I have a strange behaviour I try to get a connection to the modbus server on a network that is connected via VPN.
System 1 receives a port unreachable message form the ipfire.
System 2 can connect without problems.
System 3 receives a port unreachable message form the ipfire.
First I tried the default port for modbus 502 and then changed it to 12999 for testing.
The System 1 (IP xx.xx.100.131) is a Windows Server 2019 running as a VM on Proxmox VE.
The System 2 (IP xx.xx.100.40) is a Windows Workstation 10 on real Hardware.
The System 3 (IP xx.xx.100.83) is a Windows Workstation 10 running as a VM on VMWare Workstation 16.2. on System 2.
At the moment I have no idea what is causing this. In the firewall log I did not find anything about it.
Please see the screenshots of Wireshark
You clearly have a routing problem in the two virtual machines, but I cannot figure out the topology of your network based on your description. Are system 1, 2 and 3 attached to an IPFire machine and you are trying to have them visible on the other side of an N2N tunnel?
I don’t think it is a routing problem. I can reach the webserver of the remote system (which is an inverter from a Photovoltaic system from SMA) on port 443 and 80 from all 3 systems.
I see some strange retransmits, but it works. It seems that only other ports are blocked by the firewall.
I thought the topology would be clear from the ip addresses, but to clarify this system 1-3 are in one segment (class C) aa.bb.100.yy on location 1 the IPFire is the Internet Router and creates a VPN to location 2 where is another IPFire and the system there are in the class C network aa.bb.120.yy.
The VMs are configured with bridged networking and they have their own ip address and do not use NAT within the hypervisor.
I created a firewall rule that allows all trafic from network aa.bb.100.0 to network aa.bb.120.0 and 2 second backward.
Now I can conect to my inverter on port 12999, but I still do not understand exaclty why it was workin from my workstation and why I could connect on port 80 or port 443…
