11/09/2007, 12:20:47
Info sur Eibd et calimero par l'auteur de Eibd (Martin Koegler).
****
Please don't confuse the eibd protocol with EIBnet/IP. The eibd
protocol can be used over (local) unix sockets or a TCP/IP connection,
depending on the -u/-i option. It supports transport over the internet
(and NAT).
As you are using calimero, you are using EIBnet/IP Tunneling.
Accessing a EIBnet/IP device outside a local, only switched LAN is a
little bit more difficult.
First, between the EIBnet/IP server (eibd) and client (calimero),
there may not be any NAT. If anything changes the IP address of the IP
packages between server and client, you have two option:
* Setup an IP tunnel between server and client (IPSec, OpenVPN, ..).
The tunnel must be able to transmit all kind of IP telegrams
unmodified, so SSH port forwarding or a SOCK proxy are not
sufficient.
* On the NAT device, run an additional eibd instance as EIBnet/IP
server, which connects the real EIBnet/IP server. The client
connects
to the proxy EIBnet/IP server.
If there is a IP connection without any NAT and no Firewall blocks the
UDP packages between server and client, connection with an EIBnet/IP
Tunneling client is possible, if you explicitly specifiy the IP
address of the EIBnet/IP server in the client.
***
Deux info importantes en ressortent, si on possède un module comme le
siemens N148 qui sait simplement faire du Tunneling, il faut mettre un
Eibd si on veut passer par internet. Il faut aussi faire en sorte de
ne pas avoir de NAT, c'est à dire mettre un VPN ou IPSEC pour pouvoir
utiliser calimero.
Une autre solution est de mettre en local un deuxième eibd et de
passer sur internet via le protocol eibd. Ainsi le deuxième eibd sert
de proxy.
Il doit-être possible via un module tel le N146 (Tunneling + routing)
de se passer de l'eibd en attaquant directement via calimero (et
sûrement un VPN aussi).
Ce dernier point reste à valider.
Florent.
****
Please don't confuse the eibd protocol with EIBnet/IP. The eibd
protocol can be used over (local) unix sockets or a TCP/IP connection,
depending on the -u/-i option. It supports transport over the internet
(and NAT).
As you are using calimero, you are using EIBnet/IP Tunneling.
Accessing a EIBnet/IP device outside a local, only switched LAN is a
little bit more difficult.
First, between the EIBnet/IP server (eibd) and client (calimero),
there may not be any NAT. If anything changes the IP address of the IP
packages between server and client, you have two option:
* Setup an IP tunnel between server and client (IPSec, OpenVPN, ..).
The tunnel must be able to transmit all kind of IP telegrams
unmodified, so SSH port forwarding or a SOCK proxy are not
sufficient.
* On the NAT device, run an additional eibd instance as EIBnet/IP
server, which connects the real EIBnet/IP server. The client
connects
to the proxy EIBnet/IP server.
If there is a IP connection without any NAT and no Firewall blocks the
UDP packages between server and client, connection with an EIBnet/IP
Tunneling client is possible, if you explicitly specifiy the IP
address of the EIBnet/IP server in the client.
***
Deux info importantes en ressortent, si on possède un module comme le
siemens N148 qui sait simplement faire du Tunneling, il faut mettre un
Eibd si on veut passer par internet. Il faut aussi faire en sorte de
ne pas avoir de NAT, c'est à dire mettre un VPN ou IPSEC pour pouvoir
utiliser calimero.
Une autre solution est de mettre en local un deuxième eibd et de
passer sur internet via le protocol eibd. Ainsi le deuxième eibd sert
de proxy.
Il doit-être possible via un module tel le N146 (Tunneling + routing)
de se passer de l'eibd en attaquant directement via calimero (et
sûrement un VPN aussi).
Ce dernier point reste à valider.
Florent.