VPN

A VPN connection can optionally be activated on the control unit. This connects the control unit to the uni PRO VPN server. The uni-PRO APP can connect to the control unit via this VPN connection without port forwarding.

The VPN connection is deactivated by default. To activate the VPN, call up the web interface of the control unit; the connection can be activated under the VPN menu item.

VPN connection controller

The VPN integrated in the control unit connects to the uni-PRO VPN server via port 30001. Several VPN servers are used for this. The responsible VPN server depends on the serial number of the control unit. The control unit must be able to connect to external servers; these must not be blocked by a firewall.

NTP Server

The control unit requires the exact time for time functions and VPN connection. Therefore, an accessible NTP server should be set in the web interface of the control unit. The default setting is pool.nto.org, NTP port 123, which can alternatively be changed to a local NTP server in the network.

Portforwarding

The APP connects to the controller in the local network via port 10001. If you want to set up port forwarding for control, this port must be entered in the router for control. The Studio also uses this port.

If a different incoming port is used for port forwarding on the router, this can be entered on the APP separated from the IP address by a colon. Beispielsweise “17.18.19.10:1234”. On the router, the incoming port 1234 must be forwarded to the control unit 10001.

Important: The control unit should never be directly accessible from the Internet. We recommend using the integrated VPN connection. If this is not possible, the use of a private VPN is recommended.

VPN connection APP

When a new VPN connection is set up on the APP, it connects to the uni-PRO server via port 10003 for authentication and to determine the responsible VPN server. When a connection is established, it then connects directly to the determined VPN server, also via port 10003.

Tips for troubleshooting VPN connection

The VPN connection must be activated in the web interface of the control unit; this is deactivated by default. All queries must be green under “Test Internet Connection”. If this is not the case, this may have the following causes:

If the control unit is not accessible via VPN, you should first check whether the control unit is accessible in the internal network by calling up the web interface of the control unit via the browser.
If the web interface is not accessible, you should first check whether the RUN LED is flashing; if it is not flashing, you should switch off the power or check the power supply.
If the web interface is accessible, you can check under “Test Internet Connection” whether the control unit can access the Internet (all entries must be green). If, for example, “Server reachable” is red, there is an error in the network settings or communication is blocked by a firewall.
If the default gateway and DNS are not set correctly or the DNS server cannot be reached, “Server reachable” also remains red.
Some firewalls recognize VPN connections and block them by default. These must then be unblocked in the firewall.
The original time must be set correctly on the controller for the certificate check. The set time servers should therefore be accessible and must not be blocked by a firewall. If the time was subsequently set manually, the control unit should be restarted.
The control unit is assigned a network address from the range 10.10x./16. This must not collide with the local network. The network address 10.10x depends on which VPN server the control unit is linked to (10.100.x.x, 10.101.x.x, 10.102.x.x etc.). Which address is used is displayed in the web interface status.

Important: Please note the Disclaimer when using the VPN service.