OPCUA Communication Issue

Hi, I have two VM that I am try to communicate with via OPCUA client. One VM is hosting ignition while the other I have a python script that is trying to read and write tags to ignition. The issue I am having is that the OPCUA server in ignition is using the localhost IP address and not the IP address from the DHCP server. Can anyone let me know how this issue can be resolved? Thanks

The appropriate setting is found under Config => OPC UA => Server Settings => Endpoint Configuration.

Change the Bind Addresses to 0.0.0.0 to listen on all interfaces.

You will likely want to also change security settings.

Be aware that some hypervisors prevent VM to VM communications by default.

Hi, Thanks for your response I did set the binding to 0.0.0.0. See settings in the image. I am able to ping both VMs with no issue

Did you restart the gateway after changing the bind address? (It does not take immediate effect.)

Hi, I did but still got communication timeout. The IP address of my laptop is 192.168.XX.XX which I placed in the script. However, it is not working and I am not sure why? Just to let you know that I am new to ignition
image

I could be wrong here, but I have never seen URL based authentication on an OPCUA server.
Especially at the discovery level. I would modify your script so it is using opc.tcp://192.168.80.128:62541/discovery

Hi, I made modification to my script and got the same results. See my script below

Have you opened the firewall on your Ignition server on port 62541?

Hi, I added the port to the firewall. However, I got the error shown below

Now you are getting somewhere, you are connecting to the server, but it is refusing your connection.

Try removing the word 'discovery' from your URL.

I think it's probably the opposite - he doesn't have it but needs it.

It's in the last screenshot he had.

Hi, Do you think that this error has to do with the trust certificate

It doesn't.

I missed the last screenshot and was looking at the one with the code.

It means your client is trying to open a session against the discovery endpoint, which only supports the discovery services.

This means your client isn't paying attention to the endpoint URLs that are returned by the GetEndpoints service.

It looks like you're using the legacy python UA library instead of the supported asyncua library. I thought they had fixed this at some point.

If not, you'll have to configure the Ignition OPC UA server to allow unsecured connections (change the Security Policies to None, Basic256Sha256) and then just point your client and the non-discovery URL once the server has been restarted and allows unsecured connections.

Hi, when I change the security policies to none, Basic256Sha256 the server goes into fault. This is the setting I have for the server

Can you screenshot the server settings page where you changed the security policies?

Sure, is this what you are looking for

So you didn’t change anything then?

I did but as soon as I changed the settings. The server went into fault


It seems you are changing settings on the OPC UA connection Ignition has to its own server, not on the server itself.

You need to change the settings from the other screenshot. None, Basic256Sha256 in the security policies setting.