Ports are digital endpoints in a device that serve as both the starting and ending points for internet connections. Each port has a number identifying a specific process that sends your traffic to the internet. In simple terms, apps, websites, and other online processes have unique port numbers.
This allows networks to route your traffic to the internet and back effectively. And since all online processes need a port number, a VPN (Virtual Private Network) is no exception. A VPN’s port number depends on the VPN protocol used to establish your connection.
Knowing key port numbers, you can specifically identify the processes that send your traffic to the internet. Let’s take a closer look at the VPN ports you may run into and the reasons why you should be aware of them.
Table of contents
What is a VPN port?
A VPN port is a port used by a VPN protocol to establish a secure connection to the internet. A VPN connection sends your encrypted traffic to a VPN server through a tunnel. A VPN port acts as a starting point when the data travels to the VPN server and as an endpoint when data returns to your device.
VPN ports can be split into two types — ones that use UDP (User Datagram Protocol) and ones that use TCP (Transmission Control Protocol) to transfer data packets through a VPN tunnel. UDP is faster but less reliable, while TCP is slower but more consistent.
Some VPN protocols can use both TCP and UDP, but they have different port numbers for each of these ports.
What ports does a VPN use?
The ports a VPN uses depend solely on the VPN protocols used for your connection. Surfshark uses WireGuard, OpenVPN, and IKEv2 protocols. As a default, WireGuard uses UDP port 51820, OpenVPN uses UDP port 1194 and TCP port 443, and IKEv2 uses UDP 500 and UDP 4500 ports.
Here are some more default port numbers for other VPN protocols that are still in use today:
VPN protocol | Port number |
|---|---|
WireGuard | UDP 51820 |
OpenVPN | UDP 1194 TCP 443 |
IKEv2 (Internet Key Exchange Version 2) | UDP 500 UDP 4500 |
PPTP (Point-To-Point Tunneling Protocol) | TCP 1723 |
SSTP (Secure Socket Tunneling Protocol) | TCP 443 |
L2TP (Layer Two Tunneling Protocol) | UDP 500 UDP 4500 TCP 1701 |
IPSec (Internet Protocol Security) | UDP 500 UDP 4500 |
What is port forwarding?
Port forwarding is a technique that allows certain traffic to bypass firewalls and other security measures. It does so by telling your router’s NAT (Network Address Translation) system that this traffic is safe and shouldn’t be blocked. Port forwarding is typically used to access your home network remotely or create secure remote servers.
However, it has quite a few security flaws, which is why Surfshark and many other premium VPNs choose not to offer a port forwarding feature to its users. A secure VPN connection only uses secure ports and closes all others that may damage the security of your connection. With port forwarding, more ports stay open, which opens up doors for bad actors online.
Which VPN ports should you avoid?
The security of your connection is not defined by a port number. Instead, the security of your connection depends on two factors: the VPN protocol and the encryption that a VPN service uses. However, if you want to look for unsafe VPN ports, look no further than TCP 1723. Not because the port itself is unsafe but because it’s linked to the least secure protocol — PPTP.
So, port numbers aren’t all that important when you’re looking for a secure VPN service. Before anything else, you should make sure the VPN service offers secure encryption, modern protocols, a vast server infrastructure, and undergoes regular audits. If a VPN meets these criteria, it will typically use secure ports as well.
Surfshark uses industry-leading AES-256 encryption to protect your data. It has an audited infrastructure with 3200+ servers worldwide and modern protocols to establish your connection. So you can rest assured that Surfshark will effectively protect your online privacy, hide your IP address, and definitely won’t use dodgy ports for your connection.
Should you be worried about your VPN port?
For most users, a port will always be a number attached to the end of your IP address. It stays in the background yet is essential for an effective internet connection. Unless you absolutely must change your port number to bypass certain firewalls or other security measures, you probably shouldn’t fiddle with the port number.
Much like all online processes, VPNs have their own port numbers, which are assigned to a VPN protocol. The port doesn’t really have a big impact on your connection since its security and other features are determined by the protocol used.
FAQ
What is port 500 used for?
Port 500 is one of a few networking ports used for VPN connections. The protocols that use this port include the likes of IPSec, L2TP, and IKEv2.
Do VPNs use port 443?
Yes, some VPNs may use port 443. Particularly those that employ OpenVPN or SSTP protocols to establish a VPN connection. Port 443 is most commonly known for its use with HTTPS traffic and is rarely, if ever, blocked or restricted by firewalls or other security measures.
How do I find my VPN port?
The process of finding your port number is different depending on the platform you use. Here’s how you can do it on macOS and Windows:
Windows | macOS |
|---|---|
1. Press Windows Key + S. | 1. Press Command + Spacebar. |
2. Type in cmd and press Enter. | 2. Type in terminal and press Enter. |
3. In the console, type in netstat -a and press Enter again. | 3. In the terminal, type in netstat -an and press Enter again. |
4. Your ports will be listed under the Local Address column in the format | 4. Your ports will be listed under the Local Address column in the format |
If you need a more detailed guide, check out our article on how to find your port number.
