| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
| "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| |
| |
| |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> |
| <title>PLC4X – </title> |
| <script src="../../js/jquery.slim.min.js" type="text/javascript"></script> |
| <!--script src="../../js/popper.min.js" type="javascript"></script--> |
| <script src="../../js/bootstrap.bundle.min.js" type="text/javascript"></script> |
| <!-- The tooling for adding images and links to Apache events --> |
| <script src="https://www.apachecon.com/event-images/snippet.js" type="text/javascript"></script> |
| <!-- FontAwesome --> |
| <link rel="stylesheet" href="../../css/all.min.css" type="text/css"/> |
| <!-- Bootstrap --> |
| <link rel="stylesheet" href="../../css/bootstrap.min.css" type="text/css"/> |
| <!-- Some Maven Site defaults --> |
| <link rel="stylesheet" href="../../css/maven-base.css" type="text/css"/> |
| <link rel="stylesheet" href="../../css/maven-theme.css" type="text/css"/> |
| <!-- The PLC4X version of a bootstrap theme --> |
| <link rel="stylesheet" href="../../css/themes/plc4x.css" type="text/css" id="pagestyle"/> |
| <!-- A custom style for printing content --> |
| <link rel="stylesheet" href="../../css/print.css" type="text/css" media="print"/> |
| |
| <meta http-equiv="Content-Language" content="en"/> |
| |
| </head> |
| <body class="composite"> |
| <nav class="navbar navbar-light navbar-expand-md bg-faded justify-content-center border-bottom"> |
| <!--a href="/" class="navbar-brand d-flex w-50 mr-auto">Navbar 3</a--> |
| <a href="https://plc4x.apache.org/" id="bannerLeft"><img src="../../images/apache_plc4x_logo_small.png" alt="Apache PLC4X"/></a> |
| <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#collapsingNavbar3"> |
| <span class="navbar-toggler-icon"></span> |
| </button> |
| <div class="navbar-collapse collapse w-100" id="collapsingNavbar3"> |
| <ul class="navbar-nav w-100 justify-content-center"> |
| <li class="nav-item"> |
| <a class="nav-link" href="../../index.html">Home</a> |
| </li> |
| <li class="nav-item"> |
| <a class="nav-link" href="../../users/index.html">Users</a> |
| </li> |
| <li class="nav-item active"> |
| <a class="nav-link" href="../../developers/index.html">Developers</a> |
| </li> |
| <li class="nav-item"> |
| <a class="nav-link" href="../../apache/index.html">Apache</a> |
| </li> |
| </ul> |
| <ul class="nav navbar-nav ml-auto justify-content-end"> |
| <li class="nav-item row valign-middle"> |
| <a class="acevent" data-format="wide" data-mode="light" data-event="random" style="width:240px;height:60px;"></a> |
| </li> |
| </ul> |
| </div> |
| </nav> |
| <div class="container-fluid"> |
| <div class="row h-100"> |
| |
| |
| |
| |
| |
| |
| |
| |
| <nav class="col-sm-push col-md-2 pt-3 sidebar"> |
| <div class="sidebar-sticky"> |
| <ul class="nav flex-column"> |
| <li class="nav-item"> |
| <a href="../../developers/infrastructure/issues.html" class="nav-link">Bug & Issue Tracker</a> |
| </li> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <li class="nav-item"> |
| <a href="../../developers/index.html" class="nav-link">Section Home</a> |
| </li> |
| |
| |
| <li class="nav-item"> |
| <a href="../../developers/preparing/index.html" class="nav-link">Preparing your Computer</a> |
| <ul class="flex-column pl-4 nav"> |
| <li class="nav-item"> |
| <a href="../../developers/preparing/linux.html" class="nav-link">Linux</a> |
| </li> |
| <li class="nav-item"> |
| <a href="../../developers/preparing/macos.html" class="nav-link">Mac OS</a> |
| </li> |
| <li class="nav-item"> |
| <a href="../../developers/preparing/windows.html" class="nav-link">Windows</a> |
| </li> |
| </ul> |
| </li> |
| |
| |
| <li class="nav-item"> |
| <a href="../../developers/building.html" class="nav-link">Building</a> |
| </li> |
| |
| |
| <li class="nav-item"> |
| <a href="../../developers/contributing.html" class="nav-link">Contributing</a> |
| </li> |
| |
| |
| <li class="nav-item"> |
| <a href="../../developers/tutorials/index.html" class="nav-link">Tutorials</a> |
| <ul class="flex-column pl-4 nav"> |
