Mobile VPN: Secure remote VPN access to your industrial devices with your smartphone
Many industrial controls or devices have a specific smartphone app to operate, read or configure the device. These apps usually require a direct network connection to the device, such as using the same Wi-Fi network as the device. If you’re not on-site, remotely accessing your device with your smartphone becomes a whole lot harder.
That’s where Mobile VPN comes to the rescue. IXON is happy to launch this latest feature for the IXON Cloud smartphone apps.
Secure VPN connection to your devices from any device with IXON Cloud
IXON Cloud is used by thousands of companies worldwide for secure remote access to their industrial devices and machines. After connecting a machine to the cloud with, for example, the IXrouter, you can set up a secure connection from anywhere in the world.
One of the techniques used for this is Virtual Private Network (VPN). You can now also set up a VPN connection via IXON Cloud using your smartphone with the new Mobile VPN functionality.
What is Mobile VPN?
It’s a continuous VPN connection set up from your mobile phone. Mobile VPN stays connected even when you switch from IXON Cloud to another application. The secure VPN tunnel allows you to remotely access your industrial devices via their specific smartphone apps.
Why Mobile VPN is a necessary feature
You can always simply access a device within a company by opening a port in the company’s firewall (port forwarding). Connect to the company’s public IP address and the router will notice data traffic coming in via that port. Just configure the router to forward the traffic to the machine or device, and you’re set.
The only problem is that you’ve just introduced a massive security risk. It’s not just that you’ve gained access to the devices, but the whole world can now reach them. You may have set up a password, but these can actually be fairly easy to hack. They are often devices that do not regularly receive a software update, so you can just wait around for a security breach to occur.
Hackers will eventually misuse your device as a stepping stone to other devices: a web server that processes credit card data or a mail server that quietly sends spam into the world from your internet connection. In short, you don’t want this and that’s where Mobile VPN comes in.
Examples of industrial cases where Mobile VPN is needed
Various HMIs have their own apps to view and control the HMI remotely: AutomationDirect, Unitronics, Schneider and Siemens Smart Client. Webcams or IP cameras often have their own software to take over the camera remotely. Specific devices, such as swimming pools and home or building automation systems, often have specific apps to control the temperature or climate, such as Loxone. Data protocol apps to read data externally need a secure connection, like OPC-UA, Modbus or FTP.
And there are many other industrial visualization apps, like SCADA for mobile.
So the need for Mobile VPN access is enormous.
Mobile VPN demonstration
In this short video, we demonstrate Mobile VPN in practice. An Unitronics PLC + HMI, which runs a dog wash program, is connected to the IXON Cloud. The Unitronics smartphone app requires a Mobile VPN connection to control the HMI screen remotely. This mobile VPN connection is set up by the IXON app. Once connected we can access and control the Unitronics HMI touchscreen.
Mobile VPN technical background
With Mobile VPN, you can create a secure layer 3 VPN tunnel to your IXrouter or IXagent. Traffic destined for the IXrouter, or the machine(s) connected to it, will be routed through the tunnel and allow for communication between you and the remote site.
The VPN API available in Android and iOS only provide the ability to create layer 3 VPN tunnels to route traffic through, as opposed to a layer 2 VPN tunnel which would make a true bridge possible, such as in a switch. In practice, the vast majority of the industry standard protocols rely on IP, TCP, or UDP, and work fully over layer 3.
One of the many examples of layer 3 traffic, which works via Mobile VPN, is VNC traffic. Examples of layer 2 traffic, which doesn’t work via Mobile VPN, are most broadcasting and scanning functions. Keep in mind that you can always reach your machine based on its IP address, as that is layer 3 traffic.
With Mobile VPN, you can create a secure layer 3 VPN tunnel to your IXrouter or IXagent. Traffic destined for the IXrouter, or the PLCs and machines connected to it, will be routed through the tunnel and allow for communication between the devices.
Try Mobile VPN today with IXON Cloud
Besides Mobile VPN, IXON invented Cloud Access to control your HMI or access your VNC and HTTP server remotely. It gives the user direct web-based access to the HMI or web server from their browser or IXON Cloud app through a secure connection. Discover more about Cloud Access.