Secure VPN Gateway a new solution to InterNet Security

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Absolutely Secure VPN Gateway

It's the most secure way to connect & now its free!

Connecting to secure systems over the Internet just got a whole lot safer and

* Need to connect numerous service providers to different components on your
network and
keep total control ?
* Need to provide easy access to busy staff members when they are away from the
office ?
* Want to have access to your home computer when your overseas ?
* Worried about SpyWare and maintaining security ?
* Looking for a VPN solution that is quick and easy to install ?

Stop looking !  This is the perfect solution

Download your free copy from here:

This is a VMware appliance so you'll need VM Player.  You can download you free
VM player
from here: /

Full documentation and support is available from here:

Secure VPN Gateway from TTC enables you to connect to applications and network
secured behind a firewall, without compromising security.

At TTC we have developed a secure VPN system that is suitable for everyone to
use.  There
is no tricky installation and no client configuration.  The whole product is can
be up and
running within a few minutes of downloading.  This save you time and allows you
to get on
with business.

The Secure VPN Gateway just requires a dhcp server to provide it with a network
With this information it configures itself and tells you how to access the
management web

The VPN client package learns everything directly from the Secure VPN Gateway.
started, the person using the Secure VPN client, is presented with a menu of
available network services.  Access is as simple as clicking a start button.

Our key to security.
Our extreme security comes from individually coded client packages that are
generated for
each user by the  Secure VPN Gateway.  This builds unique digital keys directly
into each
client package.  The built-in digital key improves security beyond that of many
clients because the user must have the correct client package (digital key), the
login name, and the correct password.  The digital key is never typed and all
communication is strongly encrypted, so “SpyWare” applications are unable to
break the
security.  This is of vital importance for people who use public computers to
corporate or private resources.

The Secure VPN gateway is configured and managed from an administration web page
where all
account setup functions are performed.  Administrators can create, edit, delete,
disconnect live users from this web page.  Network link rules are defined and
allocated to user accounts.  Network link rules provide a network description of
service that the user is connecting to.  The rule definition allows the
administrator to
use their own words to describe the link rule making it easily adaptable to ever
level of understanding.

For example; “Bob's human resource files” or “Corporate internal e-mail server”
than cryptic strings of numbers.

Help is only a click away

We have eliminated the most frustrating problem with downloaded software by
putting all
the documentation and access to the software developers right at your fingertips.

This is done through a free bulletin board where users can read and download
documentation.  They can also share their own experiences with using the
Posting issues and solutions for all users to share. Access to the bulletin
board is
provided directly from the Secure VPN Client and the Administration web page.

To post a topic/question you just need to register first.

How was it built
This VMware appliance has been built on top of the outstanding freeware
Smoothwall Express.  Written exclusively in Perl the TTC Secure VPN Gateway has
been in
development and testing for the past 24 months.

It was intended to run on a standalone server but thanks to the efficient
VMPlayer from
Vmware it can now be run under any environment where VMPlayer is supported.  The
significant market breakthrough here is the ability to deploy it as an
application on a
Microsoft Windows system.

Vmware workstation has played a vital part in the development and testing of the
Secure VPN Gateway.  We are delighted to be able to offer this application

How to get started
Once you have installed VMPlayer and downloaded the zip file
simply expand the zip file on the computer that will be hosting the VM-appliance.
Now start VMPlayer and open the VM appliance found under the

The appliance will start automatically.  When it is up and running a page of
will be displayed on the VMPlayer console.  Press enter to make sure the
information is up

The information on the console will show you three important details:
1.The external IP address of the Secure VPN Gateway.
2.The port forwarding rule to configure on your firewall (if you have one) to
enable the
VPN clients to communication with the Secure VPN Gateway.
3.The URL for accessing the management web page.

For example:
Secure VPN Controller
My external IP address is
If I am behind a firewall please set a port forwarding rule on the firewall as
inbound TCP port  ==>  TCP port : IP address
             2227  ==>  2227     :
Then access my web management interface and change the settings for the
interface” to firewall's external IP address.
The URL for my web management interface is:

When you access the management web page you will be prompted to login.

The default user name is : administrator
The default password is : admin123
(This can be changed from the “Manage the users of this page” menu option.)

Note# The full documentation and online help is available by clicking on the
words “Click
here for help” at the top right of the screen.

