VPN port forwarding is a powerful yet often misunderstood tool. It's commonly mistaken for traditional port forwarding, but the two are inherently different. VPN port forwarding enables specific types of network traffic to bypass the VPN tunnel and directly access a device or service on your local network, whether it's at home or in the office. It's especially helpful for applications that require direct incoming connections, such as:
- Hosting game servers
- Running web servers
- Remotely accessing security cameras or baby monitors when you’re not at home
- Engaging in peer-to-peer (P2P) file-sharing
- Bypassing firewalls or restrictions blocking access to specific websites or services
However, it's important to be cautious. When you use VPN port forwarding, you're essentially opening your devices to the open internet, which can pose security risks.
In this guide, we delve deeper into the differences between traditional port forwarding and VPN port forwarding, as well as show you how you can securely set up port forwarding on your router, allowing you to maximize its benefits without compromising your network's safety.
Jump to...
Port forwarding vs. VPN port forwarding
3 types of port forwarding
Automatic port forwarding: What’s UPnP?
Port forwarding vs. port triggering
Advantages of VPN port forwarding
Disadvantages of VPN port forwarding
How to set up port forwarding on your router
How to set up VPN port forwarding on your router
Port forwarding vs. VPN port forwarding
Port forwarding and VPN port forwarding are two distinct methods. Although the terms are often used interchangeably and are related, here's how they differ:
How does port forwarding work?
Device on the internet 🌐 → Router 🏠 → Device on the internal network 🖥️
Port forwarding is a technique that directs incoming traffic from specific ports on your router to a particular device within your network. This is useful for hosting servers or other applications that need to be accessible from the internet.
For example: You have a home server that you want to be accessible from the internet. You would forward the ports that your server uses to your router. This would allow anyone on the internet to access your server by connecting to your public IP address on those ports.
Here is a simplified explanation of exactly how port forwarding works:
- A device on the internet sends a request to a port on the router's public IP address.
- The router checks its NAT table (a table that maps private IP addresses to public IP addresses) to see if there is a port forwarding rule for the requested port.
- If there is, the router forwards the request to the internal IP address and port specified in the rule.
- The device on the internal network receives the request and responds.
- The router forwards the response back to the device on the internet.
How does VPN port forwarding work?
Device on the internet 🌐 → VPN server 🔐 → Router 🏠 → Device on the internal network 🖥️
VPN port forwarding is a similar technique, but it’s used to forward incoming traffic on specific ports to a device on a remote network through a VPN connection. This can be useful for accessing devices on a home network while you’re away, or for hosting servers on a remote network.
For example: You’re traveling for work and you need to access your home server. You would connect to your home VPN server. Once you’re connected, you would forward the ports that your server uses to the VPN client. This would allow you to access your server by connecting to the local IP address that the VPN client assigns to it.
Here is a quick overview of how VPN port forwarding works:
- A device on the internet sends a request to a port on the VPN server's public IP address.
- The VPN server checks its port forwarding table to see if there is a rule for the requested port.
- If there is, the VPN server forwards the request to the internal IP address and port specified in the rule.
- The device on the internal network receives the request and responds.
- The VPN server forwards the response back to the device on the internet.
Read more: How to set up a VPN on your router
Port forwarding vs. VPN port forwarding: What’s the difference?
The main difference between port forwarding and VPN port forwarding is that port forwarding is done at the router level, while VPN port forwarding is done at the VPN client level. This means that port forwarding will apply to all devices on the local network, while VPN port forwarding will only apply to the device (usually your router) that’s connected to the VPN.
Another difference is that port forwarding typically requires you to have a static public IP address from your ISP. This is because the router needs to know where to forward the incoming traffic. VPN port forwarding does not require a static public IP address, because the VPN server will assign a private IP address to the VPN client.
Here’s a quick summary of the key differences between port forwarding and VPN port forwarding:
| Port forwarding (home network) | VPN port forwarding | |
| Basic concept | Allows external devices to communicate with specific services or applications on devices within a local network. | Allows external devices to access specific ports on a device behind a VPN connection. |
| Scenario | Commonly used in home or small office networks. | Used when hosting services (e.g., web server, game server) are behind a VPN connection. |
| Network layers | Operates within the local network. | Involves both the local network and the VPN tunnel to the server. |
| Routing | Router forwards incoming requests based on port number. | VPN server acts as an intermediary, directing traffic based on port forwarding rules. |
| Security | Exposes specific ports on the router to potential security risks. Requires strong security measures (e.g., strong passwords, firewalls). | Traffic is encrypted within the VPN tunnel, providing an extra layer of security. |
| Device visibility | External devices communicate directly with the local device. | External devices communicate with the VPN server, which then forwards the traffic to the local device. |
| Typical use cases | Hosting game servers, web servers, or other services. | Hosting services that require a VPN connection (e.g., for privacy or security reasons). |
It's important to note that not all VPN services support port forwarding. In fact, ExpressVPN is one of the few high-quality VPN providers that offers router-based port forwarding. This means that you can use ExpressVPN to access your local network devices and services from anywhere in the world.
