Connect IDE to Runtime¶
- Connection is described by the URI_location in project’s configuration.
Open project tree root -> Config tab -> URI_location
eRPC¶
eRPC (Embedded RPC) is an open source Remote Procedure Call (RPC) developed by NXP.
In case of Beremiz, Runtime is the eRPC server and IDE is a client. Transport can be either TCP/IP or Serial.
URI_location for eRPC:¶
ERPC://host[:port]unencrypted connection. Default port is 3000.This connection is highly unsecure, and should never be used on untrusted network. It is intended to be used on peer to peer connection such as ethernet over USB, for initial pairing with IDE.
ERPCS://host[:port]SSL-PSK encrypted connection.Default port is 4000.
LOCAL://starts local runtime and connect with it through TCP/IPbound to Localhost using random port.
SSL-PSK setup:¶
In order to provide practical secure communication in between runtime and IDE TLS-PSK connection according to rfc4279.
Server (runtime)¶
PSK ciphersuite avoids the need for public key operations and certificate management. It is perfect for a performance-constrained environments with limited CPU power as a PLC.
Stunnel is used to wrap unencrypted eRPC server
into an TLS-PSK SSL socket. Hereafter is stunnel.conf:
[ERPCPSK]
accept = 4000
connect = 127.0.0.1:3000
ciphers = PSK
sslVersion = TLSv1.2
PSKsecrets = psk.txt
List PSK ciphers available in server’s openssl:
openssl ciphers -s -psk -tls1_2
Launch stunnel:
stunnel ./stunnel.conf
Client (IDE)¶
Compare client’s available openssl PSK ciphers with Server’s ciphers. At least a few of them should match:
openssl ciphers -s -psk -tls1_2
Use unencrypted peer-to-peer connection such as network over USB or simple Ethernet cable, connect an obtain PSK:
ERPC://hostname[:port]
Then use Identity Management dialog in IDE to select matching ID and generate
ERPCS URI:
ERPCS://hostname[:port]#ID
WAMP¶
WAMP is an open standard WebSocket subprotocol that provides two application messaging patterns in one unified protocol: Remote Procedure Calls + Publish & Subscribe.
Beremiz WAMP connector implementation uses python autobahn module, from the crossbar.io project.
Both IDE and runtime are WAMP clients that connect to crossbar server through HTTP.
URI_locationfor WAMP:WAMP://host[:port]#realm#IDWebsocket over unencrypted HTTP transport.WAMPS://host[:port]#realm#IDWebsocket over secure HTTPS transport.