OPC UA Reverse Connect Settings
| Note
PLCnext Technology controllers with a firmware version 2023.0 or newer support the Reverse Connect feature according to Part 6 of the OPC Unified Architecture specification. |
Reverse connect enables an OPC UA server to initiate the connection to an OPC UA client, fundamentally reversing the traditional client-server connection establishment roles. This functionality is crucial for connecting servers in secured industrial networks, such as those behind firewalls, where inbound connections are restricted, allowing for secure communication and simplified network security configurations.
For Reverse Connect an OPC UA client needs to listen on a TCP port for connections from one or more OPC UA servers. An OPC UA server on the other side continuously tries to establish a communication channel to a list of known OPC UA clients that are identified by an URL with IP address and port. Based on such a channel, the client can create a session using the same services as it does in the normal case. After the session is established, it can be used as if it was established from client to server. Since the server is continuously trying and the client is continuously waiting, the order, in which client and server are started is not important.
A list of URLs of the clients that have explicit permission to establish the client-sever-connection can be specified in the 'Reverse connect' category of the 'Server Settings' editor. To enable the specification of the client URLs (maximum 5 clients can be specified), select 'Enabled' from the 'Reverse connect' drop-down list. Specify a client URL by selecting 'Yes' from the 'Enable' drop-down list and entering the URL in the following form:
opc.tcp://<address>:<port>
<address> is the IP address or host name of the client and <port> is the port on that the client waits for the connection. Ensure that the port is not used by other applications on the PC.