Virtual Private Network (VPN) in the example of BacNet
Explanations of what kind of external devices you need to establish a VPN. This feature is explained in
the example with BacNet.
A Virtual Private Network (VPN) connects extern devices with a local network and encodes also the data.
The internet is therefore used as transport media. Once connected to the VPN, one acts as in a local network.
This technique’s suitable for accessing the local LAN with all the rights in this LAN network. The stations in the
VPN get addresses of the local subnet.
Below is shown an example with VPN over GPRS network. The big advantage in GPRS technique is, that only
transmitted data are charged by the GSM-Provider. For this reason, the user gets an always online-connection
for low costs.
First step: Establishing the VPN between workstation an PLC devices
You have to setup a VPN-Server on the Client side (this could be an external device, as on the picture, or a software
running on the workstation. We tested with Vigor-Router 2910 Series and NetGear FVL114 and FVL318 and the
Software ProSafe VPN Client installed on the workstation. As GPRS Routers, we used ZR-150 G GPRS M2M Routers
On the ADSL-Router (connection from the workstation to the internet) be sure to install two NAT (Network Address
Translation) configurations for the Port UDP 500 and UDP 1701 to run the VPN. Both entries should be forwarded
to the VPN-Serve rdevice.
- IKE (Internet Key Exchange Protocol) UDP Port 500
- L2TP (Level 2 Tunnel Port) UDP Port 1701
Once these configurations done, you can test the availability of the VPN by « Pinging » the devices in the whole VPN.
Second step: Establish the BacNet connections
BacNet uses UDP Port 47808. Now make sure, that this port’s nowhere blocked in the routers and firewalls defining
your BacNet area network. To test if all the stations on your BacNet network are available on UDP Port 47808, you
can use the tool "Port Query" described in FAQ # 100729.
PCD3 / Rxxx
Last update: 09.09.2020 14:02
First release: 02.07.2007 12:33