Rut142 connection to Siemens PLC through Lan port

Networking Solutions Question
1

Hello. I hope someone can help with what is probably very simple.

Added new RUT142 connected to my local lan through wan port and wifi (failover).

Subnet 192.168.10.0

Router ip set to static 192.168.10.141

I have the Lan port connected to a Siemens switch that has the PLC on 192.168.0.10

Lan ip set to 192.168.0.120/24 with dhcp4 enabled.

**Type:**Bridge **Device:**br-lan

My problem is that the LAN doesn’t seem to communicate. The lan light is static.

When I create a vpn I am only able to route to my main router which is 192.168.10.1

Not my Rut lan which is 192.168.0.0.

Anyone see the problem? Connecting a laptop directly to the Siemens with gives me access to the plc. The switch is not managed.

2

Solved. Don´t know the exact solution but this is what I did.

I enabled what was disabled in the firewall. Http and Https over 80 and 443 etc. Don’t remember the rest.

Masquerading on zone LAN Wan Openvpn**.**

And Bang finally contact.

Thank goodness, was going insane. Tried everything like cameras, printers etc and they work fine. But the PLC was stubborn somehow.

If anyone knows what was the problem I would love to know.

4

Greetings, @Ckremer,

Thank you for reaching out! Glad to hear you managed to solve your issue!

Based on your description, the most likely cause was related to routing between the VPN/WAN networks and the PLC subnet and IP Masquerading settings.

Your RUT142 was correctly connected to both networks:

  • WAN side: 192.168.10.x

  • LAN/PLC side: 192.168.0.x

However, devices on the PLC subnet may not have had a proper route back to the VPN clients or upstream network. This is common with PLCs and other industrial devices, as they often only communicate reliably within their local subnet unless a default gateway or static route is configured correctly.

By enabling Masquerading on the LAN/OpenVPN/WAN zones, the router began performing Source NAT (SNAT). This means that traffic coming from the VPN or WAN toward the PLC was translated to appear as if it originated from the RUT142 LAN IP address (192.168.0.120).

As a result, the PLC saw the communication as coming from a local device on its own subnet and replied directly to the router, which then forwarded the response back to the VPN client. This is why communication started working immediately after enabling masquerading.

If you have any more questions regarding this issue please let us know!

Best regards,
Povilas