Connect with us


What port(s) need to be open for VPN use?





To find out what port is your VPN using – or what port does it need to use – you have to start by determining what kind of virtual private network you’re working with. Primarily in terms of the actual technology in the backend of your secure Internet connection: VPN protocols such as IPSec, L2TP, etc.

You should start with your VPN provider, however. As their support pages should have everything you need to make sure you have the right ports open. Pretty much every even remotely reputable VPN company will give you several options in this regard. Because if your Internet service provider decides to block a specific port, there’s not much you can do about that. And they tend to reserve the right to do so at a whim. In case your VPN provider of choice only supports a single port, I’d recommend finding a new one ASAP.

With that said, let’s go over some of today’s most frequently encountered VPN ports since your particular use case will almost certainly fall under one of them.

Most common VPN ports

Internet Protocol Security (IPSec) VPN ports: this tried and tested specification traditionally relies on ports 500 UDP and 4500 UDP. The latter is only used in scenarios involving NAT traversal, a method of brute-forcing IP address translations.

Besides IPSec, IKEv2 also uses port 500 UDP. As does the L2TP protocol, among other things, but more on that in a bit.

Finally, note that specific IPSec use cases could require Encapsulated Security Protocol (ESP) and Authentication Header (AH) processes, which rely on IP protocols 50 and 51, respectively. These are not to be confused with actual port numbers, however.

Point-to-Point Tunneling Protocol (PPTP) VPN port: PPTP VPNs require port 1723 TCP – there are no alternatives. You are likely to deal with this secure connection type if you’re managing remote Windows servers.

Layer Two Tunneling Protocol (L2TP) VPN ports: L2TP tech goes hand-in-hand with PPTP VPNs. Ensure ports 1701 TCP, 500 UDP, and 4500 UDP are open if this is the setup you’re dealing with.

OpenVPN ports: for an OpenVPN connection to work, you’ll either need port 443 or 1194 TCP. The latter is the default setting, but forwarding your OpenVPN link to port 443 TCP will do the trick whenever that’s not an option.

This protocol is leveraged by some of today’s most popular VPN companies like NordVPN and ExpressVPN. But it tends to get used selectively, so always consult with the most specific support documentation you can find while troubleshooting individual app connections.

Secure Socket Tunneling Protocol (SSTP, SSL) VPN ports: general-purpose SSL connections require port 443 TCP. But if you’re trying to establish a Secure SMTP VPN, you’ll need port 465. Likewise, Secure IMAP and Secure POP apps work via ports 993 and 995, respectively.

UDP vs. TCP ports

It’s not like you usually get to choose between one or the other, but knowing the difference between UDP and TCP ports will help you understand what port does a VPN for specific purposes.

The defining trait of UDP ports is that they don’t require a client-host connection to be established, nor are they picky with the order in which the data is sent. This lowers their bandwidth footprint, making them faster but, naturally, less secure than TCP ports. Still, sometimes speed is all you’re concerned about, like when playing a round of CoD. When it comes to apps and websites handling more sensitive data such as email and logins, however, TCP ports come into play. They’re more rigorous with both the manner and order of any relayed data.

One final thing of note is that you can always easily find your port numbers if you should require them. On Windows, just launch the command prompt, type “netstat -a” without the commas, and hit Enter. On any recent macOS build, however, the trick is to launch the Network Utility app, switch to the Port Scan tab, and click the Scan command on the following interface.

Continue Reading