v4.03-9411-rtm

1 files changed, 523 insertions, 0 deletions

diff --git a/WARNING.TXT b/WARNING.TXT
new file mode 100644
index 00000000..ac8ca580
--- /dev/null
+++ b/WARNING.TXT
@@ -0,0 +1,523 @@
+THE IMPORTANT NOTICES ABOUT SOFTETHER VPN

+

+FUNCTIONS OF VPN COMMUNICATIONS EMBEDDED ON THIS SOFTWARE ARE VERY POWERFUL

+THAN EVER. THIS STRONG VPN ABILITY WILL BRING YOU HUGE BENEFITS. HOWEVER, IF

+YOU MISUSE THIS SOFTWARE, IT MIGHT DAMAGES YOURSELF. IN ORDER TO AVOID SUCH

+RISKS, THIS DOCUMENT ACCOUNTS IMPORTANT NOTICES FOR CUSTOMERS WHO ARE WILLING

+TO USE THIS SOFTWARE. THE FOLLOWING INSTRUCTIONS ARE VERY IMPORTANT. READ AND

+UNDERSTAND IT CAREFULLY. ADDITIONALLY, IF YOU ARE PLANNING TO USE THE DYNAMIC

+DNS, THE NAT TRAVERSAL OR THE VPN AZURE FUNCTIONS, READ THE SECTION 3.5

+CAREFULLY. THESE FUNCTIONS ARE FREE SERVICES PROVIDED VIA THE INTERNET, ARE

+NOT GUARANTEED, AND ARE NOT INTENDED TO BE USED FOR BUSINESS OR COMMERCIAL

+USE. DO NOT USE THESE SERVICES FOR YOUR BUSINESS OR COMMERCIAL USE.

+

+

+1. VPN Communication Protocols

+1.1. SoftEther VPN Protocol

+SoftEther VPN can perform VPN communication. Unlike traditional VPN protocols,

+SoftEther VPN has an implementation of the newly-designed "SoftEther VPN

+Protocol (SE-VPN Protocol)" . SE-VPN protocol encapsulates any Ethernet

+packets into a HTTPS (HTTP over SSL) connection. Therefore SE-VPN protocol can

+communicate beyond firewalls even if the firewall is configured to block

+traditional VPN packets by network administrator. SE-VPN protocol is designed

+and implemented to comply TLS 1.0 (RFC 5246) and HTTPS (RFC 2818). However, it

+sometimes have different behavior to RFCs. If you are a network administrator

+and want to block SE-VPN protocols on the firewall, you can adopt a

+"white-list" policy on the firewall to filter any TCP or UDP packets on the

+border except explicitly allowed packets towards specific web sites and

+servers.

+

+1.2. NAT Traversal Function

+Generally, if you use traditional VPN systems you have to request a network

+administrator to make the NAT or firewall to "open" or "relay" specific TCP or

+UDP ports. However, there are demands somehow to eliminate such working costs

+on network administrators. In order to satisfy such demands, SoftEther VPN has

+the newly-implemented "NAT Traversal" function. NAT Traversal is enabled by

+default. A SoftEther VPN Server running on the computer behind NAT or firewall

+can accept VPN connections from the Internet, without any special

+configurations on firewalls or NATs. If you want to disable the NAT Traversal

+function, modify the "DisableNatTraversal" to "true" on the configuration file

+of SoftEther VPN Server. In order to disable it on the client-side, append

+"/tcp" suffix on the destination hostname.

+

+1.3. Dynamic DNS Function

+Traditional legacy VPN system requires a static global IP address on the VPN

+server. In consideration of shortage of global IP addresses, SoftEther

+Corporation implements the "Dynamic DNS Function" on SoftEther VPN Server.

+Dynamic DNS is enabled by default. Dynamic DNS function notify the current

+global IP address of the PC to the Dynamic DNS Servers which are operated by

+SoftEther Corporation. A globally-unique hostname (FQDN) such as

+"abc.softether.net" ( "abc" varies as unique per a user) will be assigned on

+the VPN Server. If you tell this unique hostname to a VPN user, the user can

+specify it as the destination VPN Sever hostname on the VPN Client and will be

+able to connect the VPN Server. No IP addresses are required to know

+beforehand. If the IP address of the VPN Server varies, the registered IP

+address related to the hostname of Dynamic DNS service will be changed

+automatically. By this mechanism, no longer need a static global IP address

+which costs monthly to ISPs. You can use consumer-level inexpensive Internet

+connection with dynamic IP address in order to operate an enterprise-level VPN

+system. If you want to disable Dynamic DNS, specify "true" on the "Disabled"

+items of the "DDnsClient" directive on the SoftEther VPN Server configuration

+file. * Note for residents in People's Republic of China: If your VPN Server

+is running on the People's Republic of China, the DNS suffix will be replaced

+to "sedns.cn" domain. The "sedns.cn" domain is the service possessed and

+operated by "Beijing Daiyuu SoftEther Technology Co., Ltd" which is a

+Chinese-local enterprise.

