SCADA Protocols – public APN

Print version

2. SCADA Protocols – public APN

Public APN SCADA configuration

Fig. 2.1: Public APN SCADA configuration

2.1. APN Configuration

With the public APN, you need to have a public and static IP address in the center. In our example, we configure the APN to be “internet.open.s” so we obtain the required IP address.

Public APN configuration (static, public IP address)

Fig. 2.2: Public APN configuration (static, public IP address)

The remote stations can be configured with the most basic APN, e.g. “internet” to obtain the private and dynamic IP address. In the next section, we will configure the VPN tunnel which is necessary for this kind of connection. Without the tunnel, the serial communication will be blocked within the mobile network.

In this example, we configure the OpenVPN tunnel in the routed mode. See ??? for configuration details. The only difference is that we do not need to configure any VPN connected networks on any M!DGE unit, we just use the fixed tunnel addresses for serial data communication.

Fixed OpenVPN tunnel address for clients

Fig. 2.3: Fixed OpenVPN tunnel address for clients

The clients can be then configured just via the Expert files downloaded from the Master M!DGE. The first client will obtain 10.8.0.6 tunnel address and the second client 10.8.0.10.

2.2. SCADA Master Configuration

The configuration is the same as explained with the Private APN , but replace the IP addresses.

Master Protocol server configuration (public APN)

Fig. 2.4: Master Protocol server configuration (public APN)

Now we are finished, but due to Protocol server configuration, we need to disable source IP control mechanism, because IP addresses are changed due to using VPN tunnel. This needs to be done via SSH access to the M!DGE unit. Login as root using the same password as for the web administrator access and run the following command:

$ vi /etc/config/factory-config.cfg

The configuration file will be opened. Find the line with

rrsp.2.ComTtMasking.0.COM_PROT_CHECK_SRCIP=1

and change the last digit to “0” (press the button “i” to enter editor)

rrsp.2.ComTtMasking.0.COM_PROT_CHECK_SRCIP=0

Press “ESC” button and close the file by typing “:x”. Then run the command

$ rm /etc/rrconf/rrsp2.cfg

and reboot the unit via the command

$ reboot

After the unit boots up, you have finished the Master configuration.

2.3. SCADA Slave Configuration

The Slave must be connected via the OpenVPN tunnel to the Master and its Protocol server must be configured to the Modbus – Slave mode.

2.4. Troubleshooting

The troubleshooting is the same as explained in the Section 1.4, “Troubleshooting”.

[Note]Note

If your server is using TCP connection, configure the Device server instead of Protocol server and set the Mode to “TCP Raw” with the appropriate TCP port.