What Is VPN Port Forwarding & How to Set It Up?

Port forwarding can be a great tool for unlocking new features on your internet router. It allows you to set up your router in a way that moves data a little more directly by bypassing some security features and sending the data straight to a specific device on your network.

If you’re someone who torrents a lot, or are a hardcore gamer, then getting a VPN with port forwarding is something that could be very beneficial to you. It’s also commonly used to host a site on your device or access your home computer remotely.

However, not every VPN (virtual private network) supports port forwarding because there are security risks that come with it. So, you’ll have to take careful consideration when choosing VPN port forwarding and the VPN service that you want to use.

Keep reading to learn more about port forwarding, what it is, and how you can set it up on your devices.

What is VPN port forwarding?

Port forwarding is a networking method that forwards traffic from one network junction to another, which then allows for external devices or services to be able to access computers on an internal private network. Port forwarding requires manual configuration and assignment of a port to selected traffic, which is then sent directly to the recipient through the configured port.

Users should be aware that port forwarding involves opening an additional port to the internet, which is a potential method for cyber attackers to get into your system. So, when you enable port forwarding, it could leave you vulnerable to attacks.

What is a port?

To understand port forwarding, you should first understand what port means. Ports are addresses that are assigned to apps and services by a device, which require input from the outside. For mathematical reasons, ports are numbered 0 to 65,535. The first 1024 ports are typically assigned to the most common services.

When your internet data is ready to be sent and received, the port number will be added to your device’s IP address, which will then allow the processes involved to know which data package is meant to go where.

How does VPN port forwarding function?

When using a VPN, the VPN server or the router controls the traffic passing in and out of the controlled system, making sure that real traffic reaches the secured endpoints while also blocking all other access to protect your online network from cyber threats.

This is called NAT, or network address translation. The VPN router or gateway acts as a NAT firewall, choosing which traffic is allowed to pass through or not. When port forwarding is enabled, the VPN server or network router directs traffic directly to a device on the internal network by opening up a specific port where the traffic is allowed to pass through.

Essentially, port forwarding is, in a way, exempt from the NAT rules because configuring port forwarding allows traffic to bypass the NAT.

Why even use port forwarding?

There are lots of reasons to use port forwarding, including many of the following:

• Hosting a website on your computer
• Form a direct connection on your gaming server
• Allow remote access to your desktop
• Allow other users to connect to your public server
• Watch a security camera or baby monitor from far away
• Improve torrenting upload and download speeds
• Improve gaming performance and lower ping
• Maintain uninterrupted and direct access to a VOIP call server

Difference between static and dynamic port forwarding

There are two kinds of ports: Static ports and dynamic ports.

When you use a dynamic port, the ports change every time there is a new connection. Dynamic ports allow providers to recycle the unused ports to reassign them. With a static port, however, this means that the ports do not change.

If you plan on using an ExpressVPN-configured router, it is better to use static ports when port forwarding so you won’t have to update port settings every time there is a new connection. It is also better to use a static port when torrenting for this same reason.

Dynamic ports are more useful than static ports when bypassing firewalls and restrictions, as they increase the range of ports available, which comes in handy if your firewall is set to block certain ports.

3 types of port forwarding

There are three types of port forwarding to be aware of:

Remote port forwarding: In this type, a remote port is forwarded to a local host, which lets your device connect from the server side of a tunnel. This is typically used for server hosting, remote desktop access, and more, but it can come with security risks.

Local port forwarding: With this one, a local port is forwarded to a remote host, thereby rerouting traffic from your device to another device. With local port forwarding, you can bypass the firewall and access services that you do not have access to but that the server or intermediary device does have access to.

Dynamic port forwarding: This works similarly to a proxy, which allows you to bypass your server’s firewall by connecting to a third-party server or device that is trustworthy. What sets it apart from remote or local port forwarding is that the port number is not chosen ahead of time but instead chosen dynamically at the point of connection.

Common applications of port forwarding 

Port forwarding can be used for many reasons, but these two are the most popular applications:

Hosting online services: If you are hosting a public website, port forwarding can be used to direct internet traffic to a selected port on a relevant device while the VPN is active. While the site might be protected by a VPN, this still allows internet users to access the local host.

Remote desktop access: One of the most common and best features of port forwarding is its ability to establish a direct connection between a local computer and a remote device. With this, you can access your computer from a distance, with great speeds, and feel as though you are physically present with your computer. However, this does present a big security risk.

Advantages of port forwarding

Service provisioning

Port forwarding allows you to set up a local host to launch a public online service, even if your VPN is turned on. This is particularly useful if your ISPs don’t give you a public IP address and could then be your only option for publishing a service online.

Easy remote access

Port forwarding allows remote devices online to access computers shielded by a VPN through the opening of a non-standard port. However, be aware that this poses security risks, and you should take necessary precautions.

Disadvantages of port forwarding 

Hogging to a service

If only one of your devices has exclusive access to a port that’s intended for a specific service, other devices on your network could end up blocked from using that same service.

Bypass VPN security

VPNs generally offer enhanced security measures to secure your internet connection, encrypt your data, and hide your IP address. However, by using port forwarding, you could be bypassing security measures in your VPN software that are necessary to protect you from cyber threats.

Potential entry point

As previously mentioned, port forwarding can leave you vulnerable to security threats, and one of those ways is by creating a potential entry point for those threats to come in. Hackers can get past your security since the open port will allow them open access past your firewall. Hackers especially look for accessible ports that they can get into.

Makes your devices a focal point for hackers

Once hackers sense that your device could be vulnerable, it can become a focal point for them to target continuously. You may find yourself spammed with malware threats, attempted data theft, and more.