+

+1.4. VPN over ICMP / VPN over DNS functions

+If you want to make a VPN connection between SoftEther VPN Client / Bridge and

+SoftEther VPN Server, but if TCP and UDP packets are prohibited by the

+firewall, then you can encapsulates payloads into "ICMP" (as known as Ping) or

+"DNS" packets. This function can realize a VPN connection by using ICMP or DNS

+even if the firewall or router blocks every TCP or UDP connections. VPN over

+ICMP / VPN over DNS functions are designed to comply standard ICMP and DNS

+specifications as possible, however it sometimes has a behavior not to fully

+comply them. Therefore, few poor-quality routers may be caused a

+memory-overflow or something troubles when a lot of ICMP or DNS packets are

+passed, and such routers sometimes freezes or reboots. It might affects other

+users on the same network. To avoid such risks, append the suffix "/tcp" on

+the destination hostname which is specified on the VPN-client side to disable

+VPN over ICMP / DNS functions.

+

+1.5. VPN Azure Cloud Service

+If your SoftEther VPN Server is placed behind the NAT or firwall, and by some

+reason you cannot use NAT Traversal function, Dynamic DNS function or VPN over

+ICMP/DNS function, you can use VPN Azure Clouse Service. SoftEther Corporation

+operates VPN Azure Cloud on Internet. After the VPN Server makes a connection

+to the VPN Azure Cloud, the hostname "abc.vpnazure.net" ( "abc" is a unique

+hostname) can be specified to connect to the VPN Server via the VPN Azure

+Cloud. Practically, such a hostname is pointing a global IP address of one of

+cloud servers which are operated by SoftEther Corporation. If A VPN Client

+connects to such a VPN Azure host, then the VPN Azure host will relay all

+traffics between the VPN Client and the VPN Server. VPN Azure is disabled by

+default. You can activate it easily by using VPN Server Configuration Tool.

+

+1.6. UDP Acceleration

+SoftEther VPN has the UDP Acceleration Function. If a VPN consists of two

+sites detects that UDP channel can be established, UDP will be automatically

+used. By this function, throughput of UDP increases. If direct UDP channel can

+be established, direct UDP packets will be used. However, if there is

+something obstacles such as firewalls or NATs, the "UDP Hole Punching"

+technology will be used, instead. The "UDP Hole Punching" uses the cloud

+servers which SoftEther Corporation operates on Internet. UDP Acceleration can

+be disabled anytime by setting up so on the VPN-client side.

+

+

+2. VPN Software

+2.1. SoftEther VPN Client

+If you use SoftEther VPN Client on Windows, the Virtual Network Adapter device

+driver will be installed on Windows. The Virtual Network Adapter is

+implemented as a kernel-mode driver for Windows. The driver is

+digitally-signed by a certificate issued by VeriSign, Inc. and also sub-signed

+by Symantec Corporation. A message to ask you want to sure install the driver

+might be popped up on the screen. SoftEther VPN Client may response the

+message if possible. SoftEther VPN Client also optimizes the configuration of

+MMCSS (Multimedia Class Scheduler Service) on Windows. You can undo the

+optimizations of MMCSS afterwards.

+

+2.2. SoftEther VPN Server / Bridge

+If you use SoftEther VPN Server / Bridge on Windows with "Local Bridge"

+functions, you have to install the low-level Ethernet packet processing driver

+on the computer. The driver is digitally-signed by a certificate issued by

+VeriSign, Inc. and also sub-signed by Symantec Corporation. SoftEther VPN

+Server / Bridge may disable the TCP/IP offloading features on the physical

+network adapter for Local Bridge function. In Windows Vista / 2008 or greater

+version, VPN Server may inject a packet-filter driver which complies Windows

+Filter Platform (WPF) specification into the kernel in order to provide IPsec

+function. The packet-filter driver will be loaded available only if IPsec

+function is enabled. Once you enables IPsec function of SoftEther VPN Server,

+the built-in IPsec function of Windows will be disabled. After you disabled

+IPsec function of SoftEther VPN Server, then the built-in IPsec function of

+Windows will revive. In order to provide the Local Bridge function, SoftEther

+VPN Server / Bridge disables the TCP/IP offloading function on the operating

+system.

