Titan – AN17: OpenVPN-EasyLink, Maintenance of Remote Routers and PLCs
¿Buscas alguna otra cosa?
Table of Contents
Scene Details
The new OpenVPN EasyLink feature is designed for those facilities requiring occasional remote maintenance. With EasyLink you do not have to pay a monthly fee like many web platforms, nor will there be any problems regardless of whether the remote router’s SIM card has a public/private IP address or is dynamic/static. The EasyLink connection is designed for those who do not have advanced knowledge of VPN infrastructure, since the connection is extremely simple.
The basic requirement is that the SIM address of the Titan router that makes the OpenVPN Server function have a public and static IP address. The SIM cards of the remaining Titan routers, which perform the function of OpenVPN Client, do not need static or public IP address. This guide can be used from firmware version 3.00.3.14 of the Titan Routers.
Practical Example
A repeatable installation is available in 100 locations. Each installation consists of an Ethernet-connected PLC to a MTX-Router-Titan-3G-mini router. The goal is to be able to remotely access:
- The web configuration of a MTX-Router-Titan-3G-mini
- The web configuration of the PLC
- Access to TCP port 502 of the PLC (port for Modbus communications)
The scheme of the example would be as follows:
On the side of the control PC will have a MTX-Router-Titan-3G-mini configured as EasyLink Server. On the remote side of the PLCs, you will have the MTX-Router-Titan-3G-mini configured as EasyLink Client.
Router Configuration Operating in EasyLink Server Mode
In this router we will have to configure 2 things: the connection to 3G / 4G and the mode of operation EasyLink Server.
1. 3G connection configuration
Set the WAN > Basic Settings screen settings as shown below, by setting the APN, Username and Password to the SIM operator used. The following screen shows an example configuration for a Movistar SIM.
2. EasyLink Server Mode Configuration
To configure the router in the EasyLink Server mode, go to the configuration options: “VPN > OpenVPN Easylink“. The router will be configured as follows:
This is all the configuration to be applied to the MTX-Router-Titan-3G-mini that will be used to connect to the remote computers. Once done, the router must be restarted so that it takes the new configuration.
Configuration of the Router that Operates in EasyLink Client Mode
This router must configure 3 things: the 3G / 4G connection, the SMS configuration and the EasyLink Client operating mode.
1. Configuration of the 3G connection
Modify the WAN> Basic Settings screen options as shown below, by setting the APN, Username and Password to the SIM operator used. The example shows the settings for a Movistar SIM.
2. SMS Settings
To use EasyLink communication it is necessary to configure the SMS. To do this we will configure the “Other > SMS” screen as follows
Specify in the “AT header” field a password (default “mtx”). In “Authorized phone numbers” you can specify “All phones” so that all phone numbers are authorized or specify the SIM phone number that will be on the router that acts as EasyLink Server (the router connected to the control PC).
3. EasyLink Configuration in Client Mode
To configure EasyLink in Client mode, go to the “OpenVPN > Easylink” configuration screen. The router must be configured as indicated in the following screen.
This is all the settings that need to be applied to the remote router. Once done, the router must be restarted to take the new configuration.
PCL Network Configuration
Assuming that the LAN IP address of the MTX-Router-Titan-3G-mini connected to the PLCs has the address 192.168.100.2, the PLC must always be configured as follows:
IP LAN: 192.168.100.3
Network Mask: 255.255.255.0
IP Gateway: 192.168.100.2
Connecting with Remote Equipment
To initiate the connection with a remote router and / or PLC we must go to the VPN> OpenVPN EasyLink section of the router connected to the control PC and enter the telephone number of the remote router, the SMS header (which was configured on the remote router), and the PLC LAN IP. Once the data has been entered press the “CONNECT” button.
After a few seconds, about 30, we can access both the configuration of the remote router and the PLC. In some cases (especially in cases where the remote router is not permanently connected to the Internet) it may take a little longer. It is recommended to press the “REFRESH” button to refresh the connection status before pressing “CONNECT” again. Once the connection is established we see the IP address vpn of the router (10.9.0.4) and the PLC connected to it.
By clicking the link “10.9.0.4” we will directly access the configuration of the remote MTX-Router-Titan-3G router. We can also access the PLC that is connected to the router through the IP “192.168.100.3” as if it were in our LAN. That is, we can access the Web configuration of the PLC as well as the port TCP502 of modbus.
You can easily check it by performing a PING from your control PC to both the IP of the router and the remote PLC:
The EasyLink connection lasts for 30 minutes, after that time will end automatically. If you finish the action before that time, it is recommended to press the “DISCONNECT” button to end the connection.
This is all you need to do to access a router or remote device with OpenVPN EasyLink.
PCL Network Configuration
The first requirement is that the SIM address of the Titan router that makes the EasyLink Server function have a public IP address (it does not have to be static, it can be dynamic). The SIM movistar cards usually work well.
The second requirement is that the SIMs have support for SMS (since the EasyLink Server will send an SMS when initiating a connection with the remote EasyLink Client router).