VPN Ports & Port Forwarding: TCP/UDP 443, 80, 53, 25, 22, 21
Note: List of the best VPN providers that support custom ports is included below.
In computer networking, a port serves as a communication endpoint for each specific application or process. Only one process may bind to a specific IP address and port combination using the same transport protocol. Typical application failures, sometimes called port conflicts, occur when multiple programs attempt to bind to the same port numbers on the same IP address using the same protocol.
Common applications/processes often use specifically reserved port numbers for receiving service requests from clients:
HTTPS (TLS/SSL) – 443 TCP/UDP
HTTP – 80 UDP/TCP
OpenVPN – 1194 TCP/UDP
PPTP – 1723 TCP/UDP
L2TP – 1701 UDP
SSTP – 443 TCP
Cisco IPsec – 1293 TCP/UDP, 500 TCP/UDP
IPsec/IKEv2 (Internet Key Exchange) – 500 TCP/UDP
IPsec Nat Traversal – 4500 UDP
SSH tunnel – port 22
SOCKS proxy – 1080 TCP
Obfsproxy – dynamic (custom setup)
BitTorrent – 6881-6889 TCP
SMTP – 25 TCP/UDP
DNS – 53 UDP
Since default configurations for specific processes are well known, network admins can easily block certain ports to restrict a particular traffic. For instance, when 1194 port is blocked, OpenVPN doesn’t work unless VPN software can forward OpenVPN traffic via a port that is open.
So in order to bypass restrictive firewalls that block ports (college and corporate networks, for instance), VPN providers offer port forwarding typically to 443, 80, 53, 22 ports:
21: FTP (File Transfer Protocol)
22: SSH (Secure Shell)
PORT FORWARDING TO PORT 443
Forwarding VPN traffic to port 443 is the best way to bypass firewall restrictions since port 443 is used for encrypted TLS/SSL traffic by default. In other words, web browsers establish secure HTTPS connections using port 443. So as long as access to https:// websites is not restricted, port 443 is open. Additionally, since port 443 is used for encrypted communication, VPN traffic sent over 443 will sort of “blend in” with the rest (deep packet inspection can still detect it, of course).
PORT FORWARDING TO PORT 22
Port 22 is reserved for SSH (Secure Shell) traffic. SSH is an encrypted network protocol that allows network services to operate securely over an unsecured network. Since SSH traffic is secure traffic, port 22 is a good alternative to port 443. However, port 22 may be blocked on restrictive networks as it is not necessary for regular browsing activities.
PORT FORWARDING TO PORT 80
Port 80 is used for unencrypted communication – HTTP (Hypertext Transfer Protocol). In other words, HTTP port 80 is used to access http:// websites. For this reason, just like port 443, port 80 is never blocked. Since HTTP traffic is not secure, however, VPN traffic going through port 80 will stand out. This is generally not an issue, but forwarding encrypted OpenVPN data over port 80 may draw attention on networks that are being monitored.
PORT FORWARDING TO PORT 53
Port 53 is used by DNS servers to translate domain names into corresponding IP addresses. For example, when accessing Facebook, DNS converts https://www.facebook.com into 22.214.171.124. DNS servers have data set restrictions (upped and lower case letters, numbers and hyphens only) that need to be converted before transmission along with other limitations that lead to inefficient data transfers. So even if ISP overlooked filtering DNS traffic, enabling port forwarding on a DNS server makes no sense. Sending atypically heavy VPN traffic over DNS will draw attention. Since port 443 and port 80 are always open, they are a much better alternative comparing to port 53.
TCP vs UDP
Long story short: TCP is heavier and slower than UDP. UDP is a preferred choice for speed, TCP is preferred when Internet connection is unstable.
TCP provides highly reliable, ordered, and checked for error delivery of information between applications. TCP is a connection based protocol which means that TCP first establishes a connection between two devices and only then sends data. Additionally, TCP performs flow control, error detection and correction to ensure that all packets are delivered. All data transferred via TCP is guaranteed to be delivered in the same order it was sent. TCP is heavier, its header size is 20 bytes while UDP is only 8 bytes. All of the above causes network overhead and makes TCP much slower. TCP is an excellent choice on unreliable networks, however, since TCP will check for lost packets and automatically resend them.
UDP is a more efficient protocol since it doesn’t establish a direct channel between two devices, it provides a connectionless datagram service that emphasizes reduced latency over reliability. UDP only sends information, but does not care if it ever reaches the intended destination or gets lost in the process, avoiding the overhead of error processing at the network interface level. Since UDP does not take time to establish connection, never checks for errors and does not track the packets, time-sensitive applications (gaming, streaming, VoIP) often use UDP because dropping packets is preferable to waiting for delayed packets. Sounds bad, right? Not really since the packets are virtually never lost in real life unless the Internet connection is unreliable.
PIA is a leading no logs VPN provider with a massive amount of servers (over 3,000) that deliver excellent speeds and a very reliable service. PIA VPN does a great job protecting users’ privacy from surveillance, cyber attacks and other online threats. PIA network is protected behind NAT Firewall. Native apps offer a built-in Kill Switch and DNS leak protection features to secure connection from unexpected data leaks. PIA software also offers switching between UDP and TCP connections types, port forwarding to 443, 80, 110, 53, 8080, 9201. For faster streaming and torrenting, PIA allows using 128-bit or 256-bit encryption levels. To read a full PIA review click HERE.
