world_Research/IT

SoftEther VPN Gate 설치 시 동의 및 중요 알림 내용

Doctor C 2023. 2. 16.

이전 글에서 SoftEther VPN Gate 사용 방법 및 과정과 후기에 대해 다루었던 바 있습니다.

 

이 글은 해당 설치 과정에서 시간 관계상 그냥 넘어갈 수밖에 없었던 프로그램 사용 동의 화면과 중요 알림 화면에 있었던 내용에 대해 추가적으로 따로 살펴보는 글로서 영문 원문을 그대로 기록하는 목적 또한 겸합니다.

 

∵ 참고로 이전 포스트의 내용은 아래 링크 글을 참고 바랍니다.

 

무료 SoftEther VPN Gate 후기 사용 방법 과정

이 글은 무료 VPN 중에서 많이 알려져 있는 SoftEther VPN Gate 사용 후기 및 방법과 다운로드 및 설치를 포함한 상세 이용 과정에 대해 설명하는 글입니다. 또한 그에 앞서 VPN의 기본 개념과 목적 그리

chording5.tistory.com

 

보통 프로그램을 설치할 때 동의 또는 알림 화면이 설치 과정 중 나오게 됩니다. 그러나 그것을 다 읽어보지 않고 빠르게 넘기는 경우가 대부분입니다. 시간이 여의치 않을 수도 있겠지만 어차피 동의를 하지 않으면 프로그램을 설치할 수 없기 때문이기도 합니다. 하지만 간혹 그 안에 사용자가 알아두면 좋을 내용들이 포함되는 경우도 있어 읽어보는 것이 좋을 수 있습니다.

 

특히나 이 SoftEther VPN 및 VPN Gate의 경우에는 설치 화면의 언어에 한국어를 지원하지 않기 때문에 해당 내용을 영어로 봐야 하므로 다소 번거로운 감이 있습니다. 이 글에서는 해당 글 중 사용자가 알아두면 좋을 부분에 대해 간단히 언급하는 방식으로 설명하도록 하겠습니다.

 

⚠️ 동의 화면의 내용은 비교적 짧으나 중요 알림 화면의 내용은 상당히 긴 편으로 스크롤의 압박이 있을 수 있습니다.

✔️ 원문을 읽고자 한다면 글 상자 속 영문을 참고하시고 확인 사항만 빠르게 확인하고자 한다면 한글 부분만 읽어주시면 되겠습니다.

 

SoftEther
출처: SoftEther

 

⦁ 소프트웨어 다운로드 및 설치일: 2023년 2월 14일

 

 

동의 화면

동의-화면
End User License Agreement

Copyright (c) all contributors on SoftEther VPN project in GitHub.
Copyright (c) Daiyuu Nobori, SoftEther Project at University of Tsukuba, and SoftEther Corporation.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

저작권 및 라이선스가 누구에게 있는지 설명하는 부분입니다.

 

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under the License.

↳ 법적 요구나 서면 동의가 있는 것이 아니라면 이 소프트웨어는 있는 그대로 배포됩니다.

 

DISCLAIMER
==========

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

부인 설명 == 제작자나 저작권 보유자는 소프트웨어와 관련하여 발생하는 일들에 대해 책임을 지지 않습니다.

 

THIS SOFTWARE IS DEVELOPED IN JAPAN, AND DISTRIBUTED FROM JAPAN, UNDER JAPANESE LAWS. YOU MUST AGREE IN ADVANCE TO USE, COPY, MODIFY, MERGE, PUBLISH, DISTRIBUTE, SUBLICENSE, AND/OR SELL COPIES OF THIS SOFTWARE, THAT ANY JURIDICAL DISPUTES WHICH ARE CONCERNED TO THIS SOFTWARE OR ITS CONTENTS, AGAINST US (SOFTETHER PROJECT, SOFTETHER CORPORATION, DAIYUU NOBORI OR OTHER SUPPLIERS), OR ANY JURIDICAL DISPUTES AGAINST US WHICH ARE CAUSED BY ANY KIND OF USING, COPYING, MODIFYING, MERGING, PUBLISHING, DISTRIBUTING, SUBLICENSING, AND/OR SELLING COPIES OF THIS SOFTWARE SHALL BE REGARDED AS BE CONSTRUED AND CONTROLLED BY JAPANESE LAWS, AND YOU MUST FURTHER CONSENT TO EXCLUSIVE JURISDICTION AND VENUE IN THE COURTS SITTING IN TOKYO, JAPAN. YOU MUST WAIVE ALL DEFENSES OF LACK OF PERSONAL JURISDICTION AND FORUM NON CONVENIENS. PROCESS MAY BE SERVED ON EITHER PARTY IN THE MANNER AUTHORIZED BY APPLICABLE LAW OR COURT RULE.

이 소프트웨어는 일본 법에 따라 일본에서 개발되고 배포됩니다.

