- Latest articles
- Scada client-server (comparison)
- MODBUS TCP- ANYBUS – MODBUS RTU
- Communication between Falcon radar and Siemens controller
- iRidium Mobile iPad (authorization)
- Software implementation of a ramp function
- Fastwel + SNMP
- Formation LLC (OSNO)
- The main essence of the technical task
- Seamless internet
- Temperature measurement. Thermal resistance
Connecting to the PLC through a VPN tunnel
In this article, I will try to describe in detail, step by step, the steps that are required to configure two Mikrotik hAPac2 routers using the L2TP protocol, and at the same time I will create a reminder for myself on how to connect such a tunnel to the PLC210 CS SP14 over time.
I myself am not some kind of network technology guru and I admit that I may have made a mistake in the description.
If you can't connect like that, knock, I'll try to help.
A VPN tunnel is well suited for those cases when it is unsafe and redundant to keep a computer on site for remote access, and significant traffic savings result.
The problem of setting up remote access over a VPN tunnel to a remote controller consists of several features at the same time:
1. The general rules for connecting two nodes (site-to-site) may differ in a number of ways. If it works for some users, it may not work for you. The subtleties are hidden in the details.
2. Tasks are different from the task and one piece of advice may be completely unsuitable for another case.
3. Youtube has an abundance of similar videos on connections, but it is very difficult to watch and repeat + what is promoted is usually already quite outdated.
So out of ignorance, you can spend a lot of time and the search for worthwhile articles tuned for practical use is quite difficult. Then, even having found a worthwhile article, and anyway, in the end, turn to knowledgeable specialists, since there are a lot of features.
What was my task:
A PLC210-01 controller was purchased for the facility. It stands deep in the underground casemates of the heating point of a large high-rise building. The object is about 1000 input-output signals, and it was not reasonable to control the correctness of the program code either through Anydesk / TeamViwer, or, moreover, by frequent trips on a call. Accordingly, it is necessary to somehow control the process remotely and correct the code immediately if a flaw is found.
1. In the place where I am most of all in Moscow, I rented a static IP address. It is not secret, you can connect to it and program. The second PLC210 from OWEN is connected there (22.214.171.124)
2. The MIKROTIK hAP ac2 router had already been purchased earlier and it remained to purchase a second one in order to organize an encrypted VPN tunnel. How lucky that they are getting cheaper year after year, the first one cost as much as 5500 rub, this one took for 4680 rub., you can buy a similar one on Avito for about 2 thousand rubles
3. The L2TP protocol was pre-selected, as it is quite secure and quite easy to set up4. Both routers have similar firmware, in the client it is 6.48.4
In accordance with the block diagram, it can be seen that the first Mikrotik router (server) from where programming is being carried out (GW1) will be configured for the L2TP Server + IPSec role, with the following settings:
External IP (WAN): 126.96.36.199 (static IP address);
VPN Server IP address: 172.19.19.1;
Router address in LAN network: 192.168.1.254.
MIkrotik in the place where the PLC210 (GW2) will be connected will be a VPN client with the following settings:
External IP (WAN): 192.168.8.1 (the address of what the modem with the Tele2 SIM card gives) HUAWEI LTE modem (reflashed);
VPN Client IP address: 172.19.19.2;
Router address in LAN network: 192.168.11.253.
Setting up a server router
1. Create user Secret. Specify VPN Server + VPN Client addresses 172.19.19.1(2)
We have configured the server part, proceed further to setting up the client part (router)
Setting up the client's router
1. We create a new user profile, leave the default profiles unchanged.
Adding a Protocol
In the client settings, also specify MRRU 1600
I think it’s right to add this decision: so that you can access the client router from the server side through the tunnel, set a rule for port 8291.
Important: in order to ensure the passage of signals from one network to another from an external local network, you need to register a route on two routers. Otherwise, all this will not work and ping will only take place from the terminal of the router itself.
First, check the ping from the terminals of both routers to each other, then check the operability of passing packets from one network to another.It is advisable to configure all this when you have both routers in your hands.
I had a need to configure the client part for two providers. An LTE modem was inserted + a local Ethernet cable was connected.
It's not easy to set everything up right away. Here is the article I used:
I express my personal gratitude to Alexander Polikushin (email@example.com) for help in fine-tuning this solution!
#VPN, #L2TP, #Mikrotik, #PLC210, #OWEN