e W O N Cosy 131

JonAW · Jan 5, 2016

Hi Guys,

I've a couple of questions to do with the e W O N Cosy 131 3G modem. My local supplier is supposed to be technical but from past experience I just don't trust him but I like the e Won products from experience so far so I'll stick with him.

Is there a particular type of data sim required for this unit, ie a static IP sim from the likes of http://m2msecuritysims.com/tag/m2m-sim-card/ or will a standard data sim only for the likes of tablet computers with variable ip be sufficient?

I'm thinking a standard sim will do due to the fact the e Won connects to the talk 2 m server and then routed to the connecting pc. Can someone confirm this?

Also I've no idea how much data it takes to connect to a compactlogix or to view a panelview to select a data plan. I'll be on site commissioning the system and then after that the e won will be used to service the plc and hmi and also for the end user and my customer to periodically check the operation of the system. Can anyone shed some light on how much data this is likely to take? (I know this is a bit like how long is a piece of string?)

thanks

Jonny

BryanG · Jan 5, 2016

When I am testing e W O Ns I use a bog standard O2 or EE Pay as You Go SIM. I wouldn't recommend PayAndGo for normal use as they will cut you off if you don't spend enough. So no you don't need a fixed IP SIM. Nip down to your local corner shop, a SIM will cost you £1 and then a £20 TopUp, then you can experiment and learn before you finally choose which network to go with.

Volume of data is truly, 'how long is a piece of string'. If you use VNC to visualise an HMI I find it is between 1 and 2 meg per minute. If just downloading a program, then it depends on how big your program is. To monitor a program it is going to depend on the number of variables and how quickly they get updated.

I have a Netgear router that allows me to record how much data is being used, so I hooked an e W O N to it and then ran various tests to see the level of data use. If you do something similar with your trial SIM then you can get a good idea before you choose a data plan.

0x539 · Jan 5, 2016

If the clients are connecting to a central server (which is sounds like they are), then it doesn't make a difference. The only time where it would matter is if you're trying to directly communicate between clients (e.g., S7-1200 on 10.0.2.2 connecting to 10.0.2.3).

Now, if you are ever require directly communicating between clients, read this:

You actually don't need a static IP (there's very few situations where you do). Instead, use a dynamic DNS program like DDclient with a free DNS provider. I would suggest CloudFlare, since their TTL is under five minutes.

https://support.cloudflare.com/hc/e...mic-DNS-Can-I-update-my-DNS-records-remotely-

Basically, you'll be entering 'sample.domain.asdf.net' instead of '123.123.123.123'. If you don't have a domain name available to use, either get a free one or buy a cheap one. I would suggest buying one as it's common for free domains to get revoked.

http://www.freenom.com/en/index.html?lang=en
https://internetbs.net/domain-name-registrations/index.html
https://www.gandi.net/domain/price/info

I don't have any affiliation with those providers, feel free to use them or not. I'm only suggesting what's worked for me in the past.

As a usual security reminder, make sure you understand what you're doing before opening up your PLCs to the internet. Make sure you've properly firewalled or turned off things like unnecessary web servers/services.

JonAW · Jan 5, 2016

As a usual security reminder, make sure you understand what you're doing before opening up your PLCs to the internet. Make sure you've properly firewalled or turned off things like unnecessary web servers/services.

Hi 0x539, thanks for the info. The client will not be connecting to a central server, no Ethernet connection available apparently so I have to work mobile / cellular data only. They only want remote access to view certain features, as I'm using a panelview I'll set it up with FTV viewpoint. I'll then give them client login details to the e won talk 2 m server to vpn direct to the hmi.

The E won units connect to my computer via vpn through an intermediary server. Although nothing on the internet is totally secure I'm happy the security of the e Won units is acceptable. These units do require internet access but they are setup to only communicate with the e won talk 2 m server via vpn and will not allow a 3rd party access to the LAN side in any other way.

When I am testing e W O Ns I use a bog standard O2 or EE Pay as You Go SIM.

Thanks Bryan, that's the answer I'm looking for. This unit will be installed near central London. According to Ofcom coverage checker I'll have no issues with any of the main networks.

