VPN Ports & Port Forwarding: TCP/UDP 443, 80, 53, 25, 22, 21

You have probably heard about ports in the context of computer networking before, but may not be sure about what they are or how they work. Let’s start by saying that a port acts as a communication endpoint for every specific application or process. Only one process can be linked to a specific combination of IP address and port with the same transport protocol. When multiple programs try to join the same port numbers on the same IP address with the same protocol, an application failure (often known as port conflict) may occur. Applications and processes that are commonly used, usually rely on reserved port numbers for receiving service requests from clients.

  • OpenVPN – 1194 TCP/UDP
  • L2TP – 1701 UDP
  • SSTP – 443 TCP
  • PPTP – 1723 TCP/UDP
  • HTTPS (TLS/SSL) – 443 TCP/UDP
  • HTTP – 80 UDP/TCP
  • Cisco IPsec – 1293 TCP/UDP, 500 TCP/UDP
  • IKEv2 (Internet Key Exchange) – 500 TCP/UDP
  • IPsec Nat Traversal – 4500 UDP
  • SSH tunnel – port 22
  • SOCKS proxy – 1080 TCP
  • Obfsproxy – dynamic (custom setup)
  • BitTorrent – 6881-6889 TCP
  • SMTP – 25 TCP/UDP
  • DNS – 53 UDP

The above default configurations for particular processes are widely known, which means that network administrators are aware of the ports that they need to block in order to restrict a specific traffic. If a port is blocked, the process associated to it, won’t work. The solution is to reroute the specific traffic through a part that is open and this is something that can be done with the help of a VPN. To help users to get around firewalls implemented in school or work networks to block ports, VPN services generally support port forwarding to 443, 80, 53 and 22 ports.

21: FTP (File Transfer Protocol)
22: SSH (Secure Shell)
53: DNS
80: HTTP
433: HTTPS
1194: OpenVPN

Port Forwarding to Port 443

The most effective way to bypass firewall restrictions is to forward VPN traffic to port 443, given that by default, this port is used for encrypted TLS/SSL traffic. Web browsers establish secure HTTPS connections with port 443 and if it is possible to access https:// websites, port 443 is open. Port 443 is unlikely to be blocked because doing so, would severely affect internet access. In addition, port 443 is used for encrypted communication and the VPN traffic that is sent over this port, will be masked, although Deep Packet Inspection would still be able to detect it.

Port Forwarding to Port 22

Port 22 focuses on SSH (Secure Shell), which is an encrypted network protocol that ensures that network services are secure when operating over an unsecured network. Port 22 is a good alternative to port 443 considering the security of SSH traffic. The main downside is that restrictive networks are likely to block port 22 since it is not crucial for standard browsing.

Port Forwarding to Port 80

Port 80 is used for accessing http:// websites and since this refers to most sites, just like port 443, port 80 is unlikely to be blocked. HTTP stands for Hypertext Transfer Protocol and it is communication that is not encrypted. It should be noted that given that HTTP traffic is not secure, VPN traffic that goes through port 80 will not exactly blend and will be easy to detect. While this may not be an issue in most cases, it means that forwarding encrypted OpenVPN data over port 80 may make it more noticeable when a network is being monitored.

Port Forwarding to Port 53

Websites have a corresponding IP address and port 53 is used by DNS servers to translate domain names into IP addresses. DNS servers have some specific restrictions in terms of data, for instance numbers and hyphens only and upped and lower case letters that have to be converted prior to transmission. There are also restrictions that result in data transfers that are not efficient. This means that even if the ISP doesn’t filter DNS traffic, there is no point on enabling port forwarding on a DNS server. If you send unusually heavy VPN traffic over DNS, it will stand out. This is why port 443 and port 80 are better choices since they are always open.

TCP vs UDP

In general, it can be said that UDP is the most practical choice since it is faster. While TCP is slower and heavier, it is better than UDP in cases when the internet connection is not stable. TCP is very reliable when it comes to delivering information between applications. It checks for errors and since it is a connection based protocol, it establishes a connection between two devices before sending the data. In addition, TCP detects and corrects errors and it performs flow control. All these help to ensure that packets are delivered.

You can trust that the information transferred via TCP will be delivered in the same order it was originally sent. However, TCP is heavier than UDP as its header size is 20 bytes, while UDP is just 8 bytes. Due to the the network overhead, TCP is significantly slower than UDP. However, it is the best choice when dealing with unreliable networks because it checks for lost packets and sends them again automatically.

Since UDP doesn’t establish a direct channel between two devices, it is more efficient and it offers a connection that is focused on latency. However, reliability is not the strongest point for UDP as it only sends the data, but it doesn’t care is it reaches its destination or if it gets lost. It avoids the overhead of error processing at the network interface level, but there is no guarantee that the information will be delivered. UDP doesn’t take time to establish the connection and it doesn’t check for errors or tracks the packets. Still, since it is faster, it is often used by gaming, VoIP and streaming as for these applications, delay can be a big issue. The good news is that packets are rarely lost, as long as the internet connection is reliable.

Best providers for custom ports

Now that we have discussed the different ports and port forwarding, it’s time to take a look at the best VPN services that support custom ports.

IPVanish

IPVanish manages its own infrastructure and ut has servers in over 60 countries. It supports NAT Firewall and the custom apps feature DNS Leak Protection, as well as Kill Switch to ensure that your real IP address is not disclosed. IPVanish is known for offering great speeds and it allows torrenting. In addition, this provider doesn’t keep any logs.

Private Internet Access

PIA is a popular provider that offers low prices and a great selection of features to protect your data and enjoy online freedom. The service is reliable and it includes Kill Switch and DNS leak protection, as well as a practical SOCKS5 proxy. The software is easy to use and PIA allows you to switch between UDP and TCP. It also supports port forwarding to 80, 443, 53 and more. No logs are kept of your online activities.

ExpressVPN

ExpressVPN offers impressive speeds and it is a solution that is easy to use and effective. You will be able to defeat restrictions and enjoy access to the content that you want. In addition, ExpressVPN offers strong security and access to servers in over 90 countries. It doesn’t keep logs of your activities.

Hide.me

This provider based in Malaysia doesn’t keep any logs and it offers custom software that includes DNS Leak Protection and Kill Switch. The provider has become a popular choice thanks to its great global coverage, high security and practical features. It also offers great customer support.