Everything You Need to Know about VPN Port Forwarding

What Is Port Forwarding?

Port forwarding (also called port mapping) is a method of redirecting computer ports between local network and remote devices. This technique is usually useful for accessing Internet-connected devices and services remotely.

Port forwarding generally has to be used alongside a router because said router likely uses NAT (Network Address Translation) – a process that translates the individual IP addresses of devices in a local network into one single IP address, essentially allowing router-connected devices which have their own network addresses (like a laptop or a gaming console) to connect to the Internet with the IP assigned to you by your ISP.

In that context, port forwarding – which is a behind-the-scenes process – intercepts the data and traffic that’s heading to a specific IP (in this case, the IP addresses obtained through NAT), and redirects it to a different IP (the device you want to remotely access, for example).

How Does Port Forwarding Work?

When a request has to be sent over the web, data packets that contain information about said request are created, and they are sent over the Internet. Among various data, those packets contain information about the destination of the computer or device.

Normally, the header of the data packet is analyzed by a network router. Afterwards, the packet is sent to the destination that’s present in the header.

With port forwarding, however, the intercepting application (a VPN client, for instance) checks out the header of the data packet, sees the destination, and then rewrites the data found in the header. Then, the data packet is sent to the newly-assigned destination. In the case of a VPN, the new destination is usually one of the servers used by the VPN provider.

Why Do Some VPN Providers Offer VPN Port Forwarding?

Many VPN providers use a NAT firewall to protect their users from incoming connections that might be malicious. While that is useful, it can sometimes cause problems by blocking incoming connections that users actually want.

For example, a NAT firewall can potentially interfere with torrenting. How? Well, it all has to do with the act of “seeding” – accepting incoming connections from other users wanting to download a file to your own torrent client. Seeding is also known as contributing to the upload rate of a torrent, and it’s necessary for everyone to be able to download a torrent in the first place.

A NAT firewall can prevent other P2P users from initiating unsolicited connections with your client, thereby stopping you from seeding.

If a VPN provider offers port forwarding, however, the client reroutes incoming connections, ensuring they can bypass the NAT firewall.

Is VPN Port Forwarding Necessary for Torrenting?

Not really. The lack of port forwarding normally won’t interfere with your download speeds. Your upload speeds might take a hit sometimes, but you might still be able to seed in certain situations. In case you don’t care about contributing to the upload rate, and only want to download a file, VPN port forwarding won’t be needed.

The only way port forwarding would be mandatory for torrenting is if every single user in the Swarm (all the users downloading and uploading a torrent) was behind a NAT firewall.

Is Port Forwarding Safe?

Trying to manually set up your router to offer port forwarding can be a bit problematic. Why? Because your online communications are likely not as secure as you’d think they are.

Forwarding ports on your router can potentially expose you to various vulnerabilities which can be exploited by cybercriminals and malware if you don’t take adequate security measures – especially if you leave a port open for remote access.

VPN port forwarding, on the other hand, is normally pretty safe since the port forwarding is done on the VPN provider’s side, not yours. Plus, your connection still remains secured by the VPN’s encryption.

However, we do need to mention one thing – back in 2015, it was discovered that VPN providers who offered VPN port forwarding were actually affected by a vulnerability (called “Port Fail”) that could potentially reveal the real IP addresses of VPN users. Luckily, the vulnerability is easy to prevent, though there’s no guarantee that all VPN providers who offer port forwarding have taken the necessary measures over the past years.

Of course, if you use a VPN provider that doesn’t offer VPN port forwarding, you don’t need to worry about a port fail potentially leaking your IP address on the web.

Bottom Line – What Is VPN Port Forwarding?

VPN port forwarding is a way for VPN providers with NAT firewalls to intercept non-malicious connections VPN users might want (like torrenting connections) which would otherwise be filtered out by the firewall, and modify the destination found in the data packet header to help those connections bypass the NAT firewall.

However, you should know that VPN port forwarding isn’t mandatory for P2P. It’s only necessary if you want to make sure you’ll have a high seeding speed, or if every single person who downloads/seeds a torrent is behind a NAT firewall (which isn’t a very likely scenario).

Also, it’s hard to tell if a provider that offers VPN port forwarding has taken security measures against a port fail attack or not (a vulnerability which can leak your real IP address when you’re connected to a VPN).