VPN Ports & Port Forwarding: TCP/UDP 443, 80, 53, 25, 22, 21
Note: List of the best VPN providers that support custom ports is included below.
In computer networking, a port serves as a communication endpoint for each specific application or process. Only one process may bind to a specific IP address and port combination using the same transport protocol. Typical application failures, sometimes called port conflicts, occur when multiple programs attempt to bind to the same port numbers on the same IP address using the same protocol.
Common applications/processes often use specifically reserved port numbers for receiving service requests from clients:
HTTPS (TLS/SSL) – 443 TCP/UDP
HTTP – 80 UDP/TCP
OpenVPN – 1194 TCP/UDP
PPTP – 1723 TCP/UDP
L2TP – 1701 UDP
SSTP – 443 TCP
Cisco IPsec – 1293 TCP/UDP, 500 TCP/UDP
IKEv2 (Internet Key Exchange) – 500 TCP/UDP
IPsec Nat Traversal – 4500 UDP
SSH tunnel – port 22
SOCKS proxy – 1080 TCP
Obfsproxy – dynamic (custom setup)
BitTorrent – 6881-6889 TCP
SMTP – 25 TCP/UDP
DNS – 53 UDP
Since default configurations for specific processes are well known, network admins can easily block certain ports to restrict a particular traffic. For instance, when 1194 port is blocked, OpenVPN doesn’t work unless VPN software can forward OpenVPN traffic via a port that is open.
So in order to bypass restrictive firewalls that block ports (college and corporate networks, for instance), VPN providers offer port forwarding typically to 443, 80, 53, 22 ports:
21: FTP (File Transfer Protocol)
22: SSH (Secure Shell)
PORT FORWARDING TO PORT 443
Forwarding VPN traffic to port 443 is the best way to bypass firewall restrictions since port 443 is used for encrypted TLS/SSL traffic by default. In other words, web browsers establish secure HTTPS connections using port 443. So as long as access to https:// websites is not restricted, port 443 is open. Additionally, since port 443 is used for encrypted communication, VPN traffic sent over 443 will sort of “blend in” with the rest (deep packet inspection can still detect it, of course).
PORT FORWARDING TO PORT 22
Port 22 is reserved for SSH (Secure Shell) traffic. SSH is an encrypted network protocol that allows network services to operate securely over an unsecured network. Since SSH traffic is secure traffic, port 22 is a good alternative to port 443. However, port 22 may be blocked on restrictive networks as it is not necessary for regular browsing activities.
PORT FORWARDING TO PORT 80
Port 80 is used for unencrypted communication – HTTP (Hypertext Transfer Protocol). In other words, HTTP port 80 is used to access http:// websites. For this reason, just like port 443, port 80 is never blocked. Since HTTP traffic is not secure, however, VPN traffic going through port 80 will stand out. This is generally not an issue, but forwarding encrypted OpenVPN data over port 80 may draw attention on networks that are being monitored.
PORT FORWARDING TO PORT 53
Port 53 is used by DNS servers to translate domain names into corresponding IP addresses. For example, when accessing Facebook, DNS converts https://www.facebook.com into 188.8.131.52. DNS servers have data set restrictions (upped and lower case letters, numbers and hyphens only) that need to be converted before transmission along with other limitations that lead to inefficient data transfers. So even if ISP overlooked filtering DNS traffic, enabling port forwarding on a DNS server makes no sense. Sending atypically heavy VPN traffic over DNS will draw attention. Since port 443 and port 80 are always open, they are a much better alternative comparing to port 53.
TCP vs UDP
Long story short: TCP is heavier and slower than UDP. UDP is a preferred choice for speed, TCP is preferred when Internet connection is unstable.
TCP provides highly reliable, ordered, and checked for error delivery of information between applications. TCP is a connection based protocol which means that TCP first establishes a connection between two devices and only then sends data. Additionally, TCP performs flow control, error detection and correction to ensure that all packets are delivered. All data transferred via TCP is guaranteed to be delivered in the same order it was sent. TCP is heavier, its header size is 20 bytes while UDP is only 8 bytes. All of the above causes network overhead and makes TCP much slower. TCP is an excellent choice on unreliable networks, however, since TCP will check for lost packets and automatically resend them.
