Difference between revisions of "Domnev"

From Teltonika Networks Wiki
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
<p style="color:red">The information on this page is updated in accordance with the [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.4'''] firmware version .</p>
 
<p style="color:red">The information on this page is updated in accordance with the [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.4'''] firmware version .</p>
==Introduction==
+
__TOC__
 +
==Summary==
 +
In this guide, the MQTT Serial Gateway function will be configured using third-party MQTT Broker services (in this example, ''Flespi.io'').
  
==Configuration overview and prerequisites==
+
==Configuration overview & prerequisites==
 +
*Two devices with serials ports - one acts as Modbus RTU Master, another as Modbus RTU Slave;
 +
*Flespi.io account to act as an MQTT Broker/Publisher/Subscriber (for first configuration example);
  
Before we begin, let's take a look at the configuration that we are attempting to achieve and the prerequisites that make it possible.
+
[[File:MQTT Serial gateway topology v2.png|border|center|class=tlt-border|847x279px]]
  
'''Prerequisites''':
+
RUT2 will act as a Modbus RTU slave and RUT1 as a Modbus RTU Master. On RUT1, MQTT Serial Gateway will be configured to transfer Modbus data over MQTT. Flespi.io platform will serve as an MQTT Broker
* Two RUT/RUTX series routers with RUTOS firmware;
 
* An end device (PC, Laptop) for configuration;
 
  
If you're having trouble finding any page or some of the parameters described here on your device's WebUI, you should turn on '''"Advanced WebUI"''' mode. You can do that by '''clicking''' the '''"Basic"''' button '''under''' '''"Mode,"''' which is located at the top-right corner of the WebUI.
+
==RUT2 configuration==
[[File:Networking rut9 manual webui basic advanced mode.gif|border|center|class=tlt-border|1102x52px]]
+
===Configuring Modbus RTU Slave===
 +
----
 +
Go to Services → Modbus → Modbus RTU Slave and create a new instance.
 +
# Enter the '''desired instance name''';
 +
# Select the '''desired serial interface'''.
  
==Topology==
+
[[File:Modbus RTU Slave.png|border|center|class=tlt-border|855 × 308px]]
  
[[File:IPsec TLT to TLT Topology.png|border|center|class=tlt-border|839x399px]]
+
==RUT1 configuration==
 +
===Configuring MQTT Gateway===
 +
----
 +
Go to '''Services → Modbus → MQTT Gateway''' and there:
  
'''RUT1''' - RUTX12 as a '''hub'''. A hub is a server, to which our spoke will be connecting (IPsec responder). It will be our "default gateway" for the spoke device. RUTX12 has a LAN subnet of 192.168.11.0/24 configured on it, which should be reachable by the '''spoke'''.
+
# '''Enable''' the '''instance''';
 +
# '''Enter Host''' (copied from flespi connection settings without 'wss://' and port);
 +
# '''Enter Username''' (Copied from flespi Connection settings generated '''token''');
 +
# '''Enter Password'''.
  
'''RUT2''' - RUT955 as a '''spoke'''. A spoke is a client, that will be connected to the spoke (IPsec initiator). It will be connected to a '''hub''' for basic internet access. RUT955 has a LAN subnet of 192.168.9.0/24 configured on it.
+
[[File:MQTT Gateway config.png|border|center|class=tlt-border|862 × 412px]]
  
==RUT1 (Hub) configuration==
+
'''Note''': ''Everything else can be left as default or changed according to your needs.''
Start by configuring the hub (RUT1) device. Login to the WebUI, navigate to '''Services → VPN → IPsec''' and '''add a new IPsec instance'''. Configure everything as follows.
 
  
'''Note:''' '''''Not specified fields can be left as is or changed according to your needs.'''''
+
===Configuring Serial Gateway===
===Instance configuration===
 
 
----
 
----
<table class="nd-othertables_2">
+
Under the MQTT Gateway configuration, create the Serial Gateway:
    <tr>
+
# Enter the '''desired device ID''';
        <th width=330; style="border-bottom: 1px solid white;></th>
+
# Select the '''desired serial interface'''.
        <th width=800; style="border-bottom: 1px solid white"; rowspan=2>[[File:IPsec HUB.png|border|class=tlt-border|755x406px|right]]</th>
+
 
