Using eWON Cosy to access multiple networks behind a NAT router

Hi,

I am wondering if it is possible to use eCatcher VPN into the eWON Cosy and access multiple different PLC networks behind a NAT router.

Will this scenario work, or is it only possible for the eWON Cosy to access one network on the LAN side?

I’ve attached a network diagram to show the topology.

Regards,

Brendan

Hi Brendan,

You should be able to ping devices behind the NAT 1:1 router with an example like the one seen below.

Cosy ip address: 192.168.0.1

1st PLC Mapped address 192.168.0.2 PLC actual address xxx.xxx.xxx.xxx
2nd PLC Mapped address 192.168.0.3 PLC actual address xxx.xxx.xxx.xxx
3rd PLC Mapped address 192.168.0.4 PLC actual address xxx.xxx.xxx.xxx

Pretty much just make sure that it can map Ip addresses that would be in the Cosy’s Lan to the actual address of the PLC

Hi Tim,

I may have simplified the network diagram someone, there is actually multiple devices on each separate PLC network, and we want to keep them on separate networks when we do the NAT. We do not want to NAT all of the PLC networks onto a common network.

We will have a separate router that is handling all of the NAT as well as the routing.

I’ve attached an updated topology that shows some more detail, and also some changes to the network addressing schema to make it clearer what we are trying to achieve.

Regards,

Brendan

Hi Brendan,

From the new diagram you have sent it looks like the LAN side is going to have different subnets. That will not work with the eWon device. the must all match the 10.100.0.254/24 subnet you have there for the eWon LAN in order for you to be able to connect.

Hi Zach,

I thought it might be possible to set the eWON LAN gateway address to the router 10.100.0.1, to get through to the other PLC subnets, but I guess this is not the case.

Does the eWON Flexy or another eWON device have any capabilities of reaching multiple network subnets on the LAN side, or is this a limitation across all of the products?

Regards,

Brendan

Hello Brendan,

The way the ewon’s and eCatcher work to get you a connection to the lan is by creating a VPN tunnel to the ewon and adding a route to your PC’s routing table to send traffic for that LAN over the VPN. We can only set one route with ecatcher and it is only routing to the LAN network. We are not able to route traffic to the LAN then route to an additional network though a gateway for example.

Looking at the image you uploaded previously it looks like all the device would be connected though that nat router mapping everything into one network, if this is the case you should be able to VPN into that LAN then access the devices at the NAT’ed addresses.

Regards,
Deryck

Hi,

Just to give an update I was able to get this setup to work by manually adding the additional networks to the ‘edit COM cfg’ parameters in the eWON under RouteDestIp1…3.

However it is necessary to manually add the route to the PC’s routing table for these additional networks as well.

I can see by checking the eCatcher log files that it automatically adds the route for the eWON LAN network when the VPN initially connects. But is it not possible for the eWON to also read the additional networks setup in the parameters RouteDestIp1…3 and automatically add these routes when the eCatcher VPN connection is established as well?

This would solve the issue completely.

Regards,

Brendan

1 Like

good morning,
just curious as we are in the same situation as you were.

Have you found a better way than manually adding a route on your PC to have access to the different subnet behing the eWON?

thanks

I never found a better way to do it other than above.

We are now using a different type of device that supports multiple networks on the LAN side as part of the native configuration without having to do any tricks.

It is unfortunate because the eWON was a good product, but we have now moved and have standardised on using another brand (IXON).

That is unfortunate, and I’ve made the development team aware of this, so I hope it will be added as a feature soon. In the meantime, all I can offer is the workarounds to make it easier:

Create a BAT file that includes the route command so that people just need to run it (as admin) when eCatcher is connected. You could also use a tool like: https://www.nirsoft.net/utils/network_route_view.html

or

Modify the Talk2MClient.ovpn config file in eCatcher folder C:\Program Files (x86)\eCatcher-Talk2M\Talk2mVpnService\conf to request OpenVPN to add a route.

Hi,
there are some news about this issue?
I need to link two different net (with different IP class) to the same Cosy131;
there are some upgrades? or have to use two devices?
thank you,
regards.