Disclosure: Top10VPN is editorially independent. We may earn commissions if you buy a VPN through links on our site.

What Is VPN Port Forwarding?

Simon Migliano

Updated Jan 19, 2023

Simon Migliano is a recognized world expert in VPNs. He's tested hundreds of VPN services and his research has featured on the BBC, The New York Times and more.

Fact-checked by JP Jones

Our Verdict

VPN Port Forwarding allows you to route inbound traffic through a specific port on your router or VPN server to a device on your internal network. This allows devices on an external network (e.g. the Internet) to connect to specific devices on your Local Area Network (LAN), increasing the speed of your connection and improving the performance of activities including gaming, torrenting, and other P2P file-sharing.

Port forwarding is a rare and often misunderstood feature of some top VPN services. It requires a static IP address and can come with some security risks, so only a small number of VPNs allow it on their network.

In fact, very few VPN providers allow port forwarding on their network. Even fewer offer good customization options and the option to forward multiple ports.

Even if you’ve found a VPN that offers port forwarding, you might not know exactly what it’s for or how to use it.

In this article, we’ll explain what VPN port forwarding is, how to set it up on popular devices, and how to use it safely. We’ll also share a list of the best VPNs that allow port forwarding.

EXPERT TIP: Based on our latest test results, the best VPN with port forwarding is Private Internet Access.

It balances port forwarding options with a simple interface, P2P support, and overall performance. You can use it to bypass your NAT firewall with a single dynamic port forward, and it will even automatically select the port for you.

For more advanced users, the VPN with the most port forwarding customization options is AirVPN.

What Is Port Forwarding & How Does It Work?

SUMMARY: Port forwarding allows computers on an external network – typically the Internet – to access other computers on a private local area network (LAN). It works by creating an association between the public WAN IP address and port of the network router and the internal LAN IP address and port of a device.

Every local area network (LAN) router has a firewall that controls traffic coming in and out of the network, protecting your home devices from security threats like hackers and malicious websites.

This is called a NAT (Network Address Translation) firewall. It’s the feature that allows every device on your local network to share the same external IP address. NAT firewalls come in three types: Open, Moderate, and Strict. These NAT types dictate the accessibility of your local network to external connections.

An Example of an Open Nat Type on Xbox.

A strict NAT type has security benefits, but it can also make it harder for external devices to communicate with specific devices on your network, especially on peer-to-peer connections. This can affect your ability to seed torrents and participate in multiplayer games, amongst other things.

This problem is solved by opening router ports. These ports route external traffic to individual devices on your local network, and vice versa.

Port forwarding refers to the process manually opening and assigning a port to certain kinds of network traffic. It allows computers outside of your local network to access specific devices within your local area network (LAN).

Port forwarding allows you to get around the limits imposed by the NAT firewall, improving the speed of some applications and making other services possible, including remote desktop access.

There are other ways to bypass or change your NAT type, but port forwarding is the most popular. For example, it is also possible to use a piece of software called UPnP (Universal Plug and Play) to weaken your NAT type, or to use a Windows 10 Hotspot, which creates a moderate NAT type.

What Is A Port In Networking?

You can think of ports as the routes in and out of your local network through your router. Most routers can have up to 65,000 ports, but only around 1,000 are regularly used. Generally, ports are assigned to specific types of activity. For instance, websites use ports 80 and 443, and email uses port 25.

Only the ports your router uses are kept open, meaning traffic directed to the wrong port will be automatically blocked by the router’s firewall. By default, all of your router’s ports should be closed.

Port forwarding allows devices on the internet to access specific devices within your local area network.

Port numbers for commonly used services are assigned by the Internet Assigned Numbers Authority (IANA). Here’s a list of some common NAT ports and their uses:

Port Number	Service
20	FTP (File Transfer Protocol) data transfer
21	FTP (File Transfer Protocol) control
22	SSH (Secure Shell encryption)
25	Email
53	DNS (Domain Name System)
80	HTTP (Hypertext Transfer Protocol i.e. web pages on the internet)
110	POP3 (Post Office Protocol) – Used to retrieve email
193	Internet Relay Chat (IRC)
443	HTTPS (Encrypted web pages)
5060	SIP (Session Initiation Protocol) – used in VoIP (Voice over Internet Protocol) devices

Local, Remote, and Dynamic Port Forwarding

There are several types of port forwarding in computer networking. Which one you use will depend on whether you have access to the external device, and what exactly you’re trying to achieve.

