Control Network Newsletter
Secure Remote Access to BACnet Systems without a BBMD
BridgeVPN allows users to set up and maintain secure access to a remote site without subscription fees or the need for a cloud-based VPN server. Contemporary Controls' EIGR-VB Gigabit IP router can be configured as a VPN server with Layer 2 bridge mode that allows passage of multicast and broadcast messages which eliminates the need for a BACnet/IP Broadcast Management Device (BBMD).
Operating in OpenVPN® server mode, the EIGR-VB supports bridge mode where up to 10 VPN clients (Windows/Linux PCs) are bridged to the router's LAN side and assigned an IP address from the LAN subnet. This provides the same application experience as if the client devices were part of the EIGR-VB's LAN and allows passage of multicast and broadcast messages through the VPN tunnel without the need for a BACnet/IP Broadcast Management Device (BBMD).
Example —Building Automation System Using Wired Remote Access
A Windows or Linux PC in your office running OpenVPN client software behind a firewall connects to your EIGR-VB OpenVPN server over the Internet. The PC can communicate over BridgeVPN to any IP device used in building automation systems, such as BACnet controllers or routers, on the IP router's LAN ports. Ethernet switches can be used to add more devices. The VPN clients (up to 10 Windows/Linux PCs in OpenVPN client mode) are bridged to the LAN side and are provided an IP address from the LAN subnet which provides the same application experience as if the client device were part of the LAN of the EIGR-VB. This allows passage of multicast and broadcast messages through the VPN tunnel. The PC can easily run BACnet client applications to discover and communicate with BACnet devices at the remote site. Since the PC VPN interface is on the same subnet as the EIGR-VB LAN, there is no need for a BBMD. This provides secure access to BACnet devices over a VPN without the intricacies of setting up the BBMD device along with the cost savings of the BBMD device.
In addition to the BridgeVPN solution, Contemporary Controls offers a Self-HostedVPN solution which allows network savvy customers to set up and maintain their own wired or wireless remote access for multiple clients – up to 15 wired/cellular IP routers in OpenVPN client mode and 15 OpenVPN clients on PC/tablet/phone.
Contemporary Controls' RemoteVPN subscription service provides secure communication and the convenience of remote access without having to maintain the VPN server. Hosted on the Internet and maintained by Contemporary Controls, RemoteVPN incorporates a cloud-based OpenVPN server, OpenVPN clients for workstations and mobile devices, and OpenVPN routers installed at job sites.
To learn more, visit the BridgeVPN product page.