After logging in to the web page as the administrator, use the menu on the left
side of
your screen and click on “Change settings”.  Make sure that the “External IP”
address is
correct. If you will be accessing the Secure VPN Gateway through a firewall the
IP” should be set to the IP address that reaches the firewall from the Internet.

If you do not have a firewall then the “External IP” setting should be correct.

Now generate your first VPN Client kit by clicking on the Refresh keys icon for
administrator. And confirm that you want to proceed.  Now click on the red
download symbol
to receive a copy of the administrator VPN client kit.

Congratulations, this client kit can now be used to connect to Secure VPN
controller from
the Internet.

Now its time to “Click here for help” and download a copy of the Secure VPN
  This will explain how to:
Use the VPN client.
Create VPN Link Rules
Create user accounts
Even how to change the logos to your own.

Re: Secure VPN Gateway a new solution to InterNet Security

Quoted text here. Click to load it

If a man brags about his honesty, or a woman her virtue, avoid the former
and cultivate the latter.

IOW why the fuck should we trust you?


Re: Secure VPN Gateway a new solution to InterNet Security

Quoted text here. Click to load it

It's a joke: I've written to the website owner: and he's responded only that
it's Legitimate! Honest! I Promise! Ask me anyithing! And here's the website
with my non-existent documentation, all written by me!

Given the lack of documentation, source code, explanation of how it works,
and the apparent one-person operation, it's obvious that it's a start up
operation and lacks any pretense of code review that should be in place for
what is obviously a one-man operation, no one sane should be using it.

Also, since he's stated in his email to me that it "uses the OpenSSH"
protocol, I'm notifiying the OpenSSH authors that he's probably in violation
of the very limited OpenSSH licensing.

What a maroon!

Re: Secure VPN Gateway a new solution to InterNet Security

I just double-checked the license of OpenSSH, which states:

    *                    All rights reserved
    * As far as I am concerned, the code I have written for this software
    * can be used freely for any purpose.  Any derived versions of this
    * software must be clearly marked as such, and if the derived work is
    * incompatible with the protocol description in the RFC file, it must be
    * called by a name other than "ssh" or "Secure Shell".

I wrote to the website's public info address: it's obviously a one-man
operation, since David Gempton himself wrote back to me with this. (I'm not
posting the entire letter, because it's generally considered rude to post
the complete contents of a private email to a public newsgroup, even though
it's probably nto a copyright violation as some fools complain if you do

    This is a product that uses openssh protocols to provide encrypted
communication channels between clients - the secure gateway - and
network services on the same LAN as the secure gateway.

So I submit among its other weirdness, it's a violation of the very generous
OpenSSH license, since the software is closed source and makes no such
public notice. Moreover, since he's acting like this, I certainly wouldn't
want to use a security product from anyone this obviously such a fool. The
stuff obviously needs a complete public souce code publication to see just
what else he's done under the hood.

I've never heard of him before this crosspost to, where
I'm active. Can anyone here vouch for him?  Was this just a really, really
bad mistake?, or what? The only stuff I see in from the
same name is from 1997 and 1998, also from New Zealand address, so it might
be the same guy. But it's not as if this is from a well-respected,
well-known poster.

                   Nico Kadel-Garcia

Re: Secure VPN Gateway a new solution to InterNet Security

Quoted text here. Click to load it

Where to start??

- These are international newsgroups.

- Copyright law varies from jurisdiction to jurisdiction.

- Copyright law deals with the Rights To Copy (and to control when
copies are made.)

- In many jurisdiction, material is considered "published" if unrestricted
access to it is made available to even just one person in that
jurisdiction. For example, a letter sent to a *specific* (listed)
set of people is not usually considered to be "published", and
material made available only under NDA (Non-disclosure agreement)
{including in the course of employment} is not usually considered
"published", but if the material is made available without controls
(e.g., copies offered for public sale, a copy posted on the town
notice-board) then the material is usually considered "published".

- In many jurisdictions, publishing includes electronic dissemination

- In many jurisdictions, if a person submits an electronic document
to an automated copying mechanism, then that person is considered to
have made all of the copies that result without further human interaction

- Thus, in those jurisdictions, the action of posting a letter to
a Usenet newsgroup (which is, by definition, allowing uncontrolled access
to the letter) is considered to be one count of "publishing" the letter
for each automated copy that results -- even though only the person
only pressed "send" once.