+

+2.3. User-mode Installation

+You can install SoftEther VPN Server and SoftEther VPN Bridge as "User-mode"

+on Windows. In other words, even if you don't have Windows system

+administrator's privileges, you can install SoftEther VPN as a normal user.

+User-mode install will disable a few functions, however other most functions

+work well. Therefore, for example, an employee can install SoftEther VPN

+Server on the computer in the office network, and he will be able to connect

+to the server from his home. In order to realize such a system by user-self,

+no system administrative privileges are required in the view-point of

+technical. However, breaking rules of the company to install software on the

+computer without authority might be regarded as an unfavorable behavior. If

+you are an employee and belong to the company, and the company-policy

+prohibits installing software or making communications towards Internet

+without permission, you have to obtain a permission from the network

+administrator or the executive officer of your company in advance to install

+SoftEther VPN. If you install VPN Server / Bridge as User-mode, an icon will

+be appeared on the Windows task-tray. If you feel that the icon disturbs you,

+you can hide it by your operation. However, you must not exploit this hiding

+function to install VPN Server on other person's computer as a spyware. Such

+behavior might be an offence against the criminal law.

+

+2.4. Keep Alive Function

+SoftEther VPN Server and SoftEther VPN Bridge has Keep Alive Function by

+default. The purpose of this function is to sustain the Internet line active.

+The function transmits UDP packets with a random-byte-array-payload

+periodically. This function is useful to avoid automatic disconnection on

+mobile or dial-up connections. You can disable Keep Alive Function anytime.

+

+2.5. Uninstallation

+The uninstallation process of SoftEther VPN software will delete all program

+files. However, non-program files (such as files and data which are generated

+by running of programs) ) will not be deleted. For technical reason, the exe

+and resource files of uninstaller might remain. Such remaining files never

+affects to use the computer, however you can delete it manually. Kernel-mode

+drivers might not be deleted, however such drivers will not be loaded after

+the next boot of Windows. You can use "sc" command of Windows to delete

+kernel-mode drivers manually.

+

+2.6. Security

+You should set the administrator's password on SoftEther VPN Server / Bridge

+after installation. If you neglect to do it, another person can access to

+SoftEther VPN Server / Bridge and can set the password without your

+permission. This caution might be also applied on SoftEther VPN Client for

+Linux.

+

+2.7. Automatic Update Notification

+SoftEther VPN software for Windows has an automatic update notification

+function. It accesses to the SoftEther Update server periodically to check

+whether or not the latest version of software is released. If the latest

+version is released, the notification message will be popped up on the screen.

+In order to achieve this purpose, the version, language settings, the unique

+identifier, the IP address of your computer and the hostname of VPN Server

+which is connected to will be sent to the SoftEther Update server. No personal

+information will be sent. Automatic Update Notification is enabled by default,

+however you can disable it on the configuration screen. The setting whether

+turned on or turned off will be saved individually corresponding to each

+destination VPN server, by VPN Server Manager.

+

+2.8. Virtual NAT Function

+A Virtual Hub on SoftEther VPN Server / Bridge has "Virtual NAT Function" .

+Virtual NAT Function can share a single IP address on the physical network by

+multiple private IP address of VPN Clients. There are two operation mode of

+Virtual NAT: User-mode and Kernel-mode. In the user-mode operation, Virtual

+NAT shares an IP address which is assigned on the host operating system.

+Unlike user-mode, the kernel-mode operation attempts to find DHCP servers on

+the physical network. If there are two or more physical networks, a DHCP

+server will be sought automatically for each segments serially. If a DHCP

+server found, and an IP address is acquired, the IP address will be used by

+the Virtual NAT. In this case, an IP entry as a DHCP client will be registered

+on the IP pool of the physical DHCP Server. The physical default gateway and

+the DNS server will be used by the Virtual NAT in order to communicate with

+hosts in Internet. In kernel-mode operation, a Virtual Hub has a virtual MAC

+address which is operating on the physical Ethernet segment. In order to check

+the connectivity to Internet, SoftEther VPN periodically sends DNS query

+packet to resolve the IP address of host "www.yahoo.com" or "www.baidu.com" ,

+and attempts to connect to the TCP port 80 of such a resulted IP address for

+connectivity check.

