When it comes to accessing in-network resources when you’re outside of your network, there are two options. You can either use port forwarding, or you can use a virtual private network, or VPN. While both options will allow you to access the resources you need – servers, network-attached storage devices, or even your router configuration – one is superior to the other.
Option #1 – Port Forwarding
You might be familiar with the concept of IP addresses. Basically, every device on your network (and the internet, for that matter) has its own distinct address that allows traffic to be transmitted to and from it. What you may not be familiar with is the concept of ports. You can think of the IP address as a big office building, where the ports are the individual suite numbers where the businesses are located. So, while you could send mail to the address of the office building, if you want it to go to Company A in suite 210, you’ll need to address your mail with the suite number so the post office knows where to deliver it.
Under normal circumstances, your network is configured to restrict the ability to access most of these ports from the outside internet. This is because there are security implications to exposing them to outside traffic. In other words, exposing certain ports to the internet means exposing your network to hacking and all the nasty surprises that come along with it.
To be clear, under certain limited circumstances and for certain specific use cases, port forwarding has its place and can work well. However, a VPN will be the better option in most cases.
Option #2 – VPN
A VPN might sound complex, but the concept is actually very simple. Let’s go back to our earlier analogy of the big office building and the individual suites. In the example of port forwarding, we put the suite number on our mail so that the post office knew where to deliver it. Think of a VPN like a locked-down office building with tight security. Instead of the post office just being able to deliver mail directly to a suite number, they must instead check in at the front desk. Then, the front desk provides them with a special security pass that allows them to access the rest of the building and deliver the mail to the intended suite number.
In the same way, a VPN acts as the “security pass” for any traffic coming into your network from you over the internet. It allows your computer outside the network to behave as if it was inside the network. It does this by establishing what is known as a tunnel. By using a VPN, you don’t have to directly expose any ports on your network to the outside internet. Instead, your computer creates a secure tunnel into your network and sends the traffic through it.
Why it Matters
There are two main reasons why VPNs are superior to port forwarding:
1. They eliminate a lot of unnecessary router and firewall configuration.
2. They provide increased security.
As far as the first point is concerned, if you were to opt for port forwarding, you would need to take the time to configure special forwarding rules for any traffic that you wanted to allow into your network. Instead, with a VPN, you simply connect to it then access the internal network resources you need without any further special configuration.
The second point is true for multiple reasons. The first is that no unnecessary ports need to be directly exposed to the internet when a VPN is used. This means that potential hackers have fewer points of entry to your network. Also, when your computer is connected to a VPN, it can send all its traffic (including internet traffic like Google searches) through the secure VPN tunnel. This tunnel is encrypted, meaning any outside parties can’t snoop on it or see what it is. This makes VPNs particularly valuable for individuals who find themselves working from public Wi-Fi frequently. They can connect to their VPN and safely access secure websites such as their online banking, knowing that their traffic is securely encrypted within the VPN tunnel.
In conclusion, if you’re asking whether to use port forwarding or a VPN, the answer should almost always be to use a VPN.