Page 1 of 1

Remote PLC connection

Posted: Mon Sep 17, 2018 12:29 am
by ShaunT
Hi All

I have a remote site with 3 PLCs connected to a LAN. They have no PC on that site. I need to access each individual PLC from my pc where ever I am. On the remote site I have a 4g enabled router and have subscribed to a Dynamic DNS provider as I dont have a static public ip address.

I think i need a vpn to connect to this site and as I am using windos 10 I was going to use the VPN option built into windows on my side. Can I use this with softEther on the router to connect to my remote LAN?

Re: Remote PLC connection

Posted: Wed Sep 19, 2018 4:08 pm
by itskv
AFAIK,

1. You have to set 1 VPN server on central location, say, at your home desktop.
2. Go to administration web page of your router, find VPN section in it.
3. Enter your server's details and username-pass there; click SAVE. ( this will create VPN session on your 4g router with server)
4. Now, install VPN Bridge on your PLC programming LAPTOP.
5. Connect this with same central location VPN server.

Now, your programming LAPTOP can communicate with all of your remote PLCs through (internet -> server -> 4gRouter)

Keep me informed about your success...

Re: Remote PLC connection

Posted: Sun Sep 23, 2018 4:59 pm
by duke
I have the same problem but I have a laptop connected to internet instead of router: how can I make the connection?

Re: Remote PLC connection

Posted: Sun Sep 23, 2018 7:17 pm
by sky59
itskv,

it seems you can explain something...

I fight with PLC also. I understand i have to install vpnbridge on remote site. Question is how to install vpnbridge. Does it mean i install only vpnbridge file?

I am confused as one author placed on internet ready package for mipsel and it installs all bridge, server, client and cmd, so it is not correct?

The windows server manager can be used also to setup vpnbridge?

I describe my problems in separate threads in this forum.

Re: Remote PLC connection

Posted: Mon Sep 24, 2018 5:53 am
by itskv
sky59 wrote:
Sun Sep 23, 2018 7:17 pm
itskv,

it seems you can explain something...

I fight with PLC also. I understand i have to install vpnbridge on remote site. Question is how to install vpnbridge. Does it mean i install only vpnbridge file?

I am confused as one author placed on internet ready package for mipsel and it installs all bridge, server, client and cmd, so it is not correct?

The windows server manager can be used also to setup vpnbridge?

I describe my problems in separate threads in this forum.
Hello sky59,

Let me reduce the difficulty.
1. First, install VPNserver on any central location. No direct LAN/WAN connection is necessary. Only internet connection is enough.
2. Ask your client person to connect 1 windows laptop to PLC ethernet switch. Use any wifi router to connect this laptop to internet.
3. Make a new SSTP vnp connection on this laptop and connect it with your central server.
4. On your remote location, take a windows laptop, connect it to same central vpn server using same SST connection, but with different username-pass. Hope, you are using windows laptop to program PLCs.
5. Now, simply ping your PLC ip from your remote laptop. It will reply with success. Hereafter, you can program remote PLC from anywhere in world.

here, no need to use any BRIDGING... only window's inbuilt SSTP client will suffice.

ask, if any doubt.

Re: Remote PLC connection

Posted: Mon Sep 24, 2018 6:09 am
by itskv
itskv wrote:
Mon Sep 24, 2018 5:53 am
sky59 wrote:
Sun Sep 23, 2018 7:17 pm
itskv,

it seems you can explain something...

I fight with PLC also. I understand i have to install vpnbridge on remote site. Question is how to install vpnbridge. Does it mean i install only vpnbridge file?

I am confused as one author placed on internet ready package for mipsel and it installs all bridge, server, client and cmd, so it is not correct?

The windows server manager can be used also to setup vpnbridge?

I describe my problems in separate threads in this forum.
Hello sky59,

Let me reduce the difficulty.
1. First, install VPNserver on any central location. No direct LAN/WAN connection is necessary. Only internet connection is enough.
2. Ask your client person to connect 1 windows laptop to PLC ethernet switch. Use any wifi router to connect this laptop to internet.
3. Make a new SSTP vnp connection on this laptop and connect it with your central server.
4. On your remote location, take a windows laptop, connect it to same central vpn server using same SST connection, but with different username-pass. Hope, you are using windows laptop to program PLCs.
5. Now, simply ping your PLC ip from your remote laptop. It will reply with success. Hereafter, you can program remote PLC from anywhere in world.

here, no need to use any BRIDGING... only window's inbuilt SSTP client will suffice.

ask, if any doubt.
I am working on the same project, a click-to-run service, where, how we can program remote PLC's without having direct LAN connection with PLC network via internet. I am near success. I will update on this forum as soon as I get success.

