VPN connections are often seen as public networks on Windows with separate firewall rules from those on your private network. This can cause some issues with port forwarding, as you may notice that stops working after establishing a VPN connection.
For port forwarding to work over VPN connections, you will need to configure your firewall to allow connections over public networks.
First thing you will need to do is navigate to the Windows Defender firewall. There are two ways to do that, depending on what you find easiest. One mainly applies to Windows 10 and 11, while one mainly applies to earlier versions of Windows (but can still be used on Windows 10 and 11).
Windows 10 and 11
Navigate to Settings -> Privacy and Security -> Windows Security -> Firewall & network protection -> Advanced settings
This will open up a new window called Windows Defender Firewall with Advanced Security
Click on Inbound rules
Click on New rule...
Set the Rule Type to Port and then click on Next
Select the protocol (TCP or UDP) that the rule applies for, then enter the port number
Next, select Allow the connection
On the next step, select for which profiles the rule should apply. Make sure that Public is selected.
Lastly, set the name of the firewall rule and enter a short description if you'd like. Click on Finish when you're done.
Once the rule has been saved, you can close the window and go back to the Windows Security. From there, select the option Allow an app through firewall
This will open a new window called Allow apps to communicate through Windows Defender Firewall. Click on Change settings then locate the app you want to allow in the list of apps. Make sure Public is checked and then click on OK to save the changes. If you're unable to find your app, you can manually add one by clicking on Allow another app... and finding the app on your computer.
Windows 7 and 8
Open the Control panel and navigate to System and Security -> Windows Defender Firewall
Click on Advanced settings
This will open up a new window called Windows Defender Firewall with Advanced Security
Click on Inbound rules
Click on New rule...
Set the Rule Type to Port and then click on Next
Select the protocol (TCP or UDP) that the rule applies for, then enter the port number
Next, select Allow the connection
On the next step, select for which profiles the rule should apply. Make sure that Public is selected.
Lastly, set the name of the firewall rule and enter a short description if you'd like. Click on Finish when you're done.
Once the rule has been saved, you can close the window. From there, select the option Allow an app or feature through Windows Defender Firewall
This will open a new window called Allow apps to communicate through Windows Defender Firewall. Click on Change settings then locate the app you want to allow in the list of apps. Make sure Public is checked and then click on OK to save the changes. If you're unable to find your app, you can manually add one by clicking on Allow another app... and finding the app on your computer.