Internet

Which ports should I open for PPTP, L2TP, OpenVPN, IPsec, and WireGuard VPNs

On many occasions, even if we want to disconnect and relax, whether on vacation or leisure time, our smartphone is with us. Thus, wherever we go, surely in many moments we have a public Wi-Fi network available that we can use. Whether for our own safety or that of the company we work for, we must use them with caution and be protected.

The first thing we are going to do is explain the reasons why it is necessary to have our own server. Then we will see which ports for a VPN I should open on the router depending on the VPN protocol used.

Reasons to have a VPN server in our house

Here we have to talk about external VPN servers which are those that allow us to connect to your network to be able to navigate with greater privacy and security, encrypting our data. In this case it would be to open ports for a VPN that we would have hosted on our home network. The purpose of using this type of server is to improve the security and privacy of our Internet connection by traveling with all our encrypted data. Thus, our information is as if it were traveling protected inside a tunnel thanks to the encryption that prevents cybercriminals from accessing it.

As we have already explained before, one of the options would be to hire a quality paid VPN such as NordVPN, SurfShark, CyberGhost or HMA VPN. However, we can opt for free and equally safe options. All that is required is to open ports for a VPN on the router and have the appropriate network equipment.

Nowadays, it is more and more frequent that users buy routers from renowned manufacturers such as ASUS, FRITZ! Box, NETGEAR or D-Link instead of using those provided by our Internet provider. The reasons why they opt for this network equipment is because of its higher Wi-Fi quality, the possibility of having your VPN or multimedia server and more. They do this thanks to better hardware and more complete firmware. In addition, other equipment that is gaining a great impact are devices such as the Raspberry Pi or the servers NAS. Therefore, if we have any of these two devices in our home network we can also use them to set up our own VPN server.

In summary, having our own VPN server will provide us with the following advantages

  1. It will allow us to connect safely and privately to the Internet.
  2. We can use it from anywhere.
  3. We will not depend on a payment service.
  4. We can choose the protocol and security of our VPN. So we can choose between L2TP, OpenVPN, IPsec and WireGuard, we discard PPTP because it is an insecure protocol, although it is still used.

Based on this, we have the drawbacks that would be:

  • Security rests in our hands, we must take care that both that router, NAS or Raspberry Pi are updated and well configured.
  • Power consumption is relative, because in some cases they will always be running, so it would not involve any cost, like a NAS server.

Another very important aspect when we have a VPN server in our house is that we can access all shared resources as if we were physically connected, so it is something that we must take into account.

What ports should we open on our router

If we want to configure a VPN server on a computer, we will have to open certain TCP or UDP ports. Each router has its own firmware with its own options, as is the case with a Raspberry Pi or a NAS. That makes the procedure for each of them unique. If we take the case of a QNAP NAS as an example, its configuration process is very simple. On the other hand, if we look at a Raspberry Pi, the procedure is usually more complicated because the installation, configuration and start-up is much more “manual”.

However, regardless of the network equipment we use, they all share a common feature when configuring. In this case it is about that in order to use our VPN server we will need have the corresponding ports open. In case of not doing so, our router will block the connection and we will not be able to use it. It would also be convenient if a local fixed IP had been established in the static DHCP of the router or, failing that, in the device itself if it supports such configuration.

It should also be noted that the ports we use will be different and will vary depending on the VPN protocol we use, in fact, in some protocols it is allowed to use the TCP or UDP port that we want, but we are going to indicate which ports are default. Next, we show you the ports for a VPN that we must open according to the protocol we use to create our server:

  • PPTP: use the port 1723 TCP. A very important fact to note is that the PPTP protocol is obsolete. This is due to the fact that it has many vulnerabilities. For this reason, it would be advisable to keep this port closed, and select another of the protocols that we mention below instead.
  • L2TP: use the port 1701 with TCP. This VPN protocol does not allow port switching, it is the standard.
  • IPSec / IKEv2: use ports 500 and 1500 UDP, we will have to open both ports. This VPN protocol does not allow port switching, it is the standard.
  • OpenVPN: the default port it uses is the 1194 UDP. However, we can configure it and put a different one on the server, and we can even select between the TCP or UDP protocol.
  • Wireguard: the default port it uses is the 51820 UDP. However, we can configure it and put a different one on the server, but it must always be UDP and never TCP.

Once we know which ports the different VPN protocols use, we are going to show you a practical example to open ports to the VPN server.

Practical example of opening ports for a VPN

These ports that we just mentioned in the previous section must be opened in our router. Thus, in our Internet browser we will put the gateway of our router and we will enter your username and password to access your web configuration. Once inside we will have to look for the section Port Forwarding, Allow access, Port configuration or as the manufacturer has called it. Now we are going to take as an example the L2TP protocol that uses port 1701 with TCP.

In this case, it would be dealt with in the section Allow access, we would have to name the rule, select the TCP protocol and add port 1701.

When applied to the equipment that we have selected that has a local fixed IP already assigned, we will be able to see the complete rule ready to be used by our VPN server.

At this time, if we have our VPN server properly configured with the L2TP protocol and it has the local IP 192.168.1.3 assigned, we can start operating with it from abroad, that is, from the Internet. Remember that for the proper functioning of your VPN server there are different types of protocols depending on the VPN we are using and that each of them uses a different TCP or UDP port.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *