Tutorial: #MB1V1 : Remote access to my devices connected to the router (PLC, HMI,...)
If the mbNET has an internet connection and the device is signed in, the LED shines green in the status bar:
If you want a connection to a machine you have to click the „Connection“-Icon .
After the connection is established, the LED changes the color from green to orange. The “Connection”-Icon also changes its color from black to orange and rotates around its axis. Your connection to the machine is ready:
If you want to disconnect, you have to click the rotating “Connection”-Icon .
If you want to access an Ethernet component (e.g. PLC) via a mbNET / mbNET.mini, please observe the following generally:
- The component must be reachable from the mbNET. You must ensure this on the mbNET web interface under "Diagnosis" ~> "Ping" with a ping-request:
- The IP address of the component must be in the same Network segment as the LAN-IP address of the mbNET / mbNET.mini.
Example: LAN-IP of mbNET / mbNET.mini: 192.168.10.100/24 | IP address of the component: 192.168.10.10/24 =>> Network segment: 192.168.10.X/24
- It can be possible that you must configure the LAN-IP address of the mbNET / mbNET.minias a Gateway on the componet. In this case, it's important to deactivate the function "SNAT" in the Firewall settings of the mbNET / mbNET.mini, because SNAT replaces the senders IP address of all outgoing (LAN) packages with the LAN-IP address of this router. Therefore, no Gateway settings for any devices behind the mbNET are needed. At some components this SNAT function is technically not possible. In this case, SNAT must be deactivated and the respective Gateway must be configured on the component. You can find SNAT in the device "Administration" under the menue "Firewall":
- If possible, please configure a Timeout of 60 seconds at your component. Our tests showing that this is the optimal setting at the most components.
Please consider the following instructions, if you can not find your Siemens PLC or Panel in the TIA portal or if you want to establish a connection to your component through a mbNET / mbNET.mini generally:
You have to ensure, that an active VPN connection to the mbNET / mbNET.mini was already established through mbDIALUP.
If your PLC or Panel is connected to the LAN side of a mbNET / mbNET.mini via ethernet, please ensure that in the Firewall settings of the mbNET / mbNET.mini is the function "SNAT (LAN)" activated:
Since SNAT (LAN) replaces all outgoing packets at the router LAN with the router LAN IP address, the Siemens component does not need a Gateway.
At this example, the PLC-IP is „192.168.10.10“ and the LAN-IP of the mbNET / mbNET.mini is „192.168.10.101“.
Furthermore, the IP address of the Siemens component must be reachable from the mbNET / mbNET.mini. You can check that with a „ping“ request on the device webpage.
For mbNET / mbNET.mini: Under „Diagnostics“ -> „Ping“:
To load a project into your PLC or Panel, you must use the button „Load into device“.
Please do not use the „Connect“ button for that!
Please configure as „Timeout“ 60 seconds at the Panel / PLC. Our tests had the result, that this is the optimal setting.
Deactivate the option „Show all compatibles participants“ at the searching menue „Extended Loading“. To search through a mbNET / mbNET.mini is a technical deadlock.
After you have found your PLC, you can connect to it.
Please consider the following instructions, if you want to establish a connection to a Omron NS-series HMI or other Omron devices, such as PLC, through a mbNET / mbNET.mini generally:
Configuration of the Omron component:
The IP address of your component must be in the same network segment as the mbNET / mbNET.mini.
For example: LAN-IP address mbNET / mbNET.mini: 192.168.127.200/24 | IP address of component: 192.168.127.1/24 =>> network segment: 192.168.127.X/24
As default gateway you must configure the LAN-IP address of the mbNET / mbNET.mini. In the next section you can find HowTo deteremine the VPN-IP address 'of your computer'.
Determining VPN-IP address for Conversion Table:
- Establish an VPN connection through mbDIALUP, by login into your user account.
- Open the Command Prompt in Windows (CMD).
- Type the command 'ipconfig' in and press 'Enter' on your keyboard.
- Make note of the VPN-IP address at "Ethernet adapater mbDIALUP:". In this example it's 10.0.X.X (X = censored). This is the VPN-IP address of the user, with which you are logged in in mbDIALUP. So, this VPN-IP address will be assigned for the mbDIALUP "TAP-Windows Adapter V9" on your computer. This VPN-IP address is for every user unique. If many users are using the same computer to establish a VPN connection in mbDIALUP, please be aware that the VPN-IP address of a user may change.
- Add the VPN-IP address of your computer to the Conversion Table. Therefore, configure any unused node address and remember it for the future.
To communicate with the Omron component, please deactivate the SNAT function on the mbNET / mbNET.mini. You can find SNAT in the device "Administration" under the menue "Firewall":
Communication settings for Omron component:
Please configure the communication settings for the Omron component as showed in the graphic below:
The following should be noted if you are working with the Beckhoff TwinCAT PLC:
1. Deactivate SNAT on mbNET / mbNET.mini and enter the IP address of mbNET / mbNET.mini as a gateway in the control.
2. If you connect to the PLC via remote maintenance on the PC (Twincat), this connection is saved in the PLC. The PLC notes that there is a remote maintenance connection. If you then want to access it with another PC (Twincat) via remote maintenance, the PLC creates a connection again. The PLC now has two connections via remote maintenance, so the connection cannot be clearly determined and this does not work, either with the old or the new connection. If you delete all connections manually, you can then connect again using Twincat.
In some cases, the following information on setting the registry can also be helpful:
Setting options in the registry and TwinCAT PLC Control.ini:
The settings for data transmission via remote access are made in the registry and in the TwinCAT PLC Control.ini file. In the case of modem connections with a low transmission rate or poor line quality, it may make sense to reduce the data blocks to be transmitted. If a PLC project is to be transferred from the TwinCAT PLC Control to the controller via ADS via the modem connection, the size of the data blocks can be adjusted using the following settings:
HKEY_LOCAL_MACHINE\SOFTWARE\BECKHOFF\TwinCAT\Plc MaxBlockSize (DWORD)
The default (even if there is no key in the registry) is 16 KByte. The smallest block size is 512 bytes.
This means that large PLC projects to be loaded are divided into blocks.
Smaller blocks should be configured for slow connections.
HKEY_LOCAL_MACHINE\SOFTWARE\BECKHOFF\TwinCAT\Plc ConnectionTimeoutMSec (DWORD)
The default value is dec 8000 (corresponds to 8 seconds).
This value should be increased for slow connections.
TwinCAT PLC Control.ini
The "TwinCAT PLC Control.ini" file is located in the ".. \ TwinCAT \ PLC" directory.
[TwinCAT PLC Control]
The default (even if there is no key in the INI file) is 1024, with a CX9000 usually 16K are set to minimize the number of blocks.
The above example shows a Stöber drive controller connected to an mbNET.mini router. This description explains which settings are necessary to access the drive controller remotely with the DriveControlSuite.
- mbDIALUP (at least version 3.7R1.0) Software installed on the service computer
- DriveControlSuite Version V6.2-G installed on the service computer
- an mbCONNECT24 V2 account
- mbNET (at least Firmware 3.7.0) or mbNET.mini (at least Firmware 1.9.0) Router configured and online in your mbCONNECT24 account
- You are connected to mbDIALUP and the router
Manuals >> First Steps mbCONNECT24
- The IP address of the drive controller must be in the same IP address range as the router. See also the example above. Both are in the network area 192.168.0.x/255.255.255.0.
- The SNAT function can also be used in the router. This means that no gateway entry is necessary in the drive controller. If SNAT is not used in the router, the router IP address must be entered as the gateway address in the drive controller.
Drive controller settings:
Set the parameters to match this example as follows:
You must make these settings locally on the drive controller, ideally during the commissioning phase of the controller.
Establish connection to the drive controller:
Connect to your account with mbDIALUP and select your router from the project which is connected to the drive controller:
To establish a transparent IP connection to the participants in the router LAN network, click on the lightning symbol:
When the connection is established, the circle color next to the router name changes to orange:
Start the DriveControlSuite software and select the menu item “Assignment”. Then click on "Connect online".
Then, the following window appears. Select "Direct connection (manual) and enter the IP address of the controller. In our example this is 192.168.0.10. Then click OK.
Afterwards, the connected drive controller appears in the "Assignment" menu. You can now perform all the usual functions as if you were connected locally.
The machine networks are becoming more and more complex and segmented. The remote maintenance has so far been limited to only one network segment at the LAN interface. The ExtendedRouting function now offers the possibility to reach different networks via additional routers that are connected to the LAN interface. I.e. if there‘s already a Managed Switch with routing function in the facility, its network segments can be entered in the mbNET and the remote maintenance therefore knows which network segment can be reached over which Managed Switch/Router.
This document describes, HowTo add and use LAN routes in rsp.mbCONNECT24 (V2) for a mbNET (from version V3.7.0).
The network configuration is in this example as follows:
- To add new LAN routes, you have to navigate to the device View and click on the symbol at „LAN“:
- Please navigate to the section „Routes“ at the LAN settings:
- Please add a new route with the symbol:
As „Network“ you have to configure the network address range in CIDR format, which you want to reach.
Under „Gateway“ you have to configure the IP address of the component, which knows the route in the other network segment and is able to forward this route (e.g. a Firewall or a Managed Switch / Router, like mbNETFIX).
Please confirm your settings with „Save“.
After downloading the configuration to the device, you are able to reach these networks after you established a VPN connection to the mbNET.