Switch to desktop version  
Pulling ewon's subnet devices out to VPN subnet - Printable Version

+- Ewon Technical Forum (https://techforum.ewon.biz)
+-- Forum: Development (https://techforum.ewon.biz/forum-50.html)
+--- Forum: Ewon Embedded Technology (https://techforum.ewon.biz/forum-51.html)
+---- Forum: Ewon Internet Connectivity (https://techforum.ewon.biz/forum-5.html)
+---- Thread: Pulling ewon's subnet devices out to VPN subnet (/thread-2729.html)

Pulling ewon's subnet devices out to VPN subnet - @tomekwalczk - 06-03-2025

Hello, We had estamblished communication between Ewon Cosy 131 with 14.9 firmware version and third-party OpenVPN server.
Now we can access Ewon from LAN web side of OpenVPN server, but we can't reach PLC driver at the Ewon's subnet side.
We tried 1:1 NAT Ip mapping, but in Realtime logs we discovered notification "ewon wanmgt-Unable to setup IPTable rule (NAT 1-1)".

The crux of our problem is that SCADA on LAN side of OpenVPN server connects with PLC driver that's connected with Ewon through LAN.
Now we can reach Ewon module but not the PLC driver in it's subnet.

Is it possible that OpenVPN somehow blocks NAT Ip mapping without alerting us about in firewall/event logs? Previously we had 14.6
firmware on Ewon Cosy 131 module and it was connected with eFive server. Now eFive server have been replaced with Netgate 4020.

RE: Pulling ewon's subnet devices out to VPN subnet - simon - 11-03-2025

Hi,

That is a bit weird 11NAT is not working... I would need to test it here.
Could a proxy/port forwarding rule be used as a work around ?
https://support.hms-networks.com/hc/en-us/articles/7662398039698-How-to-define-somes-Proxy-rules-on-the-Ewon-Cosy

RE: Pulling ewon's subnet devices out to VPN subnet - @tomekwalczk - 11-03-2025

(11-03-2025, 10:39 AM)simon Wrote: Hi,

That is a bit weird 11NAT is not working...  I would need to test it here.
Could a proxy/port forwarding rule be used as a work around ?
https://support.hms-networks.com/hc/en-us/articles/7662398039698-How-to-define-somes-Proxy-rules-on-the-Ewon-Cosy

Hi, that solution generate much more complication for us.. We have 9 Ewon Cosy 131 modules connected to 9 different
PLC drivers with different producer and different port. We would prefer to stay with old 1:1 NAT rule. Previously modules
were connected to eFive server and had old firmware. Now after firmware update and switching eFive server to new unit,
after rebooting we have errors as follow:

wanmgt-Unable to setup IPTable rule (NAT 1-1)
wanmgt-ARP Proxy exec fail (NAT 1-1)
pla-System exec error (2)