Skip to content

OPC UA Server without encryption

Emil GEmil G
edited August 2019 in PLCnext Technology & PLCnext Controls

Hello. 

I'm having problems connecting a HMI with the OPC UA server in the AXC F 2152.
I can read out the variable list, from the developer software (Beijer IX Developer) (Need to use Username and Password, and it works)

But when i run the software, it can not get the values from the server.
I have just tested with the PC Worx UA server, and a AXC F 1050, and it works fine. 

Is it possible to run the OPC UA server with out the encrypted traffic?
Wireshark shows the server is disconnecting the communication cause; BadSecurityPolicyRejected

Will the old OPC UA server work with PLC Next?

 

- Emil

Comments

  • Martin [PLCnext Technology Team]Martin [PLCnext Technology Team]

    Hi Emil,

    Will the old OPC UA server work with PLC Next?

    No.

    Is it possible to run the OPC UA server with out the encrypted traffic?

    Yes. If you disable User Authentication on the Web-Based Management page, and then restart the controller, you should be able to connect to the OPC UA server without user credentials, and without encrypted traffic.

    Wireshark shows the server is disconnecting the communication cause BadSecurityPolicyRejected

    One common problem with OPC UA clients is that they may refuse to connect if the server certificate does not include the IP address of the PLC (if you use the IP address as part of the connection URL). The IP address can be added to the server certificate from the OPC UA settings page in PLCnext Engineer - in the "Security" section, set "Type of Subject" to "IP Address", and add the IP address of the PLC. Then restart the PLC and check if you can connect from the OPC UA client.

    Hope this helps.

    - Martin.

  • Emil GEmil G

    Thanks Martin....

    The magic in this is REBOOT the controller....  (and disable the user in the WBM) 
    I really thought i had tried all things more than one time, but restating the controller wasn't every time....
    i have also added the IP adres in the subject. I haven't checked if it makes a difference or not. 

    But but.. if i download changes or the F5 download with stop, the OPC server stops updating the values. I can write from the HMI to the controller, but the numbers is not updated in the HMI, when the controller writes new values...
    After a reboot of the HMI Software writes the OPC Server is Initializing.......

    if i reboot the controller again, it starts working again. Maybe because i have added some OPC variables?

     

  • Emil GEmil G

    What about a special USER/PASS word only for the OPC Server?
    What about a Reset/reset of the OPC UA Server, and some more diagnostic, like clients connected, Error codes and so on? 
    Right now i have "no security" on the PLC. But the alternative is use Modbus TCP, and i really don't want to go that way..... 

    -Emil

  • Emil GEmil G

    Just another question. What is the tag limit on the OPC UA server in a 2152? (i need about 2500 for my project) 
    I can see the limit on PcWorx OPC UA for ILC/AXC controllers are 500!.....
    RFC is about 10000....

     

  • Martin [PLCnext Technology Team]Martin [PLCnext Technology Team]

    Hi Emil,

    • "Special Password only for the OPC UA server" -> it is possible to create multiple users, each with different access rights. Or are you looking for a way to disable all logins except for connections to the OPC UA server?
    • "What about a Reset/reset of the OPC UA Server" -> This is currently only possible by restarting the PLC.
    • "... and some more diagnostic, like clients connected, Error codes and so on" -> There is a branch of the server namespace that includes diagnostic information (see snippet below from UA Expert). There may also be diagnostics and/or messages from the OPC UA Server logged in the PLC log file (/opt/plcnext/logs/Output.log)
    • tag limit on the OPC UA server in a 2152? -> there are no fixed limits, so the answer is: it depends on what else the PLC is being used for. On their own, 2,500 OPC UA tags should not be a problem. But this will need to be tested alongside any other application-specific processes that are being executed in the PLC.

    Can you please tell me what version of firmware and PLCnext Engineer you are using? Then, I will ask our OPC UA expert here about the variable update problem. If you can also give us a simple procedure to reproduce the problem (starting from an empty default project and using a standard client like UA Expert), then this will also be useful.

     

     14 08 2019 07 17 10

     

  • peterdallmannpeterdallmann

    Hi Emil,

    I’m running a project with ca the same number of tags on the OPC UA without problems. But I don’t have to restart the controller when I made changes to the program. 

    I’m running Visu+ on an IPC. What I find hard to accept, is the fact, that we can’t access the OPC UA variables in an “offline” mode as it was possible in Visu+ when using OPC DA. 

    By that number of tags, it would be nice to do the programming of the HMI beforehand without to have the program loaded to the PLC. 

  • Martin [PLCnext Technology Team]Martin [PLCnext Technology Team]

    Hi Peter,

    The reboot is only required when changing the User Authentication, not when making changed to the PLCnext Engineer project.

    Re. accessing OPC UA variables from Visu+ in "offline" mode - given that the OPC UA server is running on the PLC (unlike the OPC DA server, which runs on a separate Windows machine), how do you see "offline" mode being implemented? All the solutions I can think of would all be implemented by Visu+ (or other OPC UA client software), and so not in the scope of PLCnext Technology. But if you have an idea of how this could be done, please let us know (in a new thread, please) and I will pass it on to the developers.

    Martin.

Sign In or Register to comment.