Industrial PC with two network adapters - how to

[petrov]

Hello,

I have Beckhoff CX5020 on my table.
This IPC is equipped with two network adapters.
I try to configure SoftEther in this way, that one adapter acts as internet interface and second one as LAN interface:

[DSL Line]->[Modem]->[Beckhoff CX5020 adapter 1]
[Beckhoff CX5020 adapter 2]->[Switching device with DHCP]->(Client IPCs and PCs)

What is the correct way to do this (safety, stability, performance).

Thank you,
petrov

[moog]

From your question is not clear what you are trying to achieve.

SoftEther is a VPN Server and/or VPN Client. Just running it on a single machine makes no sense.

Are you trying to connect to a remote VPN or receive connections from a remote client?

[petrov]

Hi,

Scenario:
Beckhoff is installed in a factory.

Lan1 is interfacing to the network connected to internet.
Beckhoff runs on Windows Embedded. We installed there a lot of .NET and automation applications.
Lan2 is interfacing to the factory network (HMI, SCADA, other devices).

So LAN1 and LAN2 should be isolated. I try to use SoftEther for accesing over VPN SSTP, but don't know how to configure.

Access to the Beckhoff machine should be possible form the internet, that is why i try to use SoftEther.

Best regards,
petrov

[inten]

Have you ever heard about the documentation? Many people spent huge amount of time to help you. They even did step by step instructions for you. Just read it at last.
http://www.softether.org/4-docs/2-howto ... VPN_to_LAN

[petrov]

If You have nothing better to say/write - DON'T ANSWER!

You did not uderstand my question or you did not read pointed documentation.
For sure you have no idea about it.

[qupfer]

petrov wrote:
> If You have nothing better to say/write - DON'T ANSWER!
>
> You did not uderstand my question or you did not read pointed
> documentation.
> For sure you have no idea about it.


I'm not sure, what you realy want, but what is what i think:
You are anywhere. You start a vpn to the vpn-server (traffic goes throuh LAN1 to the server). And now, you will access the network devices in the LAN2-area?

If yes.
I think, you have to create some port-forwarding stuff, so that incoming traffic from the internet arrives the vpnserver.
Additional, you must bridge the virtual-hub with the physical-LAN2-Adapter. If I'm correct (but I'm really unsure) your client is (virtually) now in the LAN2. If it has a DHCP, it gets a address. If not, you have to configure it, like it is in the LAN2.


SSTP is in the default-settings a "bad" protocol for testing, because windows checks the certificat validation. So you must install a cert for your domain/dyndns-address to your "trusted root certification authorities" (you can Generate & export one with the windows-server-manager-tool) or as a alternative, you can disable the validation check (http://jermsmit.com/disable-revocation- ... -sessions/)

[petrov]

This is exactly what i want.

Seems to be easy, but the documentation of the SE-VPN Server states, that I can't "wire" two network adapters to one Virtual Hub.
(it is possible on the GUI, but after certain amount of time we get BSOD)

That is why i'm searching for help here.

SSTP:
Routing / ports / certificates etc. are already available and correct.
Proof-of-concept already worked, but only on one network adapter, not two.

[qupfer]

Maybe I'm wrong but if you want access to LAN2-area, just bridge only the lan2 adapter with the virtual-hub.
If you want additional acces to LAN1, create a second virtual-hub and bride this one with the LAN1-NIC. But you have to start one vpn-connection for LAN1 and a second one for LAN2.
I think, you can't (easily) get access to both with only one connection. Maybe with some iptables stuff (routing).