- Hence, posting a letter to a Usenet newsgroup is considered by
many jurisdictions to be "copying" the letter and "publishing" it,
both done many times over. Therefore, the legal authority to post a
letter to Usenet is there considered a matter subject to Copyright law.
Copies are deemed to have been made, and the question then becomes
one of whether the poster had the legal right to make (trigger) those copies.

- Copyright law usually applies to "an original expression of an idea";
presuming that David Gempton did not use a form letter, his response
was likely sufficiently "creative" for copyright law to apply to the
parts of it that he himself phrased. Note that Copyright law does not
apply to the ideas themselves [*], only to the -expression- of them: the
actual words. [*] Exception: the entertainment industry especially is
increasingly pushing to restrict "derivative works" (originally
applicable only to translations and to substantial reproductions of the
original words...)

- We have by now established that Copyright law applies to the
situation [in many jurisdictions], and have reduced the question down
to one of whether the jurisdiction's local Copyright law would
permit the substantial reproduction of a previously-unpublished letter.

- The limits on reproduction vary from jurisdiction to jurisdiction.

-The US has its "Fair Use Doctrine" (which is not actually written
into law under that name); the boundaries of Fair Use are a bit
fuzzy in the USA, but case law has deemed copying of as little as
three lines of a short work to not be within the limits of Fair Use.
The publishing of large extracts of a longer work has rarely been
considered to be Fair Use except in cases of high Public Interest.
And increasingly, case law in the USA has been saying that even
in situations that were traditionally Fair Use (e.g., academic photocopying),
that if there is reasonable time available to ask permission for
the copying, that the permission must be sought [with some leeway
allowed for researched criticisms of a work whose author would likely
not grant copying permission in order to avoid the criticism.]

- Canada does not have any equivilent to the Fair Use Doctrine;
the "Fair Dealing" clauses are quite limited, and
the suggested letter-posting activity would not fall within the boundaries
of any of them

- US case law is sufficiently fuzzy that one could perhaps talk about
"probability" of a copying being within the limits of Fair Use
(and thus not a copyright violation in the USA), but Canadian law is
much more rigid, and it would essentially only be meaningful to
speak of reproducing a letter being "probably" a copyright violation in Canada
if the probabilities being referred to were zero (i.e., "not") and
one (i.e., "decidedly so".)

- In other words, posting a private letter to Usenet "probably" IS
a copyright violation -- unless one wishes to play games like
"Oh, my IP is from the USA but I'm really in a country that doesn't
have a copyright law and doesn't recognize any other country's
copyright laws."

Perhaps, Nico, you were thinking of a different matter: not whether it
would -be- a copyright violation, but rather what the likely legal
-consequences- would be for that violation.

For example, in Canada, if the original letter author bothered to do
anything, the most -likely- result of posting of an informative letter
from a non-famous person, would be a $C200 fine plus court costs and a
lecture to Don't Do It Again.  (Statutory $C50 per count, multiple
counts would be deemed, but the judge would have considerable leeway in
fixing the count; $C200 is about average for multiple count cases where
malicious publication is not established, sliding up to about $C800-
$C1000 if there were previous interpersonal spats but no monetary
gain from the publication.) Stronger penalties are definitely possible,
especially where there is monetary value involved, but the legal
standards of proof are also noticably higher than for the stat penalty.

Re: Secure VPN Gateway a new solution to InterNet Security

Walter Roberson wrote:

Quoted text here. Click to load it

Damn, no. The reason is a quite simple one: You cannot expect the sender
to be unwilling to allow publishment unless he explicitly stated so. By
posting a letter to someone you're actively putting it into public domain.

The reason why it's illegal under _zivil_ rights is that's an
unreasonable violation of privacy to publish someone else's private
information without even asking him first.

Re: Secure VPN Gateway a new solution to InterNet Security

Sebastian Gottschalk wrote:
Quoted text here. Click to load it

Hey, cut the crap guys, I want to buy this thing - does it work?!

Re: Secure VPN Gateway a new solution to InterNet Security

Read this first:

  Richard Silverman

Re: Secure VPN Gateway a new solution to InterNet Security

Rick Merrill wrote:
Quoted text here. Click to load it

I wrote Secure VPN Gateway.  It does work and in my opinion it works really
well. I
believe that I have addressed some security issues that other products have not.

My reason for posting to these three news groups is that they all focus on
security issues.  I hoped that members of these groups would also be focused on
rather than GPL trivia.

