Network Security and VPN*
Integral part of the LOYTEC hardware is a configurable firewall, which can be enabled and configured over the built-in web server, over OPC XML‑DA, or OPC UA. The built-in web server is accessed via the secure HTTPS protocol. A pre-installed certificate allows a quick setup and can later be replaced by a locally generated certificate or by a certificate issued by a certification authority. Data communication is encrypted by TLS encryption methods. The use of secure certificates prevents man-in-the-middle attacks. Furthermore, the OPC UA server provides a secure alternative to OPC XML‑DA. It uses the installed server certificate and authorizes OPC clients by certificates.
LOYTEC devices can also be operated as part of a virtual private network (VPN) based on the OpenVPN technology. In a VPN setup, the device connects to a VPN server with an authenticated VPN certificate. The VPN provides a secured network channel that can carry any of the IP-based protocols. In combination with a VPN server on a public address, VPN devices can be accessed without having a public address. This provides a secure alternative to NAT forwarding and makes secure access to remote sites very simple.
* VPN will be available in Q3 2020.