 

USE ONLY IN JAPAN. DO NOT USE THIS SOFTWARE IN ANOTHER COUNTRY UNLESS YOU HAVE A CONFIRMATION THAT THIS SOFTWARE DOES NOT VIOLATE ANY CRIMINAL LAWS OR CIVIL RIGHTS IN THAT PARTICULAR COUNTRY. USING THIS SOFTWARE IN OTHER COUNTRIES IS COMPLETELY AT YOUR OWN RISK. THE SOFTETHER VPN PROJECT HAS DEVELOPED AND DISTRIBUTED THIS SOFTWARE TO COMPLY ONLY WITH THE JAPANESE LAWS AND EXISTING CIVIL RIGHTS INCLUDING PATENTS WHICH ARE SUBJECTS APPLY IN JAPAN. OTHER COUNTRIES' LAWS OR CIVIL RIGHTS ARE NONE OF OUR CONCERNS NOR RESPONSIBILITIES. WE HAVE NEVER INVESTIGATED ANY CRIMINAL REGULATIONS, CIVIL LAWS OR INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENTS IN ANY OF OTHER 200+ COUNTRIES AND TERRITORIES. BY NATURE, THERE ARE 200+ REGIONS IN THE WORLD, WITH DIFFERENT LAWS. IT IS IMPOSSIBLE TO VERIFY EVERY COUNTRIES' LAWS, REGULATIONS AND CIVIL RIGHTS TO MAKE THE SOFTWARE COMPLY WITH ALL COUNTRIES' LAWS BY THE PROJECT. EVEN IF YOU WILL BE SUED BY A PRIVATE ENTITY OR BE DAMAGED BY A PUBLIC SERVANT IN YOUR COUNTRY, THE DEVELOPERS OF THIS SOFTWARE WILL NEVER BE LIABLE TO RECOVER OR COMPENSATE SUCH DAMAGES, CRIMINAL OR CIVIL RESPONSIBILITIES. NOTE THAT THIS LINE IS NOT LICENSE RESTRICTION BUT JUST A STATEMENT FOR WARNING AND DISCLAIMER.

일본에서만 사용하십시오. 이 소프트웨어는 일본법을 준수합니다. 다른 국가의 법에 저촉되지 않는다는 확인이 없이는 해당 국가에서 사용하지 마십시오. 다른 국가에서 이 소프트웨어를 사용 시 책임은 사용자에게 있습니다.

 

READ AND UNDERSTAND THE 'src/WARNING.TXT' FILE BEFORE USING THIS SOFTWARE. SOME SOFTWARE PROGRAMS FROM THIRD PARTIES ARE INCLUDED ON THIS SOFTWARE WITH LICENSE CONDITIONS WHICH ARE DESCRIBED ON THE 'src/THIRD_PARTY.TXT' FILE.

 소프트웨어 사용 전 제공된 txt 파일을 읽으십시오.

 

중요 알림 항목

중요-알림
Important Notices

THE IMPORTANT NOTICES ABOUT SOFTETHER VPN
FUNCTIONS OF VPN COMMUNICATIONS EMBEDDED ON THIS SOFTWARE ARE VERY POWERFUL THAN EVER. THIS STRONG VPN ABILITY WILL BRING YOU HUGE BENEFITS. HOWEVER, IF YOU MISUSE THIS SOFTWARE, IT MIGHT DAMAGE YOURSELF. IN ORDER TO AVOID SUCH RISKS, THIS DOCUMENT ACCOUNTS IMPORTANT NOTICES FOR CUSTOMERS WHO ARE WILLING TO USE THIS SOFTWARE. THE FOLLOWING INSTRUCTIONS ARE VERY IMPORTANT. READ AND UNDERSTAND IT CAREFULLY. ADDITIONALLY, IF YOU ARE PLANNING TO USE THE DYNAMIC DNS, THE NAT TRAVERSAL OR THE VPN AZURE FUNCTIONS, READ THE SECTION 3.5 CAREFULLY. THESE FUNCTIONS ARE FREE SERVICES PROVIDED VIA THE INTERNET, ARE NOT GUARANTEED, AND ARE NOT INTENDED TO BE USED FOR BUSINESS OR COMMERCIAL USE. DO NOT USE THESE SERVICES FOR YOUR BUSINESS OR COMMERCIAL USE.

소프트웨어 오용 방지를 위해 앞으로의 내용에서 중요 고지 사항을 설명합니다. 소프트웨어를 통해 제공되는 기능들은 무료 서비스로 상업적 용도로 사용하지 마십시오.

 

이후 내용들은 아래와 같이 각 제목에 해당되는 용어 및 기능들에 대한 설명이 이어집니다. 일종의 사용 설명서와 같은 기능적 부분들에 대해서는 설명을 생략하도록 하겠습니다. 다만 사용자가 알아둬야 할 만한 부분에 대해서는 일부 짚고 가겠습니다.