MONTHLY PRICE: 8.99 USD
ANNUAL PRICE: 4.49 USD/mo [promocode]
Offering over 3,000 servers in 50 countries, all mainstream protocols and 5 simultaneous connections, TorGuard rightfully earned its place as a top VPN provider. No logs TorGuard offers a reliable, fast and secure VPN connection. Their SOCKS5 proxy is an excellent feature for high speed multimedia streaming and torrenting as it integrates with the main BitTorrent applications. TorGuard native apps offer advanced security features like Kill Switch to ensure no data leaks, even when the connection drops, and port forwarding to custom TCP/UDP ports. TorGuard’s StealthVPN protocol is an effective tool to bypass strict firewalls and VPN blocking. To read a full TorGuard review click HERE.
MONTHLY PRICE: 10 USD
ANNUAL PRICE: 69.95 USD
StrongVPN is a no logs VPN provider offering OpenVPN, IPsec, PPTP and L2TP protocols along with OpenVPN obfuscation tools in order to bypass restrictions in countries like China, Iran, Syria. With almost 500 servers in 21 countries StrongVPN offers an impeccable speed for streaming Netflix, Hulu, HBO, Pandora, Amazon Video and many other services as well as torrenting. To read a full StrongVPN review click HERE.
MONTHLY PRICE: 7.99 USD
ANNUAL PRICE: 3.33 USD/mo
No logs Trust.Zone is a Seychelles based VPN provider with user privacy as their foremost priority. Since Trust.Zone is a VPN service launched by one of the largest torrenting websites ExtraTorrent, it’s no wonder they are one of the best providers for p2p file sharing. Their apps have DNS, WebRTC leaks protection, Kill Switch and port-forwarding features. To read a full Trust.Zone review click HERE.
MONTHLY PRICE: 9.95 USD
ANNUAL PRICE: 4.99 USD/mo
Based in Malaysia, Hide.me is one the most secure and fastest VPN providers offering ultra fast VPN servers that provide gigabit Internet connection. Hide.Me VPN is extremely reliable and very fast which makes it a perfect choice for security oriented users who would like to enjoy uninterrupted streaming and browsing experience. Hide.Me offers incredibly convenient custom apps for all devices with a number of advanced security features for maximum protection. Hide.me is a no logs company that has custom software with a built-in protection against IP and data leaks, obfuscation tools to bypass strict firewalls. Dynamic port-forwarding (UPnP) allows Hide.Me users forward up to 10 TCP/UDP ports. Hide.Me provides in-house uPnP server implementation which handles original protocol security deficiencies to ensure the data is securely authenticated and handled by the server. To read a full Hide.me review click HERE.
MONTHLY PRICE: 9.95 USD
ANNUAL PRICE: 3.75 USD/mo
VyprVPN is a leading no logs VPN provider (independently audited) with over 700 ultra fast servers worldwide that support Google Fiber gigabit Internet connection (1,000Mbps). VyprVPN has done independent public audit by Leviathan Security to ensure that no Personally Identifiable Information is collected with respect to the use of the VyprVPN service. Unlike most VPN providers, VyprVPN doesn’t rely on 3rd party hosting – they own and manage their own VPN servers. VyprVPN infrastructure is amazingly fast offering ultra fast speeds and low ping times for high speed HD streaming. VyprVPN custom software is very reliable and protects users from various IP leaks. VyprVPN apps offer port forwarding to port 433 and ports 15000-20000. In addition, VyprVPN is an excellent provider to bypass even the strictest firewalls that block VPN connection. To read a full VyprVPN review click HERE.
MONTHLY PRICE: 12.99 Euro
ANNUAL PRICE: 9.99 Euro/mo
Perfect Privacy is an ultra fast (gigabit servers) VPN provider with a heavy focus on advanced online security. Perfect Privacy integrated firewall enforces all traffic to be sent through secure tunnels thereby protecting their users from all known IP leaks when the app is running, it even prevents unencrypted online access after OS reboot. In addition, Perfect Privacy offers a unique Multi-Hop VPN feature that allows cascading over up to 4 OpenVPN servers at the same time along with SOCKS5 and Squid proxies. Perfect Privacy can bypass strict firewalls by obfuscating OpenVPN to look like normal HTTPS traffic with OpenVPN over SSH feature. For additional firewall penetration Perfect Privacy allows 5 custom port forwardings or 3 default random ports. What really separates them, though, is their ability to resolve .onion (TOR) addresses without the need for the Tor Browser. To read a full Perfect Privacy review click HERE.
MONTHLY PRICE: 12.95 USD
ANNUAL PRICE: 6.67 USD/mo
ExpressVPN has one of the largest and fastest infrastructures with over 2,000 servers in 94 countries. Ultra fast ExpressVPN network supports gigabit Internet connection which makes it a perfect choice for ultra high speed streaming and torrenting. ExpressVPN default configuration for OpenVPN is port 443. ExpressVPN app does not support custom ports other than port 443. ExpressVPN aligns itself as one of the Internet’s leading advocates for net neutrality, for a democratic and open internet. Considering they have a no logs policy, accept Bitcoin and are located on the Caribbean Island, they are a great choice for privacy oriented customers who want to protect their data from surveillance, bypass censorship and access restricted materials. To read a full ExpressVPN review click HERE.
MONTHLY PRICE: 7 Euro
ANNUAL PRICE: 4.50 Euro/mo
AirVPN is an Italian VPN provider created by privacy activists whose main goal is data protection. AirVPN has over 200 servers in 23 countries that have Perfect Forward Secrecy through Diffie-Hellman key exchange DHE. Essentially key negotiation is performed every 60 minutes to avoid data breach if the key is compromised. AirVPN offers OpenVPN dynamic port forwarding on 80 TCP/UDP, 443 TCP/UDP and 53 TCP/UDP. Additionally, AirVPN offers OpenVPN over SSH and OpenVPN over SSL that mask OpenVPN and make the use of encryption tools invisible to some of the most advanced firewalls. To read a full AirVPN review click HERE.