How to Guides

VPN Port Forwarding Guide

Quite a number of VPN services make use of NAT firewall in order to add another level of protection from malicious incoming connections. Although helpful, the downside to this is that some incoming connections that users would want can be blocked as well.

Users who want to avoid this from happening can setup port forwarding so that incoming connections are rerouted. This is, of course, if the VPN has a port forwarding functionality. Port forwarding enables incoming connection to bypass the NAT firewall, allowing users to access sites that would have been blocked by the VPN through the NAT firewall.

There are valid reasons for wanting to bypass the NAT firewall and setup port forwarding. Among these are the following:

  1. To improve the speed of torrent downloads;
  2. To enable users to access personal media servers on their LAN;
  3. To allow users to remotely access their computers.

How Port Forwarding Helps in Torrenting

Seeding is the process of allowing other torrent users to connect to another user’s BitTorrent client and download files. In essence, seeding keeps the torrent world alive because when nobody is seeding, no files will be available for downloading. The best case scenario is that users should seed more than download. And it also helps that the more a user seeds, the faster his or her downloads will be.

Seeding requires that the user leave his or her BitTorrent client open for any incoming connection so that anyone can download files. However, A NAT firewall keeps others from initiating new connections. This poses a problem because when another BitTorrent user wants to download a file from your end, they will initiate a connection with your BitTorrent client.

Your NAT firewall will not allow this incoming connection, but your software will be alerted of the request for connection. It will be your BitTorrent client who will then initiate the connection.

At this point, there are two possible scenarios. If the other BitTorrent user who wants to download is not behind a NAT firewall, then your BitTorrent’s request will push through, thereby bypassing your own NAT firewall and allowing you to seed. However, when the other user is also behind a NAT firewall, then seeding becomes impossible as neither of you can initiate a connection.

Port forwarding can help solve this problem. However, it is important to note that port forwarding is not required. Users can still download files even without port forwarding, as long as there are people sharing the file who are not behind a NAT firewall.

For this reason, occasional torrent users find that there is really no significant difference with port forwarding. Even file download speeds do not differ between someone who has setup port forwarding and someone who has not. Some VPN services, even those who claim to be torrent-friendly, do not offer port forwarding feature.

Setting Up Port Forwarding Through a VPN NAT Firewall for Torrenting

If your VPN service provider does not use NAT firewall, then you don’t have to setup remote port forwarding. Keep in mind that if your VPN service provider does use a NAT firewall but does not offer a port forwarding feature, you also can’t set this up.

Here are the steps in setting up port forwarding through VPN NAT firewall:

  1. Enable VPN Port forwarding. Most VPN service providers have specific instructions on how to do this. Usually, this is done in the VPN’s web interface, but some providers allow it to be done in the VPN client software. Still, there are VPN service providers that allow port forwarding only on specific servers.
  2. Modify the listening port for incoming connections. The port number can be your choice or the port number assigned by your VPN provider in the first step.
  3. Disable UPnP and NAT-PMP in the BitTorrent client. These two protocols, although useful in bypassing local firewalls, are practically useless when bypassing NAT firewalls. Failing to disable them can also pose threats to your privacy as they may reroute connections through the user’s router instead of the VPN. This can expose your real IP address even while using a VPN.
  4. Visit while the torrent client is running, then enter the port number you have opened. You should see a message that says “Success”.

Port forwarding can also be manually setup through your router’s NAT firewall, but you would need a static IP address. In this case, you can click here for further instructions.

After setting up port forwarding, do not worry if you are still able to see an icon that tells you that upload connections are not optimized. This does not cause any major problem, so you can ignore it.

How Port Forwarding Helps in eMule

When using eMule, you are required to have open UDP and TCP ports that are accessible from the internet. The absence of this will result in a low ID, which translates to slower download speeds.

Port forwarding therefore results to a high ID, which ultimately means that the user gets to enjoy faster download speeds. This makes port forwarding particularly helpful and significant when using eMule.

The downside, however, is that eMule is not that friendly with modern firewalls. Although it can work with local firewalls such as Windows Defender and router-level NAT firewalls, it does not work with the NAT firewall of a VPN that has port forwarding.

Setting Up Port Forwarding Through a VPN NAT Firewall for eMule

  1. Enable VPN port forwarding.
  2. Open eMule, go to Options -> Connection -> Client Port, and make sure that “Use UPnP to Setup Ports” is unchecked.
  3. Disable firewall. This depends on the firewall you are using, but if you are using Windows Defender which is the default firewall, go to Settings -> Update and Security -> Windows Defender -> Open Windows Defender Security Centre -> Firewall and network protection -> Disable the firewall on all networks.
  4. Go back to the eMule connection panel and click “Test Ports”. You will be taken to a web page where you can see if the ports used by eMule is accessible from the internet.

Is VPN Port Forwarding Safe?

Port forwarding through a VPN NAT firewall leaves a port open. Essentially, when you leave ports open on any of your devices, chances are hackers can get in. However, the reality is that only programs that are listening on open ports are susceptible to this threat.

If your BitTorrent client is listening on an open port, and a hacker happens to get hold of it, there is not much damage that they can do. However, it is a different story when the purpose of the open port is to allow remote access to your computer. In this case, hackers can most definitely do something malicious with it.

Take note, however, that connections are still heavily encrypted by the VPN even when port forwarding is enabled. Therefore, there is still some level of safety and security.

Port Fail

There is also the issue of “Port Fail” which was exposed in 2015 by Perfect Privacy when they issued a warning regarding VPN port forwarding. Port Fail refers to the exposure of the real IP address of VPN users with the use of social engineering and time correlation.

The VPN user, however, does not need to use port forwarding in order to fall victim. It is the attacker who uses port forwarding. The solution to this was pretty simple. VPN service providers only need to setup varying incoming and outgoing IP addresses on its servers.

To Wrap Up

Accessing a personal server while using a VPN service may require you to setup port forwarding. For file sharing purposes, however, some people don’t see the point of port forwarding. It can definitely improve speed though, especially in the case of eMule users.

Port forwarding may be difficult to setup, and it may have issues, which is why casual or occasional torrent users do not do this for the sole purpose of torrenting. But for frequent torrenters, setting up port forwarding may reap benefits such as faster download speeds and ability to download otherwise blocked content.

VPN Benefits

Get privacy protection, Wi-Fi security, unrestricted access to content, and much more.

Don’t let the internet browse you!