Today public Wi-Fi networks are widely used, they can be used, but that does not mean that we do not have to take extreme precautions. In that sense, we must never forget about our security, and we must always have a VPN connection. Sometimes, there are times of the year such as summer holidays, Easter or long weekends when having a service of this type is very necessary. For our added peace of mind, we should opt for a paid VPN, because the free ones sometimes end up selling part of our data. The other safe and free alternative is to create a VPN server at home, in this tutorial we are going to talk about which ports to open for a VPN if you use the PPTP, L2TP, OpenVPN, IPsec and WireGuard protocols.
On many occasions, even if we want to disconnect and relax, whether on vacation or leisure time, our smartphone is with us. Thus, wherever we go, surely in many moments we have a public Wi-Fi network available that we can use. Either for our own safety or that of the company we work for, we must use them with caution and be protected.
The first thing we are going to do is explain the reasons why it is necessary to have our own server. Then we will see which ports for a VPN I should open on the router depending on the VPN protocol used.
Reasons to have a VPN server in our house
Here we have to talk about external VPN servers, which are those that allow us to connect to their network to be able to navigate with greater privacy and security, encrypting our data. In this case, it would be to open ports for a VPN that we would have hosted on our home network. The purpose of using this type of server is to improve the security and privacy of our Internet connection as all our encrypted data travels. Thus, our information is as if it were traveling protected within a tunnel thanks to the encryption that prevents cybercriminals from accessing it.
As we have already explained before, one of the options would be to hire a quality paid VPN such as NordVPN, SurfShark, CyberGhost or HMA VPN. However, we can opt for free and equally safe options. All that is required is to open ports for a VPN on the router and have the appropriate network equipment.
Nowadays, it is more and more common for users to buy routers from renowned manufacturers such as ASUS, FRITZ! Box, NETGEAR or D-Link instead of using those provided by our Internet provider. The reasons why they opt for this network equipment is because of its higher Wi-Fi quality, the possibility of having your VPN or multimedia server and more. They achieve this thanks to better hardware and more complete firmware. In addition, other equipment that is gaining a great impact are devices such as the Raspberry Pi or NAS servers. Therefore, if we have any of these two devices in our home network we can also use them to set up our own VPN server.
In summary, having our own VPN server will provide us with the following advantages
- It will allow us to connect safely and privately to the Internet.
- We can use it from anywhere.
- We will not depend on a payment service.
- We can choose the protocol and security of our VPN. So we can choose between L2TP, OpenVPN, IPsec and WireGuard, PPTP is discarded because it is an insecure protocol, although it is still used.
Based on this, we have the drawbacks that would be:
- Security rests in our hands, we must take care that both that router, NAS or Raspberry Pi are updated and well configured.
- Power consumption is relative, because in some cases they will always be running, so there would be no cost, like a NAS server.
Another very important aspect when we have a VPN server in our house is that we can access all shared resources as if we were physically connected, so it is something that we must take into account.
What ports should we open on our router
If we want to configure a VPN server on a computer, we will have to open certain TCP or UDP ports. Each router has its own firmware with its own options, as is the case with a Raspberry Pi or a NAS. That makes the procedure for each of them unique. If we take the case of a QNAP NAS as an example, its configuration process is very simple. On the other hand, if we look at a Raspberry Pi, the procedure is usually more complicated because the installation, configuration and start-up is much more “manual”.
However, regardless of the network equipment we use, they all share a common feature when configuring. In this case it is that in order to use our VPN server we will need to have the corresponding ports open . In case of not doing so, our router will block the connection and we will not be able to use it. It would also be convenient if a local fixed IP was established in the static DHCP of the router or, failing that, in the device itself if it supports such configuration.
It should also be noted that the ports we use will be different and will vary depending on the VPN protocol we use, in fact, in some protocols it is allowed to use the TCP or UDP port that we want, but we are going to indicate which ports are default. Next, we show you the ports for a VPN that we must open according to the protocol we use to create our server:
- PPTP: uses TCP port 1723. A very important fact to note is that the PPTP protocol is obsolete. This is due to the fact that it has many vulnerabilities. For this reason, it would be advisable to keep this port closed, and select another of the protocols that we mention below instead.
- L2TP – Uses port 1701 with TCP . This VPN protocol does not allow port switching, it is the standard.
- IPSec / IKEv2 : use ports 500 and 1500 UDP , we will have to open both ports. This VPN protocol does not allow port switching, it is the standard.
- OpenVPN : the default port it uses is 1194 UDP . However, we can configure it and put a different one on the server, and we can even select between the TCP or UDP protocol.
- Wireguard : the default port it uses is 51820 UDP . However, we can configure it and put a different one on the server, but it must always be UDP and never TCP.
Once we know which ports the different VPN protocols use, we are going to show you a practical example to open ports to the VPN server.
Practical example of opening ports for a VPN
These ports that we just mentioned in the previous section must be opened in our router. Thus, in our Internet browser we will put the gateway of our router and enter your username and password to access your web configuration. Once inside we will have to look for the Port Forwarding section, Allow access , Port configuration or as the manufacturer has called it. Now we are going to take as an example the L2TP protocol that uses port 1701 with TCP.
In this case, it would be discussed in the Allow access section, we would have to name the rule, select the TCP protocol and add port 1701.
When applied to the equipment that we have selected that has a local fixed IP already assigned, we will be able to see the complete rule ready to be used by our VPN server.
At this time, if we have our VPN server properly configured with the L2TP protocol and it has the local IP 192.168.1.3 assigned, we can start operating with it from abroad, that is, from the Internet. Remember that for the proper functioning of your VPN server there are different types of protocols depending on the VPN we are using and that each of them uses a different TCP or UDP port.