The three types of port forwarding are:

Local port forwarding. Here, a local port is forwarded to a remote host. This reroutes traffic from your device to another device, commonly running SSH encryption. This allows you to bypass your firewall and access a service that you do not have access to, but the intermediary device or server does.
Remote port forwarding. Here, a remote port is forwarded to a local host. This allows your device to be connected to from the server-side of a tunnel, such as SSH. It is commonly used for remote desktop access, server hosting, and other applications, but it can come with security risks.
Dynamic port forwarding: This type of port forwarding functions similarly to a proxy. It allows you to bypass your server’s firewall by connecting to a trusted third-party server or device. Unlike local and remote port forwarding, the port number is not chosen in advance, but dynamically at the point of connection.

VPN port forwarding usually involves either remote port forwardingor dynamic port forwarding.

What Is VPN Port Forwarding Used For?

When you connect to a VPN service, the VPN server acts like a router for your computer. Just like a router, it channels your traffic through ports.

However, unlike a home router, most VPN services do not give you the ability to forward traffic to specific ports. Unless you choose a VPN with this particular functionality, the port will usually be chosen automatically.

Port forwarding is commonly used for:

Hosting a website on your computer
Allowing remote access to your desktop
Hosting a VPN server on your local network
Improving torrenting download and upload speeds
Hosting game servers, reducing ping, and improving gaming performance

The reasons for port forwarding while connected to a VPN are very similar to those without a VPN:

Multiplayer Gaming

Gaming is one of the most popular uses for port forwarding, especially for users who use a VPN for gaming. That’s because port forwarding allows you to bypass the firewall on your VPN or local network.

If your VPN has a strict NAT type by default, it may prevent incoming P2P connections from functioning properly. Because dynamic VPN IP addresses change, they can also make it impossible to host a game server.

If you have a strict firewall, you won’t be able to host a game server, and you may experience extra lag or ping. In some cases, peer-to-peer (P2P) hosted online games may simply not work at all.

Screenshot of Linksys Port Forwarding Menu

The Port Forwarding menu of a Linksys router.

Port forwarding on a static IP address can fix these problems bypassing your router or VPN firewall. Specific games may require specific ports, so you should consult online forums and guides before beginning.

You can port forward on most games consoles and devices, including Xbox Series X/S, PS5, Nintendo Switch and PC.

Torrenting & Other P2P Activities

By default, VPN services reject incoming connections to your torrenting client or P2P application. This can slow down file sharing and make it difficult or impossible to seed torrents.

Port forwarding allows your torrenting client to receive the necessary data packets to connect directly to other users’ torrenting clients and seed the torrent. As a result, port forwarding can have a significant impact on your torrenting performance.

Enabling port forwarding within the Proton VPN app

Port forwarding can be enabled from the app home screen.

This doesn’t only apply to torrenting, but also to P2P connections in video games. For this reason, many of the best torrenting VPNs offer some kind of port forwarding feature.

Remote Desktop Access

VPN services can sometimes interrupt remote desktop access. Port forwarding allows you to establish a direct connection between your local device and the remote device you want to access, without being interrupted by your VPN’s firewall.

You should only do this if you completely trust the remote device, as a malicious actor could use it to gain direct access to your computer.

Hosting a Website

If you want to host a website from a device while connected to a VPN, you will need a port forward to direct traffic from the internet to a specified port in your local client, which is running the web server software.

Without a port forward, it won’t be possible for users outside of your local network to access the website. You’ll also need to configure a public domain name to point at your VPN IP address.

How to Port Forward on Your VPN or Home Router

In this section, we’ll explain exactly how to set up port forwarding on your home router or VPN service.

How To Set Up Port Forwarding on a Home Router

How you set up a port forward will vary slightly by router model. The following instructions apply to most modern routers.

In the video below, you’ll see how we set up a port forward on a Virgin Media router:

How to set up port forwarding on a Virgin Media router.

Here’s how to set up port forwarding on a home router:

Enter your router’s IP address into your web browser’s address bar.
If you receive a security warning, click continue and log in to your router.
Navigate to your router’s advanced settings menu.
Under port forwarding, create a new rule.
Type in the local IP address for your computer/device.
Type in the port number you want to open/forward.
Select the protocol you want to use (normally TCP/UDP or both).
Select Enabled On.
Click Add rule.
Your new port forward rule should now be set up.

NOTE: This process is the same for traditional routers and VPN home routers. For VPN software installed directly onto a device, follow the guidelines below instead.

