Disclaimer
This guide is not intended to be a substitution of the official documentation which is provided by the partner and can be found here: IXON Website
Requirements
- IXON enabled device
- Firewall App (Just in case we cannot set gateways of the others network devices)
Used Setup
Setup the basics: Device IP and Pages
Once we have onboarded the device we have to navigate to Fleet Manager ➡️ MyDevice ➡️ LAN and apply the following settings:
- As Router LAN IP the IP address of the ctrlX CORE.
- If needed in "Additional subnets" we can set other subnets, like the 192.168.2.x in this case.
Now we can set the default pages which are pointing out to ctrlX Automation front page and to a Node-RED dashboard. The pages can point to whatever device webpage.
Service Setup
IXON device landing
IXON device landing
IXON device landing
Setup the LAN remote access with VPN
To achieve this result we first have to enable the "Enable IP forwarding" option for "tap0" and any other interface we need to share. Additionally any device that has to be used remotely has to set the ctrlX CORE IP address in his network as gateway, e.g. the XM21 has 192.168.1.25 as IP address. I need to set 192.168.2.1 as gateway because it is the address of ctrlX inside this network. This setting can be avoided, if we use the Firewall app
To access some devices which are behind the ctrlX itself, we also need to add the devices IP address on the list of the network. For instance, if we want to communicate with the drives which are connected via Sercos to our XM21 we have to add their address on the network list. The same if we need to communicate with EoE devices connected to ctrlX itself. So in this case we have:
- 192.168.1.0: standard router network. Not listed here.
- 192.168.2.0: Secondary network connected with the machine, XM21 is connected here.
- 192.168.40.0: EoE network connected to ctrlX.
- 172.31.254.0: Sercos network. Not connected to ctrlX but to our XM21.
Now we can connect to the device using the "connect" button. Once we are connected we can contact the devices using their original IP addresses. Nothing more easy.
Firewall empowered version
We can empower the system with the firewall app with the following benefits:
- Machine protection.
- No necessity to set the gateway to the devices that have to be remote connected.
- We can directly forward a ctrlX port to the devices port. This way we can see them directly from ctrlX himself and we ca see the devices service pages without VPN.
The explanation how to setup the firewall to achieve the last two bullet points is expressed in these two guides, with the difference that we don't have to set any routing rule on our PC side, since those are already managed by the VPN itself:
I report here the settings done in my firewall. The XM21 (192.168.2.25) 80 port is forwarded to ctrlX CORE 8234 port. I have additionally an IPCAM (192.168.1.55) which is forwarded to port 8567.
Firewall advanced 1 
Firewall advanced 2Now if we want to show directly the XM21 web portal and the IPcam webpage we just have to add them as a service in the IXON setup. From just this page without VPN we can connect to the webserver of any of these devices.
Service advanced
Service advancedThe final result is the follwing:
IXON final result
NODE-RED remote
Node-red Management remote
Camera Remote management
XM21 WebAssistantCorporate Lan Setup
Many corporates are using Proxies inside the company network. IXON can work (PC side) also in this situation. The procedure is similar to: connect ctrlX CORE VIRTUAL to internet using PX proxy. So it is suggested to test this guide first. Once anything is set and PX is working we have to go to: "Fleet management" then "Tools" then selet the "details" field of the VPN client and enter the options below (if the PX setup is standard). Happy remote connection. Remember to start PX anytime you need this feature.
Related Links
