A VPN (Virtual Private Network) is a virtual private network that allows IP traffic to travel securely over a public TCP/IP network (Internet, Intranet or Extranet) by encrypting all traffic.

In the industrial environment, the VPN network allows data transmission and reception between geographically distant devices, as if they were physically connected within the same public network. In industrial applications VPNs allow the connection of decentralised Ethernet subnets containing automation and control equipment such as PLCs, inverters, HMIs, serial devices, sensors, actuators, etc.

VPNs use tunnelling technology to securely connect several distributed nodes and to encode all information at the IP level. It is therefore a less expensive alternative to dedicated lines.

By means of a VPN, using an internet (or even radio) connection, it is possible, for example, to connect remotely (i.e. from outside) to your company’s computer network. In simplified terms: using a VPN connection, you can “connect” from a client as if you were physically (network cable or wireless intercom) wired. The connection is made through a “virtual” tunnel (protected and secure) supported by the Internet just like the usual physical cable. In this way you can use the usual network resources: folders, management information systems, corporate e-mail and so on.

Fig.1 VPN tunneling concept diagram

SENECA VPN strategy for remote access

The term VPN is a generic term that defines the idea and not a brand or standard; in particular, there is no body that regulates the name of a product as VPN: therefore, any manufacturer can use the name as he likes. However, there are a number of independent, widely recognised bodies that certify the interoperability (ability of a computer system or product to cooperate and exchange information) and security of computer systems.

The choice of SENECA fell on OpenVPN, an open source connection protocol used to facilitate a secure tunnel between two points on a network. In terms of IP address management, SENECA solutions ensure compatibility with dynamic IP systems and high protection thanks to the use of OpenSSL encryption libraries and SSLv3/TLSv1 protocols. In Multi-Client infrastructures, the Serve issues an authentication certificate for each Client.

Fig.2 OpenVPN

SENECA has launched the remote assistance and remote control platform, LET’S, designed for remote diagnostics and maintenance operations with VPN technology. The platform’s multifunction (gateway/router) clients manage up to a maximum of 32 clients for “Single LAN” (always on) and “Point-To-Point” (on demand) connections with Server VPN Box module and without the need for expensive SIM with static IP.

In Remote Control / Single LAN (always on connection) mode VPN BOX works as a network server to which a static and public IP is assigned. Communication is simultaneous and always on between all remote sites and the server, as well as with the different subnets that are part of the overall system. This type of connection is ideal for real-time monitoring and implementation of supervisory systems.

Telecontrol/ Single LAN (always on connection)

Nella modalità Teleassistenza / Point-To-Point (connessione on demand) VPN BOX funziona come concentratore e stabilisce una comunicazione punto-punto tra Pc (o device mobile) e macchina / impianto. Richiede inoltre l’assegnazione di un IP statico e pubblico o eventualmente di un indirizzo DynDNS. Ideale per applicazioni di manutenzione e diagnostica remota questo tipo di connessione permette la coesistenza di più tipologie di utenti

Remote Assistance / Point-To-Point (on demand connection)