WEINZIERL ENGINEERING GmbH

WEINZIERL ENGINEERING GmbH
WEINZIERL ENGINEERING GmbH
KNX IP Interface 730
KNX IP Router 750
KNX IP Linemaster 760
KNX IP BAOS 770
KNX IP BAOS 771
KNX IP BAOS 772
Remote access with the ETS
WEINZIERL ENGINEERING GmbH
Bahnhofstr. 6
84558 Tyrlaching, Germany
Tel. 08623 / 987 98 03
Fax 08623 / 987 98 09
E-mail: info@weinzierl.de
Web:
www.weinzierl.de
WEINZIERL ENGINEERING GmbH
2011-02-01
EN
Page 1/13
KNX IP Interface: remote access
Table of contents
1
2
Introduction ................................................................................................................................. 3
Remote access with NAT ......................................................................................................... 3
2.1
Network Address Translation (NAT)............................................................................... 3
2.2
Example of a configuration .............................................................................................. 3
2.2.1
Structure ..................................................................................................................... 3
2.2.2
Settings in the DSL router ........................................................................................ 4
2.2.3
IP configuration of the KNX IP Interface ................................................................ 5
2.2.4
Establishing a connection with the ETS ................................................................ 6
3 Remote access via a VPN ....................................................................................................... 7
3.1
Virtual Private Network (VPN) ......................................................................................... 7
3.1.1
Introduction ................................................................................................................. 7
3.1.2
Site-to-end .................................................................................................................. 7
3.1.3
Site-to-site................................................................................................................... 7
3.2
Remote access to a KNX/IP router using the DrayTek Vigor2200Eplus as an
example........................................................................................................................................... 7
3.2.1
Configuration of the VPN server ............................................................................. 7
3.2.2
Configuration of the VPN client under Windows XP .......................................... 10
3.2.3
Accessing the remote KNX IP device with the ETS........................................... 13
3.2.4
Alternatives ............................................................................................................... 13
Versions
Document version
Draft
Review
Added: KNX IP Linemaster 760
Changed: Formatting
Added KNX IP BAOS 772
WEINZIERL ENGINEERING GmbH
2011-02-01
Date
18 February 2009
04 March 2009
17 June 2010
Editor
F. Heiny
F. Heiny
F. Heiny
08 November 2011
S. Matsche
EN
Page 2/13
KNX IP Interface: remote access
1 Introduction
This document describes how remote access can be established to a KNX installation via
the Internet by means of the ETS. Remote access can be achieved using either NAT
(Network Address Translation) or VPN (Virtual Private Network).
Any device that supports KNXnet/IP tunnelling can be used for remote access. These
devices are the KNX IP Interface 730, KNX IP Router 750, KNX IP Linemaster 760 and
KNX IP BAOS 770. In this document, they will be collectively referred to as "KNX IP
devices".
2 Remote access with NAT
2.1 Network Address Translation (NAT)
NAT (Network Address Translation) is a method used to translate IP addresses. It is
primarily used in routers (e.g. DSL routers).
2.2 Example of a configuration
2.2.1 Structure
Internet
IP addr.:
192.168.1.30
Switch
WAN
e.g. DSL
LAN
IP addr.:
192.168.1.1
Subnet: 255.255.255.0
IP addr.:
192.168.1.10
IP addr.:
192.168.1.11
KNX IP
Router
KNX IP
Router
1.1.0
2.1.0
EIB/KNX
EIB/KNX
1.1.1
1.1.10
2.1.1
2.1.10
1.1.2
1.1.11
2.1.2
2.1.11
Figure 1: KNX installation
The diagram above shows a typical KNX installation that is connected to the Internet via a
DSL router: Two TP lines are connected to each other via two KNX IP routers. These KNX
IP routers were assigned IP addresses from the local network. The DSL router needed for
Internet access has a fixed local IP address (192.168.1.1) and a public IP address (here,
84.145.85.60), which is assigned by the Internet provider. Generally, the public IP address
is dynamic, meaning that it is reassigned every time an Internet connection is
reestablished.
WEINZIERL ENGINEERING GmbH
2011-02-01
EN
Page 3/13
KNX IP Interface: remote access
2.2.2 Settings in the DSL router
In the DSL router, forwarding must be set up under the "NAT" item. For this, a port
(standard: 3671) and an IP address (local IP address of the KNX IP device, e.g.
192.168.1.10) must be specified. Afterwards, all telegrams that are received from the
Internet and are directed to port 3671 are forwarded to the specified KNX IP device.
Figure 2: Settings in the DSL router (port forwarding for KNXnet/IP)
Figure 3: Settings in the DSL router (list of port forwardings)
WEINZIERL ENGINEERING GmbH
2011-02-01
EN
Page 4/13
KNX IP Interface: remote access
2.2.3 IP configuration of the KNX IP Interface
Since the IP address of the KNX IP device must be known, manual configuration is
recommended. The IP address (192.168.1.10), subnet mask (255.255.255.0) and gateway
IP address (192.168.1.1) must be specified.
