Hello network experts,
I draw a network architecture according to the customer’s requirement. The customer wants the PcVue Station installed in his office can get all data from other PcVue stations installed in End-user’s Control Room via Internet.
As we know, for one-way communication(one Socket connection) it can be satisfied.e.g. Modbus IP. IEC104. But as far as I know, there are two Sockets connection between PcVue Server and Client. I don‘t know what will happen when one socket connection is broken.
thanks
Mark
Is it possible to configure a VPN ? that will be easier
Hello!
Your main problem is that you don't have a public fixed IP but you can easily deal with it using some services like www.dyndns.org. Practically you have to open an account using that service and then to install a little software in the remote PcVue machine (Server one, in your case). As soon the external IP change, this little software will detect it and update the DNS record.
So your remote machines, with dynamic IP, will be reachable using an address like : mydistantpcvue.dyndns.org instead than a numerical IPv4 address that is subject to change.
That solution implies two things:
- The external IP address can be dynamic, but must be PUBLIC (sometimes - for example 3G or 4G connection by mobile phones are under NAT for IPv4 - so your mobile phone is like to be in the private LAN of your telco provider).
You can easily verify this if the external WAN shown in the router is the same you can see from www.monip.fr - The customer must open in the router the port (usually TCP 1981) to redirect the external 1981 TCP port to the IP address of the local PcVue station - this feature is called NAT or Virtual Server
Up to here it's magic and fast but... you can expose your customer to a security risk because actually the Winnet protocol in PcVue is not encrypted and not authenticated.
So the best is to do what Nicolas already told you : a VPN.
But... nothing is magic since many VPN system requires to have a STATIC IP on BOTH endopoints..!!
So the easiest solution I know can be OPENVPN - an Open Source project.
You can install an OpenVPN client - as a service - on the distant PcVue Stations.
When Windows Starts on the distant PcVue server station, this machine (with dynamic IP address) will call the VPN Server - instead to be called, located in the PcVue client side.
In the PcVue client side, an OpenVPN Server (I suggest you pfsense www.pfsense.org - that is able to export ready-to-use configuration for Clients) will reiceve this call and connect the various endpoints.
In this case you should not have any problem regarding NAT, Virtual Server, Private IP and so on and - first of all - you should not have any security risk because everything is encrypted and authenticated.
When the OpenVPN tunnel is estabilished, any PcVue station will have a particular static IP address in a private LAN subnet like 192.168.250.x dedicated to the VPN, and you can configure your PcVue Client Station to reach any machine using that addressing space.
Unfortunately is not simple if you never done that but I hope to have at least clarified your view...
Let me know if is not clear,
Good luck!
And why not using RDS on each PcVue station?
For me it is the most adapted solution...
Nico
Yes, VPN can be a backup solution.
BRs,
Mark
Hi Filippo,
Thanks for your more detailed reply.
If I understood well, you listed three solutions:
- Dynamic DNS
- VPN
- OPENVPN
My question is what do you mean "many VPN system requires to have a STATIC IP on BOTH endopoints",why BOTH?
Second question is do you konw how much is the OPENVPN?
thanks
BRs,
Mark
Hi Nico,
Each PcVue Server station works as a data producer. So how to use RDS?
BRs,
Mark
Hello Mark!
I confirm these 3 possibility:
- Using Dynamic DNS with no VPN tunnelling but exposing to a security risk
- Using any kind of VPN with hardware devices (firewalls) in the middle (1 box for each site)
- Using OpenVPN - because I'm sure it can works also if the clients (in your case the PcVue server station) are behind NAT and with dynamic IP address. And also OpenVPN allows you to do everything via software without using any hardware box since both OpenVPN server and clients can runs on Windows
To answer to the other 2 questions:
- In some cases (depending from the vendor) some VPN systems uses the IP address of BOTH endpoints as element of identification. For example in some IPSEC LAN-to-LAN implementations. It's not mandatory (can use also a static identifier or a certificate) but you must check it when you select the firewall vendor.
- OpenVPN it's free! https://openvpn.net//open-source.html
🙂
Hope it helps!
Mark,
Each Station is a RDS server. The system integrator connects using Remote Desktop Connection (RDC) and acts as a PcVue Client.
The constraint is: On each Server Station you must have Windows 2012 R2 with the RDS license
Nico
Hi All
Nico's solution drawback for the customer is that you must add on the site existing dongle a client for each End-user control room.
That is good for you but might be prohibitive for the customer 😉
In my point of view, Filippo' s solution (OpenVPN) seems to be the most cost effective solution.
Manu




