Tunneling OPC-UA over PageKite
OPC Unified Architecture is the most recent OLE for process control (OPC) specification from the OPC Foundation. OPC-UA servers communicate with clients via exposed endpoints.
The diagram below shows the steps required for an OPC-UA client to discover the OPC-UA server location, discover the server's endpoints and start a secure session with an endpoint.
+-------------------+ +-------------------+ +-------------------+
! ! ! Local ! ! !
! Client ! ! Discovery Server ! ! Server !
+---------+---------+ +---------+---------+ +---+-----------+---+
. . . .
. FindServers() . . .
•----------------------»• . .
• • . .
• ServerDescription[] • . .
•«----------------------• . .
. . . .
. GetEndpoints() . .
•----------------------------------------»• .
• • .
• EndpointDescription[] • .
•«----------------------------------------• .
. . .
. . .
• CreateSecureChannel() . •
•----------------------------------------------------»•
• . •
. . .
Discovery Session
Endpoint Endpoint
In the case that a client already has the address of the OPC UA server, it only sends a GetEndpoints request to the server.
The following is a quick proof-of-concept demonstration that the server and the client can communicate with each other over PageKite on an Ubuntu working environment.
Start the OPC-UA server
First of all, download the Unified Automation C++ based OPC UA Client/Server SDK Bundle - GCC4.5.1 - Linux32 and uncompress it.
Now edit the ServerConfig.xml file in the sdk/bin folder, find the <UaEndpoint> section, uncomment the <StackUrl> setting and bind the endpoint to a port of your choice, like this:
<StackUrl>opc.tcp://localhost:52520</StackUrl>
You may want to change the <Url> setting too:
<Url>opc.tcp://localhost:4841</Url>
Now run the uademoserver, it will print a message like this:
Initializing keyboard.
***************************************************
Server opened endpoints for following URLs:
opc.tcp://localhost:4841
***************************************************
Press x to shutdown server
***************************************************
Add a new kite
The server is physically bound to port 52520 so we are adding a new kite like this:
pagekite --add 52520 raw:OPCUANAME.pagekite.net
Run pagekite:
[...]
Flying localhost:52520 as raw://OPCUANAME.pagekite.me/ (HTTP proxied)
[...]
Configure your proxy on the client side
Unfortunately, I couldn't find any OPC-UA client with native HTTP proxy support.
As a workaround, we shall use desproxy, a TCP tunnel for HTTP proxies:
desproxy OPCUANAME.pagekite.me 52520 OPCUANAME.pagekite.me 443 4841
Command synopsis:
desproxy remote_host remote_port proxy_host proxy_port local_port
Connect your client
Now you should be able to connect to opc.tcp://localhost:4841 with any client: my choice is Unified Automation UaExpert, Windows users may like TerxaSoft GmbH visualXplorer .NET too.
Try and add a new server, and start browsing: if everything is going well, desproxy will output a series of messages like these:
Connection request from 127.0.0.1, port 50737
Connecting to http proxy (OPCUANAME.pagekite.me:443)
Connection #0: bidirectional connection stablished
Connection #0: client - proxy 56 bytes read
Connection #0: proxy - client 28 bytes read
Connection #0: client - proxy 133 bytes read
[...]
If both your client and server are on the same machine, your setup is now looking like in the diagram below.
+-------------------------+
! !
! +-------------------+ !
! ! ! !
! ! OPC-UA ! !
! ! Client ! !
! +---------+---------+ !
! ! !
! (port 4841) !
! +---------+---------+ ! +-----------+
! ! ! ! ! !
! ! Desproxy +-----+ !
! ! ! ! ! !
! +-------------------+ ! ! !
! ! ! PageKite !
! +-------------------+ ! ! Front-end !
! ! ! ! ! !
! ! PageKite +-----+ !
! ! Back-end ! ! ! !
! +---------+---------+ ! +-----------+
! ! !
! (port 52520) !
! +---------+---------+ !
! ! ! !
! ! OPC-UA ! !
! ! Server ! !
! +-------------------+ !
! !
+-------------------------+
The Beanstalks Project ehf.
Comments