Setting up a Secure VPN Connection LOGO! 8

Setting up a Secure VPN Connection between a PC and LOGO! 8

LOGO! 8, LOGO! CMR



Siemens Industry Online Support

Table of Contents

Warranty and Liability

Note

The Application Examples are not binding and do not claim to be complete regarding the circuits shown, equipping and any eventuality. The Application Examples do not represent customer-specific solutions. They are only intended to provide support for typical applications. You are responsible for ensuring that the described products are used correctly. These Application Examples do not relieve you of the responsibility to use safe practices in application, installation, operation and maintenance. When using these Application Examples, you recognize that we cannot be made liable for any damage/claims beyond the liability clause described. We reserve the right to make changes to these Application Examples at any time without prior notice. If there are any deviations between the recommendations provided in these Application Examples and other Siemens publications ? e.g. Catalogs ? the contents of the other documents have priority.

We do not accept any liability for the information contained in this document. Any claims against us ? based on whatever legal reason ? resulting from the use of the examples, information, programs, engineering and performance data etc., described in this Application Example shall be excluded. Such an exclusion shall not apply in the case of mandatory liability, e.g. under the German Product Liability Act ("Produkthaftungsgesetz"), in case of intent, gross negligence, or injury of life, body or health, guarantee for the quality of a product, fraudulent concealment of a deficiency or breach of a condition which goes to the root of the contract ("wesentliche Vertragspflichten"). The damages for a breach of a substantial contractual obligation are, however, limited to the foreseeable damage, typical for the type of contract, except in the event of intent or gross negligence or injury to life, body or health. The above provisions do not imply a change of the burden of proof to your detriment. Any form of duplication or distribution of these Application Examples or excerpts hereof is prohibited without the expressed consent of the Siemens AG.

Security information

Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines and networks. In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement ? and continuously maintain ? a holistic, state-of-the-art industrial security concept. Siemens' products and solutions only form one element of such a concept. Customer is responsible to prevent unauthorized access to its plants, systems, machines and networks. Systems, machines and components should only be connected to the enterprise network or the internet if and to the extent necessary and with appropriate security measures (e.g. use of firewalls and network segmentation) in place. Additionally, Siemens' guidance on appropriate security measures should be taken into account. For more information about industrial security, please visit .

Siemens' products and solutions undergo continuous development to make them more secure. Siemens strongly recommends to apply product updates as soon as available and to always use the latest product versions. Use of product versions that are no longer supported, and failure to apply latest updates may increase customer's exposure to cyber threats. To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under .

Siemens AG 2017 All rights reserved

Security: LOGO!_PC_Static

Entry ID: 109747067, V1.0, 06/2017

2

Table of Contents

Table of Contents

Warranty and Liability ................................................................................................. 2

1 Task and Solution .............................................................................................. 4

1.1

Task...................................................................................................... 4

1.2

Solution................................................................................................. 4

1.3

Characteristics of the solution .............................................................. 5

2 Configuration and Settings............................................................................... 6

2.1 2.2 2.2.1 2.2.2 2.3 2.3.1 2.3.2

Prerequisites for the use of .................................................................. 6 Preparing environment ......................................................................... 7 Required components and IP address overview ................................. 7 Basic configuration of LOGO! CMR ..................................................... 9 Setting up remote access................................................................... 16 Configuring remote access on the LOGO! CMR................................ 16 Establishing remote connection to the service PC............................. 20

3 Testing the Tunnel Function .......................................................................... 22

4 History............................................................................................................... 22

Siemens AG 2017 All rights reserved

Security: LOGO!_PC_Static

Entry ID: 109747067, V1.0, 06/2017

3

 Siemens AG 2017 All rights reserved

1 Task and Solution

1

Task and Solution

1.1

Task

The LOGO! controller is an intelligent logic module from Siemens for small automation projects, for example, in building automation. The entire LOGO! 8 product family is equipped with Ethernet interfaces and thus offers new options of communication. LOGO! modules can communicate with each other via Ethernet and the Ethernet standard also makes remote access possible, for example, for remote maintenance.

The task is to establish a secure connection between a service PC and LOGO! CMR (Communication Module Radio) via Internet and the mobile wireless network.

1.2

Solution

General overview

The following graphic shows an approach in order to realize a secure connection between a PC and LOGO! . Figure 1-1

Service-PC

Internet Router

VPN-Client

VPN Tunnel Industrial Ethernet

WAN

LOGO! CMR mit LOGO! BM

VPN-Server

The connection between the service PC and LOGO! is secured by a VPN tunnel.

In this example, the service PC and LOGO! CMR form the two tunnel end points for the secure connection. LOGO! CMR acts as VPN server, the PC as VPN client.

Access to LOGO! CMR (VPN server) from the WAN is predefined by the use of a static WAN IP address.

WAN access on the client side is flexible; the IP address of the WAN access is not relevant.

The role distribution when establishing the VPN tunnel is specified as follows:

Table 1-1

Component

VPN role

Service PC LOGO! CMR

Initiator (VPN client); starts the VPN connection Responder (VPN server); waits for VPN connection

Security: LOGO!_PC_Static

Entry ID: 109747067, V1.0, 06/2017

4

 Siemens AG 2017 All rights reserved

1 Task and Solution

Logo!

LOGO! Siemens is an intelligent logic module and ideally suitable for the realization of simple automation tasks in industry and building technology. The use of expansion modules enables LOGO! to control even complex plants without any problems.

Using LOGO! CMR in combination with the LOGO! 8 basic modules (BM) makes it possible for you to monitor and control distributed plants and systems via text messages. You can remotely access the web interface of LOGO! CMR and LOGO! BM via mobile wireless network. The remote access makes it possible, for example, to install the LOGO! BM program remotely.

Note

You can access the LAN interface of LOGO! CMR via the VPN tunnel and you can therefore also access LOGO! BM remotely. If you want to communicate with LOGO! BM via LOGO! CMR, you have to enter the local IP address of LOGO! CMR as default router in LOGO! BM.

LOGO! CMR offers the following functions for secure remote access via mobile wireless network: OpenVPN (version V2.3.11) for remote maintenance Support of OpenVPN server function in pre-shared key mode Implementation of OpenVPN in routing mode Encryption of data to be transferred with the AES-128 CBC method. Authentication of the connection partners via the SHA-256 hash algorithm Support of the DynDNS function "" and "" DynDNS

providers are supported. Support of https function

1.3

Characteristics of the solution

Economical and intuitive remote control and remote monitoring of LOGO! 8 logic module via text message and/or email.

Convenient commissioning and diagnostics via the web-based management.

Secure remote access to LOGO! CMR and the connected LOGO! 8 basic module.

Via an OpenVPN connection, it is possible to directly access the LOGO! basic module for routing via LOGO! CMR. This makes it possible to access the LOGO! basic module web pages and to carry out an upload or download of the program to/from the LOGO! basic module.

Can be used internationally thanks to communication via GSM, UMTS and LTE networks.

Suitable for applications in industrial and industry-related branches.

Security: LOGO!_PC_Static

Entry ID: 109747067, V1.0, 06/2017

5

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download