+

+2.9. Unattended Installation of Kernel-mode Components

+When SoftEther VPN will detect a necessity to install the kernel-mode

+components on Windows, a confirmation message will be appeared by Windows

+system. In this occasion, SoftEther VPN software will switch to the Unattended

+Installation mode in order to respond "Yes" to Windows. This is a solution to

+prevent dead-locks when a remote-administration is performed from remote

+place.

+

+2.10. Windows Firewall

+SoftEther VPN software will register itself as a safe-program. Such an entry

+will be remain after the uninstallation. You can remove it manually from the

+Control Panel of Windows.

+

+

+3. Internet Services

+3.1. Internet Services which are provided by SoftEther Corporation

+SoftEther Corporation provides Dynamic DNS, NAT Traversal and VPN Azure server

+services on the Internet. These services are free of charge. Customers can

+access to the services by using SoftEther VPN software, via Internet. These

+service will be planned to be available from Open-Source version of "SoftEther

+VPN" which will be released in the future.

+

+3.2. Sent Information and Privacy Protection

+SoftEther VPN software may send an IP address, hostname, the version of VPN

+software on the customer's computer to the cloud service operated by SoftEther

+Corporation, in order to use the above services. These sending of information

+are minimal necessary to use the services. No personal information will be

+sent. SoftEther Corporation records log files of the cloud service servers for

+90 days at least with the received information. Such logs will be used for

+troubleshooting and other legitimate activities. SoftEther Corporation may

+provide logs to a public servant of Japanese government who are belonging to

+courts, police stations and the prosecutor's office, in order to comply such

+authorities' order. (Every Japanese public servants are liable by law to keep

+the information close.) Moreover, the IP addresses or other information will

+be processed statistically and provided to the public, not to expose the each

+concrete IP address, in order to release the release of research activities.

+

+3.3. Communication Data via VPN Azure Service

+Regardless of the above 3.2 rule, if the customer sends or receives VPN

+packets using VPN Azure Cloud Service, the actual payloads will stored and

+forwarded via the volatile memory of the servers for very short period. Such a

+behavior is naturally needed to provide the "VPN relay service" . No payloads

+will be recorded on "fixed" storages such as hard-drives. However, the

+"Wiretapping for Criminals Procedures Act" (The 137th legislation ruled on

+August 18, 1999 in Japan) requires telecommunication companies to allow the

+Japanese government authority to conduct a wire-tapping on the line. VPN Azure

+Servers which are physically placed on Japan are subjects of this law.

+

+3.4. Comply to Japanese Telecommunication Laws

+SoftEther Corporation complies with Japanese Telecommunication Laws as

+necessary to provide online services via Internet.

+

+3.5. Free and Academic Experiment Services

+SoftEther provides Dynamic DNS, NAT Traversal and VPN Azure as academic

+experiment services. Therefore, there services can be used for free of charge.

+These services are not parts of "SoftEther VPN Software Products" . These

+services are provided without any warranty. The services may be suspended or

+discontinued by technical or operational matters. In such occasions, users

+will not be able to use the services. A user have to understand such risks,

+and to acknowledge that such risks are borne by a user-self. SoftEther will

+never be liable to results or damages of use or unable-to-use of the service.

+Even if the user has already paid the license-fee of the commercial version of

+SoftEther VPN, such paid fees don't include any fees of these services.

+Therefore, if the online services will stop or be discontinued, no refunds or

+recoveries of damages will be provided by SoftEther Corporation.

+

+3.6. DNS Proxy Cloud Servers

+In some regions, when a user uses Internet, a DNS query sometimes broken or

+lost when it is passing through the ISP line. If SoftEther VPN Server, Client

+or Bridge detects a possibility that the accessing to the actual VPN server

+might be unstable, then DNS queries will be also transferred to the DNS proxy

+cloud servers which are operated by SoftEther Corporation. A DNS proxy cloud

+server will respond DNS queries with answering correct a IP address.

