To identify the magic port, you can use nmap while inside the wifi network, and scan the IP address of your VPS for all UDP and TCP ports:
nmap -sU -sS -p1-65535 <vps ip>
The idea here is that the firewall at the wifi end is blocking packets leaving the local network, but any that get through, must be via open ports. So on the VPS side, you run
tcpdump -i <interface name> host <public IP address of wifi router>
You will need to work out the public address by going to http://whatismyip.com
We are not interested in the results that nmap comes back with, we want to see what tcpdump sees - any packet that makes it to the VPS will have passed through the firewall, so the destination port of the packet will tell us which ports are open:
13:23:32.805549 IP <wifi router>.2154 > <vps>.ssh
The above fragment shows that a packet arrived on the ssh port, which is 22, which must be permitted through the firewall.
Note that while you are able to do DNS queries, it does not follow that port 53 is open to the internet. The usual case is that you are permitted contact to controlled DNS servers, and it is those that can forward DNS requests out to the internet - much like in a domestic setting you often set your router to be the DNS server for the network, and it is the router that resolves queries.
If it is the case that port 53 is open only to specific DNS server, then you can get around it using an IP over DNS tunnel. If you have a VPS running a DNS server and you have a domain name you can can control, you could use iodine which allows you to tunnel IP over DNS queries, and so removes the need for OpenVPN (though running OpenVPN inside the tunnel will ensure your packets are protected. You could also do the same with ssh).
On your router, also forward port 902 to your VMWare host IP address.
When outside of your network this method should work as following:
Connected using External IP (go to google and search "what is my IP") > Internal Router
=========================================================================
Router Setup = Single Port Forwarding:
ESX Host = 443 > 443 > Both (TCP/UDP) > Your machine's IP > Enabled
Vsphere Client = 902 > 902 > Both (TCP/UDP) > Your machine's IP > Enabled
==========================================================================
Computer Setup = Firewall Settings:
Inbound = Set VMware Player/Vsphere Client/Workstation/etc. > Private, Public, and Domain!
Outbound = Do the same for outbound as you did for inbound!
==========================================================================
Testing Using CMD = Ensure Telnet is enabled:
telnet (External IP Address you got from google) (Ports that are need to be tested)
Example: telnet 182.521.22.1 902 (do the same for 443)
If you get a blank black screen then you connected successfully and you can connect remotely
===========================================================================
Testing Vsphere Client:
When you open the Program:
Type in the External IP:Port Number
Example:
External IP Address: 182.521.22.1:443
User: root
Password: alfjhdl;fdsj;lhd
If you connect to your ESXi Host, then you've been successful!
============================================================================
If you are unable to connect or telnet:
1. Check your firewall to ensure ports 902 and 443 are allowed for Inbound/Outbound for Domain, Public, and Private.
2. Check to see if you have any other program blocking the connection by disabling the program from running (Malwarebytes, etc.)
=============================================================================
As a side note, you might want to sign up for dynamic DNS so you can use a host name for you External facing IP address. You can then sign into the Vshphere Client using the FQDN of your DDNS rather than your External IP address.
Good luck!
Best Answer
This link shows that port 902 needs to be open between the vCenter Server (source) and the ESX(i) host (target) in order to be able to make a remote MKS connection, as you suspected.
[If the above link doesn't work, try this.]