Setting up the OVPN certificate

---

OVPN certificates are used to gain access to the DVM interface of the data logger. These must be installed on the router on the system. It can then be verified whether the Modbus requests are arriving from our direct marketing server.

---

Install VPN certificate on Teltonika RUT241

1. upload certificate

1.1 Services → VPN →OVPN

1.2 Add new instance as role “Client”

1.3 Enable, Enable config from file, upload VPN certificate

1.4 Status must be connected

---

How do I verify that Modbus requests are arriving from the VPN?

1. System → Administration → Access Control

2. enable CLI

3. System →CLI

3.1 Login: root

3.2 Password: webpassword

4. Enter “ifconfig”.

5. Check if VPN network is available

6. Ping the VPN server

6.1 Enter “ping 10.76.0.1” and press en

6.2 If ping is successful, there is a connection to the VPN server

7.Install tcpdump

7.1 Execute “opkg update

7.2 Execute “opkg install tcpdump”

8. check requests from the VPN with tcpdump

8.1 “tcpdump -i <vpninterfacename>” → “tcpdump -i tun_c_wwtest”

8.2 Here you can see a connection attempt that was not answered successfully. 10.76.1.104:502 →10.76.0.1 | length 0

8.3 At this point it is verified that requests arrive from our server. If no requests are received here (minute interval), the interface on the Amperecloud side may not yet be activated. In this case, Amperecloud Support must be contacted.

8.4 This is what successful communication will look like later if a port forwarding rule has been set up accordingly:

---

Set up port forwarding rule

1 Network → Firewall → Port forwarding

1.1 Create a new rule: This is used to forward the requests from the VPN network through the firewall to the DV interface of the system.

1.2 Save twice!

---

How do I verify that Modbus requests arrive at the DV interface?

Example system: Altenbeken Ahlemeyer E82 wind turbine (Brockmann Wind)

This can be done again with tcpdump:

1. log into the CLI

2. “tcpdump host <IP of the DVM interface> and tcp port <port of the dvm interface>” → “tcpdump host 192.168.1.202 and tcp port 502”

As soon as a communication can be seen here, the requests arrive at the DV interface. It is important that length has a value > 0. You can now check in the platform whether data streams are available for the data logger. If the requests arrive but are not answered, it can help to set up a SNAT.

---

Setting up SNAT

It may be that some Modbus interfaces only respond to requests from the local network. To do this, the requests from the VPN must be masked using SNAT.  

1. Network→Firewall→Traffic Rules

---

2. Save twice!

If you still do not see any two-way communication, you should verify again with AC that the correct DVM interface is activated. If this is set correctly, the manufacturer of the interface must be contacted.

---

Check data input in the platform

Once the certificate has been successfully installed and Modbus communication has been successfully verified, the data streams enter the platform on the respective data logger. As a rule, the data stream for Pac (active power) must be mapped to the system level.

---

Need More Help?

If you encountered any difficulties or need further assistance, here are some steps you can take:

Contact Support:

• Email: Reach out to our support team by emailing us at support@amperecloud.com. Provide as much detail as possible about the issue you're facing.

Phone Support:

• Call our customer service at

  +49 30 6293 77201. Our support hours are Monday to Friday, 9 AM to 5 PM (local time).

---

Share Your Feedback

If this article didn’t meet your needs or if you have suggestions on how we can improve, please let us know by submitting feedback. Your input helps us enhance our resources and support.