Can't port forward on VPN L2TP client interface (ER7412-M2, L2TP VPN)

Can't port forward on VPN L2TP client interface (ER7412-M2, L2TP VPN)

Can't port forward on VPN L2TP client interface (ER7412-M2, L2TP VPN)
Can't port forward on VPN L2TP client interface (ER7412-M2, L2TP VPN)
2025-08-05 11:20:51 - last edited 2025-08-06 06:57:31
Model: ER7412-M2  
Hardware Version: V1
Firmware Version: 1.0.1

Hi everyone,

 

I'm using a TP-Link Omada ER7412-M2 router and have successfully set up an L2TP VPN client connection to obtain a static public IPv4 address from my provider.
The VPN works correctly, and my outgoing traffic is routed through the VPN interface, with the static IP visible externally. I've configured Policy Routing accordingly, and it works well.

Now, I want to expose a mail server hosted on an internal Debian server.

To do this, I need to forward ports such as 80, 443, 25, 587, and 993 to the mail server.


In the Port Forwarding settings, I cannot select the VPN interface (L2TP client) as the WAN Interface. The only available option are my main and backup WAN.
As a result, incoming connections to the VPN public IP are either dropped or forwarded to the router itself (I see the router's admin page when accessing my domain from LAN).


My questions:

1. Is it possible to forward incoming connections from the VPN (L2TP client) interface to internal hosts?
2. Is there any workaround or hidden option to make port forwarding work on the VPN interface?

 

Thanks in advance!

 

Best regards

 

  1      
  1      
#1
Options
1 Accepted Solution
Re:Can't port forward on VPN L2TP client interface (ER7412-M2, L2TP VPN)-Solution
2025-08-06 00:51:43 - last edited 2025-08-06 06:57:31

  @Vinsens33 

1. No.

2. No.

This function is not supported. 

Recommended Solution
  3  
  3  
#2
Options
3 Reply
Re:Can't port forward on VPN L2TP client interface (ER7412-M2, L2TP VPN)-Solution
2025-08-06 00:51:43 - last edited 2025-08-06 06:57:31

  @Vinsens33 

1. No.

2. No.

This function is not supported. 

Recommended Solution
  3  
  3  
#2
Options
Re:Can't port forward on VPN L2TP client interface (ER7412-M2, L2TP VPN)
2025-08-06 03:36:09

  @Clive_A 

It would be a very useful feature for users relying on VPN-based static IP.

 

The VPN interface (L2TP client) is available in ACL and Policy Routing sections, but not in the Port Forwarding (NAT) section.

 

Is there any chance this functionality could be added in a future firmware update?

 

Best regards

 

  2  
  2  
#3
Options
Re:Can't port forward on VPN L2TP client interface (ER7412-M2, L2TP VPN)
2025-08-06 06:12:06

  @Vinsens33 

Vinsens33 wrote

  @Clive_A 

It would be a very useful feature for users relying on VPN-based static IP.

 

The VPN interface (L2TP client) is available in ACL and Policy Routing sections, but not in the Port Forwarding (NAT) section.

 

Is there any chance this functionality could be added in a future firmware update?

 

Best regards

 

You can submit a feature request on the request page. 

The forum team does not have information regarding the roadmap, firmware release, schedule, or feature development progress. All subject to the final release of the firmware. Therefore, I am unable to comment on the question you asked. 

  2  
  2  
#4
Options