How To Set Up Port Forwarding on a VPN

The port forwarding process varies far more between VPN services than it does between routers.

If your VPN has all ports open by default, allows you to open all ports, or uses dynamic port forwarding, then you won’t need to configure anything else. You’ll be able to find this information on your VPN service’s website.

Here’s a video demonstrating how to set up port forwarding with Private Internet Access.

How to set up port forwarding with PIA.

To set up VPN port forwarding on your VPN:

Enable port forwarding in the settings menu on your VPN application. This process can vary significantly between VPNs, so contact your provider’s support if it is unclear.
Enter the ports you want to open or forward. If there is only one option, note the port number down.
In the application or service that uses port forwarding, change the listening port to the number you found in step 2.

Is Port Forwarding with a VPN Safe?

Your NAT Firewall helps to keep your device safe from the wider internet. It determines which devices are able to access your local network and communicate with your device. Port forwarding is designed to bypass this firewall, which means it stops working as intended.

For this reason, port forwarding with or without a VPN can cause some serious security vulnerabilities. If it’s not used with caution, It can be exploited by hackers and malicious third parties to steal your data or even hijack your device.

Port forwarding can also cause IP leaks when torrenting. It is important that you check for data leaks before connecting to any publicly visible torrents, as this is both a privacy and security risk.

How to Port Forward Safely

If you are careful not to open more ports than necessary and you follow the safety tips below, it is very unlikely that you will be subject to an attack.

Port forwarding is never 100% safe, but there are some steps you can take to make it safer:

Observe normal security best practices. It is especially important when you are port forwarding that you set strong passwords and regularly change them, including on any game servers you host. You should also update your device’s software regularly so any known security vulnerabilities can be patched out.
Never share the details of your port forward. You should never share the public IP address or port number you are using with someone you do not trust. You should especially never post these details on public forums.
Only open the ports you need. The more ports you have open, the more exposed you are to the wider internet, and the more at risk you are to bad actors. This is why we recommend you avoid using a VPN with all ports open, or the option to open all ports.
Maintain your anonymity. VPN port forwarding represents a privacy vulnerability, as the ports and static ip address you use will be specifically associated with you. We recommend using a private payment method and regularly changing which public port number is being forwarded.

Which VPNs Allow Port Forwarding?

Because of the security vulnerabilities associated with port forwarding, most VPNs do not allow it on their network. In fact, out of the 56 VPNs we have reviewed, only 13 VPNs offer port forwarding.

Many popular services – including NordVPN and ExpressVPN – block access to all ports except those that are absolutely necessary for the VPN to function.

For a VPN to support the secure forwarding of multiple ports, it needs to have both static IP addresses and the capacity for constant technical attention. As a result, only smaller and more technically-oriented VPNs tend to have it as an option. Even then, it is often limited in functionality.

Here is an updated list of VPN services that offer a port forwarding feature:

AirVPN: Allows up to 20 port forwards and dynamic DNS, configured via the AirVPN website.
Astrill: Supports WireGuard and OpenVPN port forwarding on specific servers, marked with a star in the VPN client.
AzireVPN: Available on WireGuard connections.
Hide.me: Supports Up to 10 dynamic port forwards.
IVPN: Supports one port forward through WireGuard.
Mullvad: Up to five port forwards, available via OpenVPN or WireGuard.
Perfect Privacy: Up to three dynamic and five static port forwards, via OpenVPN IPv4 or IPv6.
Private Internet Access: Supports one dynamic port forward via OpenVPN or WireGuard.
PrivateVPN: Allows one open port per server, chosen automatically.
PureVPN: Port forwarding is available but only through PPTP, which is not safe to use.
TorGuard: Allows up to 10 port forwards via OpenVPN or WireGuard.
Trust.zone: Port forwarding is enabled, but only in some countries.
VPNSecure: Available on dedicated IP connections via OpenVPN IPv4 or IPv6.
Windscribe: Available with a static IP address addon.

All of these VPNs only offer port forwarding on premium subscriptions, and in some cases they even require an additional fee. This means there are no free VPNs that support port forwarding.

What Are the Best VPNs for Port Forwarding?

The best VPNs for port forwarding allow users to set multiple port forward rules simultaneously. You should have a degree of choice over which port numbers to use, and on which servers.

As always, VPNs for port forwarding also need to be secure services with strong encryption, zero-logs privacy policies, and fast speeds.

