Utilizing the Internet for remote commissioning provides convenience while saving time and money, but accessing machines at job sites can be difficult because firewalls block messages that originate from the Internet. Although it is possible to open ports in firewalls using port forwarding, IT professionals are often reluctant to compromise the security of their network and usually decline this type of request. Without support from the IT department, the systems integrator is usually left with very few options. However, one solution is to incorporate a virtual private network (VPN). By hosting a VPN server in the cloud, our RemoteVPN server simplifies communication over the Internet while maintaining security.
Contemporary Controls' RemoteVPN subscription service incorporates a cloud-based OpenVPN® server, OpenVPN clients for workstations and mobile devices, and OpenVPN routers installed at job sites. OpenVPN is open-source and incorporates SSL/TLS security with encryption.
The RemoteVPN server, hosted on the Internet and maintained by Contemporary Controls, allows OpenVPN client devices to communicate together. Communication initiated by OpenVPN clients pass through firewalls up to the RemoteVPN server which completes the client connections. All that is needed is an account on the server to utilize the RemoteVPN service. OpenVPN clients are easy to obtain and can be downloaded from OpenVPN.net, or via Google Play for Android devices, or via the Apple App Store for iOS devices.
CTRLink EIGR Gigabit VPN routers provide OpenVPN client communication at the job sites. The EIGR series consists of high-speed routers that link two 10/100/1000 Mbps Internet Protocol (IPv4) networks — passing appropriate traffic while blocking all other traffic. One network is the local-area-network (LAN); the other is the wide-area-network (WAN). The built-in stateful firewall passes communication initiated on the LAN-side while blocking WAN-side initiated communication. With Port Address Translation (PAT), LAN-side clients can access the Internet. Network Address Translation (NAT) allows a one-to-one translation between LAN-side and WAN-side devices. With Port Forwarding, LANside devices can be accessed from the Internet.
The RemoteVPN subscription service provides security and convenience. However, for network-savvy customers wishing to avoid subscription fees, the newly released EIGR routers can be configured to operate in OpenVPN server mode, thereby eliminating the cloud service and related fees. Setting up an OpenVPN server on your own is not trivial. It involves setting up a root certificate authority and generating certificates and keys for the OpenVPN server and for each client device that intends to connect to this server. However, the EIGR-V's built-in webpages facilitate the tasks without requiring downloaded software to generate certificates or keys.
One EIGR-V set to OpenVPN server mode and assigned a fixed public IP address resides at the client site or any other convenient site and uses the Internet for communicating to OpenVPN clients without any cloud service involved.
One EIGR-V in OpenVPN server mode can support up to 15 EIPR-V/EIGR-V routers in OpenVPN client mode. These are devices connected to equipment at various locations. In addition, up to 15 PC clients (or any device with OpenVPN functionality like tablets/phones) can be connected to the same OpenVPN server. These PC clients can be located anywhere that has Internet connectivity. With this arrangement, PC clients and client routers in remote locations can communicate securely using the services of this one EIGR-V OpenVPN server. There is no additional requirement to setup NAT or Port Forwarding on the client routers as they initiate outbound connections to the OpenVPN server. Furthermore, the OpenVPN client devices only require internet access – there is no requirement for a static public IP address. The only requirement for a public IP is for the OpenVPN server router. The OpenVPN server router itself can be connected behind an existing firewall/router with a public IP and have the OpenVPN port forwarded to it. An additional benefit is that each PC client can be configured to communicate with one or more router clients independent of each other. The EIGR-V provides the ideal solution for secure remote access across multiple locations without subscription fees or cloud service dependencies.