×
Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 109745584, Entry date: 03/13/2017
(1)
Rate

Which settings do you have to make for the SCALANCE S615 to be connected by Open VPN to the SINEMA Remote Connect Server?

  • Entry
  • Associated product(s)
To enable a secured VPN connection you have to set up a port release on the VPN client side and port forwarding on the VPN server side.

The SCALANCE S615 and the SINEMA Remote Connect Server are to establish a secured connection via OpenVPN.
To enable a secured connection you have to make appropriate settings on the VPN client side and on the VPN server side. These are the settings:

  • Port forwarding on the VPN server side
  • Port release in the firewall on the VPN client side

Port forwarding on the VPN server side
For the SINEMA Remote Connect Server to be reachable from the internet you have to forward a number of ports to the SINEMA Remote Connect Server in the internet router (VPN server side):

  • Port forwarding of the https port (changeable, preset: 443)
  • Port forwarding of the UDP port to set up the OpenVPN tunnel (changeable, preset: 1194)
  • Port forwarding of the TCP port to set up the OpenVPN tunnel (changeable, preset: 5443)
  • Port forwarding of the port 6220 for the certificate update
    (SINEMA Remote Connect Server <V1.3: set fixed at 6220;
    SINEMA Remote Connect Server V1.3 or higher: changeable, preset: 6220)

The ports that are not set fixed can be changed in the configuration of SINEMA Remote Connect Server.

Port release on the VPN client side
You have to make the following settings for the SCALANCE S615 to be connected by Open VPN to the SINEMA Remote Connect Server:

  • On its WAN port (Port 5) the SCALANCE S615 needs an IP address with gateway via DHCP or static.
  • The following ports must be released in the firewall/ proxy in direction of the internet:
    • https port for the autoconfiguration interface (changeable, preset: 443)
    • UDP port to set up the OpenVPN tunnel (changeable, preset: 1194)
    • TCP port to set up the OpenVPN tunnel (changeable, preset: 5443)
    • TCP port 6220 for the certificate update
      SCALANCE with Firmwareversion <V4.3.1/ V5: set fixed at 6220;
      SCALANCE with Firmwareversion V4.3.1/ V5 or higher: changeable, preset: 6220)

The ports that are not set fixed can be changed in the configuration of SINEMA Remote Connect Server.


Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
http://www.siemens.com/industrialsecurity.