Another Remote Access Q

JonAW

Member
J
Join Date
Sep 2013
Location
Somewhere
Posts
121
Hi Guys,

I was wondering if any of you have experience of using logmein to setup a vpn between your programming device and a plc inside an external network?

I would like to remote service an ML1400 and Panelview+6 1000 on a site about 60 miles from my base. This does not have a local pc directly connected to it. The programming software is only on my laptop. The IT management company has allowed me to run an ethernet connection from a hub in the same building to my ethernet switch and have given me IP addresses to use. They then set me up with a logmein VPN to the site server and have seemingly given me full access to the sites network. I'm not comfortable with this level of access, I asked them to provide me with a VPN connection to their hub and restricted access to only the 2 IP addresses I need connectivity with.

Anyway, using logmein when i am at the dashboard I can select to remotely control the server computer. (This I don't want to do.) If I select open tcp/ip ports I can see the IP addresses the PLC and HMI are connected at. How do I then go about getting RSLinx to connect to the PLC? How do I go about connecting to the Panelview?

Any help on this would be greatly appreciated.

thanks

Jonny
 
I am guessing that Logmein has a similar functionality as Teamviewer, except maybe for the VPN part.
Teamviewer has a VPN functionality that allows you to do what you have described, to use a remote PC as a router to a remote network.
It is not trivial, but also not difficult if you follow MY GUIDE.
(it uses Siemens STEP7 as example, but the principles are the same for other PLCs).

For the remote devices you want to access, PLCs panels etc., they must have the Gateway/Router specified as the Teamviewer PCs IP address.

An alternative to the above is to purchase RSLinx Gateway. But that costs $.
 
"They then set me up with a logmein VPN to the site server and have seemingly given me full access to the sites network."
That sounds as if you have VPN connection, not a Remote Control connection. Must be similar to Teamviewer VPN connection with routing enabled.
So all you have to do is to setup the Router/Gateway in the PLCs and other devices you need to access. That may be a catch-22, since you cannot access the PLCs and devices until this is done.
You may have to have someone onsite do this for you.

In most cases this is enough. But in some cases you have to specify the route from your PC to the remote device. This is described in the Teamviewer guide.
 
Hi Jesper,

Thanks for the prompt reply. I just came across your guide as you replied. I have access through the logmein web service with full adminstrator rights. I can remotely setup the registry if I like and view internet traffic etc.

I have found the IPEnableRouter registry as per your guide but I'm reluctant to change registry details. Currently this is set to 0. Is it safe to change this to 1. Will it require a reboot? Is it likely to upset any other processes already running etc?

thanks

Jonny
 
Yes, registry changes requires a reboot.

But I dont understand that it should be necessary. You write "They then set me up with a logmein VPN to the site server and have seemingly given me full access to the sites network".
If you can ping devices on the remote network, then you are already set.
 
Hi Jesper,

I've looked at the open tcp/ip ports on the remote network and tried to ping them using command prompt on the site server which detects the IP's as expected. When I try to ping the same address from my pc it says the destination host is unreachable. In my command prompt I'm typing the following:

ping 192.168.0.10

this is failing to reach host.

I think the problem might be that this is a web based connection. I have access through logmein.com, see login instructions below.
Connect from a PC or Mac
•On a different computer, go to LogMeIn.com and log in with your LogMeIn ID and password.
•On the Home page, click the computer you want to control.
•Log in with your computer user name and password.
•That's it. You're in two places at once.
Click to expand...

The VPN might not be direct to my computer but via the logmein account.

What do you think? I'm thinking this method may not be suitable for what I want to do.
 
I dont know logmein. As you describe it in the last post, it is the typical remote control of the desktop of a remote PC (which uses VPN to reach the remote PC).
Not a VPN connection to the resources of a remote PC.

edit: I think you should try Teamviewer as per my guide.
Teamviewer is free on the remote PC (the host) but costs a license for the remote controlling PC (the guest).
 
With Logmein you have Logmein Pro which is remote PC software and then you have another product called Hamachi which is a VPN software.

It sounds like you are using Hamachi https://secure.logmein.com/products/hamachi/

You can setup the network in several ways but from what you describe it sounds like they are using in gateway mode. That should be the same as if you were at the site plugged into the LAN so you should be able to ping your devices IP Address.

Using linx you will likely need to use the Ethernet device driver and enter your addresses as the Ethernet /IP driver use broadcast to work and can many times be an issue across a VPN connection.
 
It is logmein pro that the IT company has provided. I take it there is no way I can access the system as though i were on the network with this program?
 
JonAW said:
It is logmein pro that the IT company has provided. I take it there is no way I can access the system as though i were on the network with this program?
Click to expand...

Using Logmein Pro you would need to access a computer on their lan with the automation software needed loaded onto it. Logmein Pro lets you remote control a computer much like VNC or Windows RDP.

If they don't have a way to provide you with a VPN then Hamachi would be a good choice or Pertino. Pertino would be my top pick.
 
Well, I've convinced the customer to allow me to install an E*won 2005 3G router into the system that I had lying around in the office. I was intending on using it as a service package or commissioning type unit which would mean I wouldn't have to travel to site personally to commission smaller plc systems.

I haven't used anything like this before, talk about a learning curve but I have it sussed now (I think!!). I set it up in my office yesterday and had a good tinker with it. It worked fine in the office so took it to site today. It turns out the network connection point that I was told was ok to connect into is an old fibre system with no users connected to it. All lights went green when I plugged them in but I don't have internet access yet. The supporting IT company have forwarded the correct ports etc but the network is not picking up my ****. We went through settings over and over and at the end of it the IT company (who were not on site) now believe the fibre router to be faulty or in need of reset. Unfortunately there was no one on site today that could do that for me. Talk about a frustrating morning! To top it all off I can't even use the 3G router as there is no mobile telephone reception on site!

From my experience playing with the ****at the office, I can really see the benefit of them. Now I know how to set them up and with good guides available to download I think these units could be very useful indeed.
 
JonAW said:
...I was wondering if any of you have experience of using logmein to setup a vpn between your programming device and a plc inside an external network?...
Click to expand...

I don't think LogMeIn uses a VPN tunnel, or point-to-point session. It appears as though it uses its own proprietary SSL protocol...

Some Professor said:
HOW LOGMEIN PROCESS IS DIFFERENT FROM VNC AND VPN VIEWER

In computing, Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the RFB (remote frame buffer) protocol to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network. Popular uses for this technology include remote technical support and accessing files on one's work computer from one's home computer, or vice versa. A very common application of VNC is in remote system administration, where it is used to allow administrators to take control of employee machines to diagnose and fix problems, or to access and administer server machines without making a trip to the console.

VNC is also widely used in educational contexts, for example to allow a distributed group of students simultaneously to view a computer screen being manipulated by an instructor, or to allow the instructor to take control of the students' computers to provide assistance. However, the disadvantage of VNC is that it cannot easily go through the local network firewall. Network administrator need to be informed or requires prearrangement to create a hole in the firewall for VNC to work.

A Virtual Private Network (VPN) is a technology for using the Internet or another intermediate network to connect computers to isolated remote computer networks that would otherwise be inaccessible. A VPN provides varying levels of security so that traffic sent through the VPN connection stays isolated from other computers on the intermediate network, either through the use of a dedicated connection from one "end" of the VPN to the other, or through encryption. VPNs can connect individual users to a remote network or connect multiple networks together. For example, users may use a VPN to connect to their work computer terminal from home and access their email, files, images, etc.

Through VPNs, users are able to access resources on remote networks, such as files, printers, databases, or internal websites. VPN remote users get the impression of being directly connected to the central network via a point-to-point link. However, the problem with VPN is that it also requires permission from the network administrator.

On the other hand, LogMeIn remote access products use a proprietary remote desktop protocol that is transmitted via SSL (Secure Sockets Layer, a protocol for encrypting information over the Internet). An SSL certificate is created for each remote desktop and is used to cryptographically secure communications between the remote desktop and the accessing computer.

Users access remote desktops using either the LogMeIn Ignition stand-alone application or a web portal (A web portal is a web site that brings information from diverse sources in a unified way). The web portal requires either an ActiveX plugin for Internet Explorer, or an extension for Firefox (the LogMeIn plug-in for Firefox), or an extension for Safari (the LogMeIn plug-in for Safari), failing that it falls back to requiring Java in order to run a Java program, and failing that it falls back to "a screen-shot-based HTML remote control". The web portal also provides status information for the remote computers and, optionally, remote computer management functions.

Note 1: LogMeIn Ignition – software for facilitating access to computers running LogMeIn host software from Windows, iOS, or Android devices
Note 2: A web portal is a web site that brings information from diverse sources in a unified way.

The service connects the remote desktop and the local computer using SSL over TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) and utilizes NAT traversal techniques to achieve peer-to-peer connectivity when available.

Thus using LogMeIn for accessing the remote computer, it requires no permission from the network administrator. However, remote computer that is being accessed must have licensed version of the LogMeIn software tool installed.

There are public-network-independent wireless systems available for remotely operating and controlling machinery systems. However, they are limited in power and/or distance.
Click to expand...

According to this PDF, they seem to have successfully used LogMeIn Pro to remotely access a CompactLogix, PanelView Plus 600 and a Sony camera. They don't go into detail on exactly how to set it all up. It's more a general description of what they achieved, but it shows that it is possible...

REMOTE DEMONSTRATION OF PACKAGING MACHINERY & MECHATRONICS SYSTEMS VIA PUBLIC NETWORK

Regards,
George
 

Similar Topics

S
ControlLogix Remote I/O: Would you use Flex 5000, Point I/O, or another option?
Hey All, I'm currently building a control system for a large building in a industrial setting. Doing lighting, vent, roof control, door access...
Replies
12
Views
3,497
Nova5
N
theColonel26
Determine if a Remote PLC is in Program Mode from another PLC?
Rockwell CompactLogix or ControlLogix 5x70 or 5x80 series: Is it possible to determine if a Remote PLC is in Program Mode from another PLC...
Replies
13
Views
3,705
theColonel26
theColonel26
S
Can i remote from one station to another station?
Hi, I'm using RSLogix 5000 software. May i know how to remote from one station to another station? I just need to take data of temperature and...
Replies
2
Views
2,039
daba
D
L
Read pulses from a magnetic-inductive flow meter and modify pulses by a user inputted valve and to output the modified rate to another pulse reader
Hi, The hardware is: Click Plc model # CO-O1DD1-O HMI model # S3ML-R magnetic-inductive flow meter model # FMM100-1001. I will set the flow meter...
Replies
4
Views
130
Steve Bailey
Steve Bailey
R
Odd request RSLogix5000 - Send 80 character string from One PLC to another with I/O
So I had an odd request from a customer for the above. I have written the logic and tested it all in one PLC with only using 7 outputs and 7...
2
Replies
15
Views
427
drbitboy
drbitboy
Back
Top Bottom