@t3knoid 

When you set the VPN, you need to choose the WAN Interface. I think it is the issue.

If you change the WAN port, then the you also need to change the WAN interface in VPN settings.

  @t3knoid 

I too configure all my routers with WAN and WAN/LAN1 as WAN ports, just in case I ever need to jack a cellular backup in.

Because I have 2 WAN options, the VPN Server provides a field where you pick which one will be used by that particular VPN config.  I would imagine you may need to recreate the VPN definition after a signfiicant change (Like a second WAN port).  That said, you could create a second VPN server config on the backup link...this is necessary and even makes sense because each of your WAN's will have a different IP address from their respective ISPs.  If you have dynamic DNS at work, you still need to have two VPNs defined, because the DNS will just tell clients out on the internet which interface is active at that time.

I'm not saying that Omada couldn't be recoded to make your life easier and duplicate configs behind the scenes, but I think forcing people to think about what they are doing is still the better approach from a system design perspective, especially when it's security related.