OPCUA Communication Issue

David_Brown · April 29, 2025, 8:39pm

Hi, I have two VM that I am try to communicate with via OPCUA client. One VM is hosting ignition while the other I have a python script that is trying to read and write tags to ignition. The issue I am having is that the OPCUA server in ignition is using the localhost IP address and not the IP address from the DHCP server. Can anyone let me know how this issue can be resolved? Thanks

pturmel · April 29, 2025, 8:47pm

The appropriate setting is found under Config => OPC UA => Server Settings => Endpoint Configuration.

Change the Bind Addresses to 0.0.0.0 to listen on all interfaces.

You will likely want to also change security settings.

Be aware that some hypervisors prevent VM to VM communications by default.

David_Brown · April 29, 2025, 9:03pm

Hi, Thanks for your response I did set the binding to 0.0.0.0. See settings in the image. I am able to ping both VMs with no issue

pturmel · April 29, 2025, 9:05pm

Did you restart the gateway after changing the bind address? (It does not take immediate effect.)

David_Brown · April 29, 2025, 9:21pm

Hi, I did but still got communication timeout. The IP address of my laptop is 192.168.XX.XX which I placed in the script. However, it is not working and I am not sure why? Just to let you know that I am new to ignition

David_Stone · April 29, 2025, 9:33pm

I could be wrong here, but I have never seen URL based authentication on an OPCUA server.
Especially at the discovery level. I would modify your script so it is using opc.tcp://192.168.80.128:62541/discovery

David_Brown · April 29, 2025, 9:39pm

Hi, I made modification to my script and got the same results. See my script below

David_Stone · April 29, 2025, 9:40pm

Have you opened the firewall on your Ignition server on port 62541?

David_Brown · April 29, 2025, 11:58pm

Hi, I added the port to the firewall. However, I got the error shown below

David_Stone · April 30, 2025, 12:03am

Now you are getting somewhere, you are connecting to the server, but it is refusing your connection.

Try removing the word 'discovery' from your URL.

Kevin.Herron · April 30, 2025, 12:03am

I think it's probably the opposite - he doesn't have it but needs it.

David_Stone · April 30, 2025, 12:04am

It's in the last screenshot he had.

David_Brown · April 30, 2025, 12:44am

Hi, Do you think that this error has to do with the trust certificate

Kevin.Herron · April 30, 2025, 12:47am

It doesn't.

I missed the last screenshot and was looking at the one with the code.

It means your client is trying to open a session against the discovery endpoint, which only supports the discovery services.

This means your client isn't paying attention to the endpoint URLs that are returned by the GetEndpoints service.

It looks like you're using the legacy python UA library instead of the supported asyncua library. I thought they had fixed this at some point.

If not, you'll have to configure the Ignition OPC UA server to allow unsecured connections (change the Security Policies to None, Basic256Sha256) and then just point your client and the non-discovery URL once the server has been restarted and allows unsecured connections.

David_Brown · April 30, 2025, 1:17am

Hi, when I change the security policies to none, Basic256Sha256 the server goes into fault. This is the setting I have for the server

Kevin.Herron · April 30, 2025, 1:25am

Can you screenshot the server settings page where you changed the security policies?

David_Brown · April 30, 2025, 1:28am

Sure, is this what you are looking for

Kevin.Herron · April 30, 2025, 1:31am

So you didn’t change anything then?

David_Brown · April 30, 2025, 1:36am

I did but as soon as I changed the settings. The server went into fault

Kevin.Herron · April 30, 2025, 1:42am

It seems you are changing settings on the OPC UA connection Ignition has to its own server, not on the server itself.

You need to change the settings from the other screenshot. None, Basic256Sha256 in the security policies setting.