tunnel-TunnelService
This component is a station server for application tunneling, where remote PCs with a Niagara 4 Tunnel Client installed can use a legacy or vendor-specific PC application to access devices connected to one or more driver networks. A tunnel connection allows the remote client application to operate as it were directly attached to the driver network (via a virtual PC port).
A client PC tunnels using an IP (LAN/WAN) connection, which is granted only after authentication as a station user (with admin write permissions for the particular child tunnel component to be accessed).
Currently, the following types of child tunnels are supported:
SerialTunnel
LonTunnel
In any station, only one TunnelService is recommended. It can hold the required number of child tunnels, as needed.
To access these properties, you must have added the TunnelService from the tunnel palette. Assuming you put this service in the Services container, expand and double-click TunnelService.
In addition to several common properties (Enabled, Status, Fault Cause) the TunnelService contains the following configuration properties.
| Property | Value | Description |
|---|---|---|
| TLS Server Certificate | drop-down list (defaults to tridium, which is a self-signed certificate) | Identifies the station’s
server certificate from the User Key Store. This
certificate is password-protected by either a unique password or the
global certificate password and should be signed by a root CA certificate.
Do not rely for protection on a self-signed certificate. |
| Tls Min Protocol | drop-down list (defaults to TLSv1.0+) | Selects the earliest version
of the TLS (Transport Layer Security) protocol supported by your network.
This is the minimum level of the TLS. Options include versions TLSv1.0+, TLSv1.1+, TLSv1.2+, and TLSv1.3. Choosing a higher level provides
more security. Note:
TLSv1.0 and TLSv1.1 are still supported for backwards compatibility, but it is recommended to use TLSv1.2 and higher. During the handshake, the server and client agree on which protocol to use. You should change this property from the default if your network requires a specific version or if a future vulnerability is found in one of the versions. |
| Cipher Suite Group | drop-down list (defaults to Recommended) | Controls which cipher
suites can be used during TLS negotiation. The default is more secure
than the other option (Supported) and should be used
unless it causes compatibility issues with the client. |
| Server Port | number (defaults to 9973 | Identifies the software port the driver monitors for incoming client tunnel connections. |
| Connections | read-only | Shows the number of active tunnel connections, which ranges from 0 (no active connections) to the number of child tunnel components. |