Which ports should I open for PPTP, L2TP, OpenVPN, IPsec, and WireGuard VPNs
On many occasions, even if we want to disconnect and relax, whether, on vacation or leisure time, our smartphone is with us. Thus, wherever we go, surely in many moments we have a public Wi-Fi network available that we can use. Whether for our own safety or that of the company we work for, we must use them with caution and be protected.
The first thing we are going to do is explain the reasons why it is necessary to have our own server. Then we will see which ports for a VPN we should open on the router depending on the VPN protocol used.
Reasons to have a VPN server in our house
Here we have to talk about external VPN servers, which are those that allow us to connect to their network to be able to navigate with greater privacy and security, encrypting our data. In this case, it would be to open ports for a VPN that we would have hosted on our home network. The purpose of using this type of server is to improve the security and privacy of our Internet connection by traveling with all our encrypted data. Thus, our information is as if it were traveling protected within a tunnel thanks to the encryption that prevents cybercriminals from accessing it.
As we have already explained before, one of the options would be to hire a quality paid VPN such as NordVPN, SurfShark, CyberGhost, or HMA VPN. However, we can opt for free and equally safe options. All that is required is to open ports for a VPN on the router and have the appropriate network equipment.
Nowadays, it is more and more common for users to buy routers from renowned manufacturers such as ASUS, FRITZ! Box, NETGEAR, or D-Link instead of using those provided by our Internet provider. The reasons why they opt for this network equipment are because of its higher Wi-Fi quality, the possibility of having your VPN or multimedia server, and more. They achieve this thanks to better hardware and more complete firmware. In addition, other equipment that is gaining a great impact are devices such as the Raspberry Pi or NAS servers. Therefore, if we have any of these two devices in our home network we can also use them to set up our own VPN server.
In summary, having our own VPN server will provide us with the following advantages
- It will allow us to connect safely and privately to the Internet.
- We can use it from anywhere.
- We will not depend on a payment service.
- We can choose the protocol and security of our VPN. So we can choose between L2TP, OpenVPN, IPsec, and WireGuard, PPTP is discarded because it is an insecure protocol, although it is still used.
Based on this, we have the drawbacks that would be:
- Security rests in our hands, we must take care that both the router, NAS or Raspberry Pi are updated and well configured.
- Power consumption is relative, because in some cases they will always be running, so it would not involve any cost, like a NAS server.
Another very important aspect when we have a VPN server in our house is that we can access all shared resources as if we were physically connected, so it is something that we must take into account.
What ports should we open on our router?
If we want to configure a VPN server on a computer, we will have to open certain TCP or UDP ports. Each router has its own firmware with its own options, as is the case with a Raspberry Pi or a NAS. That makes the procedure for each of them unique. If we take the case of a QNAP NAS as an example, its configuration process is very simple. On the other hand, if we look at a Raspberry Pi, the procedure is usually more complicated because the installation, configuration, and start-up are much more "manual".
However, regardless of the network equipment we use, they all share a common feature when configuring. In this case, in order to use our VPN server, we will need to have the corresponding ports open. In case of not doing so, our router will block the connection and we will not be able to use it. It would also be convenient if a local fixed IP had been established in the static DHCP of the router or, failing that, in the device itself if it supports such configuration.
It should also be noted that the ports we use will be different and will vary depending on the VPN protocol we use, in fact, in some protocols it is allowed to use the TCP or UDP port that we want, but we are going to indicate which ports are default. Next, we show you the ports for a VPN that we must open according to the protocol we use to create our server:
- PPTP: uses TCP port 1723. A very important fact to note is that the PPTP protocol is obsolete. This is due to the fact that it has many vulnerabilities. For this reason, it would be advisable to keep this port closed, and select another of the protocols mentioned below instead.
- L2TP - Uses port 1701 with TCP. This VPN protocol does not allow port switching, it is the standard.
- IPSec / IKEv2: uses ports 500 and 1500 UDP, we will have to open both ports. This VPN protocol does not allow port switching, it is the standard.
- OpenVPN: the default port it uses is 1194 UDP. However, we can configure it and put a different one on the server, and we can even select between the TCP or UDP protocol.
- Wireguard: the default port it uses is 51820 UDP. However, we can configure it and put a different one on the server, but it must always be UDP and never TCP.
Once we know which ports the different VPN protocols use, we are going to show you a practical example to open ports to the VPN server.
A practical example of opening ports for a VPN
These ports that we just mentioned in the previous section must be opened in our router. Thus, in our Internet browser, we will put the gateway of our router and we will enter the username and password to access our web configuration. Once inside we must look for the Port Forwarding section, Allow access, Port configuration, or as the manufacturer has called it. Now we are going to take as an example the L2TP protocol that uses port 1701 with TCP.
In this case, it would be dealt with in the Allow access section, we would have to name the rule, select the TCP protocol, and add port 1701.
When applied to the equipment that we have selected that has a local fixed IP already assigned, we will be able to see the complete rule ready to be used by our VPN server.
At this moment, if we have our VPN server properly configured with the L2TP protocol and it is assigned the local IP 192.168.1.3, we can start operating with it from abroad, that is, from the Internet. Remember that for the proper functioning of your VPN server there are different types of protocols depending on the VPN we are using and that each of them uses a different TCP or UDP port.