UDP is a more efficient protocol since it doesn’t establish a direct channel between two devices, it provides a connectionless datagram service that emphasizes reduced latency over reliability. UDP only sends information, but does not care if it ever reaches the intended destination or gets lost in the process, avoiding the overhead of error processing at the network interface level. Since UDP does not take time to establish connection, never checks for errors and does not track the packets, time-sensitive applications (gaming, streaming, VoIP) often use UDP because dropping packets is preferable to waiting for delayed packets. Sounds bad, right? Not really since the packets are virtually never lost in real life unless the Internet connection is unreliable.
MONTHLY PRICE: 9.95 USD
ANNUAL PRICE: 59.95 USD
Hide.me is one the most popular VPN providers on the market with servers in USA, Canada, UK, Europe, Asia, Australia. Based in Malaysia, Hide.me is a zero logs company that has custom software with a built-in Kill Switch and DNS Leak protection. The provider accepts Bitcoin along with about 100 other payment options and does an excellent job in providing fast secure encrypted network, hence, keeping its position as the best VPN service. To read a full Hide.me review click HERE.
MONTHLY PRICE: 6.95 USD
ANNUAL PRICE: 2.91 USD/mo
PIA is a leading zero logs VPN provider with a massive amount of servers (over 3,000) that deliver excellent speeds and a very reliable service. PIA NAT Firewall does a great job protecting from cyber attacks, built-in Kill Switch and DNS leak protection features secure connection from unexpected data leaks. PIA software offers switching between UDP and TCP connections types, port forwarding to 443, 80, 110, 53, 8080, 9201. For faster streaming and torrenting, PIA allows using 128-bit or 256-bit encryption level. To read a full PIA review click HERE.
MONTHLY PRICE: 12.95 USD
ANNUAL PRICE: 99.95 USD
MONTHLY PRICE: 13.49 Euro
ANNUAL PRICE: 124.95 Euro
Perfect Privacy is a VPN provider with a heavy focus on advanced online security. Besides OpenVPN, PPTP, L2TP/IPsec and IPsec/IKEv2, Perfect Privacy also offers SSH, SOCKS5 and Squid proxies on all of their servers. What really separates them from the standard setup, though, is their ability to resolve .onion (TOR) addresses without the need for the Tor Browser. Perfect Privacy Integrated Firewall enforces all traffic to be sent through secure tunnels thereby protecting their users from all known IP leaks. In addition, Perfect Privacy offers a unique Multi-Hop VPN feature that allows cascading over up to 4 OpenVPN servers at the same time. To read a full Perfect Privacy review click HERE.
MONTHLY PRICE: 10 USD
ANNUAL PRICE: 69.95 USD
StrongVPN, a reputable company with 20 years of history, is now a zero-logs VPN provider offering OpenVPN, IPsec, PPTP and L2TP protocols along with OpenVPN obfuscation tools in order to bypass restrictions in countries like China, Iran, Syria. With almost 500 servers in 21 countries StrongVPN offers an impeccable speed for streaming Netflix, Hulu, HBO, Pandora, Amazon Video and many other services as well as torrenting. To read a full StrongVPN review click HERE.
MONTHLY PRICE: 4.55 EURO
ANNUAL PRICE: 35.10 EURO
AirVPN is an Italian VPN provider created by privacy activists whose main goal is data protection. AirVPN has over 100 servers in 23 countries that have Perfect Forward Secrecy through Diffie-Hellman key exchange DHE. Essentially key negotiation is performed every 60 minutes to avoid data breach if the key is compromised. Additionally, AirVPN offers OpenVPN over SSH and OpenVPN over SSL that mask OpenVPN and make the use of encryption tools invisible to some of the most advanced firewalls. To read a full AirVPN review click HERE.
MONTHLY PRICE: 9.95 USD
ANNUAL PRICE: 99.95 USD
OverPlay is a VPN provider with a heavy focus on high-speed secure streaming and gaming. With a single subscription OverPlay offers a VPN service that shields users from cybercrime along with a SmartDNS service that gives access to 150 streaming channels. OverPlay custom apps allow switching to faster ports and display ping times for each server that allows OverPlay users to chose the fastest server based on their location. To read a full OverPlay review click HERE.
MONTHLY PRICE: 7.99 USD
ANNUAL PRICE: 35.88 USD
Zero-logs Trust.Zone is a Seychelles based VPN provider with user privacy as their foremost priority. Since Trust.Zone is a VPN service launched by one of the largest torrenting websites ExtraTorrent, it’s no wonder they are one of the best providers for p2p file sharing. Their apps have DNS, WebRTC leaks protection, Kill Switch and port-forwarding features. To read a full Trust.Zone review click HERE.