1. VPN Communication Protocols
1.1. SoftEther VPN Protocol
SoftEther VPN can perform VPN communication. Unlike traditional VPN protocols, SoftEther VPN has an implementation of the newly-designed "SoftEther VPN Protocol (SE-VPN Protocol)" . SE-VPN protocol encapsulates any Ethernet packets into a HTTPS (HTTP over SSL) connection. Therefore SE-VPN protocol can communicate beyond firewalls even if the firewall is configured to block traditional VPN packets by network administrator. SE-VPN protocol is designed and implemented to comply TLS (RFC 5246) and HTTPS (RFC 2818). However, it sometimes have different behavior to RFCs. If you are a network administrator and want to block SE-VPN protocols on the firewall, you can adopt a "white-list" policy on the firewall to filter any TCP or UDP packets on the border except explicitly allowed packets towards specific web sites and servers.
1.2. NAT Traversal Function
Generally, if you use traditional VPN systems you have to request a network administrator to make the NAT or firewall to "open" or "relay" specific TCP or UDP ports. However, there are demands somehow to eliminate such working costs on network administrators. In order to satisfy such demands, SoftEther VPN has the newly-implemented "NAT Traversal" function. NAT Traversal is enabled by default. A SoftEther VPN Server running on the computer behind NAT or firewall can accept VPN connections from the Internet, without any special configurations on firewalls or NATs. If you want to disable the NAT Traversal function, modify the "DisableNatTraversal" to "true" on the configuration file of SoftEther VPN Server. In order to disable it on the client-side, append "/tcp" suffix on the destination hostname.
1.3. Dynamic DNS Function
Traditional legacy VPN system requires a static global IP address on the VPN server. In consideration of shortage of global IP addresses, SoftEther Corporation implements the "Dynamic DNS Function" on SoftEther VPN Server. Dynamic DNS is enabled by default. Dynamic DNS function notify the current global IP address of the PC to the Dynamic DNS Servers which are operated by SoftEther Corporation. A globally-unique hostname (FQDN) such as "abc.softether.net" ( "abc" varies as unique per a user) will be assigned on the VPN Server. If you tell this unique hostname to a VPN user, the user can specify it as the destination VPN Sever hostname on the VPN Client and will be able to connect the VPN Server. No IP addresses are required to know beforehand. If the IP address of the VPN Server varies, the registered IP address related to the hostname of Dynamic DNS service will be changed automatically. By this mechanism, no longer need a static global IP address which costs monthly to ISPs. You can use consumer-level inexpensive Internet connection with dynamic IP address in order to operate an enterprise-level VPN system. If you want to disable Dynamic DNS, specify "true" on the "Disabled" items of the "DDnsClient" directive on the SoftEther VPN Server configuration file. * Note for residents in People's Republic of China: If your VPN Server is running on the People's Republic of China, the DNS suffix will be replaced to "sedns.cn" domain. The "sedns.cn" domain is the service possessed and operated by "Beijing Daiyuu SoftEther Technology Co., Ltd" which is a Chinese-local enterprise.
1.4. VPN over ICMP / VPN over DNS functions
If you want to make a VPN connection between SoftEther VPN Client / Bridge and SoftEther VPN Server, but if TCP and UDP packets are prohibited by the firewall, then you can encapsulates payloads into "ICMP" (as known as Ping) or "DNS" packets. This function can realize a VPN connection by using ICMP or DNS even if the firewall or router blocks every TCP or UDP connections. VPN over ICMP / VPN over DNS functions are designed to comply standard ICMP and DNS specifications as possible, however it sometimes has a behavior not to fully comply them. Therefore, few poor-quality routers may be caused a memory-overflow or something troubles when a lot of ICMP or DNS packets are passed, and such routers sometimes freezes or reboots. It might affects other users on the same network. To avoid such risks, append the suffix "/tcp" on the destination hostname which is specified on the VPN-client side to disable VPN over ICMP / DNS functions.
1.5. VPN Azure Cloud Service
If your SoftEther VPN Server is placed behind the NAT or firwall, and by some reason you cannot use NAT Traversal function, Dynamic DNS function or VPN over ICMP/DNS function, you can use VPN Azure Clouse Service. SoftEther Corporation operates VPN Azure Cloud on Internet. After the VPN Server makes a connection to the VPN Azure Cloud, the hostname "abc.vpnazure.net" ( "abc" is a unique hostname) can be specified to connect to the VPN Server via the VPN Azure Cloud. Practically, such a hostname is pointing a global IP address of one of cloud servers which are operated by SoftEther Corporation. If A VPN Client connects to such a VPN Azure host, then the VPN Azure host will relay all traffics between the VPN Client and the VPN Server. VPN Azure is disabled by default. You can activate it easily by using VPN Server Configuration Tool.
1.6. UDP Acceleration
SoftEther VPN has the UDP Acceleration Function. If a VPN consists of two sites detects that UDP channel can be established, UDP will be automatically used. By this function, throughput of UDP increases. If direct UDP channel can be established, direct UDP packets will be used. However, if there is something obstacles such as firewalls or NATs, the "UDP Hole Punching" technology will be used, instead. The "UDP Hole Punching" uses the cloud servers which SoftEther Corporation operates on Internet. UDP Acceleration can be disabled anytime by setting up so on the VPN-client side.

 

 

2. VPN Software
The notes in this section are not specific to SoftEther VPN or VPN Gate, but apply to general system software. SoftEther VPN Client, SoftEther VPN Server, SoftEther VPN Bridge, and VPN Gate Relay Service will be installed on your computer as system services. System services always run in the background. System services usually do not appear on the computer display. Then your computer system is booted, system services automatically start in the background even before you or other users log in. To check whether PacketiX-related system service is running, check the process list or the background service list of your OS (called as "Services" in Windows, or "Daemons" in UNIX.) You can activate, deactivate, start, or stop system services using the functions of the OS anytime. PacketiX-related GUI tools for managing system services communicate with these system services. After you terminate these management GUI tools, PacketiX-related system services will continue to run in the background. System services consume CPU time, computer power, memory and disk space. Because system services consume power, your electricity charges and amount of thermal of your computer increase as result. In addition, there is a possibility that the mechanical parts of the life of your computer is reduced.

