Port forwarding is a technique used to enable incoming internet connections to reach your device when using a VPN. It is necessary because most VPNs use an NAT firewall to stop users falling victim to malicious incoming connections. This is a useful security feature, but it is unfortunately unable to distinguish between incoming connections you don’t want and those that you do. It can therefore stop you doing things like seeding when using BitTorrent sites, accessing your device remotely, or accessing personal games or media servers you have set up on your LAN.
- 1 What is VPN port forwarding?
- 2 Best VPN for port forwarding
- 3 How to use VPN port forwarding with torrenting sites
- 4 How to use VPN port forwarding with eMule
- 5 What is the difference between static and dynamic VPN port forwarding?
- 6 Is VPN port forwarding safe?
- 7 What about the ‘Port Fail’ security warning?
- 8 Conclusion
If this all sounds a little confusing, don’t worry. In this article, we are going to explain everything you need to know about port forwarding, what it is useful for, how to do it, and which are the best VPNs that offer port forwarding. We will also address the main question that gets asked about port forwarding; is it safe to do?
What is VPN port forwarding?
VPN port forwarding is a feature only offered by a few select VPN providers. But it can be extremely useful for some users, especially those who like to use BitTorrent to download files. When your torrent a file, it is highly advisable to seed at the same time. Seeding means that you allow other users to connect to your BitTorrent client and download files from it. Seeding is considered good etiquette in the Torrenting community because, if no-one seeded, there would be no files to torrent. It also benefits you because if you are seeding, you file will download faster.
But it is also highly advisable to use a VPN when torrenting too. And this creates a dilemma because many VPNs also use a NAT Firewall to stop their users falling victim to malicious communications. And this NAT Firewall stops all incoming connections from initiating, without discriminating between those you want to accept and those you don’t. That is where port forwarding comes in. If your VPN allows port forwarding, it means that it can reroute certain incoming connections around the NAT Firewall and allow those connections to be established. The problem is that not all VPN providers offer port forwarding as a feature.
Best VPN for port forwarding
If you want to use port forwarding with your VPN, you need to be very careful when choosing your provider because it is a feature not offered by every VPN provider. Indeed, many of the major providers do not offer port forward at all, and none that we approached had plans to do so either. This does narrow down the choice somewhat, but there are still a few good VPNs that do have port forwarding available. But how should you choose the best from this select group? Given that port forwarding is likely to be used by most people for torrenting or downloading, we have identified the following key criteria you should be looking for:
- Allows port forwarding – firstly, and most importantly, ensure that your provider does enable the use of port forwarding.
- Fast connection speeds – Downloading media and other content requires fast connection speeds if it isn’t going to take a very long time to complete.
- Excellent encryption– Torrenters and downloaders usually want to ensure their VPN offers the strongest possible encryption to keep all their online data is safe and secure.
- Strong privacy protections – Privacy is also vital for downloading torrents or any other files. Look for a VPN which offers a no user policy you can rely on.
- No limitations – Some VPNs do restrict the amount of data you can use on their service. This is no good at all for downloading, so always seek out a provider with no such limitations.
- Server availability – More servers tend to mean faster connections and also help to unblock content in more locations around the world.
Taking these criteria, we have tested all of the major VPN which offer port forwarding and identified three providers we are happy to recommend to readers. They are:
Private VPN’s focus is on privacy and security, and it is very good at it. They offer 256-bit AES encryption as standard and a guaranteed no user logs promise that can be trusted. Among their many great features is a unique dynamic dedicated IP address system. This ensures every user has a unique IP Address which changes each time they log on. It also means they are able to offer port forwarding too.
The Private VPN server network is not as big as some of their more established competitors. They offer 100 servers in 56 different countries. But that should be more than sufficient for most users. Private VPN also has no data limits either, which is perfect for downloading. They offer an easy-to-use app for iOS, Android, Mac, and Windows, meaning that they can be used on just about every major device too.
Read more about PrivateVPN’s features in our complete PrivateVPN review.
