Network Security and VPN

VPNAn integral part of the LOYTEC hardware is a configurable firewall, which can be enabled and configured over the built-in web server, over OPC XML‑DA, or OPC UA. The built-in web server is accessed via the secure HTTPS protocol. A pre-installed certificate allows a quick setup and can later be replaced by a locally generated certificate or by a certificate issued by a certification authority. Data communication is encrypted by TLS encryption methods. The use of secure certificates prevents man-in-the-middle attacks. Furthermore, the OPC UA server provides a secure alternative to OPC XML‑DA. It uses the installed server certificate and authorizes OPC clients by certificates.

LOYTEC devices can also be operated as part of a virtual private network (VPN) based on the OpenVPN technology. In a VPN setup, the device connects to a VPN server with an authenticated VPN certificate. The VPN provides a secured network channel that can carry any of the IP-based protocols. In combination with a VPN server on a public address, VPN devices can be accessed without having a public address. This provides a secure alternative to NAT forwarding and makes secure access to remote sites very simple. In combination with LWEB-900, setting up a VPN on the device is as easy as entering the LWEB-900 VPN project PIN code. LWEB-900 fully automatically generates the VPN certificates and enrolls the device in its own VPN.