Not able to access D100 device on ewon LAN

Hello Tyler,

I should be able to help you resolve this issue are you able to ping any other device on the LAN but just not the D100? Could you provide me with a backup from ebuddym with support files included for me to take a look at. Also what is the firewall set to in ecatcher if it is on this can prevent you from connecting to some lan devices.

You can respond to this email directly or go to the hms.how post. Re-troubleshooting-client-connection-through-an-ewon-cozy-131

Since it looks like you want to have other people involved it is currently public but we can make it private if needed. Though we would need anyone wanting to participate to have an account.

Regards,
Deryck

@trouden

Hi Derek, thank you for providing support on this issue.

I’ve attached an eWON backup with support files to the email. You are correct, we are able to ping all other devices on the LAN network with the exception of the D100 device through the VPN tunnel. The firewall is set to “Standard” with the D100 manually specified as a LAN device. However, other devices on the LAN network have not been manually specified; as they do not need to be listed/accessed through M2Web. See photos below for firewall and device configuration.

e8662d28b0d355383148ada2db6a03105562b8a7.png650×568

For now I can CC others through my email responses that are also involved with getting this device communicating through the VPN.

-Tyler

MOVED TO STAFF NOTE (166 KB)

Hello,

Thank you for the backup. I don’t see anything that would be preventing you from getting to one device.

Accessing other devices verifies that you get a route down to the LAN and the ewon/VPN are working correctly. My guess is there is an issue on the device or LAN preventing you from accessing it. From a PC on the LAN can you access both the eWon and the D100 device?

Deryck

When connected to the LAN locally, we are able to ping all the devices on the network including the D100. The connectivity issue only occurs through the VPN tunnel. Here is an error Daniel was able to pull from eCatcher logs that we believe is related

2/12/19, 2:37:05 PM PST: TUN write error: cannot identify IP version for prefix

-Tyler

Hi Deryck

I was at the customer’s location on Tuesday. Within the e-won network I am able to ping and access the D100 devices. However from outside going, going through the e-won I am unable to ping or access the device. If I run a NMAP scan the units do not show up from outside the e-won network, inside I can see the unit.

I am going to try a different e-won router that does work on Monday, is there anything else I should check while I am at the customers location?

Thank you

If you are able to connect and access the ewon and other devices on the LAN I do not think this is the issue. Is the D100 device in the same subnet as the Ewon? Does the LAN set on the hardware match the LAN ip set in ecatcher?

Broadcast messages do not traverse a VPN by default so I would not expect Nmap to work though ecatcher. You can try enabling broadcast forwarding to use it but I am not exactly sure how Nmap works. A simple Ping test should be sufficient to check if you have a route to a device.

Deryck

The D100 network settings have been verified and is on the same subnet as the ewon. There are a total of 7 devices on the subnet 192.168.1.0/24.

1. eWON @ .1
2. PLC @ .200
3. POINT IO @ .201
4. POINT IO @ .202
5. POINT IO @ .203
6. HMI @ .210
7. D100 @ .211

Each of these devices can be pinged locally. All except the D100 can be pinged through the VPN.

Where you can ping all the other devices but not the D100 I don’t think this is an issue with the VPN connection.
Try setting the ewon as the gateway for the D100. This should help ensure it knows a route back to it.

The eWON is currently configured as the gateway for the D100.

IP: 192.168.1.211
SUBNET: 255.255.255.0
GW: 192.168.1.1 (eWON)

This is a an interesting issue then. I think a wireshark capture showing the traffic from the eWon might shed some light into what is going on with the traffic. You will want to place a managed switch between the ewon and the LAN devices, then mirrior all traffic to your PC also connected to the switch. @anon5707941763 Are you familiar with taking wireshark captures? Is this something you could do when you are on site?

A tracert from the lan compared to though the VPN could also tell us a little bit but i suspect the traffic is just going to the LAN devices and not though any gateway.

@trouden, When I moved the topic it did not re-invite every one you first CC’d. If you could CC them again responding to this email it will re-invite them so that our server will relay messages from this new topic.

Deryck

Thank you Deryck, I’ve CC’d everyone back into the topic.

-Tyler

Hi Tyler, Deryck

I just received a managed switch that will allow me to monitor the communications traffic and plan on using it on Monday at the customer site with Wireshark. I’ll let you know what I find on Monday.

Best regards

Dan

Hi Dan,

Were you able to get a wireshark or track down the issue to the lan device?

Deryck

Hi Deryck

We were able to communicate with the unit at the customer’s site by swapping my E-Won with Tyler’s. I have attached the backup of my E-Won to this e-mail.

I have also attached the wireshark capture, I apologize for the poor use of Wireshark. The first 1400 lines where internal to the network. Address 192.168.1.211 is the device we are having issue communicating, 192.168.1.212 is the local laptop that was connecting to 211 over a browser and running wireshark. 192.168.1.2 is the managed switch which was used to capture the data. 192.168.1.1 is the E-Won, Tyler’s prior to about 1490, and mine afterword. Once my E-Won was installed both Tyler and I were able to connect via the E-Won.

Please contact me if you have any questions.

Best regards

Dan

MOVED TO STAFF NOTE (176 KB)

EWonWireShark12_18_19.ntar (5.02 MB)