OpenVpn tunnel or IpSec vpn tunnel ?

Kataeb

Member
Join Date
Jan 2007
Location
www.livelovelebanon.com
Posts
628
Our project requires a vpn tunnel communication, between a Scada system and some remote Plc's. So we are trying to understand the following issues, to select the most suitable solution.

1. is the IpSec vpn tunnel , really secure and safe to use , in this configuration ?

2. does the IpSec server work , with public static ip address , or , with public dynamic ip address ?

3. same questions for the OpenVpn tunnel , and OpenVpn server .


Thank you


http://www.prosoft-technology.com/c...196/version/14/file/ICX35_HWC_User_Manual.pdf


http://www.prosoft-technology.com/P...ellular/Industrial-Cellular-Gateway-ICX35-HWC
 
Our project requires a vpn tunnel communication, between a Scada system and some remote Plc's. So we are trying to understand the following issues, to select the most suitable solution.

1. is the IpSec vpn tunnel , really secure and safe to use , in this configuration ?

2. does the IpSec server work , with public static ip address , or , with public dynamic ip address ?

3. same questions for the OpenVpn tunnel , and OpenVpn server .


Thank you


http://www.prosoft-technology.com/c...196/version/14/file/ICX35_HWC_User_Manual.pdf


http://www.prosoft-technology.com/P...ellular/Industrial-Cellular-Gateway-ICX35-HWC

For question 2, the answer is that I don't know anything about the Prosoft products. It could be either way, or both. Many vendor's offer a rendezvous server that all the devices can connect to, simplifying the IP address requirement. Answer is the same for IPSec and OpenVPN.

For question 1, OpenVPN and IPSec are realistically similar in terms of security. They are both a good choice. I've heard that OpenVPN is a bit easier to get through a firewall. Again, vendor implementation could affect this, not sure about Prosoft.
 
Last edited:
Check with some of you local ISP providers. We have choose to let Verison provide us with a VPN solution.

I can't say the name of this company on this forum, but I have also used **** with great success, they are super easy to setup, very secure, and works like a charm.

The reason for us switching to Verison is because we needed more than a few VPN Tunnels.
 
Instead to encrypt an unsafe data transmission protocol better use directly a safe protocol like OPC UA is.
 
Instead to encrypt an unsafe data transmission protocol better use directly a safe protocol like OPC UA is.

No it's not. You want to encrypt the link not the protocol.

There is a lot more data traffic going on over the link and you need NAT, router and firewall functions as well.

We have used OpenVPN and I would use a static IP on the factory plant and dynamic IP on the remote sites. The prosoft unit above looks to be a little light on features though. I guess it depends on what you want to be able to do over the VPN tunnel.
 
Last edited:
He just wants to connect a SCADA to some remote PLC(s), it seems he does not want to do remote assistance.

Do people use a VPN to access their bank account? No, they just use a browser with a secure protocol, and now that protocol also exists in the industry to connect a SCADA / HMI
 

Similar Topics

Hi everybody. I have a problem discovering my devices using RSlinx. My setup is: - MicroLogix 1400 (192.168.132.2) connected via ethernet to...
Replies
8
Views
3,130
Hello, we are developing a remote maintenance solution for our machines. We want to use VPN Routers which dial out (from the machine to our VPN...
Replies
3
Views
2,791
Third puzzle in the tunnel theme: Two cats are travelling on a train, the train is running at constant speed. The cats are initially stationary...
Replies
8
Views
2,194
Just wondering if anyone ever had this setup. I have 3 micrologix 1400 communicating via cradlepoint modems. They in turn each is hooked to a...
Replies
4
Views
1,663
Hello all-it's been awhile. We recently bought a used machine and have made some modifications. The original machine had a Wonderware computer...
Replies
1
Views
1,383
Back
Top Bottom