    </tr>
+
[[File:Serial gateway config.png|border|center|class=tlt-border|868×308px]]
    <tr>
 
        <td style="border-bottom: 4px solid white>
 
# '''''Enable''''' instance;
 
# Authentication method - '''''Pre-shared key;'''''
 
# Pre-shared key - '''''your desired password;'''''
 
        </td>
 
    </tr>
 
</table>
 
  
===Connection configuration===
+
===Configuring Flespi.io MQTT Broker===
 
----
 
----
 +
'''Log in''' or '''create an account''' on '''https://flespi.io''';
  
<table class="nd-othertables_2">
+
#Navigate to '''MQTT Board''' on the '''left side''' menu;                                       
    <tr>
+
#On the right-hand panel, top right corner, next to the name of the MQTT board, '''press the cogwheel-looking icon''' to open ''Connection Settings'';
        <th width=330; style="border-bottom: 1px solid white;></th>
+
#In the opened window, press '''"Get flespi token"''' to generate a username;
        <th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:IPsec HUB Connection.png|border|class=tlt-border|753x368px|right]]</th>
+
#Enter the '''Client name''';
    </tr>
+
#Copy the Host address;
    <tr>
+
#Copy '''Username''';
        <td style="border-bottom: 4px solid white>
+
#Create a '''password'''.
# Mode - '''''Start;'''''
 
# Type - '''''Tunnel;'''''
 
# Local subnet - '''''0.0.0.0/.0;'''''
 
# Key exchange - '''''IKEv2;'''''
 
        </td>
 
    </tr>
 
</table>
 
  
----
+
Once done, save all the changes.
<table class="nd-othertables_2">
+
[[File:Flespi board.png|border|center|class=tlt-border|1102x729px]]
    <tr>
 
        <th width=330; style="border-bottom: 1px solid white;></th>
 
        <th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:IPsec HUB Connection Advanced.png|border|class=tlt-border|752x541px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 4px solid white>
 
# '''''Enable''''' '''''Local firewall;'''''
 
# Remote source IP - '''''10.20.30.0/24;'''''
 
# Remote DNS '''''9.9.9.9;'''''
 
        </td>
 
    </tr>
 
</table>
 
  
===Proposal configuration===
+
===Message format for MQTT publisher===
 
----
 
----
 +
Modbus request data sent in the MQTT payload should be generated in accordance with the following format:
  
<table class="nd-othertables_2">
+
<pre>1 <COOKIE> <SERIAL_DEVICE_ID> <TIMEOUT> <SLAVE_ID> <MODBUS_FUNCTION> <FIRST_REGISTER> <REGISTER_COUNT> </pre>
    <tr>
 
        <th width=330; style="border-bottom: 1px solid white;></th>
 
        <th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:IPsec Phase1.png|border|class=tlt-border|742x254px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 4px solid white>
 
# Encryption - '''''AES256;'''''
 
# Authentication - '''''SHA512;'''''
 
# DH group - '''''ECP521;'''''
 
        </td>
 
    </tr>
 
</table>
 
  
----
+
The table below explains what each option means:
<table class="nd-othertables_2">
 
    <tr>
 
        <th width=330; style="border-bottom: 1px solid white;></th>
 
        <th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:IPsec Phase2.png|border|class=tlt-border|748x257px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 4px solid white>
 
