Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

port to activate in OPC-UA

More
29 Mar 2023 12:12 #11644 by support
Replied by support on topic port to activate in OPC-UA
Yes, it appears wrong.

In my understanding you are connecting to the server through its public IP address, which is 149.100.174.6 .

In such case, there should be 149.100.174.6 in the endpoint addresses of the server. Not 192.168.x.x.

Regards

Please Log in or Create an account to join the conversation.

More
29 Mar 2023 09:33 #11643 by Pala
Replied by Pala on topic port to activate in OPC-UA

in attachment server OPC-UA setting, can you see something to wrong?

Attachments:

Please Log in or Create an account to join the conversation.

More
24 Mar 2023 15:09 #11636 by support
Replied by support on topic port to activate in OPC-UA
Here is one more important observation:

The server should be internally configured with endpoint addresses that the client can actually use.
And it probably is not. This can be the cause of the problem.

I can see that the public IP of the OPC UA server computer is 149.100.174.6 . But in the error message, 192.168.0.180 is listed. This means that the server is telling its clients, in its list of configured endpoints, to use 192.168.0.180 . And that is not going to work for clients from the outside network.

There might be ways to tell the client to replace the IP address, but the right way of doing it is on the server.

Regards

Please Log in or Create an account to join the conversation.

More
23 Mar 2023 17:16 - 23 Mar 2023 17:17 #11630 by support
Replied by support on topic port to activate in OPC-UA
Hello,
please clarify:

1) What do you mean by "If port 4843 is opened on OPC-UA,"? Do you mean on the firewall on in the OPC UA server? If in the OPC server server, is it together with other ports, or alone? Is it open for "opc.tcp" protocol or for https?

Can you send a picture (screenshot) showing the endpoint configuration of the UA server in these cases?

2) What do you mean by "the machine is not accessed,"?

Note:

My previous answer was based on assumption that you are just trying to do OPC UA operation with the server.

But this new post indicates that you are trying to do TWO things:
A ) discover the machine for OPC UA servers &endpoints
B ) perform OPC UA operations on the selected server

I was not aware of A). If I were, my answer would have been different Port 4843 is used by default as part of discovering UA servers on the machine. Given a machine address/name (as in your case, 149.100.174.6), discovering the servers is done simultaneously by trying multiple ports and protocols on that machine. One of them is "opc.tcp" on port 4840. Another one is HTTPS on port 4843. And there are more. It is perfectly OK and common that some of them fail. So, if you started making conclusions from the fact that you see port 4843 access blocked on the firewall, and it was only from UA server discovery, then the correct step taken should be None (ignore it): Port 4843 can stay blocked on the firewall, because you do not need it. The problem is elsewhere.

Regards
Last edit: 23 Mar 2023 17:17 by support.

Please Log in or Create an account to join the conversation.

More
23 Mar 2023 16:53 #11628 by Pala
Replied by Pala on topic port to activate in OPC-UA
Ports 4840 and 4843 are open on the firewall

We have tested the connection indicating public IP 149.100.174.6

If port 4843 is opened on OPC-UA, the machine is not accessed, if instead port 4840 is opened, the machine is seen but the database is not accessed.

I ask you why in a private network (VPN) it works while it doesn't work if we indicate a Public IP

attached image shows the connection to the machine but as you can see access to the database fails with the relative error next to it

Attachments:

Please Log in or Create an account to join the conversation.

More
22 Mar 2023 19:34 #11625 by support
Replied by support on topic port to activate in OPC-UA
Hello.
Without further diagnosis I cannot be sure what is happening, but here is what *can* be the cause:

The actual connection you make from an OPC UA client to the server is not necessarily on the same port as you have specified. The port you specify is actually for the so-called Discovery Endpoint. This is from where the client gets from the server a list of all the *actual* ("session") endpoints that the server exposes. And the client picks a suitable endpoint from the list, and it uses it afterwards.

In the default configuration, however, "switch" to a different port should be disabled (on our side), for security reasons. So it is weird that it has happened.

First thing to check is, however, o the server side. There should be a configurable setting for the endpoints it provides. If you do not want it to work on port 4843, and there is such an endpoint there, the primary action needed to take is to disable or remove such endpoint on the server side.

Best regards

Please Log in or Create an account to join the conversation.

More
22 Mar 2023 18:56 #11624 by Pala
Replied by Pala on topic port to activate in OPC-UA
#3
instead if I try to make the same connection without VPN but pointing directly to the public ip of the OPC-UA server always on port 4840 the connection happens to move to 4843, at least this is what the firewall logs indicate

in this 3 point result is no connection on OPC-UA

Please Log in or Create an account to join the conversation.

More
22 Mar 2023 18:55 #11623 by Pala
Replied by Pala on topic port to activate in OPC-UA
i try to explain better

#1
I use your COM object by setting 4840 as the OPC connection port

#2
if I connect using an OpenVPN (set a local ip in COM connection settings) connection I have not problems and I can connect to OPC-UA, the logs show and confirm that I am using port 4840

#3
instead if I try to make the same connection without VPN but pointing directly to the public ip of the OPC-UA server always on port 4840 the connection happens to move to 4843, at least this is what the firewall logs indicate

is possible?

Please Log in or Create an account to join the conversation.

More
22 Mar 2023 18:12 #11622 by support
Replied by support on topic port to activate in OPC-UA
I am sorry, but regardless of the typos and corrections, which are minor things, I do not know what you are talking about.

See: www.opclabs.com/forum/announcements12/2365-rules-for-forum-posts

Specifically:

Please try to make your issue as clear as possible. Consider the fact that on the other side, there is a person that, at least in the beginning, knows nothing about what your goal is, what have you done or achieved so far, what has happened and how it differed from your expectations.

A good problem report should have these parts:
1. Steps taken: What you have done, in detail.
2. Expected result: What you think should have happened.
3. Observed result: What has happened in reality.

We also recommend that you follow the practices used on the Stack Overflow site: How to create a Minimal, Complete, and Verifiable example .

Please Log in or Create an account to join the conversation.

More
22 Mar 2023 18:06 #11621 by Pala
Replied by Pala on topic port to activate in OPC-UA
scuse me... a type mistake before

We in the COM object we always specify port 4840

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.063 seconds