PureVPN is a provider that throws in a whole range of extra features with their VPN, including the ability to use port forwarding. But that doesn’t mean they don’t deliver the basics well too. PureVPN uses strong 256-bit encryption and also offer a dependable no logs policy. Add in their included anti-virus, anti-malware, and anti-spam software, and it really is a great all-round security package.
And there is more. Their server network consists of more than 750 servers across 180 countries which is about as wide-ranging as it gets. There are no data restrictions and connection speeds are, for the most part, pretty impressive. Their software is available for Windows, Mac, Android, iOS, and even Android TV devices, plus they also have browser extensions for the Chrome and Firefox browsers.
Read more about Pure VPN here.
3. Private Internet Access
Private Internet Access is another solid all-around VPN provider with a growing reputation. Their security provisions are good, without being absolutely excellent. They only use 128-bit encryption by default but do have an option available for upping that to 256-bit encryption instead. Their no logging policy is a sound one though and there are no bandwidth caps or restrictions, so you can download as much as you want.
Their server network is enormous, with more than 3,000 servers available across 28 different countries. This helps to keep their connection speeds lightning fast. And crucially, Private Internet Access also offer dynamic port forward, making them perhaps the best-known provider to have that option available.
Read more about Private Internet Access in our full review here.
How to use VPN port forwarding with torrenting sites
Once you have chosen one of the above VPNs, it is advisable to look through their website, or contact customer support, to get specific guidance on how to use port forwarding with them. The process can differ a little between providers, but in most cases, you will need to follow these basic steps:
- Enable port forwarding – You can usually enable port forwarding in a VPN’s settings or in the user area of their platform. Some VPNs may require you to go to their web interface to do this, as it isn’t possible to enable port forwarding through their app. There are also a few VPNs which only permit port forwarding on certain servers, so their process might be different.
- Change the listening port on your device – You will then need to change the port which you use for incoming connections to either a port number you have chosen or the one you were assigned when you enabled the port forwarding feature.
- Disable UPnP and NAT-PMP in your BitTorrent client – UPnP and NAT-PMP are often used by BitTorrent clients to bypass local firewalls, but they are unable to bypass NAT Firewalls. In fact, they can create problems, because they sometimes try to reroute your connection through your router instead of your VPN and so can reveal your actual IP Address when torrenting. It is therefore recommended that these features are disabled. This can be done in your BitTorrent client’s settings. The precise process will differ depending on which client you use but will usually just involve unchecking an option under their connections setting.
- Check that your port forwarding has worked – The last thing to do is check that your port forwarding has worked. To do this, visit canyouseeme.org. This is an open-source port checking tool. Enter the port number you have tried to open and click Check It. You will need to have a program actively listening to that port for it to be recognized, but if the process works, your port forwarding should now be up and running.
Don’t worry if even after setting up port forwarding you receive a warning icon which suggests that your upload connections are not optimized. All this means is that your connection is not as fast as it might be if you weren’t using a VPN. But the difference in speeds will be minimal and this is a warning you can safely ignore.
How to use VPN port forwarding with eMule
Another peer-to-peer file sharing service which can benefit from the use of VPN port forwarding is eMule. eMule is a P2P system for Windows which has more than 500 million users worldwide. For users, it works in a similar way to BitTorrent sites but offers different features. To work at optimum capacity, eMule requires users to have open UDP and TCP ports from the internet. If these ports are not open, eMule will be given what is known as Low ID from the eMule servers. Having Low ID on eMule doesn’t stop you downloading files completely, but because you are not uploading too, it makes your download speeds much slower.
It isms advisable to use a VPN with eMule as it is with BitTorrent clients and again you will need to use port forwarding to get the service working well. Indeed, port forwarding is arguably even more vital for eMule users than it is for torrenters. But implementing port forwarding on eMule is not as easy as on most torrent platforms. That is because eMule uses UPnP to automatically make its way around local firewalls like Windows Defender. When you port forward, it is necessary to disable UPnP. But unfortunately, this then means that eMule cannot get around the Windows Defender firewall. To date, the only known solution to this problem is to disable Windows Defender when using eMule with port forwarding. It is far from ideal, but until a better solution is arrived at, it is the only way to get port forwarding working with eMule.
