Ewon Technical Forum

Ewon Technical Forum > Development > Ewon Embedded Technology > Ewon Data Publishing > Can Flexy 205 OPC-UA Server accessible by OPC-UA client external (via internet)
Full Version: Can Flexy 205 OPC-UA Server accessible by OPC-UA client external (via internet)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

afatech

09-05-2020, 04:39 AM
Hi,

Good day.

If I enable the OPCUA Server in Flexy 205 (Setup -> Main -> Net services -> OPCUA). 

Is it this OPCUA server can be accessible by a OPCUA client from external? 

ie. I want to active OPCUA server in Flexy, and then allow any OPCUA client to connect to it from externally

Thanks.

simon

10-05-2020, 11:44 PM
Hi,

Yes, when the OPCUA server is enabled on the Flexy, you can access it through all its IP interfaces (LAN, WAN and VPN).
Be careful that you need to make sure to set the WAN protection level to "allow all" if you want to connect through the WAN port.

Simon

afatech

11-05-2020, 06:15 AM
(10-05-2020, 11:44 PM)simon Wrote: [ -> ]Hi,

Yes, when the OPCUA server is enabled on the Flexy, you can access it through all its IP interfaces (LAN, WAN and VPN).
Be careful that you need to make sure to set the WAN protection level to "allow all" if you want to connect through the WAN port.

Simon

Thanks for your replies.

As I'm not a networking guy, thus can you please help to elaborate further the concept how to achieve this?

Here is my current situation:

My eWon is connected to the Internet (wifi extension card). It's connected to company's wifi, with DHCP WAN IP, eg: 192.168.4.149

I wish to allow our software vendor to be accessible to OPC UA server in Flexy, so that they can do whatever it needs in order to read & also write Tag data.

Based on this document aug-0064-00-en-opc-ua-server.pdf, I assume we can use this OPCUA Client software called Unified Automation UaExpert OPCUA Client , to test connection & prove that our Flexy OPCUA Server can be accessible from external, and subsequently Read/Write Tag values.

So:
In order to allow access to the Flexy OPCUA server from external, any configuration need to be done from company networking? (for example if we are setting up a Web Server, will need to configure the DNS server of some sort, etc)

What/how is the URL address to type in UaExpert OPCUA client software?  Can you please enlighten me?


Thanks.

simon

11-05-2020, 09:20 AM
Hi,

So you want to let people connect the Flexy in OPCUA from outside your company network (so from internet) ?
If yes, then you must make some port forwarding on your Internet router to redirect the OPCUA port 4840 to the Ewon Wifi IP (Pure IT stuff). Like for a Web Server, but the port is 80, instead of 4840.
However, this is something we do not really recommend since you open a door in your Internet router firewall.
We always recommend to use a VPN when you access device from outside, like Talk2M.
Altough Talk2M, the Ewon connectivity cloud, is not aimed for permanent VPN connection, you may use it to test the OPCUA outside connection. You just have to create a user in your eCatcher/Talk2M Account for the tester and he will be able to connect the Ewon in OPCUA (using UA Expert) through the eCatcher VPN connection.

Simon

afatech

13-05-2020, 03:07 AM
(11-05-2020, 09:20 AM)simon Wrote: [ -> ]Hi,

So you want to let people connect the Flexy in OPCUA from outside your company network (so from internet) ?
If yes, then you must make some port forwarding on your Internet router to redirect the OPCUA port 4840 to the Ewon Wifi IP (Pure IT stuff).  Like for a Web Server, but the port is 80, instead of 4840.
However, this is something we do not really recommend since you open a door in your Internet router firewall.
We always recommend to use a VPN when you access device from outside, like Talk2M.
Altough Talk2M, the Ewon connectivity cloud, is not aimed for permanent VPN connection, you may use it to test the OPCUA outside connection.  You just have to create a user in your eCatcher/Talk2M Account for the tester and he will be able to connect the Ewon in OPCUA (using UA Expert) through the eCatcher VPN connection.

Simon

Yes, I want to let people connect to Flext OPCUA server from outside (permanently).

Actually, our final goal is we want to allow our third party web-based application vendor to be able to read & write TAG values to our PLC Tag value.
So from their web-based application, they can build a dashboard which will display some real time machine status (Speed, etc). And it can write value back to PLC (for eg, click a button to toggle TRUE/FALSE value of a boolean Tag, etc)

So that's why we are thinking to make use of this Flexy OPCUA server capability. We would just need to enable the OPCUA server in Flexy, and the vendor can do whatever it needs on their parts, ie. to connect to Flexy OPCUA Server, write client codes to read/write our Tag values.

This web-based application is hosted on vendor's AWS cloud service platform, and it's meant for multiple customers instead of just us, so I think having to install a eCatcher in their virtual server and then establish VPN connection permanently just for our case is not feasible to them.

If the Flexy OPCUA server is not advisable to be opened & be accessible to public like this, can you kindly advise what is the most suitable method to achieve the above goal please? 

We actually also explore the possibility of using MQTT where we can use the Flexy BASIC IDE to Publish/Subscribe to MQTT topic. But this approach involves using a MQTT broker server, either setup on our own server or using the cloud platform like AWS. So long term wise that's really cost & maintenance concern on our part here. 

Thanks

simon

15-05-2020, 06:17 PM
Hi,

Using eCatcher is for sure not the good solution here as it has a limited bandwidth of max 1 GB /month/account (Free+). You can pay for more if you want.
You could also install your own OpenVPN server on your AWS cloud instance and connect your Ewons to that. Then you'll a permanent VPN connections to all your ewon at the same time.
Also, If the Tag update frequency does not have to be high (every 10 sec or more), you could use the M2Web API of Talk2M : https://developer.ewon.biz/content/m2web-api-0

Simon

stiandr

28-01-2022, 03:09 PM
HelloSmile

We are in a similar situation. 

We are using Talk2m and datamailbox, and we also want to use OpenVPN with OPCUA.

IS it possible to configure the EWON to have one outgoing VPN connection for Talk2m, and another one fro OpenVPN?

Best Regards,
Stian


(15-05-2020, 06:17 PM)simon Wrote: [ -> ]Hi,

Using eCatcher is for sure not the good solution here as it has a limited bandwidth of max 1 GB /month/account (Free+). You can pay for more if you want.
You could also install your own OpenVPN server on your AWS cloud instance and connect your Ewons to that.  Then you'll a permanent VPN connections to all your ewon at the same time.
Also, If the Tag update frequency does not have to be high (every 10 sec or more), you could use the M2Web API of Talk2M : https://developer.ewon.biz/content/m2web-api-0

Simon

simon

28-01-2022, 08:20 PM
Hi Stian,

No that is not possible Sad. Only one VPN connection at a time is allowed.
Ewon Technical Forum > Development > Ewon Embedded Technology > Ewon Data Publishing > Can Flexy 205 OPC-UA Server accessible by OPC-UA client external (via internet)