VPN Gate: A Volunteer-Organized Public VPN Relay System with Blocking Resistance for Bypassing Government Censorship Firewalls
نویسندگان
چکیده
VPN Gate is a public VPN relay service designed to achieve blocking resistance to censorship firewalls such as the Great Firewall (GFW) of China. To achieve such resistance, we organize many volunteers to provide a VPN relay service, with many changing IP addresses. To block VPN Gate with their firewalls, censorship authorities must find the IP addresses of all the volunteers. To prevent this, we adopted two techniques to improve blocking resistance. The first technique is to mix a number of innocent IP addresses into the relay server list provided to the public. The second technique is collaborative spy detection. The volunteer servers work together to create a list of spies, meaning the computers used by censorship authorities to probe the volunteer servers. Using this list, each volunteer server ignores packets from spies. We launched VPN Gate on March 8, 2013. By the end of August it had about 3,000 daily volunteers using 6,300 unique IP addresses to facilitate 464,000 VPN connections from users worldwide, including 45,000 connections and 9,000 unique IP addresses from China. At the time VPN Gate maintained about 70% of volunteer VPN servers as unblocked by the GFW.
منابع مشابه
vpwns: Virtual Pwned Networks
User-accessed Virtual Private Network systems allow authorized users remote access to protected or otherwise privileged networks while avoiding dependence on ISPs along the route for data confidentiality and integrity. This direct expression of the internet’s end-to-end principle of security is generally accepted as a highly successful design. VPN services and technology advertising censorship ...
متن کاملElectron Government Affairs System Based on Vpn Technology
In the course of carrying out its mission the primary challenge facing e-gov is how to deliver secure online services to businesses and citizens. For this paper, the Virtual Private Network (VPN) will be the solution selected to deal with this challenge. VPN can resolve these issues by simplifying and speeding the delivery of on-line services and information to citizens, businesses, and inter-a...
متن کاملOn the Design and Implementation of Structured P2P VPNs
Centralized Virtual Private Networks (VPNs) when used in distributed systems have performance constraints as all traffic must traverse through a central server. In recent years, there has been a paradigm shift towards the use of P2P in VPNs to alleviate pressure placed upon the central server by allowing participants to communicate directly with each other, relegating the server to handling ses...
متن کاملRFC 4381 Security of BGP / MPLS IP VPNs February
This document analyses the security of the BGP/MPLS IP virtual private network (VPN) architecture that is described in RFC 4364, for the benefit of service providers and VPN users. The analysis shows that BGP/MPLS IP VPN networks can be as secure as traditional layer-2 VPN services using Asynchronous Transfer Mode (ATM) or Frame Relay. Behringer Informational [Page 1] RFC 4381 Security of BGP/M...
متن کاملLocation Aware Self-Adapting Firewall Policies
Private access to corporate servers from Internet can be achieved using various security mechanisms. This article presents a network access control mechanism that employs a policy management architecture empowered with dynamic firewalls. With the existence of such an architecture, system and/or network administrators do not need to reconfigure firewalls when there is a location change in user s...
متن کامل