My product needs to be tested, poked, and prodded by people that really know the

In particular I'd like to know answers to these questions regarding the Secure
VPN Gateway:

1) Can you stage a man in the middle attack and successfully gain access to a
network services ?

2) Using some sort of spy ware (and not one you've written just for this
product) can you
automatically capture the ssh2 rsa file, username & password. Then use these to
access any
network services on the VPN gateway ?

3) Can anyone crack the Secure VPN gateway with whatever means they like and
then gain
access to any on the defined user network services ?

By "user network services" Im refering to the "Link rules" which are basic ssh
forwarding details.

Please note - Im really looking for constructive information here so please
provide full
details on how you managed to get around the security.  I plan to use the
information you
provide to make the product even more secure.  If I use your ideas, I'd like to
you in the product credits.

David Gempton.  - Programmer (Not Lawyer;)

Re: Secure VPN Gateway a new solution to InterNet Security

David Gempton wrote:

Quoted text here. Click to load it

With no usable documentation, no published source code, and due to the lack
of published source code, a complete violation of the GPL license for any
GPL components such as glibc or a Linux kernel. It's a blackbox from an
unknown author with no previous large scale products, making outrageous
claims about being "Absolutely Secure VPN Gateway".

There's not even an installation guide: that's just pitiful. Without source
code, we have to assume to assume that the rest of your work is equally lax
and poorly thought out. Nothing personal against you, but that's not how you
engender the necessary trust in potential clients or users.

Quoted text here. Click to load it

Then publish your source, or do what a closed source software company must
do: hire experts to review it. No one sane is going to vouch for it without
access to the source.

Quoted text here. Click to load it

No, you're really not. You're looking for validation by some of the really
sharp people available here of your personal little black box security tool.
With no documentation and no source, this is like asking for a restaurant
review and not even showing people the menu, only showing them the sign on
the door.

I've just downloaded Smoothwall Express, and guess what? It's GPL Licensed,
and by failing to publish your source code to people using your software,
you're clearly in violation. I'm notifying them immediately.

                     Nico Kadel-Garcia

Re: Secure VPN Gateway a new solution to InterNet Security

Quoted text here. Click to load it

Why the artificial restriction "not one you've written just for this product"?
Do you think attackers don't write attacks against specific products?

Elvis Notargiacomo  master AT barefaced DOT cheek /
    One of my other 11 computers runs Minix.

Re: Secure VPN Gateway a new solution to InterNet Security

all mail refused wrote:
Quoted text here. Click to load it
Thats a fair point.

I guess I was thinking along the lines of public Internet places (like Internet
where the spyware that may be installed is going to be more general. Like

Im sure that given a little information about how my software handles security
it would
not be difficult to write a very targeted application that could obtain a copy
of the
security details.

This is an area that I am currently working on improving.  My aim is to come up
with a
connection model that mutates every time its used.  So even if you get a copy of
security details they will be of no use if you try and use them again.

- David Gempton.

Re: Secure VPN Gateway a new solution to InterNet Security

Quoted text here. Click to load it

Ahh. Security through obscrutityy, *AND* violation of the GPL of the
SmoothWall Express software you're pirating. (And you're blatantly in
violation of the GPL on their software, by your own admission of using it
and your failure to publish your source code along with your downloads.)

And this guy wonders why no one will take it seriously as the "ABSOLUTELY
SECURE VPN" he advertises it as. Sheesh!

Re: Secure VPN Gateway a new solution to InterNet Security

Quoted text here. Click to load it

Copyright infringement and (lack of) license compliance in a product
that you are selling is "trivia"?

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Re: Secure VPN Gateway a new solution to InterNet Security

Darren Tucker wrote:
Quoted text here. Click to load it

Don't forget the lack of usable documentation, installation instructions,
and source code.

Re: Secure VPN Gateway a new solution to InterNet Security

Nico Kadel-Garcia wrote:
Quoted text here. Click to load it

I must thank you for your firm encouragement to get the licensing issues sorted
out.  I
believe that I'm now well on the way to having it properly GPL licensed.

I say "on the way" because at this stage nobody has reviewed my efforts to make
comply with GPL Version 2.

One of my concerns was around the distribution of SmoothWall Express 2.0 as a
virtual machine.  So far the SmoothWall community have said that this is not in
breach of
their Free Software License.

The documentation is going to be an ongoing project. I am now starting to
receive e-mails
from some people that are using the software and this has highlighted areas
where I have
not documented things well enough.