3 types of port forwarding
Port forwarding can be a helpful tool when networking. There are three types tailored for specific situations, and knowing them can help optimize network setups.
Here are the different types of port forwarding that also apply to VPN port forwarding:
1. Local port forwarding
Great for: Remote work, sharing files or services with others, bypassing censorship
Local port forwarding is the most common form of port forwarding. It involves directing traffic from a specific port on your router's public IP address to a designated port on a device within your internal network. This is particularly useful for hosting services on your home network, such as a web server or game server.
When applied to VPNs, local port forwarding allows you to host services on your home network and make them accessible to the public through the VPN. For example, you can forward port 443 (the standard port for secure HTTP traffic, known as HTTPS) from your router to the computer running the web server on your network. This means that users connected to the VPN can access the web server securely as if they were on your local network.
2. Remote port forwarding
Great for: Bypassing censorship, unblocking content, secure remote access
Remote port forwarding operates similarly to local port forwarding, but it directs traffic from a specific port on your router's public IP address to a designated port on a device within a different network. This is beneficial for gaining access to services on a remote network, such as a work network or a friend's home network.
For example, you could forward a range of ports on your router to a corresponding range on a file server at your workplace. This allows you to access files and services on your work network securely through the VPN, regardless of your physical location.
3. Dynamic port forwarding
Great for: Sharing files with others, playing multiplayer games, making VoIP calls
Dynamic port forwarding is a more complex form of port forwarding that allows you to direct traffic from a range of ports on your router's public IP address to a corresponding range on a device within your internal network. This is particularly useful for applications that require multiple open ports, such as P2P file-sharing applications.
For example, you might use dynamic port forwarding to enable a P2P file-sharing application on your home network. By forwarding a range of ports from your router to the computer running the file-sharing application on your network, you can securely share files with other users connected to the VPN.
Automatic port forwarding: What’s UPnP?
As we delve into VPN port forwarding, it's important to also consider Universal Plug and Play (UPnP). This widely used set of protocols allows devices to easily communicate and work together on a network without manual configuration.
UPnP essentially lets devices on the same network discover each other, share information, and open ports automatically. This can be useful in home and small office settings, but wouldn’t make sense in an office environment since a large number of devices would be taking up a lot of traffic. It’s also worth noting that while UPnP is convenient, it’s considered a lot less safe than traditional port forwarding.
This is because UPnP allows devices to open ports without explicit user consent or oversight. This means that if a malicious program or device gains access to the network, it could potentially exploit UPnP to open ports and expose the network to unauthorized access or attacks from the internet. Learn more about UPnP and why it’s considered unsafe.
Fortunately, UPnP isn’t the only way to facilitate automatic VPN port forwarding. Another option is port triggering, which provides a more secure alternative, albeit with some limitations.
Port forwarding vs. port triggering
Port triggering is more secure than UPnP because it only opens ports when a specific device on your network requests them. This is done by configuring a trigger port, which is a port that the device will use to initiate outgoing traffic. When the device sends traffic out on the trigger port, the router opens the incoming ports that the device needs. The ports remain open for a specified amount of time, or until the device stops sending traffic.
Port triggering is, therefore, a good option for applications where outgoing traffic is initiated from the device inside the network, such as gaming consoles and P2P file-sharing applications. This is because port triggering aligns with the natural flow of communication in these scenarios.
However, it is not a good option for applications where incoming traffic is initiated from the device outside the network, such as webcams and remote desktop applications. These applications require a steady and direct connection for external access. If you want to set up automatic port forwarding for these, UPnP may be a more suitable choice.
| Feature | Port triggering | UPnP |
| Security | More secure | Less secure |
| Ease of setup | More difficult to set up | Easier to set up |
| Device compatibility | Not all devices support port triggering | Most devices support UPnP |
Note: Assess UPnP, port forwarding, or port triggering and decide on your comfort level with the security risks before using them.