| <li class="nav-item"> |
| <a href="../../developers/tutorials/writing-driver.html" class="nav-link">Writing Drivers</a> |
| </li> |
| <li class="nav-item"> |
| <a href="../../developers/tutorials/testing-serializers-and-parsers.html" class="nav-link">Testing Drivers</a> |
| </li> |
| </ul> |
| </li> |
| |
| |
| <li class="nav-item"> |
| <a href="../../developers/code-gen/index.html" class="nav-link">Code Generation</a> |
| <ul class="flex-column pl-4 nav"> |
| <li class="nav-item"> |
| <a href="../../developers/code-gen/protocol/mspec.html" class="nav-link">Protocol: MSpec Format</a> |
| </li> |
| <li class="nav-item"> |
| <a href="../../developers/code-gen/language/freemarker.html" class="nav-link">Language: Apache Freemarker</a> |
| </li> |
| <li class="nav-item"> |
| <a href="../../developers/code-gen/protocol/df1.html" class="nav-link">Example: DF1 MSpec</a> |
| </li> |
| </ul> |
| </li> |
| |
| |
| <li class="nav-item"> |
| <a href="../../developers/infrastructure/index.html" class="nav-link">Infrastructure</a> |
| <ul class="flex-column pl-4 nav"> |
| <li class="nav-item"> |
| <a href="../../developers/infrastructure/ci.html" class="nav-link">Continuous Integration</a> |
| </li> |
| <li class="nav-item"> |
| <a href="../../developers/infrastructure/issues.html" class="nav-link">Bug & Issue Tracker</a> |
| </li> |
| <li class="nav-item"> |
| <a href="../../developers/infrastructure/sonar.html" class="nav-link">Code Analysis</a> |
| </li> |
| <li class="nav-item"> |
| <a href="../../developers/infrastructure/wiki.html" class="nav-link">Wiki</a> |
| </li> |
| <li class="nav-item"> |
| <a href="../../developers/infrastructure/vm.html" class="nav-link">Build VM</a> |
| </li> |
| <li class="nav-item"> |
| <a href="../../developers/infrastructure/website.html" class="nav-link">Website</a> |
| </li> |
| <li class="nav-item"> |
| <strong class="nav-link">IoT VPN</strong> |
| </li> |
| </ul> |
| </li> |
| |
| |
| <li class="nav-item"> |
| <a href="../../developers/release/index.html" class="nav-link">Releasing</a> |
| <ul class="flex-column pl-4 nav"> |
| <li class="nav-item"> |
| <a href="../../developers/release/release.html" class="nav-link">Releasing</a> |
| </li> |
| <li class="nav-item"> |
| <a href="../../developers/release/validation.html" class="nav-link">Validating</a> |
| </li> |
| <li class="nav-item"> |
| <a href="../../developers/release/build-tools.html" class="nav-link">Releasing Build-Tools</a> |
| </li> |
| </ul> |
| </li> |
| |
| |
| <li class="nav-item"> |
| <a href="../../developers/tools.html" class="nav-link">Tools</a> |
| </li> |
| |
| |
| <li class="nav-item"> |
| <a href="../../developers/team.html" class="nav-link">Team</a> |
| </li> |
| |
| |
| <li class="nav-item"> |
| <a href="../../developers/decisions.html" class="nav-link">Decision Making</a> |
| </li> |
| |
| |
| <li class="nav-item"> |
| <a href="../../developers/maturity.html" class="nav-link">Maturity</a> |
| </li> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| </ul> |
| </div> |
| </nav> |
| <main role="main" class="ml-sm-auto px-4 col-sm-pull col-md-9 col-lg-10 h-100"> |
| <div class="sect1"> |
| <h2 id="the_plc4x_plc_vpn">The PLC4X PLC VPN</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>As attaching physical PLC devices to a cloud infrastructure is challenging, we decided to setup a VPN in the IoT lab of codecentric Frankfurt and to grant committers of the Apache PLC4X project access to that.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This document contains all the information needed to setup the VPN and to communicate with the different PLCs.</p> |
| </div> |
| <div class="sect2"> |
| <h3 id="network">Network</h3> |
| <div class="paragraph"> |
| <p>All nodes of the IoT VPN are configured to use the IP range: '10.10.64.0/24'.</p> |
| </div> |
| <div class="paragraph"> |
| <p>In order to access the VPN from outside, a VPN gateway is configured to accept incoming connections.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This VPN gateway is listening on port <code>vpn.plc4x.apache.org</code> on port <code>444</code> and should it should be possible to connect to it via OpenVPN.</p> |
