@Kevin_Z 

Hi, thanks for answering.

I have the C5400X connected to the wan, and downstream from it i have a MikroTik CRS305-1G-4S+IN 10Gb SFP+ switch to which most of my equipment is connected with fibre cables. I made a quick sketch in paint to better illustrate what it looks like:

This worked fine earlier today when i had my old switch connected, an Asus RT-N66U. Ports are forwarded the same way. I can ping inside the network to the various ip adresses fine, and i can reach the both the Home Assistant, TrueNAS and Nextcloud from outside my LAN with my domain name, but if i try to access my equipment via my domain name from inside the LAN it refuses to connect.

EDIT: I can access my equipment from inside my LAN if i go to the ip adresses directly, but this throws SSL errors (NET::ERR_CERT_COMMON_NAME_INVALID) since i have only set the certificates up for my domain name. I guess it is expected since the common name is wrong when i access the machines that way.

@Kevin_Z 

Im using DuckDNS. I have a client on my computer that updates if it changes.

@Armitage 

Sorry to jump in this late but I have the same kind of problem. Were you able to solve yours and how ?

Thanks in advance

@LoloTheJeeper 

No, after mailing with a customer service representative a few times she passed the issue along to an engineer who told me that was not possible on the C5400X. If you connect several devices to a switch that you then connect to one single port on the C5400X you will not be able to navigate between the devices via hostname via hair-pin NAT.

This is the mail i got from the engineer:

This is Leo from TP-Link Support Team, and I will help you with this case.

I have checked the topology and information you provided before.
All you devices are connected to C5400X via MikroTik switch, so these devices share the one LAN port of C5400X, right?
Then it's suggested to connect other PC to C5400X other LAN port, not to MikroTik switch, check the attachment. That's the alternative for this issue.

Thank you in advance.

This is a suggested explanation i got from a user on the Mikrotik forums: 

When you connect equipment directly to C5400X, you probably use separate port for NAS. Which might indicate that TP-Link supports hair-pin NAT only between different interfaces. In ROS world this would indicate partial implementation of functionality (without SRC-NAT part) which means that server (NAS) sees real client's LAN address as source and sends replies directly, bypassing TP-Link which can not rewrite DST-NAT-ed contents (dst-address and dst-port).

So nothing to do with CRS and you'd experience same problem when using just any ethernet switch in place of CRS.

The solution would be to run DNS server on LAN, which would return LAN IP address for your services. It works fine as long as you don't depend on port translation on WAN interface (e.g. running some secondary HTTP service on secondary LAN server, exposed to public via non-standard port such as 8000).

Im surprised you managed to find the topic after this long. Sorry i could not solve this issue for you. I replaced it with another brand instead that also has built in support for more DDNS providers, which was also a problem for me with the C5400X.