How to Provide Your Computer as a VPN Server for VPN Gate
(Become a Virtual Internet Service Provider)

The VPN Gate Academic Experiment Project wants volunteers to provide VPN servers.

If you have a Windows computer, please kindly provide your computer as a Public VPN Relay Server, and join to VPN Gate Experiment.
Setup of Public VPN Relay Server is very easy. After the setup will be completed, your computer will be registered on the Public VPN Relay Servers List page. Anyone on the world can communicate to the Internet via your computer as a relay.

 

  • You can install it as a normal user privileges. No Administrators privileges required. Even if you don't have Administrators account in your company, you can run VPN Gate Service on your company's computer. It is very convenient.
  • After you activate the VPN Gate Service, anyone can connect a VPN connection to your computer, and access to any hosts on the Internet via your computer. VPN Client has also a tiny VPN Gate Service and it is equivalence if you activate it manually.
  • A guest user can access to hosts on the Internet via your computer, but he cannot access to hosts on your private network nor your computer itself. He cannot browse Windows file sharing or other private materials. It is very secure.
  • It is safe to install VPN Gate Service on your company's private network. Any access towards the private address blocks (192.168.0.0./255.255.0.0, 172.16.0.0/255.240.0.0 and 10.0.0.0/255.0.0.0) are filtered. It is greatly secure.
  • The VPN Gate Service provides the mirror site relay service for www.vpngate.net. If your computer will be qualified as a provider of the mirror site, your IP address will be registered on the Mirror Sites List page.

 

Important Notice

When you are attempting to enable the VPN Gate Relaying Function, you will see the four warning messages. Please read every warning messages very carefully before activating the VPN Gate Relaying Function. Do not enable the VPN Gate Relaying Function unless you fully understood and agreed all the warnings and risks about running the relay.

When you are running the VPN Gate Relaying Function on your company's network, then any person's communication to Internet hosts will be relayed via your company's network. If you company's network has a policy which prohibits to run such a relaying program, you have a risk to violate the policy. Therefore, you have better to take an explicit permission from the network administrator of your company in advance to enabling the VPN Gate Relaying Function.

After you checked "Enable the VPN Gate Relay Service and Join the VPN Gate Research as a Volunteer" manually (which is disabled by default)
and press OK, then the VPN Gate Relaying Function will start to run on your computer as one of the VPN Gate volunteers.

This means that any VPN Gate client users will be able to communicate with Internet servers via your volunteer VPN server.
You must enable the function after fully understanding. If your company or campus doesn't permit users to run such
a relaying program, DO NOT enable the VPN Gate Relaying Function.

 

Notice: About background services

The notes in this section are not specific to SoftEther VPN or VPN Gate, but apply to general system software.

SoftEther VPN Client, SoftEther VPN Server, SoftEther VPN Bridge, and VPN Gate Relay Service will be installed on your computer as system services. System services always run in the background. System services usually do not appear on the computer display. Then your computer system is booted, system services automatically start in the background even before you or other users log in. To check whether SoftEther-related system service is running, check the process list or the background service list of your OS (called as "Services" in Windows, or "Daemons" in UNIX.) You can activate, deactivate, start, or stop system services using the functions of the OS anytime. SoftEther-related GUI tools for managing system services communicate with these system services. After you terminate these management GUI tools, SoftEther-related system services will continue to run in the background. System services consume CPU time, computer power, memory and disk space. Because system services consume power, your electricity charges and amount of thermal of your computer increase as result. In addition, there is a possibility that the mechanical parts of the life of your computer is reduced.

 

1. Download and install SoftEther VPN Server

Click the below link to download SoftEther VPN Server (Windows version).

 

After you start the installer, follow the instructions which are displayed on the wizard.

 

Select "SoftEther VPN Server" in the "Select Software Components to Install" list.

 

Read the End User License Agreement. SoftEther VPN Sever is currently freeware, and planned to be published as open-source software (GPL).

 

Read the notice. This is very important.

 

SoftEther VPN Server installation process will be started.

 

Installation finished.

 

2. Activation and initial configuration of VPN Gate Service on SoftEther VPN Server

After you install SoftEther VPN Server, connect to the SoftEther VPN Server instance running on localhost.

 

At the first time you connect to the VPN Server in Management Mode, the "Easy Setup" will appear. If you want to just only activate VPN Gate Service, click the "Close" button.

 

The top windows of VPN Server Manager. Click the "VPN Gate Setting" button.

 

The "VPN Gate Service Control Panel" will appear. Check the "Enable the VPN Gate Relay Service and Join the VPN Gate Research as a Volunteer" checkbox. After that, click the "VPN Gate Service Option Settings" button.

 

In the VPN Gate Service Options, input the information of the server operator.
Please note that any information inputted here are registered in the Public VPN Relay Servers List page, and published to anyone.

 

Minimum VPN Gate Service initial configuration finished by above steps.
You can change the assigned DDNS name of the VPN Gate Service computer. The default DDNS name is "vpn**********.opengw.net" . You can change the DDNS hostname. To change it, click the "Dynamic DNS Setting" button and follow the screen instructions.

 

3. View the list of current active VPN guest sessions

You can browse the list of current active VPN guest session by opening the "VPNGATE" virtual hub.

 

Double-click a particular session to see the detail information about the session.

 

4. Pop-up your message to your guests

You can show your message to users who connect to your VPN Server. To set up the message, open the property of the "VPNGATE" virtual hub, and specify the message.

 

 

 

Please enable your L2TP/IPsec VPN for guests to help people behind Government's Firewall

If you enable VPN Gate Service for guests around the world, please also consider to accept L2TP/IPsec connection from guests.

In the current volunteers' list, there are few L2TP/IPsec enabled VPN servers all over the world. We really need more L2TP/IPsec enabled servers.

How to let my PC's L2TP/IPsec server become reachable from Internet?

To enable L2TP/IPsec server function, check the "Enable L2TP/IPsec VPN Server Function" checkbox on the "VPN Gate Service Options" dialog.

 

After you enabled L2TP/IPsec server function on the software, you have to open both UDP 500 and 4500 ports to the Internet. How to open UDP 500 / 4500 is depended on each router or NAT. Please read your router, firewall or NAT's documents to make your VPN server computer become reachable from the Internet.

Note: Both UDP 500 and 4500 are required.

How to confirm that my PC's L2TP/IPsec server (UDP 500 / 4500) is certainly reachable from the Internet?

Reload the Public VPN Relay Servers List a few minutes later after you enabled the function and opened the UDP 500 / 4500 ports toward the Internet. If your server is listed and marked as L2TP/IPsec is enabled, your PC is reachable from the Internet. Otherwise please verity the setting again.

Please note that some private networks (e.g. behind the NAT which is managed by other person) unfortunately you cannot activate L2TP/IPsec server function toward the Internet because such a NAT doesn't pass L2TP/IPsec packets to your server.