Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Thursday, March 21, 2013

Comodo Unite ports

rss Comodo Unite (EasyVPN) - CUnite
Appendix 2 - How to improve performance by using direct connections
In order to establish direct connections between clients (highly recommended), system administrators have to open certain ports on both client computers and NAT/Firewall (if applicable).

Ports need to connect to servers:
  • TCP 443 connect to Unite server/web server
  • UDP 8000 for p2p mediator server
Ports needed for clients to connect to each other:
  • UDP 12000 -13000 – to build direct, peer-to-peer, connection between clients
Unite attempts to use a random port between 12000 and 13000 for P2P connections. Unite tries to bind to one available port in this range, moving to the next if it happens to be in use by another application. Some firewalls or routers may entirely block network traffic on this range. If this range is not available the Unite server will establish a relayed connection instead.


All connection requests to other machines in your network are initially brokered by the Comodo Unite server. Upon receipt of the connection request, the server will first attempt to set up a direct, peer-to-peer connection between the computers. If it cannot establish a direct connection, then it executes the next best option of establishing a relayed connection.
  • A direct connection is, as the name suggests, a straight connection between computers in a Unite network (peer to peer connection).
  • In contradistinction, a relay connection means the Unite server acts as 'middle man' between the two computers in the network. Computer A connects to the Unite server and the Unite server connects to Computer B. All information sent from Computer A will pass through a secure, encrypted tunnel through the server to Computer B.
Why Are Direct Connections Better?

  • Speed - With direct connections, data is passed directly back and forth rather than being redirected through the extra hop of the Unite server. Relayed connections are always going to suffer from a certain lag due to this simple fact.
  •  Reliability- A direct connection will decrease or eliminate the effect of any server issues on your network (for example, server downtime, slow response times during times of high traffic).

Logmein additional Information for  (TCP  443)

You can set a static UDP listening port and TCP handshake port by configuring it in  
System - Preferences - Settings - Advanced Settings under Peer Connections.  Complete both values if you have multiple Internet connections.

If you are behind a router you must forward the port's UDP/TCP traffic from your router to the machine.  Follow the instructions for your router from  If you have multiple machines behind the same router, you will need to choose different ports for each to avoid conflicts.

  I wanted to forward ports 30001 TCP and 30001 UDP to Computer B, just to make eMule work with HighID. But unfortunately, Computer B couldn't get access to these ports with Comodo enabled on Computer A (with ICS).

After many probes I have found a solution!

You need to use the Application Rules, NOT the Global Rules!

In the Application Rules click ADD and bring on the Running Applications window. Then select "Windows Operating System" on the top.
Now create a rule for it:

Action: Allow
Protocol: TCP/UDP
Direction: Incoming

Source address: Any
Destination address: Any
Source port: Any

It has to be like this to make it work! And of course you have to add this rule in the host computer, that runs the ICS.
How do I open ports in Comodo?
Open up the GUI for CFP 3 (2007), go to Firewall-Advanced-Network Security Policy-Global Rules and select Add, then add those rules:

Action: Allow

Protocol: TCP

Direction: In/Out

Source Address: Any

Destination Address: Any

Source port: Any

Destination Port: 3689

Action: Allow

Protocol: UDP

Direction: In/Out

Source Address: Any

Destination Address: Any

Source port: Any

Destination Port: 5353

No comments: