5 modbus tcp/ip to rtu gateway, 6 tls, Modbus tcp/ip to rtu gateway – Campbell Scientific NL240 Wireless Network Link Interface User Manual

NL240 Wireless Network Link Interface

8.2.5 Modbus TCP/IP to RTU Gateway

The NL240 can serve as a Modbus TCP/IP to RTU Gateway. It will listen for

incoming Modbus TCP/IP connections from a Modbus TCP/IP master client.

The port number of the listening connection is specified in the

RS-232 Service

Port Number setting and is typically set to a value of 502. The NL240 will

convert incoming Modbus TCP/IP frames to Modbus RTU and forward them

to the RS-232 port. The NL240 will wait for a response from the Modbus RTU

device and forward that response back to the remote Modbus TCP/IP master

client over the established TCP connection. The Modbus RTU device is

generally a datalogger, such as a CR200(X), connected to the RS-232 port or a

datalogger located remotely over a transparent radio (for example, RF450)

connection, but can be any Modbus RTU device. When the NL240 is

connected directly to a CR800 series, CR1000, or CR3000 being polled by a

Modbus TCP/IP master client, the NL240 is most commonly configured with

Bridge Mode enabled instead of as a Modbus TCP/IP to RTU Gateway.

8.2.6 TLS

The NL240 supports transport layer security (TLS) for proxy functions

including HTTPS. TLS versions 1.0 and 1.1. are supported. The TLS

implementation supports symmetric algorithms AES-256, AES-128, and RC4

and RSA keys up to 4096 bits. For any TLS connection, the unit will

preferentially use AES-256, then AES-128, and finally RC4. X.509 certificates

are supported, with the exception of v3 extensions. Certificates should be PEM

format. Up to 10 certificates can be chained. 10 kB of space is provided for

certificate storage. The Private Key should also be in PEM format and, if

encrypted, use AES-256 or AES-128 (SHA).

The implementation of TLS in the NL240 is provided so that secure, encrypted

communications can be established between a TLS client and the NL240.

With the TLS Proxy Server enabled, the NL240 can act as a TLS proxy server

for a datalogger. The NL240’s TLS Proxy Server maintains a secure TLS

connection with a remote TLS client and forwards data onto a datalogger using

a standard TCP connection thus enabling communication with TLS clients.

The TLS client can be a web browser using HTTPS or other user-supplied TLS

client. This offloads from the datalogger the intensive computations that are

necessary for a TLS server to perform.

Also, with the NL240 configured for TLS, it can establish a secure TLS

configuration session with DevConfig.

In order to use TLS, the user must configure the NL240 with a user-supplied

TLS Private Key and TLS Certificate. The key and certificate are loaded using

DevConfig.

Using DevConfig, navigate to the Settings Editor tab and then to the TLS tab.

•

Load the user-supplied, PEM-formatted TLS Private key using the

Set

TLS Key … button. A file dialog will open. Navigate to the key file

and click

Open.

•

Load the user-supplied, PEM-formatted TLS Certificate using the

Set

TLS Certificate … button. A file dialog will open. Navigate to the

certificate file and click

Open.

25