시스템 서비스로서 컴퓨터에 설치되는 것은 SoftEther VPN Client, SoftEther VPN Server, SoftEther VPN Bridge, VPN Gate Relay Service입니다. 이것들은 항상 백그라운드에서 실행되며 컴퓨터가 부팅되면 로그인 전에도 백그라운드에서 자동으로 시작되어 실행됩니다. 이는 일반적으로 디스플레이 상 보이지 않습니다. 이로 인해 전력 소모, 컴퓨터 기기 수명 단축을 유발할 수 있으며 이를 중지 시키기 위해서는 본인이 운영체제의 실행 중인 프로세스 목록에 접근하여 중지시켜야 합니다.

 

2.1. SoftEther VPN Client
If you use SoftEther VPN Client on Windows, the Virtual Network Adapter device driver will be installed on Windows. The Virtual Network Adapter is implemented as a kernel-mode driver for Windows. The driver is digitally-signed by a certificate issued by VeriSign, Inc. and also sub-signed by Symantec Corporation. A message to ask you want to sure install the driver might be popped up on the screen. SoftEther VPN Client may response the message if possible. SoftEther VPN Client also optimizes the configuration of MMCSS (Multimedia Class Scheduler Service) on Windows. You can undo the optimizations of MMCSS afterwards.
2.2. SoftEther VPN Server / Bridge
If you use SoftEther VPN Server / Bridge on Windows with "Local Bridge" functions, you have to install the low-level Ethernet packet processing driver on the computer. The driver is digitally-signed by a certificate issued by VeriSign, Inc. and also sub-signed by Symantec Corporation. SoftEther VPN Server / Bridge may disable the TCP/IP offloading features on the physical network adapter for Local Bridge function. In Windows Vista / 2008 or greater version, VPN Server may inject a packet-filter driver which complies Windows Filter Platform (WPF) specification into the kernel in order to provide IPsec function. The packet-filter driver will be loaded available only if IPsec function is enabled. Once you enables IPsec function of SoftEther VPN Server, the built-in IPsec function of Windows will be disabled. After you disabled IPsec function of SoftEther VPN Server, then the built-in IPsec function of Windows will revive. In order to provide the Local Bridge function, SoftEther VPN Server / Bridge disables the TCP/IP offloading function on the operating system.
2.3. User-mode Installation
You can install SoftEther VPN Server and SoftEther VPN Bridge as "User-mode" on Windows. In other words, even if you don't have Windows system administrator's privileges, you can install SoftEther VPN as a normal user. User-mode install will disable a few functions, however other most functions work well. Therefore, for example, an employee can install SoftEther VPN Server on the computer in the office network, and he will be able to connect to the server from his home. In order to realize such a system by user-self, no system administrative privileges are required in the view-point of technical. However, breaking rules of the company to install software on the computer without authority might be regarded as an unfavorable behavior. If you are an employee and belong to the company, and the company-policy prohibits installing software or making communications towards Internet without permission, you have to obtain a permission from the network administrator or the executive officer of your company in advance to install SoftEther VPN. If you install VPN Server / Bridge as User-mode, an icon will be appeared on the Windows task-tray. If you feel that the icon disturbs you, you can hide it by your operation. However, you must not exploit this hiding function to install VPN Server on other person's computer as a spyware. Such behavior might be an offence against the criminal law.
2.4. Keep Alive Function
SoftEther VPN Server and SoftEther VPN Bridge has Keep Alive Function by default. The purpose of this function is to sustain the Internet line active. The function transmits UDP packets with a random-byte-array-payload periodically. This function is useful to avoid automatic disconnection on mobile or dial-up connections. You can disable Keep Alive Function anytime.
2.5. Uninstallation
The uninstallation process of SoftEther VPN software will delete all program files. However, non-program files (such as files and data which are generated by running of programs) ) will not be deleted. For technical reason, the exe and resource files of uninstaller might remain. Such remaining files never affects to use the computer, however you can delete it manually. Kernel-mode drivers might not be deleted, however such drivers will not be loaded after the next boot of Windows. You can use "sc" command of Windows to delete kernel-mode drivers manually.
2.6. Security
You should set the administrator's password on SoftEther VPN Server / Bridge after installation. If you neglect to do it, another person can access to SoftEther VPN Server / Bridge and can set the password without your permission. This caution might be also applied on SoftEther VPN Client for Linux.
2.7. Automatic Update Notification
SoftEther VPN software for Windows has an automatic update notification function. It accesses to the SoftEther Update server periodically to check whether or not the latest version of software is released. If the latest version is released, the notification message will be popped up on the screen. In order to achieve this purpose, the version, language settings, the unique identifier, the IP address of your computer and the hostname of VPN Server which is connected to will be sent to the SoftEther Update server. No personal information will be sent. Automatic Update Notification is enabled by default, however you can disable it on the configuration screen. The setting whether turned on or turned off will be saved individually corresponding to each destination VPN server, by VPN Server Manager.

