1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Switch
  5. SIMATIC NET SCALANCE SC-600
  6. Configuration manual

Openvpn - Siemens SIMATIC NET SCALANCE SC-600 Configuration Manual

Industrial ethernet security web based management (wbm)
Hide thumbs Also See for SIMATIC NET SCALANCE SC-600:
Table of Contents

Advertisement

Requirements of the VPN partner
The VPN partner must support IPsec with the following configuration to be able to
establish an IPsec connection successfully:
• Authentication with partner certificate, CA certificates or pre-shared key
• IKEv1 or IKEv2
• Support of at least one of the following DH groups: Diffie-Hellman group 1, 2, 5 and
14 - 18
• 3DES or AES encryption
• MD5, SHA1, SHA256, SHA384 or SHA512
• Tunnel mode
If the VPN partner is downstream from a NAT router, the partner must support NAT-T.
Or, the NAT router must know the IPsec protocol (IPsec/VPN passthrough).
NAT traversal (NAT-T)
There may be a NAT router between the device and the VPN gateway of the remote
network. Not all NAT routers allow IPsec frames to pass through. This means that it may
be necessary to encapsulate the IPsec frames in UDP packets to be able to pass through
the NAT router.
Dead peer detection
This is only possible when the VPN partner supports DPD. DPD checks whether the
connection is still operating problem free or whether there has been an interruption on
the line. Without DPD and depending on the configuration, it may be necessary to wait
until the SA lifetime has expired or the connection must be reinitiated manually. To
check whether the IPsec connection is still problem-free, the device itself sends DPD
queries to the VPN partner station. If the VPN partner station does not reply after a
certain time has elapsed, the connection to the VPN partner station will be declared
invalid. You configure the settings for DPD in phase 1.
3.8.7.2

OpenVPN

With OpenVPN, virtual private networks (VPN) can be established. As an OpenVPN
client, the device can establish a VPN connection to a remote network.
You configure the OpenVPN client under "Security" > "OpenVPN (Page 337)".
The VPN connection is established via virtual device drivers, the TAP and TUN device.
During this, virtual network interfaces are created that act like a physical interface of the
device and represent the endpoint of the VPN tunnel.
The device supports the following:
• TUN device: Routing mode
The LAN Interface and the virtual network interface are located in different IP
subnets. The virtual tunnel interface is assigned a virtual IP address from a devised
SCALANCE SC-600 Web Based Management (WBM)
Configuration Manual, 10/2021, C79000-G8976-C475-03
Technical basics
3.8 Security functions
63
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Siemens SIMATIC NET SCALANCE SC-600

Related Products for Siemens SIMATIC NET SCALANCE SC-600

This manual is also suitable for:

Simatic net scalance sc622-2cSimatic net scalance sc632-2cSimatic net scalance sc636-2cSimatic net scalance sc642-2cSimatic net scalance sc646-2c

Table of Contents