====== Remote service access ======

Remote service access allows you to implement programming, configuration or diagnostics of automation equipment connected to WebHMI, for example, controllers or frequency drives remotely with the help of standard utilities and development tools of the equipment manufacturer. 

The scheme of work is given below. To implement remote service access, VPN technology is used. Both WebHMI and the developer's computer must be connected to the same VPN network, and in the WebHMI network settings, the appropriate rules have to be set for translating network addresses from the VPN network to the target equipment network.

In case the equipment uses a serial port instead of Ethernet, it is enough to install the virtual COM port driver on the computer and use the built-in WebHMI function Virtual COM port. The user can either setup his own VPN network or use the network provided by the Level2 system (recommended). 

{{ network:remoteaccess_jpg.jpg?direct |}}

===== Connection example =====

The steps required to implement remote service access are:
  -Connect __the PC__ you going to use as an access point to the VPN where WebHMI and connected equipment resides
  -Setup __virtual IPs__ for the equipment to be accessed via TCP/IP, or
  -Setup __virtual COM__ port function on a WebHMI for the equipment with serial port


===== Connecting the PC to VPN =====

==== Creating a node in Level2 for service PC ====

First you need to create an account (node) for service PC in Level2 system:
{{network:create_node_l2_link.png?direct}}

{{network:add_and_check_remote_pc.gif}}

and make (and then check) its settings:

  *mark the //VPN// checkbox in Services tab
  *Remember VPN //login / password// in the Information tab - for further PC VPN connectoin
  *In the Routing tab, set the node(s) this service PC can access and add Virtual IP if you want to access equimpent "behind" the WebHMI using Ethernet interface (//System with S7-1200 PLC//)

==== Adding a VPN connection in service PC's OS ====

In Windows 10, press **Win** key and type 'VPN':

{{ network:vpn_win10_add_1.png?direct&300 |}}

Press 'Add a VPN connection':

{{ network:vpn_win10_add_2.png?direct&912 |}}

Edit its settings according to Level2 settings:

{{network:vpn_win10_add_eng.png?direct}}

And check adapter properties:

{{ network:vpn_win10_add_4m.png?direct&600 |}}

{{ network:vpn_win10_add_7_edited.png?direct&600 |}}

After checking adapter settings try to connect and then check the connection status:

{{ network:vpn_win10_connect_arrows.png?direct&400 |}}

{{ network:vpn_win10_connected.png?direct&400 |}}

After connecting the PC to the VPN, "ping" the remote WebHMI node(s), which were allowed to access to in Routing tab:
{{ network:routing_target_1.png?direct&600 |}}

You can check its IP in the node's (//System with S7-1200 PLC//) Information tab:

{{network:check_routing_target_ip.gif}}

===== Establishing communication with remote devices behind the gateway via TCP / IP =====

The application structure is given below:

{{network:remote_access_function_tcp_eng.png?direct}}


You must **enable the Virtual IP address function** for the specified WebHMI node. Go the __WebHMI's__ Setup / Level2 menu and switch Virtual IPs lever on:
 
  -input the remote PLC's IP address it was assigned in that local network (192.168.0.210)
  -save the changes, after that a new VPN IP address for the PLC will be created (10.0.0.206). 

{{network:turn_virtual_ip_from_webhmi.png?direct}}

Now when you want to access the remote PLC (in the example we use Siemens S7-1200 PLC), connect your PC to VPN and you should be able to connect your PLCs via these Virtual IPs.

Here is example how to connect to PLC S7 1200 from TIA Portal. 

Connect your PC to VPN and __type in your Virtual IP in the advanced download/online access dialog box__, as the access Address (in our example, it is 10.0.0.157):

{{network:connection_via_subnet.png?direct}}

Before this step, check you have a subnet configured for the PLC in its HW Config:

{{network:subnet_in_the-plc.png?direct}}

===== Establishing communication with remote devices behind the gateway via a virtual COM port =====


The application structure is given below:

{{network:new_virtual_com_port.png?direct}}

Suppose you have some PLC connected to the WebHMI RS-485 port. Go to the connection properties and switch its mode to //Virtual UART//. Remember the TCP port that was assigned to the connection (8001) and VPN IP address of this WebHMI (10.0.0.204). 

{{network:turn_on_virtual_uart.gif}}

Download and setup the driver [[http://www.perle.com/downloads/trueport.shtml | Perle TruePort]] for your OS.

Setup new virtual COM port in your system with the TruePort Management Tool:

{{network:perle_mngmt_software.png |}}

{{network:configuring_virtual_uart.gif}}

Check this virtual port settings in the Device Manager:

{{ network:commgr_perle_com2_ed.png?direct&300 |}}

Connect your PC to the VPN, and use "virtual" __COM2__ as a communication port in the PLC programming software. 

{{ network:commgr_perle_com.png?direct&400 |}}

===== Troubleshooting VPN connection for PC with Windows 10 =====

VPN connection problems were reported sometimes from the Windows 8/10 users. These problems were caused mainly by the following reasons:
  * Firewall settings. 
  * Security policy for certain types of VPN traffic in corporate networks.
  * Windows policy for L2TP connections withoun encryption. This one can be fixed with the following registre keys:
{{ :network:vpn:vpn-w10-faq.png?direct&800 |}}