 

 

2.8. Virtual NAT Function
A Virtual Hub on SoftEther VPN Server / Bridge has "Virtual NAT Function" . Virtual NAT Function can share a single IP address on the physical network by multiple private IP address of VPN Clients. There are two operation mode of Virtual NAT: User-mode and Kernel-mode. In the user-mode operation, Virtual NAT shares an IP address which is assigned on the host operating system. Unlike user-mode, the kernel-mode operation attempts to find DHCP servers on the physical network. If there are two or more physical networks, a DHCP server will be sought automatically for each segments serially. If a DHCP server found, and an IP address is acquired, the IP address will be used by the Virtual NAT. In this case, an IP entry as a DHCP client will be registered on the IP pool of the physical DHCP Server. The physical default gateway and the DNS server will be used by the Virtual NAT in order to communicate with hosts in Internet. In kernel-mode operation, a Virtual Hub has a virtual MAC address which is operating on the physical Ethernet segment. In order to check the connectivity to Internet, SoftEther VPN periodically sends DNS query packet to resolve the IP address of host "www.yahoo.com" or "www.baidu.com" , and attempts to connect to the TCP port 80 of such a resulted IP address for connectivity check.

↳ SoftEther VPN은 공유되는 IP 주소의 인터넷 연결 유효 여부를 확인하기 위해 주기적으로 yahoo나 baidu에 접속시킵니다.

 

2.9. Unattended Installation of Kernel-mode Components
When SoftEther VPN will detect a necessity to install the kernel-mode components on Windows, a confirmation message will be appeared by Windows system. In this occasion, SoftEther VPN software will switch to the Unattended Installation mode in order to respond "Yes" to Windows. This is a solution to prevent dead-locks when a remote-administration is performed from remote place.
2.10. Windows Firewall
SoftEther VPN software will register itself as a safe-program. Such an entry will be remain after the uninstallation. You can remove it manually from the Control Panel of Windows.
3. Internet Services
3.1. Internet Services which are provided by SoftEther Corporation
SoftEther Corporation provides Dynamic DNS, NAT Traversal and VPN Azure server services on the Internet. These services are free of charge. Customers can access to the services by using SoftEther VPN software, via Internet. These service will be planned to be available from Open-Source version of "SoftEther VPN" which will be released in the future.

 

 

3.2. Sent Information and Privacy Protection
SoftEther VPN software may send an IP address, hostname, the version of VPN software on the customer's computer to the cloud service operated by SoftEther Corporation, in order to use the above services. These sending of information are minimal necessary to use the services. No personal information will be sent. SoftEther Corporation records log files of the cloud service servers for 90 days at least with the received information. Such logs will be used for troubleshooting and other legitimate activities. SoftEther Corporation may provide logs to a public servant of Japanese government who are belonging to courts, police stations and the prosecutor's office, in order to comply such authorities' order. (Every Japanese public servants are liable by law to keep the information close.) Moreover, the IP addresses or other information will be processed statistically and provided to the public, not to expose the each concrete IP address, in order to release the release of research activities.

서비스 이용에 필요한 최소한의 정보인 IP 주소, 호스트 이름, 고객의 컴퓨터에 설치된 VPN 소프트웨어의 버전은 SoftEther Corporation에서 운영하는 클라우드 서비스에 전송될 수 있습니다. 개인 정보는 전송되지 않습니다. 수신된 정보는 최소 90일간 서버의 로그파일에 기록됩니다. 이는 법적 상황 등에 필요시 사용됩니다.

 

3.3. Communication Data via VPN Azure Service
Regardless of the above 3.2 rule, if the customer sends or receives VPN packets using VPN Azure Cloud Service, the actual payloads will stored and forwarded via the volatile memory of the servers for very short period. Such a behavior is naturally needed to provide the "VPN relay service" . No payloads will be recorded on "fixed" storages such as hard-drives. However, the "Wiretapping for Criminals Procedures Act" (The 137th legislation ruled on August 18, 1999 in Japan) requires telecommunication companies to allow the Japanese government authority to conduct a wire-tapping on the line. VPN Azure Servers which are physically placed on Japan are subjects of this law.
3.4. Comply to Japanese Telecommunication Laws
SoftEther Corporation complies with Japanese Telecommunication Laws as necessary to provide online services via Internet.
3.5. Free and Academic Experiment Services
SoftEther provides Dynamic DNS, NAT Traversal and VPN Azure as academic experiment services. Therefore, there services can be used for free of charge. These services are not parts of "SoftEther VPN Software Products" . These services are provided without any warranty. The services may be suspended or discontinued by technical or operational matters. In such occasions, users will not be able to use the services. A user have to understand such risks, and to acknowledge that such risks are borne by a user-self. SoftEther will never be liable to results or damages of use or unable-to-use of the service. Even if the user has already paid the license-fee of the commercial version of SoftEther VPN, such paid fees don't include any fees of these services. Therefore, if the online services will stop or be discontinued, no refunds or recoveries of damages will be provided by SoftEther Corporation.
3.6. DNS Proxy Cloud Servers
In some regions, when a user uses Internet, a DNS query sometimes broken or lost when it is passing through the ISP line. If SoftEther VPN Server, Client or Bridge detects a possibility that the accessing to the actual VPN server might be unstable, then DNS queries will be also transferred to the DNS proxy cloud servers which are operated by SoftEther Corporation. A DNS proxy cloud server will respond DNS queries with answering correct a IP address.
4. General Cautions
4.1. Needs an Approval from Network Administrator
SoftEther VPN has powerful functions which don't require special settings by network administrators. For example, you need not to ask the administrator to configure the existing firewall in order to "open" a TCP/UDP port. Such characteristic features are for the purpose to eliminate working times and costs of network administrators, and avoid misconfiguration-risks around the tasks to open specific exception ports on the firewall. However, any employees belong to the company have to obtain an approval from the network administrator before installs SoftEther VPN. If your network administrator neglects to provide such an approval, you can consider to take an approval from an upper authority. (For example, executive officer of the company.) If you use SoftEther VPN without any approvals from the authority of your company, you might have disadvantage. SoftEther Corporation will be never liable for results or damages of using SoftEther VPN.

