Business Community > Gateways > Portforwarding over VPN
< Gateways

Portforwarding over VPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Portforwarding over VPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Portforwarding over VPN
Portforwarding over VPN
2025-05-25 19:44:12 - last edited 2025-06-03 01:26:35
Tags: #VPN #NAT #Routing
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.4 Build 20230727 Rel.40308

There is a remote ER605 connected trough a IPSEC VPN to another ER605 at my home location.

The remote ER605 is using a shared WAN connection which I have no control over.

Remote ER605 is dialing out to my ER605 at home,IPSEC is working very stable and im able to reach the remote LAN devices from my Home LAN, so far all good.

I need portforwarding for several remote LAN devices to the internet, so over VPN. I tried to do a port FWD from my home ER605 to remote ER605 LAN devices, but that doesnt seem to work.

 

Remote LAN is 172.16.x.x , Home LAN 192.168.x.x

I can browse and or connect to any device from my HOME LAN 192.168.x.x. to any connected device 172.16.x.x

 

Anyone who has a working work arround?

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:Portforwarding over VPN-Solution
2025-05-27 01:04:58 - last edited 2025-06-03 01:26:31

  @johnbosch 

We do not support port forwarding over VPN tunnel.

If you need this feature, please go here and vote: 

https://community.tp-link.com/en/business/forum/topic/820976

Recommended Solution
  1  
  1  
#8
Options
11 Reply
Re:Portforwarding over VPN
2025-05-25 21:52:38

  @johnbosch 

 

I dont quite follow you, what exactly are you trying to do?

Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x3, ES208G x1, EAP650 x6 Remote: ER7206 v2 x1, ER605 v2 x3, SG2008P x2, EAP650 x2, ES205G x1 Controller: OC300
  0  
  0  
#2
Options
Re:Portforwarding over VPN
2025-05-25 22:40:18
Im trying to reach several devices on the Remote LAN from the Internet. Remote ER605 is using a shared public WAN to connect to the internet, I can't use port forwarding on the remote WAN. So I need to use portforwarding on my Home ER605 towards the remote ER605 over IPSEC VPN.
  0  
  0  
#3
Options
Re:Portforwarding over VPN
2025-05-25 22:51:32 - last edited 2025-05-25 23:03:34

  @johnbosch 

 

Create a second vpn on the main site.  Add the other sites ip range as a "local network"

 

Connect to new main site vpn, and the remote sites resources on that range will be available to you

 

If you only have 1 wan at main site and you already have the ipsec site to site, you will have to make a client to lan ipsec vpn

Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x3, ES208G x1, EAP650 x6 Remote: ER7206 v2 x1, ER605 v2 x3, SG2008P x2, EAP650 x2, ES205G x1 Controller: OC300
  0  
  0  
#4
Options
Re:Portforwarding over VPN
2025-05-26 20:19:28

  @GRL 

 

Thanks for your reply.

 

I do indeed only have 1 WAN connection at my (main, HOME) site, so do I still need to add a 2nd VPN or do I need to change its current LAN to LAN > Client to LAN?

 

 

 

  0  
  0  
#5
Options
Re:Portforwarding over VPN
2025-05-26 20:44:41

  @johnbosch 

 

you can add a second vpn no problem

 

Because you have an IP secon one already, you wont be able to use an encrypted L2TP as the encryption settings for all vpns on the same wan have to be identical, and the L2TP ones cant be changed, but you will be able to add an client to site

Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x3, ES208G x1, EAP650 x6 Remote: ER7206 v2 x1, ER605 v2 x3, SG2008P x2, EAP650 x2, ES205G x1 Controller: OC300
  0  
  0  
#6
Options
Re:Portforwarding over VPN
2025-05-26 21:37:54

  @GRL 

 

Above is my current LAN to LAN VPN.

I wanted to add the first screenshot named portfwd Client to LAN, but in not sure if this is how it should be, and what the IP adress pool means.

 

 

 

  0  
  0  
#7
Options
Re:Portforwarding over VPN-Solution
2025-05-27 01:04:58 - last edited 2025-06-03 01:26:31

  @johnbosch 

We do not support port forwarding over VPN tunnel.

If you need this feature, please go here and vote: 

https://community.tp-link.com/en/business/forum/topic/820976

Recommended Solution
  1  
  1  
#8
Options
Re:Portforwarding over VPN
2025-05-27 13:31:20

  @Clive_A it is HW limitation or just SW? Owning an IPv4 is quite hard without extra fees so port forwarding over VPN would be awesome resolution for it.

  0  
  0  
#9
Options
Re:Portforwarding over VPN
2025-05-28 00:57:01

  @phongtom 

phongtom wrote

  @Clive_A it is HW limitation or just SW? Owning an IPv4 is quite hard without extra fees so port forwarding over VPN would be awesome resolution for it.

I don't have this information and am not able to provide any hardware/software limits or reasons for any feature requests.

Paying for IPv4 is regular. For a home network, they'll charge you, which is the norm now.

For business, that's not a problem if you buy a commercial line, which will come with public IP v4 and v6.

 

The products do not have plans or ETA for this discussed feature, or a similar feature like Tailscale to address the no public IP situation. The product targets the business environment where you have a public IPv4. It would work best in a public network environment.

  0  
  0  
#10
Options
Re:Portforwarding over VPN
2025-05-29 15:41:24

  @johnbosch if you have on your main site (192.168.x.x) a PC that runs 24/7 here is a workaround: WinSock Relay by Steve Miller

  0  
  0  
#11
Options
12

Information

Helpful: 0

Views: 818

Replies: 11

Tags

VPN NAT Routing
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.