Host Engineering Forum
General Category => ECOMs and ECOM100s => Topic started by: Dave on June 30, 2011, 07:35:07 PM
-
This is more VPN than PLC, but I think answers will benefit all following here.
Goal: To network two sites so remote PLCs can be accessed locally over an OpenVPN link.
The Network:
- Site A: XP Pro Laptop behind router (laptop=192.168.1.0/24)
- Site B: XP Pro PC behind router with 2 NICs, NIC1=LAN (192.168.2.0/24), NIC2=PLC (10.10.10.0/24)
There are 2 DL06s on PLC LAN, ECOM equiped at 10.10.10.10, ECOM100 equiped at 10.10.10.11
So Far:
- OpenVPN between laptop and PC working (scripts below)
- EnabledIPForwarding on PC and laptop (regedit below)
The Rub:
- The laptop can ping the ECOM but not the ECOM100
DirectSoft5 on the laptop goes online with the remote ECOM connected PLC but not with the ECOM100. Neither can the Cmore programming software connect with the panel at 10.10.10.12. Only the ECOM can be remotely accessed.
I've been working through the routing to make this happen. Seeing some devices but not the rest has me stuck. I figured it would be all or none. There's a networking fault somewhere, I'm just not sure where.
This is a quick overview of the effort, post your questions and I'll fill in the blanks. All comments welcome.
Dave.
PC OpenVPN Script
# server.ovpn
server 172.17.2.0 255.255.255.0
push "route 10.10.10.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
port 1194
proto udp
dev tun
cipher AES-256-CBC
comp-lzo
cert server.crt
key server.key
dh dh1024.pem
ca ca.crt
tls-auth ta.key 0
max-clients 10
client-to-client
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
verb 3
# Not used as they force ALL traffic through the VPN
# push "redirect-gateway"
# push "dhcp-option DNS 172.17.2.1"
Laptop OpenVPN Script
# client.ovpn
client
cert dave.crt
key dave.key
ca ca.crt
tls-auth ta.key 1
remote abc.dyndns.org 1194
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC
ns-cert-type server
comp-lzo
route-method exe
route-delay 2
verb 3
XP RegEdits
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"IPEnableRouter"=dword:00000001
-
what values were entered for the subnet mask and gateway on the ecom100?
-
Doh!!!
PC=10.10.10.50/255.255.255.0
PLC HUB=10.l0.10.1
before:
ECOM100 on 10.10.10.11/255.255.255.0 gateway 0.0.0.0
CMORE on 10.10.10.12/255.255.255.0 gateway 10.10.10.1
after:
ECOM100 on 10.10.10.11/255.255.255.0 gateway 10.10.10.50 (PC)
CMORE on 10.10.10.12/255.255.255.0 gateway 10.10.10.50 (PC)
Mission Accomplished
Laptop programming over the VPN! No constantly transferring from laptop to PC to PLC. Directly program the remote PLC/Cmore from the laptop over the VPN.
I suppose pointing the gateway at the PC will have negative effects, eg: no outbound PLC/Cmore connections unless PC is running. Moving OpenVPN to an properly configured OpenWRT router and pointing the gateway there would fix that problem.
Thanks!
Final note to others, port 1194 must be forwarded to PC on the remote's internet connected router. The DynDNS.org updater runs on the remote PC keeping abc.dyndns.org current with any dynamically assigned ISP address changes. The updater could instead be run on the remote's ISP connected router, eg: with OpenVPN on an OpenWRT based router.
PS: Lookout also works over the VPN!