 

 

4.2. Observe Laws of Your Country
If your country's law prohibits the use of encryption, you have to disable the encryption function of SoftEther VPN by yourself. Similarly, in some countries or regions, some functions of SoftEther VPN might be prohibited to use by laws. Other countries' laws are none of SoftEther Corporation's concern because SoftEther Corporation is an enterprise which is located and registered in Japan physically. For example, there might be a risk that a part of SoftEther VPN conflicts an existing patent which is valid only on the specific region. SoftEther Corporation has no interests in such specific region outside Japan's territory. Therefore, if you want to use SoftEther VPN in regions outside Japan, you have to be careful not to violate third-person's rights. You have to verify the legitimacy of the use of SoftEther VPN in the specific region before you actually use it in such region. By nature, there are almost 200 countries in the World, and each country's law is different each other. It is practically impossible to verify every countries' laws and regulations and make the software comply with all countries' laws in advance to release the software. Therefore SoftEther Corporation has verified the legitimacy of SoftEther VPN against the laws and regulations of only Japan. If a user uses SoftEther VPN in a specific country, and damaged by public servants of the government authority, SoftEther Corporation will never be liable to recover or compensate such damages or criminal responsibilities.

SoftEther VPN은 일본법에 한 해 적법성이 검증되어 있으며 이외 국가에서 사용 시 해당 국가의 상황에 따라 법적 문제가 발생할 가능성이 있습니다. 그렇기 때문에 사용 전 해당 지역에서 적법성을 확인하는 것이 필요합니다. 문제 발생 시 SoftEther Corporation에게는 책임이 없습니다.

 

