommuni cat
et ot
heInt
ernetvi
ay ourcomputerasarel
ay.

Youcaninstal
li
tasanormaluserpri
vi
leges.NoAdminist
rat
orspri
vi
legesr
equi
red.
Evenify
oudon'thaveAdmini
str
ator
saccountinyourcompany,youcanrunVPN
GateServi
ceonyourcompany'
scomput er
.Iti
sveryconveni
ent
.

Aftery
ouact
ivatet
heVPNGat eSer
vice,
any
onecanconnectaVPNconnect i
onto
yourcomput
er,andaccesst
oanyhostsontheInt
ernetvi
ayourcomputer.VPN
Cli
enthasal
soat i
nyVPNGateServi
ceanditi
sequival
enceifyouact
ivat
eit
manually
.

AguestusercanaccesstohostsontheInt
ernetvi
ayourcomputer,
buthecannot
accesst
ohostsony ourpr
ivat
enetworknoryourcomputeri
tsel
f.Hecannotbr
owse
Windowsfi
leshar
ingorotherpri
vat
emat er
ial
s.Iti
sver
ysecure.

I
tissafetoinst
allVPNGateServiceony ourcompany'
spr i
vatenet
work.Anyaccess
towardsthepri
vateaddr
essblocks(192.168.0.
0./
255.
255.0.0,
172.16.
0.0/
255.240.
0.0and10.0.
0.0/255.0.
0.0)ar
efil
ter
ed.Itisgr
eat
lysecur
e.

TheVPNGat eSer
vicepr
ovidesthemirr
orsi
terelayservi
ceforwww.
vpngate.
net
.If
yourcomput
erwil
lbequali
fiedasaprovi
derofthemi r
rorsi
te,y
ourI
Paddresswil
lbe
regi
ster
edontheMirr
orSit
esListpage.

I
mpor
tantNot
ice

Wheny ouareattempti
ngtoenabletheVPNGateRelayi
ngFuncti
on,youwi l
lseethe
fourwarni
ngmessages.Pleasereadever
ywarningmessagesverycareful
lybefor
e
acti
vat
ingtheVPNGat eRelayi
ngFuncti
on.Donotenabl
etheVPNGat eRel ayi
ng
Functi
onunlessy ouf
ull
yunderst
oodandagreedall
thewarni
ngsandr isksabout
runni
ngtherelay
.
Wheny ouarerunningt heVPNGat eRelay ingFuncti
onony ourcompany '
snetwork,
thenanyperson'
scommuni cat
iontoInternethostswill
berelayedviay our
company '
snetwork.Ifyoucompany 'snet workhasapol i
cywhichpr ohibi
tstorun
suchar el
ayi
ngprogr am, youhaveariskt ov i
olat
ethepoli
cy.Therefore,youhave
bett
ertotakeanex plici
tpermissi
onf r
om t henetworkadminist
ratorofy ourcompany
i
nadv ancetoenablingt heVPNGat eRel ayingFunct
ion.

Aft
eryouchecked"Enabl
etheVPNGateRel
ayServ
iceandJointheVPNGat
e
Resear
chasaVol unt
eer"manual
l
y(whi
chisdi
sabl
edbydefault
)

andpr
essOK,t
hent
heVPNGat eRel
ayi
ngFunct
ionwi
l
lst
artt
orunony
ourcomput
er
asoneoft
heVPNGatev
olunt
eers.

Thi
smeanst
hatanyVPNGatecl
ientuser
swi
l
lbeabl
etocommuni
cat
ewi
thI
nter
net
ser
ver
svi
ayourv
olunt
eerVPNserver
.

Youmustenablethef
unct
ionaf
terf
ull
yunder
standi
ng.I
fyourcompanyorcampus
doesn'
tper
mituserst
orunsuch

ar
elay
ingpr
ogr
am,
DONOTenabl
etheVPNGat
eRel
ayi
ngFunct
ion.

