VPN, 4gLTE, L32, PV+

DwSoFt

Lifetime Supporting Member
D
Join Date
Mar 2012
Location
Alberta
Posts
961
OK. I know there are lot of threads already to do with VPN and remote access. But after reading slot of them.i seemed to get.more confused.

So I will.just layout what I want to do and then you guys can hopefully say yes or no and if so adapt.my plans to my actual needs.

Currently on 1 clients site I remote into a server with development software.
I do this via the router which is a offense router with open VPN credentials. I did not set this up, But I have read up on setting up open VPN for future.

A new client has a site. He has asked me to setup an internet connection with Wi-Fi for bookkeeping/production accounting purposes for the operators. This is easy. (They dont have an IT dept) But I also want to suggest that with this connection I can also remote to site to rather than drive out.
I was looking at a offense router for the open VPN connection and firewall between the plc and the Internet.
Also the internet will be 4gLTE. Signal is good onsite.

Will this allow me to connect with their compactlogix and pv+ on site with my laptop whereever i am?
How do I go setting up rslinx after I have the VPN connection connected
 
You need to segment this problem.

Use a VPN tunnel connection between the two gateways for site to site. You will just have to research this, there are a few different ways to do it.

You will add a routing rule so that your VPN connection traffic gets routed to the "internal network" which will also contain the subnets for each site.

You will then configure RSLinx to use the internal IP addresses for the devices you wish to be able to connect to and assign that to the adapter that you will be using to connect to their site remotely over VPN.

This is a pretty simplistic breakdown, but if you research and complete each step you will be fine.
 
By "offense" do you mean PfSense, the open-source firewall package ?

In general, you'll just set up your RSLinx Classic "Ethernet Devices" driver with the internal LAN addresses of the devices on the other side of that router.

Once the VPN is established and your computer has an address on that LAN, you'll be able to connect right to them.

Don't try to use the RSLinx Classic "EtherNet/IP" driver. It uses a broadcast packet for browsing that doesn't work with most VPN software.

Once the operators onsite discover there's an available Internet connection, one of two things will happen:

1. They'll figure out the credentials and bog down the network by using the Internet.

2. You'll fail to get online and go onsite to find that they've defaulted the WiFi router so that they could get online to use the Internet.

This has happened in 100% of the sites where I've installed a remote access system that was not owned and operated by the customer's onsite IT, including one where the guys broke into the server room through the ceiling to plug in their own router so they could surf the Web.
 
Ken Roach said:
This has happened in 100% of the sites where I've installed a remote access system that was not owned and operated by the customer's onsite IT, including one where the guys broke into the server room through the ceiling to plug in their own router so they could surf the Web.
Click to expand...

Man, I would leave it just because...well man, you gotta give them credit.
 
They will aff access to the wifi. But when I am trying to solve an issue for them they will stop using it because I tell them I need it to fix their problem.

But yes it was pfsense. It autocorrected. But yes I'm pretty sure I have the logistics figured out

I know I need to make the routing rules
 
Thanks for the rslinx tip as well.
They will.be owning the Wi-Fi portion for their production accounting activities (oil and gas)
I just want the added bonus of remote login and so was looking at a pfsense router as I am already familiar with them. I will.go.forwrd with this setup and if I have any.other grief I will let you know. Thanks guys.

Also I assume my cellular internet modem will.need a static up address for me to connect to the router correct?
 
... my cellular internet modem will need a static IP address for me to connect to the router
Click to expand...

A very popular method is to use a DNS system so that you don't have to pay for a static IP. DynDNS is the gold standard, but Duck DNS and NoIP are both popular alternatives. All should work with PfSense.

It's good that you're putting a proper firewall and VPN in place.... I shake my head every time we get a post here where the person want to put their MicroLogix directly on the Internet. Funny how we never hear from them twice.
 
Thank you Ken for the fans info.

And thanks for the compliment.
This forum and my old mentors taught me the importance of protecting our equipment. It is important now more than ever.
 
You might check with your ISP and see if they can provide you with IPv6, if they can. IPv6by nature is STATIC, and if your on the same subnet within the IPv6 protocol your whole network will act a one VPN Tunnel. Then just purchase a dual stack router and you will be able to keep your part secure by setting up a local IPv4 for the client,(you will want to use IPv6).

Just a though??
 
DwSoFt said:
Thanks for the rslinx tip as well.
They will.be owning the Wi-Fi portion for their production accounting activities (oil and gas)
I just want the added bonus of remote login and so was looking at a pfsense router as I am already familiar with them. I will.go.forwrd with this setup and if I have any.other grief I will let you know. Thanks guys.

Also I assume my cellular internet modem will.need a static up address for me to connect to the router correct?
Click to expand...

I use No-IP. I have the client on my router. You may consider a router with dd-wrt firmware if you have not yet purchased a wireless router. You will have access to all of the features you need including a VPN server. Buffalo makes some decent products.

You can also use most routers by flashing the firmware on yourself. Using a dynamic dns does really help quite a bit.
 

Similar Topics

A
Remote vpn router setup
I am trying to use setup a remote vpn router for external OEM connection. The thing I cannot wrap my head around is the gateway. We use the...
Replies
3
Views
284
lfe
L
H
Using prepaid SIM card for cell modem/VPN router
Have anyone done this? I don't see why this wouldn't work but I may be missing something too. Getting any recurring account opened is a pain...
Replies
6
Views
1,081
harryting
H
N
Connecting to PLC(S7-1200) via VPN
Hello all. When I try to connect to a S7-1200 PLC (Tia Portal v17) which has a CP 1243-1 module that is connected to my clients network I get...
Replies
7
Views
1,566
NoName
N
A
Upload from Siemens PLC via VPN
Hi, We are trying to access a remote PLC for debug, the PLC is networked in with a PC that we can access through TeamViewer. Is there a way we...
Replies
9
Views
2,076
JesperMP
JesperMP
K
VPN Hardware Questions (mGuard, Tosi, etc.)
Hi - I am exploring options for cellular enabled hardware VPN / Firewall devices to deploy for remote troubleshooting purposes. I do not have...
Replies
1
Views
780
theColonel26
theColonel26
Back
Top Bottom