# Encryption - '''''AES128;'''''
 
# Authentication - '''''SHA256;'''''
 
# DH group - '''''ECP521;'''''
 
        </td>
 
    </tr>
 
</table>
 
  
==RUT2 (Spoke) configuration==
+
{| class="wikitable"
Login to the RUT2 WebUI, navigate to '''Services → VPN → IPsec''' and '''add a new IPsec instance.''' Configure everything as follows.
+
|1.  Format version
===Instance configuration===
+
|'''1'''
 +
|-
 +
|2. Cookie
 +
|from '''0''' to '''2<sup>64</sup> -1'''
 +
|-
 +
|3. Serial device ID
 +
|a string used to identify a serial device. Must match with <u>Device ID</u> field in MQTT Gateway page Serial gateway configuration section
 +
|-
 +
|4. Timeout
 +
|timeout for Modbus connection, in seconds. Range [1..999].
 +
|-
 +
|5. Slave ID
 +
|Indicates to which slave request is sent
 +
|-
 +
|6. Modbus function
 +
|Modbus task type that will be executed. Possible values are:
 +
        <ul>
 +
            <li><b>1</b> - read coils;</li>
 +
            <li><b>2</b> - read input coils;</li>
 +
            <li><b>3</b> - read holding registers;</li>
 +
            <li><b>4</b> - read input registers;</li>
 +
            <li><b>5</b> - set single coil;</li>
 +
            <li><b>6</b> - write to a single holding register;</li>
 +
            <li><b>15</b> - set multiple coils;</li>
 +
            <li><b>16</b> - write to multiple holding registers.</li>
 +
        </ul>
 +
|-
 +
|7. First register
 +
|number (not address) of the first register/coil/input (in range [1..65536]) from which the registers/coils/inputs will be read/written to.
 +
|-
 +
|8. Registry count
 +
| <li><b>1</b> - <u>coil count</u> (in range [1..2000]); must not exceed the boundary (first coil number + coil count <= 65537);</li>
 +
            <li><b>2</b> - <u>input count</u> (in range [1..2000]); must not exceed the boundary (first input number + input count <= 65537);</li>
 +
            <li><b>3</b> - <u>holding register count</u> (in range [0..125]); must not exceed the boundary (first register number + holding register count <= 65537);</li>
 +
            <li><b>4</b> - <u>input register count</u> (in range [0..125]); must not exceed the boundary (first register number + input register count <= 65537);</li>
 +
            <li><b>5</b> - <u>coil value</u> (in range [0..1]);</li>
 +
            <li><b>6</b> - <u>holding register value</u> (in range [0..65535]);</li>
 +
            <li><b>15</b> - <u>coil count</u> (in range [1..1968]); must not exceed the boundary (first coil number + coil count <= 65537); and <u>coil values</u> separated with commas, without spaces (e.g., <i>1,2,3,654,21,789</i>); there must be exactly as many values as specified (with coil count); each value must be in the range of [0..1].
 +
|}
 +
====Examples====
 
----
 
----
<table class="nd-othertables_2">
+
{| class="wikitable"
    <tr>
+
|Setting relay (on) (Relay address is 202, which means 'Number of first register will be 203)
        <th width=330; style="border-bottom: 1px solid white;></th>
+
|'''1 1 1 1 1 6 203 1'''
        <th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:IPsec SPOKE.png|border|class=tlt-border|742x399px|right]]</th>
+
|-
    </tr>
+
|Getting temperature
    <tr>
+
|'''1 1 1 1 1 3 6 2'''
        <td style="border-bottom: 4px solid white>
+
|}
# '''''Enable''''' instance;
+
Modbus parameters are held within registers. The register numbers and corresponding system values can be found [[RUT955_Monitoring_via_Modbus#Get_Parameters|'''in this article''']].
# Remote endpoint - '''''RUT1 public IP;'''''
 
# Authentication method - '''''Pre-shared key;'''''
 
# Pre-shared key - the '''''same password''''' you have '''''set on''''' '''''RUT1''''' when configuring '''''HUB instance;'''''
 
        </td>
 
    </tr>
 
</table>
 
  
===Connection configuration===
+
==Testing MQTT Publisher and Subscriber on flespi.io==
 +
====Adding Flespi Subscriber====
 
----
 
----
 +
To test the Modbus Serial Gateway functionality, '''log into''' your '''Flespi account''' → '''MQTT Board''' and '''add a Subscriber''':
  
<table class="nd-othertables_2">
+
#Press '''''<nowiki/>'+'''''' button on the top right corner
    <tr>
+
#Select '''''<nowiki/>'Subscriber''''''
        <th width=330; style="border-bottom: 1px solid white;></th>
+
# In the topic field enter '''''<nowiki/>'response''''''
        <th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:IPsec SPOKE Connection.png|border|class=tlt-border|761x280px|right]]</th>
+
#Press '''''<nowiki/>'Subscribe'''''' button
    </tr>
 
    <tr>
 
        <td style="border-bottom: 4px solid white>
 
# Mode - '''''Start;'''''
 
# Type - '''''Tunnel;'''''
 
# '''''Enable''''' '''''default route;'''''
 
# Key exchange - '''''IKEv2;'''''
 
        </td>
 
    </tr>
 
</table>
 
 
 