5. VPN Gate Academic Experiment Project
(This chapter applies only on SoftEther VPN software package which contains the extension plug-in for VPN Gate Academic Experiment Project.)
5.1. About VPN Gate Academic Experiment Project
VPN Gate Academic Experiment Project is an online service operated for just the academic research purpose at the graduate school of University of Tsukuba, Japan. The purpose of this research is to expend our knowledge about the "Global Distributed Public VPN Relay Server" (GDPVRS) technology. For details, please visit http://www.vpngate.net/.
5.2. About VPN Gate Service
SoftEther VPN Server and SoftEther VPN Client may contain "VPN Gate Service" program. However, VPN Gate Service is disabled by default.
VPN Gate Service should be activated and enabled by the voluntary intention of the owner of the computer which SoftEther VPN Server or SoftEther VPN Client is installed on. After you activate VPN Gate Service, the computer will be start to serve as a part of the Global Distributed Public VPN Relay Servers. The IP address, hostname and related information of the computer will be sent and registered to the directory server of VPN Gate Academic Experiment Project, and they will be published and disclosed to the public. This mechanism will allow any VPN Gate Client software's user to connect to the VPN Gate Service running on your computer. While the VPN session between a VPN Gate Client and your VPN Gate Service is established, the VPN Gate Client's user can send/receive any IP packets towards the Internet via the VPN Gate Service. The global IP address of the VPN Gate Service's hosing computer will be used as the source IP address of such communications which a VPN Gate Client initiates.
VPN Gate Service will send some information to the VPN Gate Academic Experiment Service Directory Server. The information includes the operator's information which described in section 5.5, logging settings, uptime, operating system version, type of protocol, port numbers, quality information, statistical information, VPN Gate clients' log history data (includes dates, IP addresses, version numbers and IDs), log records of destination HTTP/HTTPS hostnames or IP addresses and port numbers of VPN Gate communications, and the version of the software. These information may be exposed on the directory. VPN Gate Service also receives a key for encoding which is described on the chapter 5.9 from the directory server.
5.3. Details of VPN Gate Service's Behavior
If you enable VPN Gate Service manually, which is disabled by default, the "VPNGATE" Virtual Hub will be created on the SoftEther VPN Server. If you are using SoftEther VPN Client and attempt to active VPN Gate Service on it, an equivalent program to SoftEther VPN Server will be invoked on the same process of SoftEther VPN Client, and the "VPNGATE" Virtual Hub will be created. The "VPNGATE" Virtual Hub contains a user named "VPN" by default which permits anyone on the Internet to make a VPN connection to the Virtual Hub. Once a VPN Client connects to the "VPNGATE" Virtual Hub, any communication between the user and the Internet will pass through the Virtual Hub, and transmitted/received using the physical network interface on the computer which SoftEther VPN Server (or SoftEther VPN Client) is running on. This will cause the result that a destination host specified by the VPN Client will identify that the source of the communication has initiated from the VPN Gate Service's hosting computer's IP address. However, for safety, any packets which destinations are within 192.168.0.0/255.255.0.0, 172.16.0.0/255.240.0.0 or 10.0.0.0/255.0.0.0 will be blocked by the "VPNGATE" Virtual Hub in order to protect your local network. Any packets which destinations are within 169.254.0.0/16, 224.0.0.0/4 or 100.64.0.0/10 will also be blocked for just in case. These packet filters except DNS, ICMP and ARP packets. Therefore, if you run VPN Gate Service on your corporate network or private network, it is safe because anonymous VPN Client users will not be permitted to access such private networks. VPN Gate Service also serves as relay for accessing to the VPN Gate Directory Server.
In order to make VPN Gate Service familiar with firewalls and NATs, it opens an UDP port by using the NAT Traversal function which is described on the section 1.2. It also opens and listens on some TCP ports, and some TCP and UDP ports will be specified as the target port of Universal Plug and Play (UPnP) Port Transfer entries which are requested to your local routers. UPnP request packets will be sent periodically. Some routers keep such an opened TCP/UDP port permanently on the device. If you wish to close them, do it manually.
VPN Gate Service also provides the mirror-site function for www.vpngate.net. This is a mechanism that a copy of the latest contents from www.vpngate.net" target="_blank">www.vpngate.net will be hosted by the mirror-site tiny HTTP server which is running on the VPN Gate Service program. It will register itself on the mirror-sites list in www.vpngate.net. However, it never relays any other communications which are not towards www.vpngate.net.
5.4. Communication between Internet via VPN Gate Service
VPN Gate Service provides a routing between users and the Internet, by using the Virtual NAT Function which is described on the section 2.8. VPN Gate Service sends polling Ping packets to the server which is located on University of Tsukuba, and the Google Public DNS Server which is identified as 8.8.8.8, in order to check the latest quality of your Internet line. VPN Gate Service also sends and receives a lot of random packets to/from the Speed Test Server on University of Tsukuba. These quality data will be reported to VPN Gate Directory Server, automatically and periodically. The result will be saved and disclosed to the public. These periodical polling communication are adjusted not to occupy the Internet line, however in some circumstances they might occupy the line.
5.5. Operator's Information of VPN Gate Service
If you activate VPN Gate Service on your computer, the computer will be a part of the Global Distributed Public VPN Relay Servers. Therefore, the Operator's administrative information of your VPN Gate Service should be reported and registered on the VPN Gate Service Directory. Operator's information contains the name of the operator and the abuse-reporting contact e-mail address. These information can be inputted on the screen if the VPN Gate configuration. Inputted information will be transmitted to the VPN Gate Directory Server, stored and disclosed to the public. So you have to be careful to input information. By the way, until you specify something as the operator's information, the computer's hostname will be used automatically as the field of the name of the operator, by appending the "'s owner" string after the hostname.
5.6. Observe Laws to Operate VPN Gate Service
In some countries or regions, a user who is planning to activate and operate VPN Gate Service, he are mandated to obtain a license or register a service from/to the government. If your region has such a regulation, you must fulfill mandated process before activating VPN Gate Service in advance. Neither the developers nor operators of the VPN Gate Academic Experiment Project will be liable for legal/criminal responsibilities or damages which are occurred from failure to comply your local laws.
5.7. Protect Privacy of Communication
Most of countries have a law which requires communication service's operators, including VPN Gate Service operators, to protect the privacy of communication of third-persons. When you operate VPN Gate Service, you must always protect user's privacy.
5.8. Packet Logs