Re: Remote PLC connection

Posted: Thu Sep 27, 2018 5:38 pm
by duke
But is the same if I use VPNsoftether client insted of Windows sstp vpn?

Re: Remote PLC connection

Posted: Thu Sep 27, 2018 6:51 pm
by itskv
it should be same, but I had frequent IP related issues with SE client.

Re: Remote PLC connection

Posted: Fri Sep 28, 2018 7:11 am
by duke
I have still some problems: on the vpn server i must create 2 users or not becaus if I use SE client I'm able to connect to server but non ping the PLC otherwise with windows vpn sstp I'm not able to connect to the server... and I do not know where I am wrong.
Thank you if you can reply..

P.S. Wich port do I have to setup for the localhost server?

Re: Remote PLC connection

Posted: Fri Sep 28, 2018 11:30 am
by itskv
1. Yes, you have to use unique user ID to get different VPN connection.
2. Thats why, I dont use SEclient. To have successful connection on SSTP, you have to try at least 5-6 times consequently. This might be because of too much load on vpnazure.
3. Don't use *.softether.net You must use *.vpnazure.net address for server.

Check the static IP saved on PLC. It must not be on DHCP pool of your SE server and that same IP should not be allotted to any other client/peer on either of the network i.e. on local PLC's LAN and remote client's LAN.

Re: Remote PLC connection

Posted: Fri Sep 28, 2018 1:04 pm
by duke
itskv wrote:
Fri Sep 28, 2018 11:30 am
1. Yes, you have to use unique user ID to get different VPN connection.
2. Thats why, I dont use SEclient. To have successful connection on SSTP, you have to try at least 5-6 times consequently. This might be because of too much load on vpnazure.
3. Don't use *.softether.net You must use *.vpnazure.net address for server.

Check the static IP saved on PLC. It must not be on DHCP pool of your SE server and that same IP should not be allotted to any other client/peer on either of the network i.e. on local PLC's LAN and remote client's LAN.
Many thanks itskv, now I'm able to connect 2 pc to the same server vpn using vpnazure and enabling PAP (password authentication protocol), but I can't ping the plc linked by a ethernet cable with one of the two laptop. My question is: since I'm connected in wifi with both client laptop (using DHCP for the connection), what ip address I have to set for the phisical adapter?

Re: Remote PLC connection

Posted: Fri Sep 28, 2018 1:57 pm
by itskv
can you draw connection diagram for your PLC / VPN network?

Re: Remote PLC connection

Posted: Fri Sep 28, 2018 2:43 pm
by duke
Yes, in attachenment: obviously the project and the program devolopment to update the PLC are in the laptop in my factory. The remote laptop may act as a bridge.

Re: Remote PLC connection

Posted: Fri Sep 28, 2018 3:09 pm
by itskv
PLCs should connect to same physical adapter of laptop to which, internet is connected. For eg., if laptop is connected to internet via wifi link, then, on same wifi link, PLCs should connect to. There might be possiblity to achieve connection between differently connected peers, but I don't know how..

No need to care about remote side laptop network.

I suspect, your client is using wifi link for internet to laptop and PLCs are connected on physical ethernet adapter. Isn't it?

Further, you can draw further details on attached diagram.

Re: Remote PLC connection

Posted: Fri Sep 28, 2018 3:33 pm
by duke
itskv wrote:
Fri Sep 28, 2018 3:09 pm
...
I suspect, your client is using wifi link for internet to laptop and PLCs are connected on physical ethernet adapter. Isn't it?

Further, you can draw further details on attached diagram.
Yes, my client connect the laptop to internet via WiFi and with the phisical ethernet adapter (cable) connect the PLC giving to laptop the same class of IP address network like PLC. That's why I need a bridge software that linking to PLC.

Re: Remote PLC connection

Posted: Fri Sep 28, 2018 6:15 pm
by itskv
Untitled1.jpg
On server, keep IP address of vHub 11.11.11.08 and DHCP IP pool of 11.11.11.10-255
and on remote laptop (your laptop), just connect with SSTP link (try using SEclient too) to server with *assign automatic IP address* setting. This will definitely allot you first IP from DHCP pool. i.e 11.11.11.10

Now, simply ping 11.11.11.01 / 02 / 03 from your remote laptop, you will get reply.