Port forwarding for torrenting

VPNs use firewalls to help protect users online from malicious sites, but these firewalls can also make it impossible to torrent. When you come across servers labeled as P2P-optimized or friendly, this implies that these particular servers will let you access your torrents without the nuisance of being blocked by this firewall. Port forwarding also ensures that you can upload and download without the barrier of this firewall that may interfere with P2P sharing. Check out the best VPNs for torrenting here.

Port forwarding for remote desktop access

Some VPNs aren’t great for remote desktop access, and their services can sometimes interrupt remote access. But if you use port forwarding, you can set up a direct connection between the remote device and the local device without any interruptions from your VPN firewall.

To learn about the best VPNs for remote desktop access, read our article.

Setting up port forwarding on a router 

Each router may have some slight differences in the setup process, but this is the general process for how to set up port forwarding on your router:

1. Log into your router by entering your router’s IP address into the address bar.
2. Open the port forwarding settings panel where you will then see a list of empty port configurations.
3. Enter the internal and external port numbers of your chosen configuration. The numbers don’t have to match each other in most cases.
4. Once you have set the ports, enter the local IP address of the device you want to use the port for connecting to your network.
5. Now, you should be all set, and the router can redirect all requests sent to that specific port to your device without revealing your IP address.

Setting up port forwarding on a VPN server

Follow these instructions to set up port forwarding on a VPN server, but be aware to always check the specific instructions for the product you have at home.

1. Enter your IP address into your browser to open the router’s user interface.
2. Look for the Port Forwarding tab/screen.
3. What you enter will depend on the type of VPN protocol you are using:
   • WireGuard: Set the Port 51820 and Protocol to UDP.
   • PPTP: Set the local port to 1723 and Protocol to TCP for the PPTP itself, and Port 47 and Protocol “Other” for the GRE tunnel.
   • OpenVPN: The local port should be set to 1194, and the Protocol to UDP.
   • IKEv2: For this, set the port to 500 and the Protocol to UDP.
   • IPSec: For the IPSec VPN tunnel, set the local port to 500 and Protocol to UDP, and Port 4500 with UDP Protocol for the IPSec tunnel.
4. You should not be able to set up a VPN connection on a different computer by using the public IP address of the VPN’s server.

Is it safe to port forward with a VPN?

NAT firewalls are designed to keep your device safe, but port forwarding bypasses that firewall. While overall, you may still be safe, when you port forward with or without a VPN, you are opening yourself up to potential security risks.

How to port forward safely

There are precautions you can take to ensure that you port forward safely:

• Never share details of your port forward, including the public IP address or port number.
• Follow normal security best practices to try to keep yourself as secure as possible.
• Only open the ports you need because the more ports you have open, the more vulnerable you are to attack.
• Stay as anonymous as possible to protect your privacy.

3 best VPNs that allow port forwarding

1. ExpressVPN

ExpressVPN is our top pick for a VPN with port forwarding that includes great features and solid performance. The feature is only available on routers, and you will need v1 or v2, so make sure you have a router that’s compatible.

Features: ExpressVPN has a router applet feature, which makes installing a VPN on a router easier so you can configure port forwarding settings. It also allows up to 8 simultaneous connections, has P2P support, and offers unlimited bandwidth.

Speed: This VPN has impressively fast speeds thanks to its Lightway tunneling protocol so that you can have a pleasant experience torrenting and gaming.

Security: ExpressVPN has top-of-the-line security features that include military-grade encryption, a no-logs policy, a kill switch, DNS leak protection, and RAM-only servers.

Compatibility: ExpressVPN is compatible with most devices, including Windows, Mac, iOS, and Android, and can be installed on most routers and gaming consoles.

Pricing: This is a more expensive VPN, with prices starting at $6.67 per month, but it does come with a 30-day money-back guarantee.

2. PrivateVPN

PrivateVPN is a reliable and user-friendly VPN for port forwarding. With this VPN, the feature is always enabled, and you receive a port number at random that you can insert into the program you want.

Features: PrivateVPN has servers that support torrenting and have a Stealth VPN feature to hide that you’re using a VPN. It also allows for up to 10 simultaneous connected devices.

Speed: PrivateVPN utilizes OpenVPN protocols and has fairly decent and solid speeds that can be used for torrenting.

Security: This VPN has strong security features that include a kill switch, zero-logs policy, high levels of encryption, and more.

Compatibility: PrivateVPN can be used on routers, Windows, Mac, Android, iOS, Linux, and Kodi.

Pricing: Prices for PrivateVPN start at $2.00 per month and come with a 30-day money-back guarantee.

3. PureVPN

PureVPN is an excellent choice among VPNs that support port forwarding. Instead of doing manual router configuration, all you need to do is install the VPN, get the add-on, and enable the ports.

Features: PureVPN allows for up to 10 simultaneous connections and has a traffic obfuscation feature. It also has some servers that support P2P, but be aware that not all of them do.

Speed: PureVPN uses WireGaurd tunneling protocols, giving it very fast speeds that are perfect for torrenting.

Security: This VPN has all the top standard security features, including strong encryption, a kill switch, a no-logs policy, and more.

Compatibility: PureVPN is compatible with routers, gaming consoles, Mac, Windows, Android, iOS, and more.

Pricing: Prices for PureVPN start at $2.08 per month and come with a 31-day money-back guarantee.

FAQs

Conclusion

If you are someone who does a lot of torrenting or gaming, or if you need to access your desktop computer remotely on a regular basis, then using port forwarding is something that could be very useful for you. But make sure you’re aware of the risks before you jump in.

Not every VPN will support port forwarding, which is why we recommend a VPN service like ExpressVPN, which will give you the best experience possible when it comes to VPN port forwarding.