Advantages of VPN port forwarding
While both port forwarding and VPN port forwarding have their advantages, VPN port forwarding offers greater benefits. It provides extra security and flexibility, making it a more powerful way to manage network traffic.
| Advantages of port forwarding | Advantages of VPN port forwarding |
| Remote Access: Port forwarding is instrumental in enabling remote access to devices on a private network. For instance, it allows individuals to access their home computers or file servers while away from home. Additionally, it's essential for hosting online games or servers. Without port forwarding, these tasks would be impractical or impossible. | Enhanced security: VPN port forwarding takes the security aspect a step further. Unlike traditional port forwarding, where data is sent in plain text, VPN port forwarding encrypts the traffic. This encryption layer ensures that even if an attacker intercepts the data, it remains indecipherable. This significantly raises the bar for anyone attempting to exploit vulnerabilities in the private network's devices. |
| Improved performance: Port forwarding enhances the performance of specific applications that rely on inbound connections. For example, online games benefit significantly from direct connections. By forwarding specific ports, these applications can communicate more efficiently with the devices on the internet. Without port forwarding, they might encounter connectivity issues, resulting in slower speeds or even complete disconnections. | Unparalleled flexibility: One of the most significant advantages of VPN port forwarding is its unparalleled flexibility. It enables users to forward ports to devices on any network, regardless of their physical location. This means a device in one country can seamlessly communicate with a device in another, all thanks to the VPN server acting as an intermediary. It's a powerful tool for businesses with globally distributed resources or for individuals who require seamless connectivity across different networks. |
| Customized network services: Port forwarding allows users to customize their network services to suit their specific needs. Whether it's for video conferencing, accessing a surveillance camera, or running a web server, port forwarding lets users make their private network more versatile and adaptable to their requirements. | Resilience against DDoS attacks: By routing traffic through a VPN server, VPN port forwarding provides an additional layer of protection against Distributed Denial of Service (DDoS) attacks. The VPN server acts as a buffer, absorbing a portion of the attack traffic, thereby reducing the impact on the private network and ensuring uninterrupted operations. |
Disadvantages of VPN port forwarding
Despite their respective advantages, both port forwarding and VPN port forwarding come with their own set of drawbacks. The most significant concern centers around security risks.
Setting up port forwarding incorrectly can potentially expose your network to unauthorized access, making you more susceptible to hackers. With VPN port forwarding, there's the added consideration of bypassing some of the VPN's encryption, which can introduce an additional security risk.
| Disadvantages of port forwarding | Disadvantages of VPN port forwarding |
| Security risk: Port forwarding introduces a significant security risk if not configured correctly. When you forward ports, you're essentially creating openings in your firewall. If not properly managed, this can allow hackers to exploit vulnerabilities and potentially gain unauthorized access to your devices and sensitive data. | Reduced security: While VPN port forwarding provides flexibility, it does come at a cost in terms of security. By forwarding specific ports through the VPN, you essentially bypass the VPN's encryption for those particular ports. This means that any data transmitted through these ports is not afforded the same level of protection, potentially exposing it to interception or tampering. |
| Performance issues: Port forwarding can lead to performance issues, especially when forwarding a large number of ports. This is because the router or firewall has to work harder to process the increased traffic load. In scenarios where network resources are limited, this additional strain may result in slower network speeds and decreased overall performance. | Compatibility issues: While ExpressVPN offers router-based port forwarding to cater to specific needs, it's important to note that not all VPN providers offer this feature. Additionally, some providers might have restrictions on supported protocols or applications for port forwarding. Be sure to do your homework and only opt for a high-quality VPN that offers port forwarding. |
| Complexity: Setting up port forwarding can be a complex task, particularly for individuals who are not well-versed in networking concepts. The process involves configuring both the router and the target device to ensure proper communication. For users without prior networking knowledge, this can be daunting and time-consuming. | Performance overhead: VPN port forwarding can introduce some performance overhead to your VPN connection. This additional processing can lead to a slight reduction in overall performance. While the impact may be minimal for typical internet usage, it can be a consideration for users with high bandwidth requirements or sensitive applications. |
Considering the potential security risks involved, you're probably wondering if you should use port forwarding or VPN port forwarding. There's nothing inherently wrong with utilizing these features, provided you approach them with caution and ensure proper configuration on your router or VPN server.
How to set up port forwarding on your router
The exact steps of setting up port forwarding may vary depending on your router's brand and mode, so here's a general overview:
- Log in to your router's web interface: This is usually done by typing your router's IP address into a web browser: You can find your router's IP address by following these steps.
- Find the port forwarding section: This is usually located under a tab called “Port Forwarding”, “Port Triggering”, “Virtual Servers”, or “Applications”. It’s usually in the router’s settings.
