Sign in to follow this  
SpyrosABB

Modbus Tcp Over Internet

Recommended Posts

Hello everyone,

I have an apllication where I need to poll with modbus TCP some devices which are located to sollar plants and have

access to the internet.

How is this going to be implemented? Do I need static IP to address to the devices or can I use a dynamic DNS service?

Share this post


Link to post
Share on other sites

You really should use VPN or some other secure method to protect your devices. Exposing a Modbus TCP device to the internet is just asking for troubles. So, the answer is: yes, you need a static IP (not dynamic DNS), but that static IP should be a non-routable, local IP address (i.e. 192.168.x.x or 10.x.x.x) and you should use VPN to get from one location to the other.

Share this post


Link to post
Share on other sites

You really should use VPN or some other secure method to protect your devices. Exposing a Modbus TCP device to the internet is just asking for troubles. So, the answer is: yes, you need a static IP (not dynamic DNS), but that static IP should be a non-routable, local IP address (i.e. 192.168.x.x or 10.x.x.x) and you should use VPN to get from one location to the other.

thank you

Share this post


Link to post
Share on other sites

Hi,

Static IP is expensive...Is possible to make safe line with openvpn sw installed on industrial routers using dyndns service ??

 

Site with DAQ Factory

* router with installed zeroshell ( http://www.zeroshell.org/ ), openvpn or IPsec

* dyndns service

* DAQ Factory

 

a lot of sites with

* router with openvpn or IP sec

* PLC, DAQ device

Share this post


Link to post
Share on other sites

You are really getting outside the realm of what we can advise on.  Network security is very complicated, and with SCADA systems it really must be done correctly.  That is why I recommend DAQConnect.com since using this service eliminates the issues of opening up firewalls to give external access.

 

Just because a lot of sites might use openVPN doesn't make it the best solution.  And those sites were hopefully setup by IT professionals and not the system integrator.  Its kind of like demolitions.  You really want to let the professionals that do it all the time handle the dynamite, not the general contractor.  Don't assume that you have a secure system.  Get professional help when you want to grant external access or use a product like DAQConnect that does not require opening holes.

 

And, most importantly, whether you are providing external access or not: make sure you have safety systems in place that are completely independent of all logic.  That means not connected through any PLC's or computers.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this