Based on our latest tests, these are the top three VPNs for port forwarding in 2023:

1. AirVPN: Best for Customization Options

AirVPN is the best VPN for port forwarding. It offers up to 10 remote port forwards on all of its servers, via WireGuard or OpenVPN connections. Our review of AirVPN also measured very fast upload and download speeds for torrenting.

Unlike other VPN services, AirVPN allows users to request any port over 2048. It is also possible to remotely map forwarded ports to a different local port below this range.

The port forwarding settings on the AirVPN website.

In addition to the 10 permanent port forward rules offered by AirVPN, it also offers a dynamic port forwarding option. You can configure your port forwards from the client area of the AirVPN website.

AirVPN is intended for experienced or advanced VPN users, which means it can feel difficult to use for beginners. You’ll need some technical knowledge to make use of its port forwarding feature, but the VPN’s support forums are helpful and well-maintained if you come across any problems.

2. Mullvad VPN: Best for Ease of Use

Mullvad is another excellent torrenting VPN with port forwarding. It gives users the ability to forward up to 5 ports. This can be done on both WireGuard and OpenVPN connections, using IPv4 or IPv6. Port forwards can be managed from the client area of the Mullvad website.

For security reasons, Mullvad only makes port forwarding available to accounts that make one off payments, not to accounts with active subscriptions. Permanent ports are assigned to you specifically, which can represent a small privacy risk. This policy helps to overcome this issue.

Mullvad VPN supports port forwarding in the US.

Overall, our Mullvad review found the VPN to be extremely secure and excellent for torrenting, but it can be difficult to use and it’s not very good for streaming.

3. Private Internet Access: Best Overall VPN with Port Forwarding

Private Internet Access is the highest-rated VPN that also offers a port forwarding feature. It balances effective port forwarding options with a user friendly interface, torrenting support, and good overall performance. Our latest tests also show that PIA is a good VPN for torrenting overall.

PIA’s port forwarding feature allows for a single dynamic port forward at any time. The port is selected automatically, so it may not work for all applications. However, it will enable you to bypass your NAT firewall.

The port forwarding settings in PIA’s Windows application.

PIA doesn’t offer the same number of port forwarding options as AirVPN or Mullvad, and it won’t allow for the same number of forwarded ports simultaneously. However, our PIA review found that it outperforms both these VPNs in other areas, including overall security, speed, and streaming.

If you need a VPN for other areas as well as port forwarding, PIA is the best option.

How Do I Find the Local IP Address for My Device?

You’ll need to know your device’s local IP address to set up a port forward. The process varies between devices, but it is always straightforward.

Here’s a summary of how to find your local IP address on these different devices:

How to Find Your Local IP address on Windows

Open Command Prompt.
Type ipconfig/all.
Your IP address will be displayed.

How to Find Your Local IP Address on MacOS

1. Go to System Preferences, then select Network.
2. Select your current network connection.
3. Select Advanced, then TCP/IP.
4. Your Mac IP address will be displayed here.

How to Find Your Local IP Address on Android

1. 1. Open Settings.
  2. Select About Device, then Status.
  3. The device IP address will be listed on this page.

How to Find Your Local IP Address on iOS

1. 1. Open Settings.
  2. Select WiFi, then tap on the network you’re connected to.
  3. Your device IP address will be listed under ‘IPv4 Address’.

How to Find Your Local IP Address on PS5

1. 1. Navigate to Settings.
  2. Scroll down and select Network
  3. Select View Connection Status.
  4. Your PS5 IP address will be displayed here.

How to Find Your Local IP Address on Xbox Series X/S

1. 1. Press the Xbox button on your controller.
  2. Select Profile & System, then Settings.
  3. Select General, then Network Settings, and finally Advanced Settings.
  4. You can see your Xbox IP address on the right hand side of the screen.

How to Find Your Local IP Address on Nintendo Switch

You’ll need to manually change your Nintendo Switch’s IP Address in order to port forward it. To do this, you’ll also need to know the IP address of another device on your network.

1. Go to the Nintendo Switch ‘Home’ menu.
2. Select Settings.
3. Select Internet, then Internet Settings.
4. Select your local network from the list of Registered Networks.
5. Select Change Settings, then IP Address Settings.
6. Select Manual, then IP Address.
7. Hold down ‘B’ to delete the existing IP address.
8. Enter the IP address from your other device, but add 20 to the last section. For example, if your IP address was xxx.xxx.x.2 it becomes xxx.xxx.x.22.)
9. You can use this IP address when setting up port forwarding on your router.