+

+

+4. General Cautions

+4.1. Needs an Approval from Network Administrator

+SoftEther VPN has powerful functions which don't require special settings by

+network administrators. For example, you need not to ask the administrator to

+configure the existing firewall in order to "open" a TCP/UDP port. Such

+characteristic features are for the purpose to eliminate working times and

+costs of network administrators, and avoid misconfiguration-risks around the

+tasks to open specific exception ports on the firewall. However, any employees

+belong to the company have to obtain an approval from the network

+administrator before installs SoftEther VPN. If your network administrator

+neglects to provide such an approval, you can consider to take an approval

+from an upper authority. (For example, executive officer of the company.) If

+you use SoftEther VPN without any approvals from the authority of your

+company, you might have disadvantage. SoftEther Corporation will be never

+liable for results or damages of using SoftEther VPN.

+

+4.2. Observe Laws of Your Country

+If your country's law prohibits the use of encryption, you have to disable the

+encryption function of SoftEther VPN by yourself. Similarly, in some countries

+or regions, some functions of SoftEther VPN might be prohibited to use by

+laws. Other countries' laws are none of SoftEther Corporation's concern

+because SoftEther Corporation is an enterprise which is located and registered

+in Japan physically. For example, there might be a risk that a part of

+SoftEther VPN conflicts an existing patent which is valid only on the specific

+region. SoftEther Corporation has no interests in such specific region outside

+Japan's territory. Therefore, if you want to use SoftEther VPN in regions

+outside Japan, you have to be careful not to violate third-person's rights.

+You have to verify the legitimacy of the use of SoftEther VPN in the specific

+region before you actually use it in such region. By nature, there are almost

+200 countries in the World, and each country's law is different each other. It

+is practically impossible to verify every countries' laws and regulations and

+make the software comply with all countries' laws in advance to release the

+software. Therefore SoftEther Corporation has verified the legitimacy of

+SoftEther VPN against the laws and regulations of only Japan. If a user uses

+SoftEther VPN in a specific country, and damaged by public servants of the

+government authority, SoftEther Corporation will never be liable to recover or

+compensate such damages or criminal responsibilities.

+

+

+5. VPN Gate Academic Experiment Project

+(This chapter applies only on SoftEther VPN software package which contains

+the extension plug-in for VPN Gate Academic Experiment Project.)

+5.1. About VPN Gate Academic Experiment Project

+VPN Gate Academic Experiment Project is an online service operated for just

+the academic research purpose at the graduate school of University of Tsukuba,

+Japan. The purpose of this research is to expend our knowledge about the

+"Global Distributed Public VPN Relay Server" (GDPVRS) technology. For details,

+please visit http://www.vpngate.net/.

+

+5.2. About VPN Gate Service

+SoftEther VPN Server and SoftEther VPN Client may contain "VPN Gate Service"

+program. However, VPN Gate Service is disabled by default.

+VPN Gate Service should be activated and enabled by the voluntary intention of

+the owner of the computer which SoftEther VPN Server or SoftEther VPN Client

+is installed on. After you activate VPN Gate Service, the computer will be

+start to serve as a part of the Global Distributed Public VPN Relay Servers.

+The IP address, hostname and related information of the computer will be sent

+and registered to the directory server of VPN Gate Academic Experiment

+Project, and they will be published and disclosed to the public. This

+mechanism will allow any VPN Gate Client software's user to connect to the VPN

+Gate Service running on your computer. While the VPN session between a VPN

+Gate Client and your VPN Gate Service is established, the VPN Gate Client's

+user can send/receive any IP packets towards the Internet via the VPN Gate

+Service. The global IP address of the VPN Gate Service's hosing computer will

+be used as the source IP address of such communications which a VPN Gate

+Client initiates.

+VPN Gate Service will send some information to the VPN Gate Academic

+Experiment Service Directory Server. The information includes the operator's

+information which described in section 5.5, logging settings, uptime,

+operating system version, type of protocol, port numbers, quality information,

+statistical information, VPN Gate clients' log history data (includes dates,

+IP addresses, version numbers and IDs) and the version of the software. These

+information will be exposed on the directory. VPN Gate Service also receives a

+key for encoding which is described on the chapter 5.9 from the directory

+server.

