Siemens DCP Passtrough

xXICEXx · December 1, 2025, 7:53pm

Hello dear community,

I am currently trying to discover connected devices in the following architecture:

PC ← VPN(OpenVPN) → RUT956 → CPU S7-1500 SIEMENS

When I am connected to the router via LAN, it works, but not via Wi-Fi or VPN.

Is it possible to route the DCP protocol (RFC1006) through the router?

Thanks in advance

Jan

michiel · December 1, 2025, 9:36pm

I think DCP is layer 2 traffic which is not routable. You need openvp tap for that but that is more complicated to setup. RFC1006 is iso-tp4 over tcp IIRC and has nothing to do with DCP.

Matas · December 2, 2025, 1:05pm

Hello, @xXICEXx ,

As the user michiel mentions, Layer 2 traffic isn’t routable. Therefore you’d have to setup OpenVPN via TAP. We do have a configuration example available, which I’ll link below:

These two examples should allow you to set everything up.

Kind regards,
M.

xXICEXx · December 2, 2025, 5:50pm

Hello, and thank you very much for your quick help.
So there is no option in TUN mode, only in Tap mode, right?

But if I log into the Wi-Fi locally, it should work, right?

Unfortunately, that doesn’t work either.

Best regards,

Jan

michiel · December 3, 2025, 2:18pm

I would not be surprised if wifi doesn’t work either for that, haven’t tried that myself. It may depend on what sort of wifi…

Do yourself a favour and do configuring and detection of Siemens profinet stuff locally at a wired or bridged connection. You probably don’t want profinet-io over wifi But you can up/download & monitor over ip (routable = tun).

Sry, it’s.. a bit complicated. But try tun and let us know.

xXICEXx · December 3, 2025, 8:43pm

Hello,
Thank you very much.
So uploading/downloading works via the TUN.
I have one more question: would it be theoretically possible to use different subnets between side A and side B with a TAP connection? Or does it have to be the same subnet?

Thank you.

Matas · December 4, 2025, 12:44pm

Hi,

In theory, TAP is designed for bridging, so both sides are normally in the same subnet.

Regards,
M.

michiel · December 4, 2025, 2:10pm

I beg to differ: tap is indeed bridging networks which is a layer2. Subnets are layer3 routing concept which runs on top of a (bridged ) layer 2. So onm a bridged connection (tap) you are free to route whatever subnet you want. Assuming your bandwidth is sufficient to deal with all layer2 comms, broadcast and all that jazz.

Please correct me if I’m wrong. Or just try and let us know!

xXICEXx · December 4, 2025, 4:59pm

Okay, that doesn’t sound too bad.

My plan would then be (if it were theoretically possible) as follows: Locally, a VPN server (192.168.150.0/24) to which the RUT956 connects via a TAP tunnel and then, on the Teltonika, make the LAN (192.168.2.0/24) available to the server. But I don’t think DCP will work then either, since the routing is Layer 3 again, right?
Correct me if I’m wrong.

michiel · December 4, 2025, 9:38pm

Let me repeat: setup a routed vpn for download & monitor. Do config locally. Tap setup is difficult and not what you (usually) want.

xXICEXx · December 7, 2025, 10:17am

Sorry for the late reply.
I think my questions have been answered for now, and I’ll give it a try.

Thank you very much.

system · December 9, 2025, 10:18pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.