As always you can download the Secure VPN Gateway from

Many thanks
David Gempton.

Re: Secure VPN Gateway a new solution to InterNet Security

David Gempton wrote:
Quoted text here. Click to load it

Firm encouragement? I thought I was chastising you. But getting the GPL
straightened out is a big deal.

Quoted text here. Click to load it

That's because you haven't published source code, unless you've stuffed it
all inside that VMware module, and no one sane is going to install that
without some better breakdown of what it does and what's in it. VMware
installations can trash your system but hard! As such, they

Quoted text here. Click to load it

But didn't you modify it? Where is your source code if you did? And where is
the acknowledgement in your documentation of the source for the software, if
you didn't modify it? And who exactly are you referring to as "the
SmoothWall community"? It had better include some of the actual authors, or
their lawyers, not just some mailing list members!

This newsgroup from which I'm writing,, is unusual in that
it has actual authors of OpenSSH and other utuilities on it. But you
shouldn't take a random post from, say, *ME* as any kind of software
copyright permission, and I hope you're being more careful with those legal
issues than you were in your public claim of "Absolutely Secure" software.

Quoted text here. Click to load it

They shouldn't have to be writing this stuff! A simple white paper on how it
works, and most especially the source code, would allow people to give some
of that feedback you crave. But asking the OpenSSH community especially to
review and report on the feasibility of man-in-the-middle attacks without
even a white paper to work from is.... nuts.

Quoted text here. Click to load it

And the documentation is still pitiful, although it's beginning to improve.
Instead of hiding the various files in the
directory and only accessing them web links from elsewhere, why not make
that directory browseable? That way, the PDF's and binaries you put there
can be accessed without your having to organize and maintain links to them?

Look, David, I've got nothing personal against you or your development
efforts. The fact that you're posting here is an indication that you're
actually trying to get your stuff working: But that lack of source code is
killing your credibility, in my personal opinion. It's one of the factors
you've simply not properly addressed. Many of the best modern security
tools, like OpenSSH and Triipwire and SELinux, rely heavily on their public
nature to point out potential vulnerabilities. You've apparently ignored
that and kept your code private, even though you apparently also built it on
top of GPL based tools such as SmoothWall Express. That's not just
dangerous, it's insulting to open source developers.

If you won't share your code, why should they share their valuable time
reviewing your product?

Re: Secure VPN Gateway a new solution to InterNet Security

Quoted text here. Click to load it

Off-topic, and I Am Not A Lawyer, but a followup. The questions of email and
Usenet copyright are quite old, and pretty well described at this antique
FAQ: /

In particular, this note makes sense to me:

    3.8) Are Usenet postings and email messages copyrighted?

    Almost certainly.  They meet the requirement of being original works of
    authorship fixed in a tangible medium of expression (see section 2.3).
    They haven't been put in the public domain; generally, only an
    of copyright or an unambiguous declaration by an author is sufficient to
    place a work into public domain.

There is then considerably more detail about what constitutes a violation of
the existing copyright. My nose is completely clean due to the "fair use"
doctrine, for reasons better described there. Admittedly, this probably is
not New Zealand law, but I'm sticking with my own country's laws for
safety's sake.

Re: Secure VPN Gateway a new solution to InterNet Security

Quoted text here. Click to load it

Actually that's just the license for a subset of the files.  The copyright
is held by a number of people (including, for recent Portable versions, me)
and while each file has its own license, a summary is available in the
file "LICENCE".  It says, in part:

"The licences which components of this software fall under are as
follows.  First, we will summarize and say that all components
are under a BSD licence, or a licence more free than that.

OpenSSH contains no GPL code."

Quoted text here. Click to load it

Their use of OpenSSH is probably OK (I say "probably" because I'm not a
lawyer and am not the copyright holder of most of it).

A more interesting question is: what about the other components that
they use?  They appear to be using at least the Linux kernel which most
definitely *is* GPLed (and most Linux-based systems use many other GPLed
components in addition to just the kernel).

I downloaded the zip file and it contains only vmware images and no source
code.  Can someone who has run it confirm whether or not the source for
the GPL'ed (and LGPL'ed) parts is available?

(Followup-To: set)

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Re: Secure VPN Gateway a new solution to InterNet Security

Quoted text here. Click to load it

Never trust anything Described in Capitalized Superlatives!

  Richard Silverman

Site Timeline