To run a SoftEther VPN Server properly, you’ll need to ensure specific ports are open both on your firewall and ISP (or NAT router). Here’s is the list of the default and recommended ports:
🔐 SoftEther VPN Server – Default Ports to Open
| Protocol | Port | Purpose |
|---|---|---|
| TCP | 443 | HTTPS VPN / SSL-VPN (Primary for SoftEther – works well behind firewalls, like HTTPS) |
| TCP | 992 | For VPN over ICMP/UDP (if enabled) |
| TCP | 5555 | Admin management port (can be changed; optional) |
| TCP | 1194 | OpenVPN mode (optional, if enabled) |
| TCP | 1701 | L2TP (used with IPsec) |
| UDP | 500 | IPsec (for L2TP/IPsec) |
| UDP | 4500 | IPsec NAT traversal |
| UDP | 1701 | L2TP |
| TCP | 1080 | SOCKS proxy (optional, if configured) |
✅ Minimum Required (Basic SSL-VPN Setup)
If you’re just using the SoftEther SSL-VPN protocol, you only need:
- TCP 443 open (or another port if you’ve changed it)
This lets SoftEther work behind most restrictive firewalls, as it mimics HTTPS.
💡 Recommendations
- Avoid using 443 if your firewall already uses it for HTTPS web services. You can choose a custom TCP port (like 8443).
- Always verify the listening ports in the SoftEther Server Manager (check “Listener Ports”).
- If you’re behind NAT (e.g., home router), forward these ports to your VPN server’s private IP.
- On your ISP router/firewall, ensure these ports aren’t blocked. Some ISPs block ports like 1194 or 500/4500 by default.
- If using OpenVPN mode, open TCP/UDP 1194 accordingly.
- If using L2TP/IPSec, ensure:
- UDP 500
- UDP 4500
- UDP 1701