- Add a new port forwarding rule: This is like giving directions to your router. You'll need to tell it:
-
- Service name: This is a name for the port forwarding rule. Give it a name such as “Web Server” or “Gaming”.
- Port number(s): This is the port number(s) that you want to forward (i.e. a specific address for the traffic). You can find the port numbers that you need to forward for specific applications or games by searching online. Alternatively, here’s a list of some of the common port numbers for Windows. If you’re a Mac user, you can also check Apple’s list of common ports.
- Protocol: This is the type of traffic that you want to forward, such as TCP or UDP.
- Internal IP address: This is the IP address of the device on your network that you want to forward the ports to. You can find the IP address of your device by running the ipconfig command in a command prompt window.
4. Save your changes: After filling in the details, save your changes. Your router will now know where to send specific types of traffic.
How to set up VPN port forwarding on your router
A more convenient method for opening ports on your router is through a VPN that supports port forwarding, like ExpressVPN. This is a simpler approach than manually configuring the router, especially when dealing with numerous ports for various games. It not only helps bypass NAT firewalls but also encrypts your internet connection.
You can choose to connect to the VPN either before or after applying port forwarding rules on your router. The objective is to protect your direct communication line from unverified requests and potential DDoS attacks.
If you're using a router with ExpressVPN, here's how to set up port forwarding:
- Sign in to your router with ExpressVPN installed.
- Go to Advanced Settings > Port Forwarding.
- Click on Add New Rule.
4. Provide the following details:
-
- Description: Give it a name for easy recognition.
- Device: Choose the device you want to access remotely.
- Internal Port: Specify a number between 1 and 65,535.
- External Port: Specify a number between 1 and 65,535.
- Protocol: Select your preferred protocol.
5. Click Save to add the new rule.
Your chosen device should now be accessible remotely using your public IP address and the external port you specified. To verify if port forwarding is successful, you can use ExpressVPN’s IP Address Checker to find your device’s public IP.
FAQ: About VPN port forwarding
Is VPN port forwarding safe?
What is the purpose of port forwarding?
- Hosting a game server: If you want to host a game server so that your friends can connect to it from the internet, you will need to forward the ports that the game uses.
- Running a web server: If you want to host a website or web application on your home computer, you will need to forward the ports that the web server uses.
- Accessing a remote desktop: If you want to be able to access your computer remotely from another location, you will need to forward the port that the remote desktop service uses.
- Using a P2P application: Some peer-to-peer applications, such as file-sharing applications and BitTorrent clients, require you to forward ports in order to function properly.
Port forwarding can also be used to improve the performance of some applications, such as online games and voice-over IP (VoIP) applications. By forwarding the ports that these applications use, you can reduce lag and improve the overall quality of service.
However, it’s important to note that port forwarding can also be a security risk. If you forward a port to a device that is not properly secured, it could be vulnerable to attack from the internet. Therefore, it is important to only forward ports to devices that you trust and to take steps to secure those devices.
Can you port forward with a VPN?
If your VPN provider does support port forwarding, you will need to set it up on both your router and your VPN app. The specific steps involved will vary depending on your router and the VPN provider you use, but you can usually find instructions on your VPN provider's support pages or website.
Once you’ve set up port forwarding on both your router and your VPN client, you should be able to access the services running on the device that you forwarded the port to from the internet.
Port forwarding vs. VPN: which one is better?
Port forwarding allows you to open certain ports on your router so that devices on the internet can access them. This is useful for hosting game servers, web servers, and other services that need to be accessible from the outside world.
A VPN encrypts your traffic and routes it through a remote server. This makes your online activity more private and secure. It also allows you to bypass geo-restrictions and access websites and services that are blocked in your region.
So, which one is better? It depends on your needs. If you need to host a game server or web server, then you need to use port forwarding. If you want to protect your privacy and security online, then you need to use a VPN. If you want to use a combination, you could try VPN port forwarding.
Does port forwarding improve speed?
This is because port forwarding allows you to open specific ports on your router and forward incoming traffic on those ports to a specific device on your local network. This can reduce the amount of time it takes for traffic to travel between your device and the internet, which can improve performance.
For example, if you’re hosting a game server, you will need to forward the ports that the game uses to your computer. This will allow other players to connect to your game server directly, which can reduce lag and improve the overall gaming experience.
Similarly, if you are using a VoIP application, such as Skype or Discord, you may need to forward the ports that the application uses to your computer. This can improve the quality of your voice calls and reduce the amount of lag you experience.
Take the first step to protect yourself online. Try ExpressVPN risk-free.
Get ExpressVPN