That means the process for using VPN port forwarding with eMule is a little different:
- Enable port forwarding – As with torrenting the first thing to do is enable port forwarding in a VPN’s settings, web interface, or in the user area of their platform.
- Disable UPnP in eMule – Open eMule and navigate to Options > Connection > Client Port. Ensure that the option to ‘Use UPnP to Setup Ports’ is not
- Switch off your Firewall– You will then need to disable your local firewall. If you are using Windows Defender, you can do this by navigating to Settings > Update & Security > Windows Defender > Open Windows Defender Security Centre > Firewall & network protection > and then disabling Windows Defender on all networks.
- Test your ports – Open the eMule Connection page again and click on Test Ports. This will open up a web page which will test to see if ports used by eMule can be reached from the internet. Assuming this test is successful, you are all set.
What is the difference between static and dynamic VPN port forwarding?
Some readers may have noticed that some VPNs offer static VPN port forwarding, while others offer dynamic VPN port forward and may be wondering what the difference is. As the name suggests, a static VPN port forward assigns you a static port which will never change. This tends to be favored by many users as it keeps things nice and simple and means you don’t have to change the port settings in your software once you have set everything up. However, providers can still reset this port, and some will do so on a fairly regular basis.
A dynamic VPN port forwarding arrangement means that you are assigned a new port every time you connect to the VPN. This might sound more complicated, but actually dynamic VPN port forwarding is usually automatically configured using UPnP which can make it easier to implement. The waters are muddied even further by the fact that some dynamic VPN port forwarding providers will often keep you on the same port, sometimes for a considerable length of time. Dynamic port forwarding tends to be more common than static port forwarding, but for most users, the difference between the two will be negligible.
Is VPN port forwarding safe?
This is a question we are regularly asked about port forwarding and, of course, the concern is understandable. The short answer to this question is yes. VPN port forwarding is safe. But there are a few caveats to this. When you enable VPN port forwarding, you are essentially opening a port to your device. And this does carry some potential risks. Only programs that are listening to that port are vulnerable and in the case of BitTorrent clients and eMule, those risks are minimal. And even if they were compromised by a hacker, there is very little they could actually do with the access they would have gained.
However, these are not the only reasons people use VPN port forwarding. As we mentioned at the beginning of this article, another common reason is to allow remote access to your device. And this can carry more risk. If the remote access software you are using contains vulnerabilities that a hacker can exploit then they would be able to gain a great deal more access. There are quite a few big ‘ifs’ in this scenario, but it is important to be upfront about the fact that the possibility is there. But for most users, there is nothing to worry about when using port forwarding.
What about the ‘Port Fail’ security warning?
Readers with long memories may recall that back in 2015, a security warning was issued about VPN port forwarding. Perfect Privacy published the warning about an issue which would potentially allow port forwarding to be exploited to leak a VPN users real IP Address. The error was dubbed ‘Port Fail’ and garnered a fair bit of media attention at the time.
The reality is that the ‘Port Fail’ error is very easy for VPN providers to prevent. All they need to do is set up different incoming and exiting IP addresses on its servers. Back in 2015, five of the nine VPNs tested did not have this basic security procedure in place. Three had fixed the issue before the security warning was even issued and, three years on, no reputable VPN provider should still be vulnerable to this attack. If you are not sure, check with your chosen VPN before signing up. We believe that none of our recommended providers are vulnerable to this issue.
If you were wondering what VPN Port Forwarding was, then hopefully this article contains all the information you need. We have provided a brief explanation along with guidance on why you might want to use VN port forwarding. We have also provided user guides for setting up port forwarding for both BitTorrent clients and eMule. We have sought to address concerns about the security of using VPN port forwarding too. And perhaps most importantly of all, we have provided recommendations of the top 3 VPN providers which enable VPN port forwarding with their client.
Have you tried using VPN port forwarding? Did you find this guide helpful? Are there any useful points that we have missed out? Which of our recommended VPN providers did you use? How was your experience with them? We always value the comments and feedback provided by all our readers, so please feel free to share yours with us today using the comment box below.