VPN gate: a volunteer-organized public VPN relay system with blocking resistance for bypassing government censorship firewalls

  • Authors:

  • Daiyuu Nobori;Yasushi Shinjo

  • Affiliations:

  • Department of Computer Science, University of Tsukuba, Japan;Department of Computer Science, University of Tsukuba, Japan

  • Venue:
  • NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
  • Year:
  • 2014

Quantified Score

Hi-index 0.00

Visualization

Abstract

VPN Gate is a public VPN relay service designed to achieve blocking resistance to censorship firewalls such as the Great Firewall (GFW) of China. To achieve such resistance, we organize many volunteers to provide a VPN relay service, with many changing IP addresses. To block VPN Gate with their firewalls, censorship authorities must find the IP addresses of all the volunteers. To prevent this, we adopted two techniques to improve blocking resistance. The first technique is to mix a number of innocent IP addresses into the relay server list provided to the public. The second technique is collaborative spy detection. The volunteer servers work together to create a list of spies, meaning the computers used by censorship authorities to probe the volunteer servers. Using this list, each volunteer server ignores packets from spies. We launched VPN Gate on March 8, 2013. By the end of August it had about 3,000 daily volunteers using 6,300 unique IP addresses to facilitate 464,000 VPN connections from users worldwide, including 45,000 connections and 9,000 unique IP addresses from China. At the time VPN Gate maintained about 70% of volunteer VPN servers as unblocked by the GFW.