I can’t figure out how to connect the server to the client.
I need a local connection, the problem is that the server and the client are on different VLANs and subnets, routing works ok, but locally they don’t see each other, the transfer over the Internet also doesn’t work. You need to configure it so that the client can see the server
the network looks like this. There is a Windows Server 2019 standard with IP 10.0.16.7. This is a virtual machine on Proxmox. Also next to that virtual machine on Proxmox there is a pfsense, virtual machine 10.0.16.7 in VLAN 4016, the VLAN tag is on the virtual machine interface itself, not in network/interfaces. then this server is combined in wswitch on hezner with another server on Debian. This server already has the urbackup server part.
Problem status (Symptoms)
In the server admin when adding a client, the Online status becomes “Yes” for ~60 seconds, then drops to “No”. The computer name is not pulled up, the IP is displayed instead. The client on Windows remains in the “No server found” status.
it was checked, another interface was added from the virtual machine subnet, and urbackup immediately sees the client and server, and connects, another computer was also connected to the same server via the Internet connection, everything also worked, only this type of connection does not work
Network diagnostics (Connectivity)
L3: Full two-way ICMP Reply (Ping OK).
L4 UDP (Discovery): Packet capture on pfSense confirms:
Server request (10.0.23.14:35623 → 10.0.16.7:35622) passes.
Client response (10.0.16.7:35622 → 10.0.23.14:35623) passes.
L4 TCP: Manual port check nc -zv 10.0.16.7 35623 from the server is successful (Succeeded/Open). The port is available, pfSense does not cut it.
Log and packet analysis
Packet Capture: When nc is running, the pfSense dump clearly shows a TCP session. However, when UrBackup Server tries to add a client, the dump completely lacks TCP SYN packets to port 35623. The UrBackup server service does not even initiate a connection.
Windows Client Log (Debug): The log is clean of authorization errors. There is no record of an incoming connection from the server. The service is running in local mode (Internet mode disabled).
Linux Server Log: There is silence in /var/log/urbackup.log. No records of “Authentication failed” or “Identity mismatch”.
What was done
Windows Firewall was completely disabled on the client.
Identification files (client_ident.key, server_idents.txt) were deleted for reset ID.
In pfSense, UDP 35622-35623 and TCP 35621, 35623 are allowed in both directions.
Checked for duplicate clients in the server database by IP or name.
- Firewall Rules (pfSense)
According to the screenshots provided, traffic is allowed in both directions for the required subnets.
Interface: OPT3_PROXMOX_MANAGEMENT (Server network 10.0.23.x)
ICMP: Allow any ICMP (Pings pass).
UDP 35622: Source: OPT3_subnets → Destination: * (Client outbound lookup allowed).
UDP 35623: Source: OPT3_subnets → Destination: * (Server responses allowed).
TCP 35621 - 35623: Source: OPT3_subnets → Destination: * (Management ports and data).
Reverse rules (Client network 10.0.16.x)
UDP 35622: Source: 10.0.16.0/24 → Destination: OPT3_address (Allowed).
UDP 35623: Source: 10.0.16.0/24 → Destination: OPT3_address (Allowed).
TCP 35621 - 35623: Source: 10.0.16.0/24 → Destination: OPT3_address (Allowed).
ICMP: Allow any (Two-way ping verified).
- Network port status (Verified)
Manually checked from the server console (10.0.23.14):
ICMP: ping 10.0.16.7 — OK.
TCP 35623: nc -zv 10.0.16.7 35623 — Open (Succeeded).
UDP Discovery: Packet capture captures the exchange:
Server → Client (UDP 35622)
Client → Server (UDP 35623)
Result: Status in admin temporarily becomes “Yes”.
- Behavior anomaly
Despite the fact that the ports are open in pfSense and accessible via nc (Netcat), the UrBackup Server application does not initiate a TCP session to port 35623.
With manual nc in Packet Capture, the session is visible.
When UrBackup is running in Packet Capture, there are no SYN packets.
Windows Firewall on the client is completely disabled.
There are no entries about incoming connections in the client logs (debug.log).
proxmox where vm is::
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
iface lo inet6 loopback
iface eth1 inet manual
auto vmbr0
iface vmbr0 inet manual
bridge-ports enp5s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
mtu 1500
bridge_maxwait 0
auto vlan4023
iface vlan4023 inet static
address 10.0.23.11/24
gateway 10.0.23.1
mtu 1400
vlan-raw-device vmbr0
post-up arp -s 10.0.23.14 xxxx -i vlan4023
#member of hetzner_ded-Proxmox_management
urbackup debian server:
VLAN 4023 - Мережа Proxmox Management (для PBS)
#auto e
auto eno1.4023
iface eno1.4023 inet static
address 10.0.23.14/24
mtu 1300
post-up ip route add 10.0.16.0/24 via 10.0.23.1 dev eno1.4023
post-up ip route add 10.0.22.0/24 via 10.0.23.1 dev eno1.4023
post-up ip route add 10.0.19.0/24 via 10.0.23.1 dev eno1.4023
post-up ip route add 10.0.20.0/24 via 10.0.23.1 dev eno1.4023
post-up arp -s 10.0.23.11 00:xxxx00:00:01 -i eno1.4023
ufw:
Status: active
To Action From
35623/udp ALLOW 10.0.16.0/24 # UrBackup Discovery (Local Network)
55413,55414,55415/tcp ALLOW 10.0.16.0/24 # SSH and UrBackup TCP (Local Network)
55414/tcp ALLOW 10.0.16.0/24
55415/tcp ALLOW 10.0.16.0/24
35623/tcp ALLOW 10.0.16.0/24
55415/tcp ALLOW Anywhere
35621,35623/tcp ALLOW 10.0.16.7
35622/udp ALLOW 10.0.16.7
35623/udp ALLOW 10.0.16.7
55415/tcp (v6) ALLOW Anywhere (v6)
I would be very happy if someone could help.