Source-Connect 3.9 Pro and VPN Mode
This article is part of the Source-Connect Pro and Pro X 3.9 User Guide
Source-Connect operates as a peer-to-peer type application over the UDP protocol, and this can cause connectivity problems when attempting to establish a two-way data connection in an unconfigured or very strict network. Factors such as firewalls and multi-layer subnets will generally make it difficult to walk into a venue and be confident of establishing a two-way Source-Connect session. Additionally, certain environments have strict security policies, so allowing firewall and network configurations are not possible.
As a solution, Source-Connect Pro can operate in VPN mode. This solves three problems: connectivity confidence, security, and privacy.
VPN mode and connectivity confidence
VPN connections operate over the TCP protocol and can function even within strict networks and proxy servers because it is possible to tunnel over HTTP. If a suitable VPN solution is implemented, all the enduser requires is a software client that they need to run when they wish to connect. Access can be strictly managed with unique, time-critical passwords. Cisco, for example, has such a VPN solution available where the client software is freely distributable and operates transparently. Or, solutions utilizing IPSEC may be suitable, which can be activated with built-in Mac OSX software for example.
VPN Security / Privacy
Where security and privacy are concerns, the best solution is one where you have complete control over the security methods. When Source-Connect Pro is in VPN mode it is configured to disallow connections to external IP addresses, so you can be confident that your network is secure.
Unsupported VPN clients
VPN clients such as NordVPN, ExpressVPN and Hamachi, generally used to mask your IP address, are not supported. Please visit the Zero Tier One article to see an example of a supported service.
Using VPN Mode and managing Security
Source-Connect accepts VPN connections according to RFC1918 on the addresses of:
To switch to VPN mode in Source-Connect press 'Enter VPN mode' in the login window.
Your own private IP address is available under the 'this address' menu. You may have more than one private address so make sure to select the one you will use for the connection.
In the VPN mode Source-Connect uses IPs and port numbers specified on the 'Contacts' tab.
If the 'Contacts' tab specifies:as local address and:as the peer address,Source-Connect will do the following:
- Connect to:via TCP from any of the free local ports.Source-Connect will dynamically select the local port for the outgoing TCP connection to:. So outbound connection from all the TCP ports on should be allowed.
- Listen for incoming TCP connections on:and establish a connection if required. So this port needs to be opened inbound.
- Listen for UDP data on:and:(for RTP and RTCP). So these ports need to be opened inbound.
- Send UDP data to:and:(for RTP and RTCP). All outbound UDP traffic should be allowed. The 'bind outbound to ports:and:UDP (when port is 6000 this means 6002-3)' option, work in VPN mode as well, but it only applies to the UDP traffic.
- Send TCP data to:from an undetermined TCP port. The outbound port for TCP traffic is created dynamically and currently cannot be determined before a connection is created.
For technical support, you are welcome contact us. Please note, however, that when working with private networks we are unable to offer assistance directly on Source-Connect without being given access credentials to your VPN.
Using VPN Mode with ZERO TIER ONE
Source-Connect Pro supports the free Zero Tier One® VPN application. This allows you to make a secure connection over most firewalled networks without requiring any previous setup. A full guide on using Zero Tier One is available here.