Configuring the VPN

UBIQUITY Runtime includes a VPN server to accept remote connections from Control Center clients.

UBIQUITY’s VPN operates at level 2 (data link) and doesn’t need additional routing rules. Furthermore, remote field devices do not need to change their gateway to be remotely accessed.

The VPN provides a virtual data-link connection between the virtual network adapter installed on the Control Center computer and one or more network interfaces that are present on the Runtime device and previously configured to be reachable via VPN.

Warning

On the remote device with UBIQUITY Runtime it is not possible to configure the VPN to use a wireless network adapter.

In the case where the VPN is limited to the remote device only, it is possible to activate the VPN with the virtual adapter (Point-to-Point virtual Ethernet adapter) installed on the Runtime, rather than with a physical interface, limiting the topology of the VPN to a point-to-point configuration.

In Win32 systems the network interface properties window shows the UBIQUITY filter driver.

If the virtual adapter is installed (point-to-point connections between the Control Center and Runtime), it will be called “UBIQUITY VPN” as shown in the following figure.

image22

Hint

If the virtual network interface has not been installed it can be added by rerunning the UBIQUITY Runtime setup.

When using the Windows Embedded Compact (CE) operating systems, the virtual Ethernet adapter is called “UEA1” (UBIQUITY Ethernet Adapter).

For Windows CE systems the VPN virtual adapter is not automatically installed.

To install it, open the UBIQUITY control panel, open then the configuration options (gear icon image23) and click the “VPN” button.

Hint

Some ASEM systems have UBIQUITY Runtime already installed and configured. They do not need any manual operation. Please check the catalogue for further information about the systems featuring UBIQUITY as default option.

Hint

It is not recommended to enable VPN on the Ethernet interface assigned to an Ethernet I/O master (Ethercat or Modbus TCP), because devices connected to the subnet may not be reachable. For more information about the type of Ethernet interface, refer to the hardware manual.

Click the “Install adapter” button and wait a few seconds for the UEA1 adapter to appear together with the other network adapters.

UBIQUITY supports two VPN connection topologies:

  • VPN to the remote device running Runtime only

  • VPN to the whole remote device’s subnet

In the first scenario both virtual interfaces of Control Center and Runtime are put in communication through the VPN connection. The communication is made possible using virtual IP that differs from physical subnets.

The second topology allows instead to the virtual interface of the Control Center to connect virtually to one or more physical network interfaces present on the Runtime device.

The selection of the network interface to reach through VPN is done using the UBIQUITY Runtime control panel.

The following chapters show how to configure the VPN connection in the various scenarios of use:

  1. VPN to the remote device running Runtime only

  2. VPN to the remote device only

  3. VPN to the entire remote subnet with 2 Ethernet adapters

  4. VPN to the entire remote subnet with 1 Ethernet adapter