+

+5.3. Details of VPN Gate Service's Behavior

+If you enable VPN Gate Service manually, which is disabled by default, the

+"VPNGATE" Virtual Hub will be created on the SoftEther VPN Server. If you are

+using SoftEther VPN Client and attempt to active VPN Gate Service on it, an

+equivalent program to SoftEther VPN Server will be invoked on the same process

+of SoftEther VPN Client, and the "VPNGATE" Virtual Hub will be created. The

+"VPNGATE" Virtual Hub contains a user named "VPN" by default which permits

+anyone on the Internet to make a VPN connection to the Virtual Hub. Once a VPN

+Client connects to the "VPNGATE" Virtual Hub, any communication between the

+user and the Internet will pass through the Virtual Hub, and

+transmitted/received using the physical network interface on the computer

+which SoftEther VPN Server (or SoftEther VPN Client) is running on. This will

+cause the result that a destination host specified by the VPN Client will

+identify that the source of the communication has initiated from the VPN Gate

+Service's hosting computer's IP address. However, for safety, any packets

+which destinations are within 192.168.0.0/255.255.0.0, 172.16.0.0/255.240.0.0

+or 10.0.0.0/255.0.0.0 will be blocked by the "VPNGATE" Virtual Hub in order to

+protect your local network. Therefore, if you run VPN Gate Service on your

+corporate network or private network, it is safe because anonymous VPN Client

+users will not be permitted to access such private networks. VPN Gate Service

+also serves as relay for accessing to the VPN Gate Directory Server.

+In order to make VPN Gate Service familiar with firewalls and NATs, it opens

+an UDP port by using the NAT Traversal function which is described on the

+section 1.2. It also opens and listens on some TCP ports, and some TCP and UDP

+ports will be specified as the target port of Universal Plug and Play (UPnP)

+Port Transfer entries which are requested to your local routers. UPnP request

+packets will be sent periodically. Some routers keep such an opened TCP/UDP

+port permanently on the device. If you wish to close them, do it manually.

+VPN Gate Service also provides the mirror-site function for www.vpngate.net.

+This is a mechanism that a copy of the latest contents from www.vpngate.net

+will be hosted by the mirror-site tiny HTTP server which is running on the VPN

+Gate Service program. It will register itself on the mirror-sites list in

+www.vpngate.net. However, it never relays any other communications which are

+not towards www.vpngate.net.

+

+5.4. Communication between Internet via VPN Gate Service

+VPN Gate Service provides a routing between users and the Internet, by using

+the Virtual NAT Function which is described on the section 2.8. VPN Gate

+Service sends polling Ping packets to the server which is located on

+University of Tsukuba, and the Google Public DNS Server which is identified as

+8.8.8.8, in order to check the latest quality of your Internet line. VPN Gate

+Service also sends and receives a lot of random packets to/from the Speed Test

+Server on University of Tsukuba. These quality data will be reported to VPN

+Gate Directory Server, automatically and periodically. The result will be

+saved and disclosed to the public. These periodical polling communication are

+adjusted not to occupy the Internet line, however in some circumstances they

+might occupy the line.

+

+5.5. Operator's Information of VPN Gate Service

+If you activate VPN Gate Service on your computer, the computer will be a part

+of the Global Distributed Public VPN Relay Servers. Therefore, the Operator's

+administrative information of your VPN Gate Service should be reported and

+registered on the VPN Gate Service Directory. Operator's information contains

+the name of the operator and the abuse-reporting contact e-mail address. These

+information can be inputted on the screen if the VPN Gate configuration.

+Inputted information will be transmitted to the VPN Gate Directory Server,

+stored and disclosed to the public. So you have to be careful to input

+information. By the way, until you specify something as the operator's

+information, the computer's hostname will be used automatically as the field

+of the name of the operator, by appending the "'s owner" string after the

+hostname.

+

+5.6. Observe Laws to Operate VPN Gate Service

+In some countries or regions, a user who is planning to activate and operate

+VPN Gate Service, he are mandated to obtain a license or register a service

+from/to the government. If your region has such a regulation, you must fulfill

+mandated process before activating VPN Gate Service in advance. Neither the

+developers nor operators of the VPN Gate Academic Experiment Project will be

+liable for legal/criminal responsibilities or damages which are occurred from

+failure to comply your local laws.

+

+5.7. Protect Privacy of Communication

+Most of countries have a law which requires communication service's operators,

+including VPN Gate Service operators, to protect the privacy of communication

+of third-persons. When you operate VPN Gate Service, you must always protect

+user's privacy.

