Index | Prev | Next

tunnel-TunnelService

This component is a station server for application tunneling, where remote PCs with a Niagara 4 Tunnel Client installed can use a legacy or vendor-specific PC application to access devices connected to one or more driver networks. A tunnel connection allows the remote client application to operate as it were directly attached to the driver network (via a virtual PC port).

A client PC tunnels using an IP (LAN/WAN) connection, which is granted only after authentication as a station user (with admin write permissions for the particular child tunnel component to be accessed).

Currently, the following types of child tunnels are supported:

  • SerialTunnel
  • LonTunnel

In any station, only one TunnelService is recommended. It can hold the required number of child tunnels, as needed.

Figure 84.   TunnelService properties
Image

To access these properties, you must have added the TunnelService from the tunnel palette. Assuming you put this service in the Services container, expand Config > Services and double-click TunnelService.

In addition to several common properties (Enabled, Status, Fault Cause) the TunnelService contains the following configuration properties.

Property Value Description
TLS Server Certificate drop-down list (defaults to tridium, which is a self-signed certificate) Identifies the station’s server certificate from the User Key Store. This certificate is password-protected by either a unique password or the global certificate password and should be signed by a root CA certificate. Do not rely for protection on a self-signed certificate.
Tls Min Protocol drop-down list (defaults to TLSv1.0+) Selects the earliest version of the TLS (Transport Layer Security) protocol supported by your network. This is the minimum level of the TLS. Options include versions TLSv1.0+, TLSv1.1+, TLSv1.2+, and TLSv1.3. Choosing a higher level provides more security.
 NOTE: As of Niagara 4.13, TLSv1.0 and TLSv1.1 are still supported for backwards compatibility, but it is recommended to use TLSv1.2 and higher. 

During the handshake, the server and client agree on which protocol to use.

You should change this property from the default if your network requires a specific version or if a future vulnerability is found in one of the versions.

Cipher Suite Group drop-down list (defaults to Recommended) Controls which cipher suites can be used during TLS negotiation. The default is more secure than the other option (Supported) and should be used unless it causes compatibility issues with the client.
Server Port number (defaults to 9973 Identifies the software port the driver monitors for incoming client tunnel connections.
Connections read-only Shows the number of active tunnel connections, which ranges from 0 (no active connections) to the number of child tunnel components.

Related Links

  • Components (Parent Topic)

    • Index | Prev | Next