Understanding what VPN Port Forwarding does locally

[essence]

I use a VPN service provider (similar to NordVPN etc), which offers port forwarding (opening ports). My understanding is that this is beneficial for some applications, such as BitTorrent.

However, I am trying to understand what the functionality of opening ports actually accomplishes technically, and also what are the security implications of this for me as a home network user.

Am I right that the ports are being opened on the VPN service provider's side, and then somehow "forwarded" in an open state to my LAN? Like so, in the case of BitTorrent:

My Router/Computer ← Encrypted TCP Repackaging → VPN Service Provider w/ Open Ports ← TCP/UDP → P2P (BitTorrent)

If so, is this setup essentially equivalent to opening ports on my local router firewall, or as effectively opening ports on my computer (which is the client on one end of the VPN tunnel)? Or shall this rather be viewed as it is the VPN service provider that takes the "risk" of opening ports, while my home connection is still closed off?

Thank you for illuminating how this works, and security concerns in regards to this topic.

 

[ColinTaylor]

Am I right that the ports are being opened on the VPN service provider's side, and then somehow "forwarded" in an open state to my LAN?

Yes I believe so. The public IP address of the VPN provider's node is shared with many customers. One port on that address is reserved for you and any unsolicited connections to that port are forwarded down your tunnel. The traffic exits the tunnel on the VPN client's interface so this works simply enough when the client is running on a PC. If the client is running on your router the traffic would end up there. So unless there is a router service listing on that port or it is forwarded somewhere the traffic will have nowhere to go.