Re: Remote PLC connection

Posted: Fri Sep 28, 2018 7:52 pm
by duke
Thank's itskv !!
Now i cannot try because my laptop is in my factory: monday I try with your information and I report in this forum the result!!
Many thank's !!!

Re: Remote PLC connection

Posted: Mon Oct 01, 2018 8:36 am
by jokejong
Hi, I have a similar issue/configuration requirement. Sorry to hijack your post.... I just thought this might be on the same 'page'.

My desired set-up is similar, but I am having an issue with authentication and I can't use PCs or Laptops at the remote site. Since SoftEther VPN is compatible with OpenVPN, I am thinking/planning to use DD-WRT or OpenWRT routers that can perform OpenVPN connection/bridging using TAP to inter-connect the networks.

I attached my network diagram so that all of you can review and advise.

Re: Remote PLC connection

Posted: Mon Oct 01, 2018 11:38 am
by duke
itskv wrote:
Fri Sep 28, 2018 6:15 pm
Untitled1.jpg

On server, keep IP address of vHub 11.11.11.08 and DHCP IP pool of 11.11.11.10-255
and on remote laptop (your laptop), just connect with SSTP link (try using SEclient too) to server with *assign automatic IP address* setting. This will definitely allot you first IP from DHCP pool. i.e 11.11.11.10

Now, simply ping 11.11.11.01 / 02 / 03 from your remote laptop, you will get reply.
Hallo itskv, I have tryed and now from Server side is OK but not with all client side: if I connect a laptop (client site) to internet via LAN there is NO problem but if I connect the laptop to internet with a hot spot wifi created by a mobile phone (this is tipical for us) I'm not able to connect to a server neither with softether neither with windows vpn.

Re: Remote PLC connection

Posted: Mon Oct 01, 2018 1:24 pm
by duke
Finally it work, slow but work!!
I had to connect the server laptop (in customer factory) to internet via hot spot created by mobile phone and the client laptop (in my factory) to LAN.

Re: Remote PLC connection

Posted: Fri Oct 12, 2018 4:09 am
by itskv
.

Re: Remote PLC connection

Posted: Fri Oct 12, 2018 4:19 am
by itskv
duke wrote:
Mon Oct 01, 2018 1:24 pm
Finally it work, slow but work!!
I had to connect the server laptop (in customer factory) to internet via hot spot created by mobile phone and the client laptop (in my factory) to LAN.
It feels nice when we gets PING replies after lots of efforts, ain't it !!!???
Sorry duke, I knew, this scheme will work but thats what I was trying not to suggest you previously.
In this schema, you have to set up individual server for every client site you have. You have to manage those all servers for 27x7 connection.

Personally, I will not recommend this.

Re: Remote PLC connection

Posted: Fri Oct 12, 2018 4:20 am
by itskv
duke wrote:
Mon Oct 01, 2018 11:38 am
itskv wrote:
Fri Sep 28, 2018 6:15 pm
Untitled1.jpg

On server, keep IP address of vHub 11.11.11.08 and DHCP IP pool of 11.11.11.10-255
and on remote laptop (your laptop), just connect with SSTP link (try using SEclient too) to server with *assign automatic IP address* setting. This will definitely allot you first IP from DHCP pool. i.e 11.11.11.10

Now, simply ping 11.11.11.01 / 02 / 03 from your remote laptop, you will get reply.
Hallo itskv, I have tryed and now from Server side is OK but not with all client side: if I connect a laptop (client site) to internet via LAN there is NO problem but if I connect the laptop to internet with a hot spot wifi created by a mobile phone (this is tipical for us) I'm not able to connect to a server neither with softether neither with windows vpn.
Remember one thing, when you creates new 'BRIDGE' connection in SEBridge application, you specifically sets only 1 ethernet adapter to be bridged. That adapter is generally physical ethernet adapter (and not wifi adapter).

Thats why you can't connect to SEserver over wifi. If you need to use over wifi, change bridging configuration for wifi adapter.

Hope this helps.

Re: Remote PLC connection

Posted: Mon Oct 15, 2018 2:11 pm
by duke
Many thank's itskv for your info: when I have a little bit of time I retry. I only would like to say you that for me with the SSTP protocol is difficult to implement because it seems not running very well. But maybe I'm wrong... Moreover, in some cases, it can happen that in the client factory there is not a LAN or WIFI network and then we need to create a wifi access with a mobile phone.
Obviously if you have other information I'm ready to accectp them.
Bye