Flint: Port forwarding does no longer work when a VPN client is enabled on the router

It did not work in firmware 4.2.3 but the bug was fixed in 4.4.6. Unfortunately, I have upgraded to v4.5.0 where the bug is back.
So whatever the settings in “Global Options” of the VPN dashboard, whatever the settings in the Wireguard VPN client and whatever the routing mode “Global Proxy” or another, once the VPN client is enabled, the port forwarding stops working. So as soon as you establish a VPN tunnel from the router to a VPN provider, a computer on the Internet can no longer contact a computer on your LAN through the port forwarding.
It worked in firmware 4.4.6, I did not change anything, just upgraded the firmware and now it does no longer work. I see similar questions (with a few changes) still unsolved on the forum. Can someone help me or do I need to downgrade?

@hansome can you have a check?

Please refer to this workaround,

1 Like

@hansome To make sure I understand properly the instructions before applying them, can you confirm the following commands:
opkg update
opkg install iptables-mod-conntrack-extra
/etc/init.d/firewall restart

Then in case I have an issue, I can rollback typing this:
remove iptables-mod-conntrack-extra;
/etc/init.d/firewall restart

Is that correct?

Yes, that’s correct.

1 Like

Thank you @hansome . It works and it’s even better now than with firmware 4.4.6. Because this time I can select the policy “VPN Policy Based on the Target Domain or IP” to make split tunneling and get the port forwarding working anyway. Before, with firmware 4.4.6, the port forwarding was only working with a VPN client enabled when you selected the policy “Global Proxy”.
So I’m really happy for this improvement.
Many thanks.

1 Like

@hansome I seem to be experiencing the same issue on my Beryl. But using the fix you suggested (installing iptables-mod-conntrack-extra) did not seem to help either on 4.5.0 or 4.5.16.

Instead, if I downgrade back to 4.4.6, I can have both VPN client and WAN-to-LAN port forward working again.

Any ideas?

With firmware 4.5.16, no extra step is needed.
Please export and send a log by Private Message.