The packet logging function is implemented on VPN Gate Service. It records essential headers of major TCP/IP packets which are transmitted via the Virtual Hub. This function will be helpful to investigate the "original IP address" of the initiator of communication who was a connected user of your VPN Gate Service, by checking the packet logs and the connection logs. The packet logs are recorded only for such legitimate investigates purpose. Do not peek nor leak packet logs except the rightful purpose. Such act will be violate the section 5.7.
5.9. Packet Logs Automatic Archiving and Encoding Function
The VPN Gate Academic Experiment Service is operated and running under the Japanese constitution and laws. The Japanese constitution laws demand strictly protection over the privacy of communication. Because this service is under Japanese rules, the program of VPN Gate Service implements this "Automatic Log File Encoding" protection mechanism, and enabled by default.
The VPN Gate Service is currently configured to encode packet log files which has passed two or more weeks automatically, by default. In order to protect privacy of communication, if a packet log file is once encoded, even the administrator of the local computer cannot censor the packet log file. This mechanism protects privacy of end-users of VPN Gate Service.
You can change the VPN Gate Service setting to disable this automatic encoding function. Then packet log files will never be encoded even after two weeks passed. In such a configuration, all packet logs will remain as plain-text on the disk. Therefore you have to take care not to violate user's privacy.
If you are liable to decode an encoded packet log files (for example: a VPN Gate Service's user illegally abused your VPN Gate Service and you have to decode the packet logs in order to comply the laws), contact the administrator of the VPN Gate Academic Experiment Service at Graduate School of University of Tsukuba, Japan. You can find the contact address at http://www.vpngate.net/. The administrator of VPN Gate Service will respond to decode the packet logs if there is an appropriate and legal request from court or other judicial authorities, according to laws.
The Packet Logs Automatic Archiving and Encoding Function may be disabled according to technical or administrative reason.
5.10. Caution if You Operate VPN Gate Service in the Japan's Territories
When a user operates VPN Gate Service in the Japan's territories, such an act may be regulated under the Japanese Telecommunication Laws if the operation is a subject to the law. However, in such a circumstance, according to the "Japanese Telecommunication Business Compete Manual [supplemental version]" , non- profitable operations of communications are not identified as a "telecommunication business" . So usual operators of VPN Gate Service are not subjects to "telecommunication business operators" , and not be mandated to register to the government.
5.11. VPN Gate Client
If SoftEther VPN Client contains the VPN Gate Client plug-in, you can use it to obtain the list of current operating VPN Gate Service servers in the Internet, and make a VPN connection to a specific server on the list.
VPN Gate Client always keeps the latest list of the VPN Gate Services periodically. Be careful if you are using a pay-per-use Internet line.
When you start the VPN Gate Client software, the screen which asks you activate or not VPN Gate Service will be appeared. For details of VPN Gate Service, read the above sections.
5.12. Caution before Joining or Exploiting VPN Gate Academic Experiment Project
The VPN Gate Academic Experiment Service is operated as a research project at the graduate school on University of Tsukuba, Japan. The service is governed under the Japanese laws. Other countries' laws are none of our concerns nor responsibilities.
By nature, there are almost 200 countries in the World, with different laws. It is impossible to verify every countries' laws and regulations and make the software comply with all countries' laws in advance to release the software. If a user uses VPN Gate service in a specific country, and damaged by public servants of the authority, the developer of either the service or software will never be liable to recover or compensate such damages or criminal responsibilities.
By using this software and service, the user must observe all concerned laws and rules with user's own responsibility. The user will be completely liable to any damages and responsibilities which are results of using this software and service, regardless of either inside or outside of Japan's territory.
If you don't agree nor understand the above warnings, do not use any of VPN Gate Academic Experiment Service functions.
VPN Gate is a research project for just academic purpose only. VPN Gate was developed as a plug-in for SoftEther VPN and UT-VPN. However, all parts of VPN Gate were developed on this research project at University of Tsukuba. Any parts of VPN Gate are not developed by SoftEther Corporation. The VPN Gate Research Project is not a subject to be led, operated, promoted nor guaranteed by SoftEther Corporation.
5.13. The P2P Relay Function in the VPN Gate Client to strengthen the capability of circumvention of censorship firewalls
VPN Gate Clients, which are published since January 2015, include the P2P Relay Function. The P2P Relay Function is implemented in order to strengthen the capability of circumvention of censorship firewalls. If the P2P Relay Function in your VPN Gate Client is enabled, then the P2P Relay Function will accept the incoming VPN connections from the VPN Gate users, which are located on mainly same regions around you, and will provide the relay function to the external remote VPN Gate Servers, which are hosted by third parties in the free Internet environment. This P2P Relay Function never provides the shared NAT functions nor replaces the outgoing IP address of the VPN Gate users to your IP addresses because this P2P Relay Function only provides the "reflection service" (hair-pin relaying), relaying from incoming VPN Gate users to an external VPN Gate Server. In this situation, VPN tunnels via your P2P Relay Function will be finally terminated on the external VPN Gate Server, not your VPN Gate Client. However, the VPN Gate Server as the final destination will record your IP address as the source IP address of VPN tunnels which will be initiated by your P2P Relay Function. Additionally, user packets which are transmitted via your P2P Relay Function will be recorded on your computer as packet logs as described on the section 5.8. After you installed the VPN Gate Client, and if the P2P Relay Function will be enabled automatically, then all matters on the 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 5.10, 5.11 and 5.12 sections will be applied to you and your computer, as same to the situation when you enabled the VPN Gate Service (the VPN Gate Server function). If your P2P Function is enabled, then your computer's IP address and the default operator's name which is described on the section 5.5 will be listed on the VPN Gate Server List which is provided by the VPN Gate Project. You can change these strings by editing the "vpn_gate_relay.config" file manually. Note that you need to stop the VPN Client service before editing it. The VPN Gate Client will automatically enable the P2P Relay Function on your computer if the VPN Gate Client detects that your computer might be located in regions where there are existing censorship firewalls. If you want to disable the P2P Relay Function, you must set the "DisableRelayServer" flag to "true" on the "vpn_client.config" file which is the configuration file of the VPN Client. Note that you need to stop the VPN Client service before editing it. The VPN Gate Client does not recognize the particular regulation of your country or your region. The VPN Gate Client activates the P2P Relay Function even if your country or your region has the law to restrict running P2P relay functions. Therefore, in such a case, you must disable the P2P Relay Function on the VPN Gate Client manually by setting the "DisableRelayServer" flag if you reside in such a restricted area, in your own responsibility.

댓글