===Proposal configuration===
 
----
 
<table class="nd-othertables_2">
 
    <tr>
 
        <th width=330; style="border-bottom: 1px solid white;></th>
 
        <th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:IPsec Phase1.png|border|class=tlt-border|742x254px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 4px solid white>
 
# Encryption - '''''AES256;'''''
 
# Authentication - '''''SHA512;'''''
 
# DH group - '''''ECP521;'''''
 
        </td>
 
    </tr>
 
</table>
 
  
 +
[[File:Flespi subscriber.png|border|class=tlt-border|496x204px]]          [[File:Flespi subscriber setup.png|border|class=tlt-border|496x205px]]
 +
====Adding Flespi Subscriber====
 
----
 
----
<table class="nd-othertables_2">
 
    <tr>
 
        <th width=330; style="border-bottom: 1px solid white;></th>
 
        <th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:IPsec Phase2.png|border|class=tlt-border|748x257px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 4px solid white>
 
# Encryption - '''''AES128;'''''
 
# Authentication - '''''SHA256;'''''
 
# DH group - '''''ECP521;'''''
 
        </td>
 
    </tr>
 
</table>
 
  
==Testing the configuration==
+
Also, you will need to '''add a Publisher''':
If you've followed all the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly.
 
  
Using the <code><span class="highlight">'''ipsec status'''</span></code> command we can see that IPsec tunnel is successfully established on both routers. The command output on a '''hub (RUT1)''' device:
+
#Press '''''<nowiki/>'+'''''' button on the top right corner
 +
#Select '''''<nowiki/>'Publisher''''''
 +
#In the topic field enter '''''<nowiki/>'request''''''
 +
#In the message field enter message, for this example '''''<nowiki/>'Getting temperature'''''' is used
 +
#Press '''''<nowiki/>'Publish'''''' button
  
[[File:IPsec statusHUB.png|border|class=tlt-border|839x74px|center]]
+
[[File:Flespi publisher.png|border|class=tlt-border|495x238px]]  [[File:Flespi publisher setup.png|border|class=tlt-border|494x239px]]
 +
====Flespi Subscriber output====
 +
----
 +
Check the response in the '''''<nowiki/>'Subscriber'''''' tab, you should receive a message similar to the one below.
  
The same command output on '''spoke (RUT2)''' device:
 
  
[[File:IPsec status SPOKE.png|border|class=tlt-border|852x105px|center]]
+
[[File:Flespi response.png|border|center|class=tlt-border|500x305px]]
  
Also, as the hub should be reachable by spoke, we can try pinging the hub using <code><span class="highlight" >'''ping 192.168.11.1'''</span></code>:
 
  
[[File:Ping to hub.png|border|class=tlt-border|454x77px|center]]
+
In the output, we can see that router's '''temperature''' is '''44 degrees Celsius'''.
  
== See also ==
+
==See Also==
[[RUTX12_VPN#IPsec|IPsec on Teltonika Networks devices]]
+
*[[RUT955 Monitoring via Modbus#Get Parameters]]
== External links ==
+
*[[RUT955_Modbus#MQTT_Gateway|MQTT Gateway and Modbus]]
[https://openwrt.org/docs/guide-user/services/vpn/strongswan/basics OpenWrt IPsec basics]
+
==External links==
 +
[https://flespi.io/#/ Flespi.io]

Latest revision as of 08:14, 13 September 2023

The information on this page is updated in accordance with the 00.07.4 firmware version .

Summary

In this guide, the MQTT Serial Gateway function will be configured using third-party MQTT Broker services (in this example, Flespi.io).

Configuration overview & prerequisites

  • Two devices with serials ports - one acts as Modbus RTU Master, another as Modbus RTU Slave;
  • Flespi.io account to act as an MQTT Broker/Publisher/Subscriber (for first configuration example);
MQTT Serial gateway topology v2.png

RUT2 will act as a Modbus RTU slave and RUT1 as a Modbus RTU Master. On RUT1, MQTT Serial Gateway will be configured to transfer Modbus data over MQTT. Flespi.io platform will serve as an MQTT Broker

RUT2 configuration

Configuring Modbus RTU Slave

Go to Services → Modbus → Modbus RTU Slave and create a new instance.