+

+5.8. Packet Logs

+The packet logging function is implemented on VPN Gate Service. It records

+essential headers of major TCP/IP packets which are transmitted via the

+Virtual Hub. This function will be helpful to investigate the "original IP

+address" of the initiator of communication who was a connected user of your

+VPN Gate Service, by checking the packet logs and the connection logs. The

+packet logs are recorded only for such legitimate investigates purpose. Do not

+peek nor leak packet logs except the rightful purpose. Such act will be

+violate the section 5.7.

+

+5.9. Packet Logs Automatic Archiving and Encoding Function

+The VPN Gate Academic Experiment Service is operated and running under the

+Japanese constitution and laws. The Japanese constitution laws demand strictly

+protection over the privacy of communication. Because this service is under

+Japanese rules, the program of VPN Gate Service implements this "Automatic Log

+File Encoding" protection mechanism, and enabled by default.

+The VPN Gate Service is currently configured to encode packet log files which

+has passed two or more weeks automatically, by default. In order to protect

+privacy of communication, if a packet log file is once encoded, even the

+administrator of the local computer cannot censor the packet log file. This

+mechanism protects privacy of end-users of VPN Gate Service.

+You can change the VPN Gate Service setting to disable this automatic encoding

+function. Then packet log files will never be encoded even after two weeks

+passed. In such a configuration, all packet logs will remain as plain-text on

+the disk. Therefore you have to take care not to violate user's privacy.

+If you are liable to decode an encoded packet log files (for example: a VPN

+Gate Service's user illegally abused your VPN Gate Service and you have to

+decode the packet logs in order to comply the laws), contact the administrator

+of the VPN Gate Academic Experiment Service at Graduate School of University

+of Tsukuba, Japan. You can find the contact address at

+http://www.vpngate.net/. The administrator of VPN Gate Service will respond to

+decode the packet logs if there is an appropriate and legal request from court

+or other judicial authorities, according to laws.

+

+5.10. Caution if You Operate VPN Gate Service in the Japan's Territories

+When a user operates VPN Gate Service in the Japan's territories, such an act

+may be regulated under the Japanese Telecommunication Laws if the operation is

+a subject to the law. However, in such a circumstance, according to the

+"Japanese Telecommunication Business Compete Manual [supplemental version]" ,

+non- profitable operations of communications are not identified as a

+"telecommunication business" . So usual operators of VPN Gate Service are not

+subjects to "telecommunication business operators" , and not be mandated to

+register to the government. Even so, legalities to protect the privacy of

+communication still imposed. As a conclusion, if you operate VPN Gate Service

+in the Japan's Territories, you must not leak the secrets of communications

+which are transmitted via your operating VPN Gate Service.

+

+5.11. VPN Gate Client

+If SoftEther VPN Client contains the VPN Gate Client plug-in, you can use it

+to obtain the list of current operating VPN Gate Service servers in the

+Internet, and make a VPN connection to a specific server on the list.

+VPN Gate Client always keeps the latest list of the VPN Gate Services

+periodically. Be careful if you are using a pay-per-use Internet line.

+When you start the VPN Gate Client software, the screen which asks you

+activate or not VPN Gate Service will be appeared. For details of VPN Gate

+Service, read the above sections.

+

+5.12. Caution before Joining or Exploiting VPN Gate Academic Experiment

+Project

+The VPN Gate Academic Experiment Service is operated as a research project at

+the graduate school on University of Tsukuba, Japan. The service is governed

+under the Japanese laws. Other countries' laws are none of our concerns nor

+responsibilities.

+By nature, there are almost 200 countries in the World, with different laws.

+It is impossible to verify every countries' laws and regulations and make the

+software comply with all countries' laws in advance to release the software.

+If a user uses VPN Gate service in a specific country, and damaged by public

+servants of the authority, the developer of either the service or software

+will never be liable to recover or compensate such damages or criminal

+responsibilities.

+By using this software and service, the user must observe all concerned laws

+and rules with user's own responsibility. The user will be completely liable

+to any damages and responsibilities which are results of using this software

+and service, regardless of either inside or outside of Japan's territory.

+If you don't agree nor understand the above warnings, do not use any of VPN

+Gate Academic Experiment Service functions.

+VPN Gate is a research project for just academic purpose only. VPN Gate was

+developed as a plug-in for SoftEther VPN and UT-VPN. However, all parts of VPN

+Gate were developed on this research project at University of Tsukuba. Any

+parts of VPN Gate are not developed by SoftEther Corporation. The VPN Gate

+Research Project is not a subject to be led, operated, promoted nor guaranteed

+by SoftEther Corporation.

+