It did not work in firmware 4.2.3 but the bug was fixed in 4.4.6. Unfortunately, I have upgraded to v4.5.0 where the bug is back.
So whatever the settings in “Global Options” of the VPN dashboard, whatever the settings in the Wireguard VPN client and whatever the routing mode “Global Proxy” or another, once the VPN client is enabled, the port forwarding stops working. So as soon as you establish a VPN tunnel from the router to a VPN provider, a computer on the Internet can no longer contact a computer on your LAN through the port forwarding.
It worked in firmware 4.4.6, I did not change anything, just upgraded the firmware and now it does no longer work. I see similar questions (with a few changes) still unsolved on the forum. Can someone help me or do I need to downgrade?
@hansome can you have a check?
Please refer to this workaround,
@hansome To make sure I understand properly the instructions before applying them, can you confirm the following commands:
opkg update
opkg install iptables-mod-conntrack-extra
/etc/init.d/firewall restart
Then in case I have an issue, I can rollback typing this:
remove iptables-mod-conntrack-extra;
/etc/init.d/firewall restart
Is that correct?
Yes, that’s correct.
Thank you @hansome . It works and it’s even better now than with firmware 4.4.6. Because this time I can select the policy “VPN Policy Based on the Target Domain or IP” to make split tunneling and get the port forwarding working anyway. Before, with firmware 4.4.6, the port forwarding was only working with a VPN client enabled when you selected the policy “Global Proxy”.
So I’m really happy for this improvement.
Many thanks.
@hansome I seem to be experiencing the same issue on my Beryl. But using the fix you suggested (installing iptables-mod-conntrack-extra) did not seem to help either on 4.5.0 or 4.5.16.
Instead, if I downgrade back to 4.4.6, I can have both VPN client and WAN-to-LAN port forward working again.
Any ideas?
With firmware 4.5.16, no extra step is needed.
Please export and send a log by Private Message.
This issue is back on firmware version 4.7.7.. I had to downgrade to version 4.7.4 to get it work 
Hello,
May I know what router model you are using?
Hi.. I am using Flint 2 - GL-MT6000... weirdly enough I found the port forwarding actually works for a few seconds when u click the enable/ disable of the port u want to froward.. and then it stops working
If downgraded to v4.7.4 firmware of Flint 2, will the port forwarding rules be stable to work?
It seems that does not reproduce localy.
Could you please share the router with us through GoodCloud?
- Please upgrade to v4.7.7 firmware.
- Please PM me know the router MAC address and login Web UI password.
- If the public IP is in modem or primary router, please create and enable several available ports from Flint 2 to the WAN (public IP), I will try to verify and test.
Hi Bruce... Thanks for looking in to this... apparently downgrade did not work as well, after some time port forwarding stopped in 4.7.4 too.. but after wards I upgraded to 4.7.7 and did a full reset.. seems like its working well so far.. may be there were some misconfiguration I suppose? Thanks for looking into this and I will get back to u if the issue occurred again