0x539 · Jan 5, 2016

JonAW said:
Hi 0x539, thanks for the info. The client will not be connecting to a central server, no Ethernet connection available apparently so I have to work mobile / cellular data only. They only want remote access to view certain features, as I'm using a panelview I'll set it up with FTV viewpoint. I'll then give them client login details to the e won talk 2 m server to vpn direct to the hmi.

For remote access, you will want to use a domain on the VPN (if you aren't already). If you don't have a static IP, it might change in a few months and you won't know the new address.

JonAW · Jan 5, 2016

Hi 0x539

Just out of interest have you ever used or come across e WON vpn routers? If not take a look here: http://ewon.biz/

From my experience with these units all that is required is an internet connection and the VPN router will find the Talk 2 M server. When I want to connect to the router I connect to the Talk 2 M Server via my account, I select which unit to connect to via VPN which then routes my computer to the e Won router. I can then connect to the LAN side of the e won router as if it was on my local subnet. When setting them up there is no setting up of internet settings, I just register the serial number of the e Won to my talk 2 m account. It is really very easy to setup and use. Take a look at them and let me know what you think and what, if any, security concerns there are.

0x539 · Jan 5, 2016

JonAW said:
Hi 0x539

Just out of interest have you ever used or come across e WON vpn routers? If not take a look here: http://ewon.biz/

From my experience with these units all that is required is an internet connection and the VPN router will find the Talk 2 M server. When I want to connect to the router I connect to the Talk 2 M Server via my account, I select which unit to connect to via VPN which then routes my computer to the e Won router. I can then connect to the LAN side of the e won router as if it was on my local subnet. When setting them up there is no setting up of internet settings, I just register the serial number of the e Won to my talk 2 m account. It is really very easy to setup and use. Take a look at them and let me know what you think and what, if any, security concerns there are.

Ah, I misread what you wrote. I thought you were using your own VPN to connect to another e Won router.

They're not fantastic with security, I don't think they have any experienced security staff (or if they do, they're not speaking up). A quick search shows that a single researcher found half a dozen vulnerabilities.

https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03 (general information)
http://ipositivesecurity.blogspot.com/2015/12/ (exploit descriptions, scroll down to see the e Won exploits)
http://www.cvedetails.com/vulnerability-list/vendor_id-15737/product_id-32805/version_id-188187/

BryanG · Jan 5, 2016

Just remembered, don't use an EE PayandGo, they don't allow VPNs. I end up using one because my customer fits EE Pay Monthly, but I use O2 for testing the VPN.

0x539 · Jan 5, 2016

BryanG said:
Just remembered, don't use an EE PayandGo, they don't allow VPNs. I end up using one because my customer fits EE Pay Monthly, but I use O2 for testing the VPN.

Where did you hear that VPNs aren't allowed?

BryanG · Jan 5, 2016

Where did you hear that VPNs aren't allowed?

When I wondered why I wasn't getting the machine on test showing as online with eCatcher. Everything was fine with an O2 SIM, if I fitted the EE PayandGo SIM I could get Internet access via the e W O N, so I knew that the APN settings were right. Then I did a little web searching and found mention that EE PayandGo SIMs don't let you use VPN. It may be something specific to the SIM I am using, but I have tried multiple times and the only common factor is the SIM.

0x539 · Jan 5, 2016

BryanG said:
When I wondered why I wasn't getting the machine on test showing as online with eCatcher. Everything was fine with an O2 SIM, if I fitted the EE PayandGo SIM I could get Internet access via the e W O N, so I knew that the APN settings were right. Then I did a little web searching and found mention that EE PayandGo SIMs don't let you use VPN. It may be something specific to the SIM I am using, but I have tried multiple times and the only common factor is the SIM.

That sounds like an e WON limited problem; I think they're using IPsec and they don't know how to traversal it properly over NAT. For future reference, if you use a different VPN solution, it *should* work fine.

I use OpenVPN on heavily NAT'd networks, it's extremely difficult to block if you run it on 443/TCP (UDP is usually fine too).

JaxGTO · Jan 6, 2016

I used the demo unit my supplier let me try out and it worked great. Had a bit of trouble setting it up. called their tech support and they were very helpful and got it up and running in a few minutes.

e W O N Cosy 131

JonAW

Member

BryanG

Member

0x539

Member

JonAW

Member

0x539

Member

JonAW

Member

0x539

Member

BryanG

Member

0x539

Member

BryanG

Member

0x539

Member

JaxGTO

Member

Similar Topics