Can't Connect Ignition to the EPIC PR1

We’ve decided to move to the EPIC instead of using the PAC R2. We’ve always been able to connect to the PAC as an OPC device in Ignition using the Cirrus Link driver. Not any more. I can connect to the EPIC locally and download a strategy but Ignition won’t connect remotely no matter what port I use. I’ve tried 80, 443, 8502, and 22001. The firewall is setup to allow all those ports but no luck. I know my router is configured correctly because I have at least a dozen PACs in production and they all work fine.

What else do I need to do?

Thanks

If you want to use Ignition in EPIC to get the tag data from the PAC R2, you will need to be SURE that you have the public tag checked in each variable or I/O point that you want Ignition to pick up from the R2 strategy…
Then re-download the strategy.
Then restart the PAC/EPIC module in Ignition, then your PAC R2 tags will show up as you are expecting.
(And use port 22001 - the default).
And you will need to ensure your PAC R2 is using at least R9.5 firmware (from memory).

I don’t want to use the EPIC to connect to a PAC R2, I want to use the EPIC in place of the PAC R2. In the past we’ve put the PAC onsite (we’re in agriculture) and used our Ignition server (an Azure virtual machine) to connect to it and pull the tag data. Works great. Does the EPIC not act like a PAC?

Yes. Same same.
Just make sure sure your EPIC strategy has public tags (the Ignition module reads an invisible table of public variables at start up - ie, everything with a tick in the make pubic check box) and you should be up and running.
I am not sure about the Azure VM - does it run Ignition and have the PAC/EPIC module installed?

Do you have a port forward rule on the site router to point to the EPIC on 22001?
Are you using both networks on the EPIC? Or just the one?
Sounds like the VM cant see the EPIC…

EDIT. was the VM getting the variable via the PAC R2 RESTful interface?

All of the above are correct. Like I said, I have a dozen PACs deployed all over the California Central Valley using the environment I just described. The only difference is that I can connect to my PACs and grab all my public tags using the Cirrus Link driver no problem. Ignition doesn’t even see the EPIC at all either as a modbus device using port 8502 or an Opto22 device using port 22001.

Hmmm… Does the Azure VM run Ignition?
I am still unsure what it does and how it is addressing / accessing the Opto hardware.

It just sounds like a networking issue to me at this point.
EPIC = PAC. (Well, when it comes to accessing public tag variables).

Yes. The Azure VM is running a full blown version of Ignition server. We’ve been using Ignition for two years now. It provides the HMI and our Opto22 devices supply the data. We’ve never had an issue connecting to our PACs and we have used cellular modems, ISP connections, and every other Internet connection that a farmer can get to their location. We’ve always been able to port forward to our PACs with no problem. In this case, the EPIC isn’t even deployed yet, it’s on our test bench.

I think it’s a network issue too. Since we work over large geographical areas we have a lot of experience with remote access. One of our associates is going to try the port forwarding on his bench using his EPIC so we’ll see if he’s successful.

I’ll keep you posted. Thanks as always for all the help.

Sounds really really really perfect for an MQTT SpB deployment, but fully understand if you don’t want to roll that out just yet.
Also sounds like you are all over it and have some chops when it comes to remote deployment.
EPIC really needs its firewall settings done right.
Make sure you are using ETH0 or ETH1 to the site router. ETH0 is probably the best bet. ETH1 is the un-trusted (internet) interface and is a lot more ‘blocked’ by default.
Are you using both interfaces on the EPIC? ie, one to the OT network and one to the IT network?
(Some people use ETH1 as the main interface and have issues - just checking in with what you are using).
Also, depending on which interface you are using, you might need to tweak your gateway/DNS settings.
If set wrong, your EPIC might not be able to resolve the domain name of your AZURE VM.

Tip: Use the networking tools in groov Manage to both ping and trace route to the port of the VM to ensure you have a path to it.

Hope that helps, and as usual, lets know how you get on. (Opto is keeping an eye on the forums over the holidays, so just post).

What I’m finding is that using the network tools in Groov Manage like ping, tracert, and nslookup, none of them work. However, I have Internet access on the PC I’m using to connect to the EPIC and we’re both on the same subnet along with the router. Why wouldn’t i be able to ping out from the EPIC to say 8.8.8.8 and yet do the same on my PC? Can I disable the EPIC firewall?

Edit: I also just noticed the EPIC is unlicensed. It’s still in trial mode. Would that make a difference?

Ah. That is a MAJOR key.
No, the license is only for groov View and we are not there yet.
The fact that the network tools don’t work are (as I said) a HUGE clue.
Can you do an ‘ipconfig’ on the PC and double it check it with the settings in EPIC groov Manage?
Clearly the PC and the EPIC have VERY different settings. (And that’s the core of the issue).

OK. Here are the EPIC settings

Here are the PC settings. Tell me why these are wrong?

Here is a ping from the PC:

image

Here is a ping from the EPIC: Same subnet, same router, same everything.

Has to be the firewall in the EPIC. How do I turn it off or allow all traffic in and out?

Sorry for the delay getting back to you… .Lots going on tonight…
Thanks for all the info and screenshots, it certainly points to a networking issue on the EPIC… Just need to figure our what.

Keep in mind that the firewall only stops inbound packets. Not outbound (like ping).
So, in your example, the lack of a ping response on the EPIC has nothing do with the firewall. It’s a pure gateway/routing issue. For some reason the EPIC simply cant out to the internet. (ie, 8.8.8.8)
With that then, we are looking at what is stopping the EPIC from finding that IP address.

Is there another firewall at the location that the EPIC is at that is not at your other locations?
I’m sure it is, but I just have to ask… is the EPIC plugged into the EXACT same switch at the computer in the screenshots? It just seem too odd to me that the EPIC and PC have the same settings yet cant get a response to its ping…

As an IT guy with over 30 years experience it seems pretty odd to me too. :smirk:. I’m going to move this EPIC to a completely different environment; different router, different switch, different ISP and I’ll let you know what I find out. I suspect it’s something in the current one which is causing the issue. Thanks again for all the help.

Success! I moved the EPIC to new environment and it still didn’t work so I reset it to factory and configured it for the new environment and voila! it worked. Not sure why it stopped working in the original environment but I’m going to move it back and see if we have the same issue. But in the meantime everything works: All the network tools, port forwarding and Ignition connectivity.

Thanks again for all the help! Much appreciated.

Sweet.
Thanks for dropping back and letting us know.
Bit odd, its Linux, it should not need rebooting, but yeah, something got hosed up on the network side by the sounds of it.
Good to make progress!