Results
Conducting a remote session via VPN (IPC)
Virtual Private Networks (VPNs) allow users to send or receive data over a distributed or public network as if their computers were connected directly over a private network.
-
The service engineer sends an invitation to the VPN conference.
-
The machine operator agrees to the VPN connection.
Precondition
-
The connection between the service engineer at the PC and the machine operator at the SINUMERIK control system has been established.
More information is provided in Chapter: Joining a remote session as MO (IPC). -
OpenVPN has been installed for both the service engineer and the machine operator, e.g. using Silent Installation.
More information is provided in Chapter: Silent Installation. -
A "Network Bridge" is set up for OpenVPN TAP and LAN [X2] (only has to be done once after a new installation):
NOTE
The Windows English user interface is shown in the following diagrams.
-
Under "Network connections", select OpenVPN TAP and LAN [X2] and open the menu with a right-click
Click on "Bridge Connections".
-
The "Network Bridge" network is created. Open the Network Bridge menu with a right-click and click on "Properties".
-
Activate checkbox "Internet protocol version 4 (TCP/IPv4)" and click on button "Properties".
Enter an IP address and then click on "OK".Network Bridge settingsNOTE
For the network bridge, the same network settings and restrictions apply that were defined for IPC LAN [X2].
The assigned IP for the network bridge must be one of the inactive IPs in the same machine network.
The OpenVPN-IP address assigned for the service engineer client as a default is 192.168.214.6. If this IP address is already being used, then it must be updated to an inactive IP in file "mmmr_se.ovpn" under "C:\Program Files (x86)\Siemens\MMMR SC".
-
Within the simulation environment, IPC [X2] had a direct connection to NCU [X120].
NOTE
Using the VPN connection, you can access devices in the machine network.
Any other procedure requires additional security measures.
After establishing the network bridge, a direct connection to the PLC on the NCU via SINUMERIK Operate is not supported.
-
Procedure
-
With a connection established, the service engineer clicks on the "VPN" icon in the "Manage MyMachines Service Client" to send an access request.
-
The machine operator receives a message in the "Manage MyMachines /Remote Service Client" session window indicating that the service engineer wants to establish a VPN connection allowing him to access all devices in the same network.
-
The machine operator clicks on "Cancel" if he does not wish to establish a connection.
The service engineer receives an appropriate notification.
-
The machine operator clicks on "OK" if he agrees to establish a connection.
-
-
While the VPN connection is being established, the service engineer can see the tooltip "VPN waiting for connection..." when the mouse pointer is hovered over the VPN button.
-
After successful establishment of the VPN connection, the following window is started on both sides:
-
"OpenVPN Connection (mmmr_se)" is started on the service engineer's PC.
-
"OpenVPN Connection (mmmr_mo)" is started on the machine operator's control.
-
On both sides, the color of the "OpenVPN Connection (mmmr_se)" and "OpenVPN Connection (mmmr_mo)" icon in the taskbar changes from yellow
to green 
.
-
-
The color of the "VPN" icon changes in column "VPN".
Message "VPN connected" is displayed in the tooltip if the mouse pointer is positioned above the icon.
NOTE
It is not permissible that the service engineer has any administrator rights on the service engineer PC.
The administrator of the service engineers PC must define the permissible applications, which communicate via the virtual VPN adapter, by configuring the firewall settings of the operating system.