Not
ice:
Aboutbackgr
oundser
vices

Thenotesinthi
ssecti
onarenotspeci
fi
ctoSof
tEt
herVPNorVPNGat
e,butappl
yto
gener
alsystem sof
twar
e.

SoftEtherVPNCl i
ent,Sof tEtherVPNSer ver
, Sof t
EtherVPNBr i
dge,andVPNGat e
RelaySer vicewi ll
bei nstalledony ourcomput erassy stem services.Sy stem servi
ces
al
way sruni nthebackgr ound.Sy stem servicesusual lydonotappearont he
comput erdisplay.Theny ourcomput ersystem i sboot ed,system services
automat i
call
yst artinthebackgr oundev enbef or
ey ouorot heruser slogi n.Tocheck
whet herSof tEt
her -r
elatedsy st
em serviceisr unning,checkt hepr ocessl istorthe
backgr oundser v i
celistofy ourOS( cal
ledas" Servi
ces"i nWi ndows, or" Daemons"in
UNIX.)Youcanact ivate,deacti
v ate, start,orstopsy stem servicesusi ngt he
funct
ionsoft heOSany t
ime.Sof tEt her -r
elat
edGUIt oolsformanagi ngsy stem
servi
cescommuni catewi t
hthesesy st em servi
ces.Af teryout erminatet hese
managementGUIt ools,SoftEther-rel atedsy st
em ser viceswillcontinuet or unint
he
background.System serv i
cesconsumeCPUt ime,comput erpower ,memor yanddisk
space.Becausesy stem servicesconsumepower ,y ourelectr
icitychar gesand
amountoft hermal ofyourcomput eri ncreaseasr esult.Inaddi t
ion,therei sa
possibi
li
tythatthemechani cal partsoft heli
feofy ourcomput erisreduced.

1.Downl
oadandi
nst
all
Sof
tEt
herVPNSer
ver

Cl
i
ckt
hebel
owl
i
nkt
odownl
oadSof
tEt
herVPNSer
ver(
Windowsv
ersi
on)
.

Downl
oadSof
tEt
herVPNSer
ver

Af
tery
oust
artt
hei
nst
all
er,
fol
l
owt
hei
nst
ruct
ionswhi
char
edi
spl
ayedont
hewi
zar
d.

Sel
ect"
Sof
tEt
herVPNSer
ver
"int
he"
Sel
ectSof
twar
eComponent
stoI
nst
all
"li
st.

Readt
heEndUserLi
censeAgr
eement.Soft
EtherVPNSev
eriscur
rent
lyf
reewar
e,
andpl
annedt
obepubli
shedasopen-
sourcesoft
ware(
GPL).
Readt
henot
ice.Thi
sisv
eryi
mpor
tant
.

Sof
tEt
herVPNSer
veri
nst
all
ati
onpr
ocesswi
l
lbest
art
ed.

I
nst
all
ati
onf
ini
shed.

2.Act
ivat
ionandi
nit
ial
conf
igur
ati
onofVPNGat
eSer
viceonSof
tEt
herVPNSer
ver

Afteryoui
nst
all
Soft
EtherVPNSer
ver
,connectt
otheSof
tEt
herVPNSer
veri
nst
ance
runningonl
ocal
host
.
Atthefi
rsttimeyouconnectt
otheVPNServerinManagementMode,the"Easy
Set
up"wi l
lappear.I
fyouwanttoj
ustonl
yacti
vateVPNGateSer
vice,
clickt
he
"Cl
ose"button.

Thet
opwi
ndowsofVPNSer
verManager
.Cl
i
ckt
he"
VPNGat
eSet
ti
ng"but
ton.

The"VPNGat eSer
viceCont
rol
Panel
"wil
lappear
.Checkthe"Enabl
et heVPNGate
RelaySer
viceandJoint
heVPNGateResearchasaVolunteer
"checkbox.Af
tert
hat
,
cl
ickthe"
VPNGat eServi
ceOpti
onSet
ti
ngs"butt
on.