Figure 4: IP configuration (part 1)
Figure 5: IP configuration (part 2)
WEINZIERL ENGINEERING GmbH
2011-02-01
EN
Page 5/13
KNX IP Interface: remote access
2.2.4 Establishing a connection with the ETS
Figure 6: ETS Connection Manager
A separate connection should be created for remote access, such as "IP (NAT)" in the
example shown here. Select "KNXnet/IP" for the type. In the "IP address" field, enter the
public IP address of the remote KNX installation. The port (3671) specified here must be
the same as the one contained in the DSL router settings. Important: The "NAT mode" box
must be checked.
Note: The IP address must be entered manually since the devices cannot be scanned via
the Internet.
Remote access by means of NAT requires at least ETS 3.0f.
WEINZIERL ENGINEERING GmbH
2011-02-01
EN
Page 6/13
KNX IP Interface: remote access
3 Remote access via a VPN
3.1 Virtual Private Network (VPN)
3.1.1 Introduction
A VPN is an extension of private networks. It can be used to enable remote access (siteto-end) and link private networks (site-to-site) via the Internet.
1.1
Site-to-end
A site-to-end VPN can be used to establish access to an internal network. For example,
employees in the field can use it to dial into their company network.
1.1
Site-to-site
A site-to-site VPN can be used to link private networks. For example, a site-to-site VPN
can link two remote company networks.
1
Remote access to a KNX/IP router using the DrayTek
Vigor2200Eplus as an example
3.2.1 Configuration of the VPN server
This example shows how a VPN connection is set up with the PPTP protocol (Point-ToPoint Tunnelling Protocol). Alternatively, a VPN connection can be established via L2TP
over IPsec (Layer 2 Tunneling Protocol).
Descriptions are only provided for those pages on which settings need to be made.
The following figure shows the main menu of the DrayTek router.
Figure 7: Setup Main Menu
WEINZIERL ENGINEERING GmbH
2011-02-01
EN
Page 7/13
KNX IP Interface: remote access
Select the "VPN and Remote Access Setup":
Figure 8: VPN and Remote Access Setup
Select the "Remote User Profile Setup (Teleworker)". The next dialogue box shows a table
in which various accounts can be created:
Figure 9: Remote User Profile Setup (part 1)
Select an account. The following box appears:
WEINZIERL ENGINEERING GmbH
2011-02-01
EN
Page 8/13
KNX IP Interface: remote access
Figure 10: Remote User Profile Setup (part 2)
Activate the account using "Enable this account". Create a "Username" with the
associated "Password". Select the protocol under "Allowed Dial-In Type". Several
protocols can be activated if necessary. In this example, only "PPTP" is used.
WEINZIERL ENGINEERING GmbH
2011-02-01
EN
Page 9/13
KNX IP Interface: remote access
3.2.2 Configuration of the VPN client under Windows XP
Select "Create a new connection" in the Network Connections. In the dialogue box that
opens, select "Connect to the network at my workplace".
Figure 11: Network Connection Type
In the next box, select "Virtual Private Network connection".
Figure 12: Network Connection
The connection should be assigned a meaningful name:
WEINZIERL ENGINEERING GmbH
2011-02-01
EN
Page 10/13
KNX IP Interface: remote access
Figure 13: Connection Name
To reach the VPN server, its IP address must be entered. Because many DSL connections
have a dynamic IP address, it must be determined first. A service such as "DynDNS" can
be used instead. In this case, the corresponding name must be entered instead of the IP
address.
Figure 14: VPN Server Selection
Before the connection is established, the password must be entered in addition to the user
name. These must be identical with the entries in the VPN server.
WEINZIERL ENGINEERING GmbH
2011-02-01
EN
Page 11/13
KNX IP Interface: remote access
Figure 15: Connection establishment
After the connection is established, the client is assigned an IP address from the range of
the remote private network.
WEINZIERL ENGINEERING GmbH
2011-02-01
EN
Page 12/13
KNX IP Interface: remote access
3.2.3 Accessing the remote KNX IP device with the ETS
Multicast telegrammes are used to search for a KNX IP device. Because the VPN
hardware (DrayTek Vigor 2200Eplus) does not allow these to pass, the IP address of the
KNX IP device must be known.
Figure 16: ETS Connection Manager
The IP address and the port of the KNX IP device must be entered in the communication
parameters. If a VPN connection is active, the KNX IP device can be accessed.
3.2.4 Alternatives
Apart from the DrayTek Vigor2200Eplus used in this example, a VPN can be built with
other devices as well. Devices of this type are available from Linksys, Netgear and AVM
(Fritzbox).
Either an embedded solution or a PC with "OpenVPN“ can be used.
WEINZIERL ENGINEERING GmbH
2011-02-01
EN
Page 13/13
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising