Remote access

BobB

Lifetime Supporting Member
Join Date
Jun 2002
Location
Sydney
Posts
4,547
A customer has asked me about remote access through a VPN. Heve done it with a modem before but not a VPN. I will need to run PLC programming software and do some changes online. I guess I would need an Ethernet port on the PLC as well? Standard Ethernet or Ethernet IP or does it matter?🍻
 
For a VPN to work, first you need a VPN server and this normally requires not only Internet access but also some cloud service provider that will do all the security authentication administration 24/7. I would recommend you look into companies like Fortinet or HMS Networks which has the a VPN product line. There is a way to do this with a Raspberry Pi and some open-source application. If you have the budget, I advise you use Fortinet or HMS. Free software tends to become unaffordable.
 
Omron has issued a document detailing how to connect Sysmac Studio/CX-Programmer to a remote plc using Teamviewer own VPN connection. The document can be downloaded from MyOmron portal.
 
Any administrator of computer network systems with a minimum of experience should be able to advise you. Nowadays, it is very common for employees of companies to connect via VPN from remote locations

There are companies that offer these services to companies, surely there are some in your area.

Typically, through VPN you can open session in a computer in the remote place where the monitoring or programming software runs, so it is not important if the PLC is connected to the computer through a serial or an ethernet port.

But there are also pieces of hardware on the market that connect by itself as a VPN client and so you could connect the PLC to the VPN without a computer, in this case the PLC should have an Ethernet port.

Do not confuse Ethernet/IP with Ethernet. Ethernet/IP is an industrial communication protocol used mainly by Rockwell Automation.
 
Thank you all. Couple here that are attractive - customer is as tight as!
The **** I note is only 3G but probably OK. Would cost him an M2M card per month. An option for sure.
No IT people there either - it is a caravan park in the middle of nowhere.
It is an Omron PLC - no screen - I will certainly download from My Omron and have a look.
It is a job where I did not want to get involved but it is a good friend of one of my good customers who is quite happy to pay me a good hourly rate and also pays right on the dot of 30 days - a rarity these days so I am sort of obliged.
Will let you know where I finish up.
 
E*W*O*N would be a perfect, simple, affordable, solution.


+1 on E_W_O_N (weird that this site *'s that word out - is it bad?). We've used them before and they work well. You still likely need to work with your customer/remote site IT to get an IP address for it on the customer's business network. Assuming that's not a violation of their IT policies.

I don't know if E_W_O_N addressed this issue or not, but the problem we had was that the E_W_O_N would allow the WAN and LAN to be on the same subnet. The WAN and LAN were the same in this case. Our fix was a cheap router to bridge the E_W_O_N LAN port back to the WAN network.

E_W_O_N also has a cellular model, you would have to pay for monthly cellular service but it bypasses the IT headache if you can't get around it.
 
Last edited:
A customer has asked me about remote access through a VPN. Heve done it with a modem before but not a VPN. I will need to run PLC programming software and do some changes online. I guess I would need an Ethernet port on the PLC as well? Standard Ethernet or Ethernet IP or does it matter?🍻

Hi BobB,
As stated earlier the *ew*on* cosy range is pretty good. We have around 200 machines with the ethernet version active. They also do a wifi and a cellular version. Ive uploaded/downloaded code changes plenty of times. I love em. There are various security hardware measures available should the customer wish to stop you getting in!
You can connect to them via different protocols & not just ethernet.
All dependant on the hardware you want to connect to i suppose!
 
If you want easy to deploy, get a Stridelinx VPN router. Set up takes under 10 minutes. We use them in places where there is no PC to gain access to the PLC network and HMI. There is a phone app that the operators can use to monitor the HMI too.

Very cool! Sure take the IT that's not on my of our sites to let us in.
 
BobB said:
I guess I would need an Ethernet port on the PLC as well? Standard Ethernet or Ethernet IP or does it matter?
Just Ethernet will do. And shame on you if you are using a PLC without Ethernet in 2020 !

To get access for remote support there are 3 ways:

1. The customers IT department provide you with the VPN connection.
It may mean you have to install a special VPN software on your side.
Usually big companies have a IT department and security policies.

2. You install a dedicated VPN router onsite. There are plenty of good VPN router vendors. We use E.won. Others use Stridelinx, MBconnect, etc..
2a. The customer provides the internet connection.
2b. The VPN router can have an integrated 3G or 4G cellular modem.
A good solution for smaller companies without a big IT department.

3. Software based VPN. There are a few. I wrote a guide on how to use Teamviewer as a VPN router. You can find it in the download section of this site.
I use it in a pinch when 1 or 2 is not possible, but always with the customers approval.
Quite a few times, my service guy onsite has had to use his smartphone as a hotspot for the onsite PC to connect via Teamviewer and for me to go online via VPN.
 
I don't know if E_W_O_N addressed this issue or not, but the problem we had was that the E_W_O_N would allow the WAN and LAN to be on the same subnet. The WAN and LAN were the same in this case. Our fix was a cheap router to bridge the E_W_O_N LAN port back to the WAN network.
That was not the E.won that was to blame.
It is an issue any router, if you have same subnets on either side of the router. IP routing wont work.
You probably have this scenario.
On the machine side you have chosed fixed IP addresses.
On the routers WAN side you have DHCP.
If you on the machine side have chosen an "unfortunate" IP address, the router gets assigned an IP in the same subnet by DHCP.
There are certain IP addresses you should avoid because many routers per default are set to use the same subnet. I mean the higher level router that is the DHCP server, not the e.won router.
Avoid these in your machine network:
192.168.0.x
192.168.1.x
192.168.2.x
10.0.x.x
10.1.x.x
10.2.x.x
172.168.0.x
Maybe some others too...

edit: And yes, if you have gotten in this sitation and cannot change the network in a hurry, than placing an additional router in between the VPN router and your network can fix the problem.
 

Similar Topics

I have to provide remote access and control to a touch screen. I was thinking about using Weintek and the Weincloud. Does anyone know if this is...
Replies
1
Views
102
Hi everyone, I have a project involved with Toyota whereby the customer would like to be able to control devices within a booth using a portable...
Replies
0
Views
177
Hello, I am looking for a solution to remotely access any kind of device securely across the internet. I know this has been done in piecemeal...
Replies
22
Views
2,088
Hello everyone, nowadays i am working on a project for remote access to our machines. We are using a remote access module, but i want to make my...
Replies
0
Views
375
Hello PLC Friends, I'm starting my final year project with a given rig and I'm thinking about incorporating a remote access feature where I can...
Replies
2
Views
360
Back
Top Bottom