I am wanting some advice on the best way to set up a VPN so i can communicate between the HMI and PLC.
Currently the HMI connects to the PLC via ethernet. PLC IP for example would be 192.168.1.1 and the HMI IP would be 192.168.1.2 (IP’s cannot be changed), directly connected via ethernet. The HMI is only used for configuring so it only is needed when a setting needs to be changed. Furthermore i can access via my laptop by hooking it up to 2nd PLC port or between a switch and assigning a 192.168.1.X IP to it.
The idea is that I can send a customer a cellular router, which they hook up to the PLC, which will then let me connect to the HMI at the office.
I currently have a RUTM59 new in the box. My thought process was this would have a mobile sim and act as the VPN server, while connected to the PLC.
For the office side, i already have a firewall which I’m unable to configure or modify. What would be the best way to have my laptop and HMI here at the office connect to the RUTM59 and work as if everything was connected directly on site? Would i need another RutOS device, placed like this: ISP MODEM>FIREWALL>RutOS DEVICE>LAPTOP AND HMI
No other devices on the office network will need to communicate with the laptop and HMI.
I saw that OPENVPN Bridge mode may work, but just wanted to see if anyone could offer some suggestions.
Before we can provide a tailored configuration guide, we kindly ask you to clarify the following points:
Public IP Availability
Do both SIM cards - on the RUT951 (Site A) and the RUT241 (Site B) - receive a public IP address from the mobile carrier?
You can verify this by navigating to Status → Network → Mobile in the WebUI of each router and comparing the assigned IP address against what is shown on a public IP lookup service (e.g., whatismyip.com).
Firmware Versions
What firmware version is currently installed on both the RUT951 and the RUT241? This can be found under System → Firmware in the WebUI.
Existing VPN or Tunnel
Is there currently any VPN or tunnel already established between the two Teltonika routers (e.g., IPsec, OpenVPN, WireGuard)? If so, please share its type and current status.
DHCP Server Placement
Should the DHCP server for VLAN 10 and VLAN 20 remain centralised on the Zyxel USG FLEX 200H at Site A, or would a local DHCP server at Site B (on the RUT241) be acceptable?
Administrative Access to Zyxel Switches
Do you have full administrative access to the VLAN configuration of the Zyxel GS1350-6HP switches via Nebula Cloud at both sites?
Your answers will allow us to determine the correct tunneling approach and provide a precise configuration guide.
Thank you in advance, and please do not hesitate to reach out if you have any questions in the meantime.