TRB140 OPC-UA Client – Unable to connect to Siemens OPC UA Server – Security Mode Mismatch

Networking Solutions Issue
1

I’ve been struggling with an OPC-UA connectivity issue on a TRB140 (firmware TRB1_R_00.07.21.3) and after extensive debugging I believe I’ve found a bug in the endpoint matching logic. Sharing here in case anyone else hits the same wall.

SETUP

  • Device: Teltonika TRB140, firmware TRB1_R_00.07.21.3
  • OPC-UA Server: Siemens OPC UA Server for OpenPCS 7
  • Security Mode: None | Security Policy: None | Identity: Anonymous

The server is reachable (ping works), and I can connect successfully using UAExpert with the “None - None (uatcp-uasc-uabinary)” endpoint and Anonymous identity. Node reads work perfectly from UAExpert.

SYMPTOM

The TRB140 WebUI shows Channel State: Closed and Session State: Closed permanently, in a continuous retry loop.

DEBUG PROCESS

I ran the opcua_client binary directly with maximum verbosity:

/usr/local/usr/bin/opcua_client -D 5

This revealed the following sequence:

  1. Client connects to the server IP and sends FindServersRequest — OK.
  2. Server responds with FindServersResponse, advertising its own URL using a hostname (e.g. opc.tcp://SERVERHOSTNAME) instead of the IP.
  3. Client switches to the hostname and sends GetEndpointsRequest — OK.
  4. Server returns 4 endpoints:
    • None - None (uatcp-uasc-uabinary)
    • Basic128Rsa15 - Sign (uatcp-uasc-uabinary)
    • Basic128Rsa15 - Sign & Encrypt (uatcp-uasc-uabinary)
    • Basic256 - Sign (uatcp-uasc-uabinary)
  5. The client rejects ALL 4 endpoints with “security mode doesn’t match” — including the None endpoint.
  6. Result: “No suitable endpoint found” → BadInternalError → retry loop.

Relevant log snippet:

Rejecting endpoint 0: security mode doesn’t match
Rejecting endpoint 1: security mode doesn’t match
Rejecting endpoint 2: security mode doesn’t match
Rejecting endpoint 3: security mode doesn’t match
No suitable endpoint found
UA_Client_connect() fail (BadInternalError)

The following warning also appears consistently:

“The server returned Endpoints with a different EndpointUrl opc.tcp://SERVERHOSTNAME
than was used to initialize the connection: opc.tcp://SERVERHOSTNAME.”

Note: this warning persists even after configuring the TRB140 URL directly with the server hostname, and the rejection behavior remains identical.

HYPOTHESIS

The issue seems to be in the endpoint matching logic of the open62541 library bundled with the opcua_client binary. The client appears to reject the “None” security mode endpoint despite it being clearly present in the server’s GetEndpointsResponse.

QUESTIONS FOR THE COMMUNITY

  1. Has anyone successfully connected a TRB140 to a Siemens OpenPCS 7 OPC-UA server?
  2. Is this a known regression in firmware 07.21.x? Does an older or newer firmware fix it?
  3. Is there any hidden configuration option to skip FindServers and connect directly to a specific endpoint?

Happy to share the full debug log if useful. Thanks in advance!

image
image1514×356 19.3 KB

3

Greetings,

Apologies for the delayed response.

For further troubleshooting, we will require more sensitive information from your end, such as the troubleshoot file, which may contain passwords, public IP addresses, serial numbers, and such. To avoid leaking this information, we have sent you a form to fill out, which you will receive in your e-mail inbox that you have registered your account with in the forums. In the Ticket ID field of the form, please enter the ID of this thread, which is 18952.

Best Regards,
Justinas

4

Hi Justinas,

I’m following up on the form I submitted a few days ago regarding the troubleshooting details.

Could you please confirm if you’ve received everything you need to move forward, or if there is any additional information I can provide?

Thanks,
Simone