Overview
Softdrive uses a combination of TCP and UDP traffic to deliver secure, high-performance remote desktop sessions. These ports support session establishment, encrypted media streaming, and management communications.
Firewalls on both the local client and cloud desktop must allow this traffic to ensure successful connections.
This guide walks you through configuring the necessary firewall and port settings for proper communication between the Softdrive Remote Desktop Client and Server.
Index
1. Security and Encryption2. Server Configuration
3. Client Configuration
4. STUN Service
5. Testing Connectivity
6. Final Notes
Content
1. Security and Encryption
All traffic is encrypted using secure protocols:
| Transport | Protocol | Encryption Method | Cipher |
|---|---|---|---|
| TCP | TLS | Pre-Shared Key | ChaCha20-Poly1305 |
| TCP | HTTPS | Certificate-Based | AES |
| UDP | SRTP | Pre-Shared Key | AES |
2. Server Configuration
Ensure the following firewall rules are applied on the server:
| Protocol | Direction | Port Range | Description |
|---|---|---|---|
| UDP | Inbound | 9250–9254 | Softstream application data (SRTP + AES) |
| TCP | Inbound | 9260 | Softstream application data (TLS + ChaCha) |
| TCP | Inbound | Ephemeral (OS default) | Communications with Softnet (HTTPS) |
| UDP | Outbound | 58000–59000 | Sends data to client |
Add SoftdriveServer.exe to Windows Firewall as allowed.
3. Client Configuration
Apply the following firewall rules on the client:
| Protocol | Direction | Port Range | Description |
|---|---|---|---|
| UDP | Outbound | 9250–9254 | Sends data to server |
| TCP | Outbound | 9260 | Softstream application data (TLS + ChaCha) |
| TCP | Outbound | 443 | Communications with Softnet (HTTPS) |
| UDP | Inbound | 58000–59000 | Receives data from server |
Add SoftdriveClient.exe to Windows Firewall as allowed.
4. STUN Service
Whitelist the four STUN Server IP’s shown below and ensure the required ports listed below are open on a bidirectional basis for all your firewall and network security devices.
Outbound from the Cloud Desktop
| Item | DNS | Required | To STUN server IP's | Network Protocol | Source Port | Destination Port |
|---|---|---|---|---|---|---|
| 1 | stun.softdrive.co | Yes | 141.148.25.156 | UDP | 9256 | 3478, 3479 |
| 2 | None | Yes | 129.80.6.68 | |||
| 3 | None | Yes | 157.151.203.176 | |||
| 4 | None | Yes | 129.213.189.177 |
Inbound to the Cloud Desktop
| Item | DNS | Required | From STUN server IP's | Network Protocol | Source Port | Destination Port |
|---|---|---|---|---|---|---|
| 5 | stun.softdrive.co | Yes | 141.148.25.156 | UDP | 3478, 3479 | 9256 |
| 6 | None | Yes | 129.80.6.68 | |||
| 7 | None | Yes | 157.151.203.176 | |||
| 8 | None | Yes | 129.213.189.177 |
5. Testing Connectivity
After configuring the firewall:
- Verify that the client can connect to the remote session.
- Use tools like
Test-NetConnectionortelnetto validate TCP connectivity. - Use packet capture (Wireshark) to verify encrypted traffic over correct ports.
6. Final Notes
- Ephemeral ports are assigned dynamically by the OS and must be open for responses.
- All communication is encrypted for confidentiality and integrity.
- Always test with the firewall enabled to confirm ports are functioning correctly.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article