| </div> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>Failed to generate image: Could not find the 'nwdiag', 'nwdiag3' executable in PATH; add it to the PATH or specify its location using the 'nwdiag' document attribute |
| { |
| network internet { |
| address = "X.X.X.0/28" |
| |
| vpn.plc4x.a.o [address = "217.110.130.19"]; |
| plc4x-vm2.a.o [address = "62.210.60.247"]; |
| committer-a; |
| committer-b; |
| } |
| |
| network plc4x-iot-lab { |
| address = "10.10.64.x/24" |
| |
| vpn.plc4x.a.o [address = "10.10.64.1"]; |
| F-FBs-40MC [address = "10.10.64.10"]; |
| S-S7-1212 [address = "10.10.64.20"]; |
| S-KTP-400 [address = "10.10.64.25"]; |
| WG-750-352 [address = "10.10.64.30"]; |
| BH-C6920-0030 [address = "10.10.64.40"]; |
| committer-int [address = "10.10.64.200"]; |
| } |
| }</pre> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>Note the PLC4X Project VM and Jenkins build node <code>plc4x-vm2.apache.org</code> also dials in to the <code>plc4x-iot-lab</code> network.</p> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="plcs">PLCs</h3> |
| <div class="paragraph"> |
| <p>The following PLCs have been configured and should be available in the VPN.</p> |
| </div> |
| <div class="sect3"> |
| <h4 id="fatek_fbs_40mc">Fatek: FBs-40MC</h4> |
| <div class="imageblock right"> |
| <div class="content"> |
| <img src="../../images/plcs/plc4x-vpn-fatek.jpg" alt="plc4x vpn fatek" width="200"/> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>This device is able to use the following protocols:</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>Modbus (Port <code>502</code>)</p> |
| </li> |
| <li> |
| <p>Fatek (Port <code>500</code>)</p> |
| </li> |
| </ul> |
| </div> |
| <div class="paragraph"> |
| <p>It is configured to use the IP: <code>10.10.64.10</code></p> |
| </div> |
| </div> |
| <div class="sect3"> |
| <h4 id="siemens_s7_1212acdc">Siemens: S7-1212AC/DC</h4> |
| <div class="imageblock right"> |
| <div class="content"> |
| <img src="../../images/plcs/plc4x-vpn-siemens-s7.jpg" alt="plc4x vpn siemens s7" width="200"/> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>This device is able to use the following protocols:</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>S7 (32 flavour) (Port <code>102</code>)</p> |
| </li> |
| <li> |
| <p>S7 (72 flavour) (Port <code>102</code>)</p> |
| </li> |
| <li> |
| <p>ProfiNet</p> |
| </li> |
| </ul> |
| </div> |
| <div class="paragraph"> |
| <p>It is configured to use the IP: <code>10.10.64.20</code></p> |
| </div> |
| </div> |
| <div class="sect3"> |
| <h4 id="siemens_ktp_400_basic_mono">Siemens: KTP 400 Basic Mono</h4> |
| <div class="imageblock right"> |
| <div class="content"> |
| <img src="../../images/plcs/plc4x-vpn-siemens-hmi.jpg" alt="plc4x vpn siemens hmi" width="200"/> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>This device is able to use the following protocols:</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>S7 (32 flavour) (Port <code>102</code>)</p> |
| </li> |
| <li> |
| <p>S7 (72 flavour) (Port <code>102</code>)</p> |
| </li> |
| <li> |
| <p>ProfiNet</p> |
| </li> |
| </ul> |
| </div> |
| <div class="paragraph"> |
| <p>It is configured to use the IP: <code>10.10.64.25</code></p> |
| </div> |
| </div> |
| <div class="sect3"> |
| <h4 id="wago_750_352_feldbuskoppler_ethernet">WaGo: 750-352 Feldbuskoppler ETHERNET</h4> |
| <div class="imageblock right"> |
| <div class="content"> |
| <img src="../../images/plcs/plc4x-vpn-wago.jpg" alt="plc4x vpn wago" width="200"/> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>This device is not a typical PLC, but more a device making I/O values available via Ethernet protocols.</p> |
| </div> |
| <div class="paragraph"> |
| <p>For our job however it is exactly what we need as it allows testing the protocols without the need to develop a sophisticated PLC software in the first place.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This device is able to use the following protocols:</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>Modbus (TCP port <code>502</code>, UDP port <code>502</code>)</p> |
