Overview
Softdrive uses a combination of TCP and UDP traffic to deliver secure, high-performance remote desktop sessions. These ports support session establishment, encrypted media streaming, and management communications.
Firewalls on both the local client and cloud desktop must allow this traffic to ensure successful connections.
This guide walks you through configuring the necessary firewall and port settings for proper communication between the Softdrive Remote Desktop Client and Server.
Applies To
- Softdrive Remote Desktop Client (Softstream)
- Softdrive Cloud Desktops (Windows-based VMs)
Softdrive Server components (SoftdriveServer.exe)
Network environments with firewalls or security appliances (e.g., corporate networks, VPNs, EDR/NGFW solutions)
Prerequisites
Before starting, verify the following:
You have administrator privileges on both the client machine and the cloud desktop.
You have access to network/firewall configuration tools (Windows Firewall, third-party firewall, or network appliance).
The Softdrive Client (Softstream) is installed and up to date on the local machine.
The cloud desktop is powered on and accessible from the Softdrive portal.
You have the ability to allow outbound and inbound traffic on required ports within your network.
If applicable, access to your network administrator for changes on corporate firewalls or VPNs.
Procedure
1. Security and Encryption
All traffic is encrypted using secure protocols:
| Transport | Protocol | Encryption Method | Cipher |
|---|---|---|---|
| TCP | TLS | Pre-Shared Key | ChaCha20-Poly1305 |
| TCP | HTTPS | Certificate-Based | AES |
| UDP | SRTP | Pre-Shared Key | AES |
2. Server Configuration
Ensure the following firewall rules are applied on the server:
| Protocol | Direction | Port Range | Description |
|---|---|---|---|
| UDP | Inbound | 9250–9254 | Softstream application data (SRTP + AES) |
| TCP | Inbound | 9260 | Softstream application data (TLS + ChaCha) |
| TCP | Inbound | Ephemeral (OS default) | Communications with Softnet (HTTPS) |
| UDP | Outbound | 58000–59000 | Sends data to client |
Add SoftdriveServer.exe to Windows Firewall as allowed.
3. Client Configuration
Apply the following firewall rules on the client:
| Protocol | Direction | Port Range | Description |
|---|---|---|---|
| UDP | Outbound | 9250–9254 | Sends data to server |
| TCP | Outbound | 9260 | Softstream application data (TLS + ChaCha) |
| TCP | Outbound | 443 | Communications with Softnet (HTTPS) |
| UDP | Inbound | 58000–59000 | Receives data from server |
Add SoftdriveClient.exe to Windows Firewall as allowed.
4. STUN Service
Whitelist the four STUN Server IP’s shown below and ensure the required ports listed below are open on a bidirectional basis for all your firewall and network security devices.
Outbound from the Cloud Desktop
| Item | DNS | Required | To STUN server IP's | Network Protocol | Source Port | Destination Port |
|---|---|---|---|---|---|---|
| 1 | stun.softdrive.co | Yes | 141.148.25.156 | UDP | 9256 | 3478, 3479 |
| 2 | None | Yes | 129.80.6.68 | |||
| 3 | None | Yes | 157.151.203.176 | |||
| 4 | None | Yes | 129.213.189.177 |
Inbound to the Cloud Desktop
| Item | DNS | Required | From STUN server IP's | Network Protocol | Source Port | Destination Port |
|---|---|---|---|---|---|---|
| 5 | stun.softdrive.co | Yes | 141.148.25.156 | UDP | 3478, 3479 | 9256 |
| 6 | None | Yes | 129.80.6.68 | |||
| 7 | None | Yes | 157.151.203.176 | |||
| 8 | None | Yes | 129.213.189.177 |
5. Testing Connectivity
After configuring the firewall:
- Verify that the client can connect to the remote session.
- Use tools like
Test-NetConnectionortelnetto validate TCP connectivity. - Use packet capture (Wireshark) to verify encrypted traffic over correct ports.
6. Final Notes
- Ephemeral ports are assigned dynamically by the OS and must be open for responses.
- All communication is encrypted for confidentiality and integrity.
- Always test with the firewall enabled to confirm ports are functioning correctly.
Expected Result
After completing the configuration:
The Softdrive client successfully establishes a connection to the cloud desktop.
Remote sessions launch without delays or connection errors.
Audio, video, and input (keyboard/mouse) perform smoothly.
Traffic flows over the required TCP and UDP ports without being blocked.
No firewall-related errors appear during connection or session use.
Troubleshooting
If the issue continues, check the following:
Verify all required ports and protocols (TCP/UDP) are open on both client and server.
Confirm SoftdriveClient.exe and SoftdriveServer.exe are allowed through the firewall.
Ensure STUN server IPs and ports (3478–3479) are not blocked.
Temporarily disable firewall or security software to test if the issue is related to filtering.
Check for network restrictions such as VPNs, proxies, or corporate security policies.
Run connectivity tests:
Test-NetConnection -Port 9260Test-NetConnection -Port 443
Use packet capture tools (e.g., Wireshark) to confirm traffic is flowing over expected ports.
Try connecting from a different network (e.g., hotspot) to rule out local network issues.
If the issue persists, please open a ticket at support@softdrive.co with details of your network setup and any error messages.