Connecting to the PLC through a VPN tunnel

Creation of a VPN tunnel, for a possible remote connection with the controller to monitor the process and make adjustments

In this article, I will try to describe in detail, step by step, the steps that are required to configure two Mikrotik hAPac2 routers using the L2TP protocol, and at the same time I will create a reminder for myself on how to connect such a tunnel to the PLC210 CS SP14 over time.

I myself am not some kind of network technology guru and I admit that I may have made a mistake in the description. If you can't connect like that, knock, I'll try to help. A VPN tunnel is well suited for those cases when it is unsafe and redundant to keep a computer on site for remote access, and significant traffic savings result.

The problem of setting up remote access over a VPN tunnel to a remote controller consists of several features at the same time:

1. The general rules for connecting two nodes (site-to-site) may differ in a number of ways. If it works for some users, it may not work for you. The subtleties are hidden in the details.

2. Tasks are different from the task and one piece of advice may be completely unsuitable for another case.

3. Youtube has an abundance of similar videos on connections, but it is very difficult to watch and repeat + what is promoted is usually already quite outdated.

So out of ignorance, you can spend a lot of time and the search for worthwhile articles tuned for practical use is quite difficult. Then, even having found a worthwhile article, and anyway, in the end, turn to knowledgeable specialists, since there are a lot of features.

What was my task:

A PLC210-01 controller was purchased for the facility. It stands deep in the underground casemates of the heating point of a large high-rise building. The object is about 1000 input-output signals, and it was not reasonable to control the correctness of the program code either through Anydesk / TeamViwer, or, moreover, by frequent trips on a call. Accordingly, it is necessary to somehow control the process remotely and correct the code immediately if a flaw is found.

1. In the place where I am most of all in Moscow, I rented a static IP address. It is not secret, you can connect to it and program. The second PLC210 from OWEN is connected there (89.23.36.110)

2. The MIKROTIK hAP ac2 router had already been purchased earlier and it remained to purchase a second one in order to organize an encrypted VPN tunnel. How lucky that they are getting cheaper year after year, the first one cost as much as 5500 rub, this one took for 4680 rub., you can buy a similar one on Avito for about 2 thousand rubles

3. The L2TP protocol was pre-selected, as it is quite secure and quite easy to set up

4. Both routers have similar firmware, in the client it is 6.48.4

In accordance with the block diagram, it can be seen that the first Mikrotik router (server) from where programming is being carried out (GW1) will be configured for the L2TP Server + IPSec role, with the following settings:

External IP (WAN): 89.23.36.110 (static IP address);

VPN Server IP address: 172.19.19.1;

Router address in LAN network: 192.168.1.254.

MIkrotik in the place where the PLC210 (GW2) will be connected will be a VPN client with the following settings:

External IP (WAN): 192.168.8.1 (the address of what the modem with the Tele2 SIM card gives) HUAWEI LTE modem (reflashed);

VPN Client IP address: 172.19.19.2;

Router address in LAN network: 192.168.11.253.

Setting up a server router

1. Create user Secret. Specify VPN Server + VPN Client addresses 172.19.19.1(2)

PPT Secrets(+)

We have configured the server part, proceed further to setting up the client part (router)

Setting up the client's router

1. We create a new user profile, leave the default profiles unchanged.

Adding a Protocol