| </li> |
| <li> |
| <p>EtherNet/IP (TCP port <code>44818</code>, UDP port <code>2222</code>)</p> |
| </li> |
| </ul> |
| </div> |
| <div class="paragraph"> |
| <p>It is configured to use the IP: <code>10.10.64.30</code> |
| The web-interface is available at <a href="http://10.10.64.30/webserv/index.ssi" class="bare">http://10.10.64.30/webserv/index.ssi</a> |
| The login for this is user: 'admin' pass: 'wago'.</p> |
| </div> |
| </div> |
| <div class="sect3"> |
| <h4 id="beckhoff_c6920_0030">Beckhoff: C6920-0030</h4> |
| <div class="imageblock right"> |
| <div class="content"> |
| <img src="../../images/plcs/plc4x-vpn-beckhoff.jpg" alt="plc4x vpn beckhoff" width="200"/> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>This device is able to use the following protocols:</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>ADS (Port <code>48898</code>)</p> |
| </li> |
| <li> |
| <p>EtherNet/IP (Port <code>48181</code>)</p> |
| </li> |
| </ul> |
| </div> |
| <div class="paragraph"> |
| <p>It is configured to use the IP: <code>10.10.64.40</code></p> |
| </div> |
| <div class="paragraph"> |
| <p>Beckhoff PLCs are processes running on a host operating system.</p> |
| </div> |
| <div class="paragraph"> |
| <p>In this case, this host OS is <code>Windows 7 Professional</code>.</p> |
| </div> |
| <div class="paragraph"> |
| <p>These processes seem to communicate with an internal network, which isn’t connected to the physical network of the host.</p> |
| </div> |
| <div class="paragraph"> |
| <p>In order to be able to communicate with the PLC from the outside world, a so-called <code>AMS Route</code> needs to be added. |
| Unfortunately it seems that this route needs to be added individually for every clients ip. |
| As the VPN gateway is automatically assigning IPs to the clients, this step eventually has to be done every time you log in. |
| Right now we hope that as soon as routes have been added for quite some ips, eventually we won’t have to do this anymore, but right now it looks as if we do.</p> |
| </div> |
| <div class="paragraph"> |
| <p>Adding a route is done by opening the ADS Route Editor on the Beckhoff machine:</p> |
| </div> |
| <div class="imageblock"> |
| <div class="content"> |
| <img src="../../images/plcs/plc4x-vpn-beckhoff-route-1.png" alt="plc4x vpn beckhoff route 1"/> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>Here you click on add:</p> |
| </div> |
| <div class="imageblock"> |
| <div class="content"> |
| <img src="../../images/plcs/plc4x-vpn-beckhoff-route-2.png" alt="plc4x vpn beckhoff route 2"/> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>And enter the details of the new route:</p> |
| </div> |
| <div class="imageblock"> |
| <div class="content"> |
| <img src="../../images/plcs/plc4x-vpn-beckhoff-route-3.png" alt="plc4x vpn beckhoff route 3"/> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>Here it is important to give the route a name. |
| The <code>AmsNetId</code> is sort of like a 6-segment ipv4-address. It could be chosen independently from the real ip address, however the default is to use the ip address for the first 4 segments and to append <code>.1.1</code> after this. |
| So from an ip address: <code>10.10.57.104</code> the corresponding <code>AmsNetId</code> would be: <code>10.10.57.104.1.1</code>. |
| <code>Transport Type</code> should be set to: <code>TCP_IP</code>. |
| <code>Address Info</code> is where the clients ip address is added. |
| Be sure to select the <code>IP Address</code> radio button below. |
| Next thing, you should ensure, is that the type of <code>Remote Route</code> is set to <code>None</code>.</p> |
| </div> |
| <div class="paragraph"> |
| <p>When clicking on <code>Add Route</code>, don’t be surprised that the window doesn’t close, you have to click on <code>Close</code> after that and then you should see your new route in the route list screen.</p> |
| </div> |
| <div class="paragraph"> |
| <p>When planning on using the <code>EtherNet/IP</code> communication, the configuration of the TwinCAT device is described here:</p> |