  1. Enter the desired instance name;
  2. Select the desired serial interface.
855 × 308px

RUT1 configuration

Configuring MQTT Gateway

Go to Services → Modbus → MQTT Gateway and there:

  1. Enable the instance;
  2. Enter Host (copied from flespi connection settings without 'wss://' and port);
  3. Enter Username (Copied from flespi Connection settings generated token);
  4. Enter Password.
862 × 412px

Note: Everything else can be left as default or changed according to your needs.

Configuring Serial Gateway

Under the MQTT Gateway configuration, create the Serial Gateway:

  1. Enter the desired device ID;
  2. Select the desired serial interface.
868×308px

Configuring Flespi.io MQTT Broker

Log in or create an account on https://flespi.io;

  1. Navigate to MQTT Board on the left side menu;
  2. On the right-hand panel, top right corner, next to the name of the MQTT board, press the cogwheel-looking icon to open Connection Settings;
  3. In the opened window, press "Get flespi token" to generate a username;
  4. Enter the Client name;
  5. Copy the Host address;
  6. Copy Username;
  7. Create a password.

Once done, save all the changes.

Flespi board.png

Message format for MQTT publisher

Modbus request data sent in the MQTT payload should be generated in accordance with the following format: 

1 <COOKIE> <SERIAL_DEVICE_ID> <TIMEOUT> <SLAVE_ID> <MODBUS_FUNCTION> <FIRST_REGISTER> <REGISTER_COUNT>

The table below explains what each option means:

1. Format version 1
2. Cookie from 0 to 264 -1
3. Serial device ID a string used to identify a serial device. Must match with Device ID field in MQTT Gateway page Serial gateway configuration section
4. Timeout timeout for Modbus connection, in seconds. Range [1..999].
5. Slave ID Indicates to which slave request is sent
6. Modbus function Modbus task type that will be executed. Possible values are:
  • 1 - read coils;
  • 2 - read input coils;
  • 3 - read holding registers;
  • 4 - read input registers;
  • 5 - set single coil;
  • 6 - write to a single holding register;
  • 15 - set multiple coils;
  • 16 - write to multiple holding registers.
7. First register number (not address) of the first register/coil/input (in range [1..65536]) from which the registers/coils/inputs will be read/written to.
8. Registry count
  • 1 - coil count (in range [1..2000]); must not exceed the boundary (first coil number + coil count <= 65537);
  • 2 - input count (in range [1..2000]); must not exceed the boundary (first input number + input count <= 65537);
  • 3 - holding register count (in range [0..125]); must not exceed the boundary (first register number + holding register count <= 65537);
  • 4 - input register count (in range [0..125]); must not exceed the boundary (first register number + input register count <= 65537);
  • 5 - coil value (in range [0..1]);
  • 6 - holding register value (in range [0..65535]);
  • 15 - coil count (in range [1..1968]); must not exceed the boundary (first coil number + coil count <= 65537); and coil values separated with commas, without spaces (e.g., 1,2,3,654,21,789); there must be exactly as many values as specified (with coil count); each value must be in the range of [0..1].

    • Examples

    Setting relay (on) (Relay address is 202, which means 'Number of first register will be 203) 1 1 1 1 1 6 203 1
    Getting temperature 1 1 1 1 1 3 6 2

    Modbus parameters are held within registers. The register numbers and corresponding system values can be found in this article.

    Testing MQTT Publisher and Subscriber on flespi.io

    Adding Flespi Subscriber

    To test the Modbus Serial Gateway functionality, log into your Flespi accountMQTT Board and add a Subscriber:

    1. Press '+' button on the top right corner
    2. Select 'Subscriber'
    3. In the topic field enter 'response'
    4. Press 'Subscribe' button

    Flespi subscriber.png Flespi subscriber setup.png

    Adding Flespi Subscriber

    Also, you will need to add a Publisher:

    1. Press '+' button on the top right corner
    2. Select 'Publisher'
    3. In the topic field enter 'request'
    4. In the message field enter message, for this example 'Getting temperature' is used
    5. Press 'Publish' button

    Flespi publisher.png Flespi publisher setup.png

    Flespi Subscriber output

    Check the response in the 'Subscriber' tab, you should receive a message similar to the one below.


    Flespi response.png


    In the output, we can see that router's temperature is 44 degrees Celsius.

    See Also

    External links

    Flespi.io

    Retrieved from "https://wiki.teltonika-networks.com/index.php?title=Domnev&oldid=111434"