When it comes to accessing in-network resources when you’re outside of your network, there are two options. You can either use port forwarding, or you can use a virtual private network, or VPN. While both options will allow you to access the resources you need – servers, network-attached storage devices, or even your router configuration – one is superior to the other.
Option #1 – Port Forwarding
You might be familiar with the concept of IP addresses. Basically, every device on your network (and the internet, for that matter) has its own distinct address that allows traffic to be transmitted to and from it. What you may not be familiar with is the concept of ports. You can think of the IP address as a big office building, where the ports are the individual suite numbers where the businesses are located. So, while you could send mail to the address of the office building, if you want it to go to Company A in suite 210, you’ll need to address your mail with the suite number so the post office knows where to deliver it.
Under normal circ*mstances, your network is configured to restrict the ability to access most of these ports from the outside internet. This is because there are security implications to exposing them to outside traffic. In other words, exposing certain ports to the internet means exposing your network to hacking and all the nasty surprises that come along with it.
To be clear, under certain limited circ*mstances and for certain specific use cases, port forwarding has its place and can work well. However, a VPN will be the better option in most cases.
Option #2 – VPN
A VPN might sound complex, but the concept is actually very simple. Let’s go back to our earlier analogy of the big office building and the individual suites. In the example of port forwarding, we put the suite number on our mail so that the post office knew where to deliver it. Think of a VPN like a locked-down office building with tight security. Instead of the post office just being able to deliver mail directly to a suite number, they must instead check in at the front desk. Then, the front desk provides them with a special security pass that allows them to access the rest of the building and deliver the mail to the intended suite number.
In the same way, a VPN acts as the “security pass” for any traffic coming into your network from you over the internet. It allows your computer outside the network to behave as if it was inside the network. It does this by establishing what is known as a tunnel. By using a VPN, you don’t have to directly expose any ports on your network to the outside internet. Instead, your computer creates a secure tunnel into your network and sends the traffic through it.
Why it Matters
There are two main reasons why VPNs are superior to port forwarding:
1. They eliminate a lot of unnecessary router and firewall configuration.
2. They provide increased security.
As far as the first point is concerned, if you were to opt for port forwarding, you would need to take the time to configure special forwarding rules for any traffic that you wanted to allow into your network. Instead, with a VPN, you simply connect to it then access the internal network resources you need without any further special configuration.
The second point is true for multiple reasons. The first is that no unnecessary ports need to be directly exposed to the internet when a VPN is used. This means that potential hackers have fewer points of entry to your network. Also, when your computer is connected to a VPN, it can send all its traffic (including internet traffic like Google searches) through the secure VPN tunnel. This tunnel is encrypted, meaning any outside parties can’t snoop on it or see what it is. This makes VPNs particularly valuable for individuals who find themselves working from public Wi-Fi frequently. They can connect to their VPN and safely access secure websites such as their online banking, knowing that their traffic is securely encrypted within the VPN tunnel.
In conclusion, if you’re asking whether to use port forwarding or a VPN, the answer should almost always be to use a VPN.
FAQs
A separate Port Forwarding rule is required to access each service on each device which can quickly become cumbersome with multiple services and devices. In contrast, a VPN provides access to the device by creating a connection to the IP router or firewall that can be used to access all devices behind the firewall.
What are the advantages of using a remote access VPN rather than simply port forwarding data into a network? ›
By routing to a remote VPN server instead of your ISP's servers, a VPN masks your IP address, prevents ISP tracking, and keeps your personal data private.
Does port forwarding bypass VPN? ›
Port forwarding can be used to direct internet traffic to a selected port on a client device that is hosting a public-facing service, such as a website, while the VPN is active. In this scenario, port forwarding allows visitors from the internet to access a local host even though this host is shielded by the VPN.
What is better than port forwarding? ›
By using a VPN, you don't have to directly expose any ports on your network to the outside internet. Instead, your computer creates a secure tunnel into your network and sends the traffic through it. There are two main reasons why VPNs are superior to port forwarding: 1.
What are the disadvantages of port forwarding? ›
Facilitation of DDoS attacks
Port forwarding can increase the risk of facilitation of Distributed Denial of Service (DDoS) attacks because it opens a door into a network and its connected devices, making them more accessible to potential attackers.
Is there a better way than VPN? ›
One of the best alternatives to a VPN is a proxy server. A proxy server acts as a gateway that sits between a user's device and the internet. The user can activate the server in their web browser and proceed to reroute their traffic through it. This helps to hide their IP address from any web servers that they visit.
Why shouldn't you use a VPN? ›
If you don't want your internet connection to be unpredictable at times, it's best not to download a VPN. Many reputable services can offer fast servers, but encrypting all your online activity can sometimes slow down connection speeds. The second most common downside to using a VPN is also linked to unpredictability.
What are three drawbacks of VPNs as a remote access solution? ›
What are three drawbacks of VPNs as a remote access solution? Three drawbacks of VPNs are: they can slow down internet speeds, they may not support all applications, and they can be complex to manage.
What is the biggest advantage of a VPN? ›
The main benefit of using a virtual private network (VPN) is data privacy. But a VPN offers much more than that: Privacy. Using a VPN masks your real IP address and location, making your online activity more private.
Is port forwarding worth it? ›
Port forwarding is necessary if you want to host any multiplayer game. Without it, other players won't be able to join in over the internet. Make sure to check whether the game you're about to play requires port forwarding. However, port forwarding isn't necessary in your daily life.
Port forwarding, also known as port management, allows remote servers and devices on the internet to be able to access devices that are on a private network. If you are not using port forwarding, only devices on that private internal network can have access to each other or your network.
Does port forwarding expose an IP address? ›
A port-forwarding VPN is then a VPN that allows your computer to be accessed by its public IP on the forwarded port, while still being protected by the VPN for all other cases. In other words, the forwarded port is an entrance to your computer that bypasses the VPN.
Is tunneling the same as port forwarding? ›
SSH port forwarding, also known as SSH tunneling, is the process of transmitting data over an encrypted secure shell connection between a local and distant server. It allows users to access services that firewalls would otherwise restrict or prevent.
What is port forwarding for dummies? ›
What is port forwarding? Port forwarding is a map between a router's public IP address and the IP addresses and ports of the services running on a network. It tells your router to relay data that it receives on a specific port to a specific port on a specific private IP address on the network.
Is a reverse proxy safer than port forwarding? ›
A forward proxy deals with client traffic, regulating and securing it. In contrast, a reverse proxy shields servers by handling client requests, ensuring they reach the right server, and returning the results to clients, who are unaware of the server's direct involvement.
Does port forwarding increase security? ›
Forwarding ports through a DMZ gives you an extra layer of security and protects your network from being vulnerable. A DMZ or demilitarized zone is a perimeter that protects and adds an extra layer of security to an organization's internal network from untrusted outside traffic.
Which port is best for VPN? ›
For OpenVPN, commonly recommended ports are UDP 1194, which is the official OpenVPN port, and TCP 443. UDP 1194 is known for speed and is the default OpenVPN setting, whereas TCP 443 is advantageous for bypassing firewalls as it's the same port used by secure HTTPS traffic.