| </div> |
| <div class="paragraph"> |
| <p><a href="https://download.beckhoff.com/download/document/automation/twincat3/TF6280_EtherNet_IP_Slave_EN.pdf" class="bare">https://download.beckhoff.com/download/document/automation/twincat3/TF6280_EtherNet_IP_Slave_EN.pdf</a></p> |
| </div> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="requesting_an_account">Requesting an account</h3> |
| <div class="paragraph"> |
| <p>The PLC hardware in the <code>PLC4X IoT Lab</code> is hosted in the codecentric Frankfurt office.</p> |
| </div> |
| <div class="paragraph"> |
| <p>Even if we wanted to integrate our VPN Gateway with Apache’s LDAP service, this is currently not possible.</p> |
| </div> |
| <div class="paragraph"> |
| <p>In order to get access to the hardware, please request an account on the <code>PLC4X Developer Mailinglist</code>: <a href="mailto:dev@plc4x.apache.org">dev@plc4x.apache.org</a></p> |
| </div> |
| <div class="paragraph"> |
| <p>We’ll try to create the account as quickly as possible.</p> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="setup">Setup</h3> |
| <div class="paragraph"> |
| <p>By accessing the following URL with the <code>username</code> and <code>password</code>, provided by <code>codecentric</code>, you will be provided with links to download the VPN clients for different platforms.</p> |
| </div> |
| <div class="literalblock"> |
| <div class="content"> |
| <pre>https://vpn.plc4x.apache.org:444</pre> |
| </div> |
| </div> |
| <div class="imageblock right"> |
| <div class="content"> |
| <img src="../../images/plcs/plc4x-vpn-client-download.png" alt="plc4x vpn client download"/> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>However it is also possible to use other VPN clients based on <code>OpenVPN</code>.</p> |
| </div> |
| <div class="paragraph"> |
| <p>To do this, just download the option labeled: <code>Mobile VPN with SSL client profile</code>.</p> |
| </div> |
| <div class="paragraph"> |
| <p>It’s a normal <code>tgz</code> file, so rename the file and unpack it.</p> |
| </div> |
| <div class="paragraph"> |
| <p>The archive contains a <code>client.ovpn</code> file which contains the configuration needed by <code>OpenVPN</code>.</p> |
| </div> |
| </div> |
| </div> |
| </div> |
| </main> |
| <footer class="pt-4 my-md-5 pt-md-5 w-100 border-top"> |
| <div class="row justify-content-md-center" style="font-size: 13px"> |
| <div class="col col-6 text-center"> |
| Copyright © 2017–2022 <a href="https://www.apache.org/">The Apache Software Foundation</a>. |
| All rights reserved.<br/> |
| Apache PLC4X, PLC4X, Apache, the Apache feather logo, and the Apache PLC4X project logo are either registered trademarks or trademarks of The Apache Software Foundation in the United States and other countries. All other marks mentioned may be trademarks or registered trademarks of their respective owners. |
| <br/><div style="text-align:center;">Home screen image taken from <a |
| href="https://flic.kr/p/chEftd">Flickr</a>, "Tesla Robot Dance" by Steve Jurvetson, licensed |
| under <a href="https://creativecommons.org/licenses/by/2.0/">CC BY 2.0 Generic</a>, image cropped |
| and blur effect added.</div> |
| </div> |
| </div> |
| </footer> |
| </div> |
| </div> |
| |
| <!-- Bootstrap core JavaScript |
| ================================================== --> |
| <!-- Placed at the end of the document so the pages load faster --> |
| <script src="../../js/jquery.slim.min.js"></script> |
| <script src="../../js/popper.min.js"></script> |
| <script src="../../js/bootstrap.min.js"></script> |
| <script type="text/javascript"> |
| $('.carousel .carousel-item').each(function(){ |
| var next = $(this).next(); |
| if (!next.length) { |
| next = $(this).siblings(':first'); |
| } |
| next.children(':first-child').clone().appendTo($(this)); |
| |
| for (let i = 0; i < 3; i++) { |
| next=next.next(); |
| if (!next.length) { |
| next = $(this).siblings(':first'); |
| } |
| next.children(':first-child').clone().appendTo($(this)); |
| } |
| }); |
| </script> |
| </body> |
| </html> |
