USER MANUAL – Z-TWS4/Z-PASS2-S/S6001-RTU
49
The “OpenVPN” mode can be used when the Device shall be installed in an already existing VPN. In this
case, an OpenVPN server shall be available and the certificate and key files for the Device client shall be
provided by the VPN administrator; the files can be uploaded to the Device using the “VPN configuration”
page of Device Web Server.
If the VPN infrastructure does not exist yet, the advisable choice is to adopt the “VPN Box” solution,
developed by Seneca. The “VPN Box” is an hardware appliance (or a virtual machine) which lets the user
easily setup two alternative kinds of VPN:
-
“Single LAN” VPN
-
“Point-to-Point” VPN
In the “Single LAN” VPN, all devices and PCs (and associated local subnets) configured into VPN are always
connected in the same network. In this scenario any PC Client can connect to any Device and to other
machines which lie in the Device LAN, but also any device/machine can connect to any other remote
device/machine which belongs to the same VPN network. This VPN architecture puts some constraints on
the device sub-networks definition, in fact all VPN clients must have a different IP address and different
local LAN, to avoid conflicts. The software named “VPN BOX Manager” configures VPN BOX and will help
you to avoid errors defining local subnets.
In the “Point-to-Point” VPN, a client PC, in a given moment, can perform a single connection, on demand,
to only one Device (and to machines which lie in the Device LAN) at time. Furthermore, devices can’t
communicate each other. The advantage of this architecture is that the same sub-network can be used in
all sites. Point to point mode makes it possible to define user groups and manage them. This VPN modality
must be configured on “VPN Box”.
There are two kinds of “Point-to-Point” VPN:
routing Layer 3 VPN
bridging Layer 2 VPN
In “Routing Layer 3 VPN”, only IP (Layer 3) packets are transported over the VPN tunnel and a new virtual
LAN is created with a network subnet which must be different from the LAN subnets of the server and
clients.
Conversely, in “Bridging Layer 2 VPN”, all Ethernet frames are transported over the VPN tunnel and the
clients are inserted in the server LAN.
Each of the two kinds has benefits and drawbacks:
Layer 2 benefits/drawbacks:
can transport any network protocol
broadcast traffic (e.g.: DHCP) is transported
causes much more traffic overhead on the VPN tunnel
Layer 3 benefits/drawbacks:
can transport only IP traffic
broadcast traffic (e.g.: DHCP) is not transported
lower traffic overhead, transports only traffic which is destined for the VPN clients
The “VPN Box” is supplied with two Windows applications:
Summary of Contents for S6001-RTU
Page 35: ...USER MANUAL Z TWS4 Z PASS2 S S6001 RTU 35 Then import the Library menu Tools Import...
Page 68: ...USER MANUAL Z TWS4 Z PASS2 S S6001 RTU 68...
Page 76: ...USER MANUAL Z TWS4 Z PASS2 S S6001 RTU 76...
Page 86: ...USER MANUAL Z TWS4 Z PASS2 S S6001 RTU 86...
Page 87: ...USER MANUAL Z TWS4 Z PASS2 S S6001 RTU 87...
Page 121: ...USER MANUAL Z TWS4 Z PASS2 S S6001 RTU 121...
Page 133: ...USER MANUAL Z TWS4 Z PASS2 S S6001 RTU 133...
Page 162: ...USER MANUAL Z TWS4 Z PASS2 S S6001 RTU 162 Select the mbus_shm csv file...