PLC Access with same subnet on PLC

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
mxracer303
Posts: 2
Joined: Wed Oct 02, 2019 10:37 pm

PLC Access with same subnet on PLC

Post by mxracer303 » Thu Oct 03, 2019 4:54 am

Hey Everyone, I hope someone can help me. I have softether running on windows server on a VPS. I have successfully setup up server and clients and can connect via PC and the 4G LTE Route (Teltonika RTU240 ) and can access siemens s7-1200 PLC. I have a NAT setup on VPN server with 192.168.5.1 and have given PLC static IP of 192.168.5.10 and Have set static IP on TAP Interface on PC with 192.168.5.15 and have Installed virtual ethernet adapter (microsoft loopback) and assigned a satic IP of 192.168.5.20 and bridged the connections in softether server to the virtual hub. This now gives me access from server to PLC ( I can ping PLC from Server and Engineering PC ) I can connect to the PLC from PC fine.

The Problem I now have Is I have a lot of PLCs at remote sites already set up and they all have the same subnets and they can not be changed (connected to other devices in the network I have no control over) I have thought about setting up individual NATs on the routers I will be installing but it seems the OpenVPN TAP client in the router is bridged to the local lan and can't be altered.

The other issue I see is the SCADA software running on the server needs to access these PLC ( I set the PLC IP address in the software for which one they connect to) I now have an issue as they all have same IP so I was possibly thinking about setting PLC IP in the software as the NAT ip set on the Router and then create static route to the PLC on the router.

If I need to access PLC network from Engineering PC I will just connect to server and set the TAP IP to the NAT the PLC is on and may need to cascade the connection to that particular virtual VPN Hub.

I will link a diagram for a better understanding

If anyone has any better ideas or ways of achieving this would be great

Image

sky59
Posts: 241
Joined: Tue Sep 11, 2018 5:58 pm

Re: PLC Access with same subnet on PLC

Post by sky59 » Thu Oct 03, 2019 9:09 am

I think you have to make address translation in each router and then acces PLC as 192.168.10x.1

each router: 192.168.10x.1 -> 192.168.5.10

study SNAT and DNAT command for routers

OR

break down your subnet to 4 subnets

mxracer303
Posts: 2
Joined: Wed Oct 02, 2019 10:37 pm

Re: PLC Access with same subnet on PLC

Post by mxracer303 » Tue Oct 08, 2019 9:19 pm

I have been fighting with this and from what I have read it's VPN setup issues and need TLS from the server for the OpenVPN Clients. I tried NAT on the router and no luck there. I think it's more todo with routing from OpenVPN. I can't change subnets of the sites as I have no access and was going to send them configured router to connect in. Is there a way to access the OpenVPN server config within SoftEther?

Post Reply