I
ntheVPNGat
eSer
viceOpt
ions,
inputt
hei
nfor
mat
ionoft
heser
veroper
ator
.

Pleasenotethatanyi
nfor
mat i
oni
nput
tedherear
eregi
ster
edi
nthePubl
i
cVPNRel
ay
Server
sListpage,andpubl
ishedt
oanyone.
Mi
nimum VPNGat
eSer
vicei
nit
ial
conf
igur
ati
onf
ini
shedbyabov
est
eps.

Youcanchangetheassi
gnedDDNSnameoft heVPNGat eServ
icecomput
er.The
defaul
tDDNSnamei s"
vpn***
****
***
.opengw.
net".YoucanchangetheDDNS
hostname.Tochangei
t,cl
i
ckthe"DynamicDNSSetti
ng"butt
onandf ol
l
owthe
screeni
nstr
uct
ions.

3.Vi
ewt
hel
i
stofcur
rentact
iveVPNguestsessi
ons

Youcanbrowsetheli
stofcur
rentact
iveVPNguestsessi
onbyopeni
ngt
he
"VPNGATE"vi
rt
ualhub.

Doubl
e-cl
i
ckapar
ti
cul
arsessi
ont
oseet
hedet
ail
inf
ormat
ionaboutt
hesessi
on.

4.Pop-
upy
ourmessaget
oyourguest
s

Youcanshowyourmessaget
ouserswhoconnecttoyourVPNSer v
er.Tosetupthe
message,
openthepr
opert
yofthe"
VPNGATE"vir
tualhub,andspeci
fythemessage.
Pl
easeenabl
eyourL2TP/
IPsecVPNf
orguest
stohel
ppeopl
ebehi
ndGov
ernment
's
Fi
rewal
l

I
fy ouenabl
eVPNGat eServ
icef
orguestsaroundt
hewor
ld,
pleaseal
soconsi
dert
o
acceptL2TP/I
Psecconnect
ionf
rom guest
s.

I
nthecurrentv
olunteer
s'l
i
st,
therear
efewL2TP/IPsecenabl
edVPNser
ver
sal
lov
er
t
heworld.Wer eal
l
yneedmor eL2TP/I
Psecenabl
edserver
s.

Howt
oletmyPC'
sL2TP/
IPsecser
verbecomer
eachabl
efr
om I
nter
net
?

ToenableL2TP/ I
Psecser
verfunct
ion,checkt
he"
EnableL2TP/IPsecVPNSer
ver
Funct
ion"checkboxonthe"VPNGat eServi
ceOpt
ions"di
alog.

Aftery
ouenabledL2TP/I
Psecserverfuncti
ononthesoftware,
youhavetoopenboth
UDP500and4500por tstotheInt
ernet.HowtoopenUDP500/4500i sdependedon
eachrout
erorNAT.Pleasereadyourrouter
,fi
rewal
lorNAT'sdocumentstomake
yourVPNservercomputerbecomereachablefrom t
heInt
ernet
.
Not
e:Bot
hUDP500and4500ar
erequi
red.

Howtoconf
irmt
hatmyPC'sL2TP/
IPsecser
ver(
UDP500/4500)i
scer
tai
nly
r
eachabl
efr
om t
heInt
ernet
?

ReloadthePublicVPNRelayServersLi
stafewmi nut
eslateraft
eryouenabledthe
functi
onandopenedt heUDP500/4500por t
stowardtheInter
net.I
fyourserveri
s
l
istedandmar kedasL2TP/IPsecisenabl
ed,yourPCisreachablefr
om t
heInternet
.
Otherwisepl
easev er
it
ythesett
ingagain.

Pleasenotethatsomepriv
atenet
works(e.
g.behi
ndtheNATwhi chi
smanagedby
otherperson)unf
ort
unatel
yyoucannotact
ivat
eL2TP/I
Psecserverf
unct
iontoward
theInt
ernetbecausesuchaNATdoesn'tpassL2TP/I
Psecpacketst
oyourserver
.