This could be happening for a number of reasons. Here are some things you can try to find out why:
This troubleshooting guide applies when a VPN connection has been successfully established to an Ewon, but one or more LAN devices connected to it cannot be reached. It provides steps on how to resolve this issue and reach one’s LAN devices through eCatcher or M2Web. There are a few issues that can contribute to this issue including as a network overlap (IP conflict), eCatcher firewall settings, and the NatItf setting.
APPLICABLE PRODUCTS
- Ewon Cosy
- Ewon Flexy
- eCatcher
- M2Web
ISSUE / QUESTION / SYMPTOM
LAN devices are connected to the Ewon, but cannot be reached. Pinging them fails with “no route to host”. Trying to connect to a device like an HMI in the browser never loads.
- Network overlap
- Firewall set too high
- NatItf not set appropriately
- RTEnIpFwrd disabled
- Device not configured for access through M2Web
POSSIBLE CAUSES / ANSWER
-
Network overlap
When trying to connect through eCatcher, the local network and the Ewon’s LAN should be in different subnets to allow remote access to all the devices connected to the Ewon’s LAN. When there is overlap between these two networks, you will see the following error messages:
Fig 1. Network overlap 1
Fig 2. Network overlap 2
Troubleshooting Steps:
To solve this issue, there are a few options:
- Make sure the network of the PC running eCatcher and the Ewon’s LAN are in different subnets
- Change the LAN IP address of the Ewon and its LAN devices
- Use a different network address to connect the PC to the Internet
-
Firewall set too high
The firewall setting in eCatcher can be set to different security levels including Standard and High. When High security is selected, only the listed devices under the Ewon’s LAN are reachable by connected users. Therefore if the LAN device being accessed is not declared on eCatcher, it will not be reachable.
Troubleshooting Steps:
To solve this issue, there are two options:
-
Change the firewall security level. Click on the Ewon in eCatcher → Properties → Configure LAN Devices & Firewall
Fig 3. Firewall Setting: Move the bar to “Standard”
-
Add the LAN device. Click on the Ewon in eCatcher → Properties → Configure LAN Devices & Firewall → Add LAN Device
-
NatItf not set appropriately
The Ewon’s NAT and TF settings affect how devices must be configured to be accessible through the Ewon’s VPN connection. NAT on LAN (Plug’n Route) only requires that LAN devices’ IP addresses are on the Ewon’s subnet. If this setting is changed to NAT and TF on WAN, the LAN devices must also have their gateway IP set to the Ewon’s LAN IP address.
Troubleshooting Steps :
To solve this issue:
- On a Cosy, connect to the device’s web interface and navigate to Setup → System → Storage → Tabular Edition → Edit COM cfg and search for NatItf. Double click the value to edit, set it to 3 (for Plug’n Route), save, and reboot the Ewon.
Fig 4. Ewon’s web interface: changing NatItf setting on Cosy
- On Flexy, navigate to Setup → System → Communication → Networking → Routing, then change the “Apply NAT and TF to connection:” dropdown to NAT on LAN (Plug’n Route)
Fig 5. Ewon’s web interface: changing NatItf setting on Flexy
4. #### RTEnIpFwrd disabled
RTEnIpFwrd is a parameter that allows traffic to be routed from the device’s WAN to its LAN, thereby allowing access to LAN devices through the VPN. If it is set to 0, it will be disabled and no access is allowed.
Troubleshooting Steps:
To solve this issue:
- Connect to the device’s web interface and navigate to Setup → System → Storage → Tabular Edition → Edit COM cfg and search for RtEnIpFwrd. Double click the value to edit, set it to 1, save, and reboot the Ewon.
- After rebooting, check that the value is now 1. If it isn’t, verify that the Ewon has a WAN port. If every Ethernet port is set to work as a LAN port, RTEnIpFwrd cannot be changed.
-
Device not configured for access through M2Web
If LAN devices can be reached through eCatcher but not M2Web, there is likely an issue how the devices are configured in eCatcher.
Troubleshooting Steps:
Ensure that M2Web access is enabled in the device’s configuration in eCatcher. Click on the Ewon in eCatcher → Properties → Configure LAN Devices & Firewall, then either select the device from the list and choose Properties or add a new device if it’s not present. At the bottom of the LAN Device popup, ensure “Visible in M2Web” is checked, and that the protocol, port, and home page (if any) are set appropriately.
