How to use machineconnect

This document explains how to install and use machineconnect


machineconnect is our certified device used for the connection of PLCs and installed in the switch cabinet of the machine.

The idea behind machineconnect is to protect the PLC and all components with an additional firewall. Therefore, it is not accessible from outside of machineconnect except explicitly configured in the firewall.


  • Industrial Edge Computer
    • With DIN rail mounting and 24V
    • Vibration resistent according to IEC 60068-2-27, IEC 60068-2-64/ MIL-STD-810, UNECE Reg.10 E-Mark, EN50155
    • Increased temperature range (-25°C ~ 70°C)
  • Open source core installed and provisioned according to customer needs (e.g. MQTT certificates) in production mode (using k3OS)
  • Additional security layer for your PLC by using OPNsense (incl. Firewall, Intrusion Detection, VPN)
  • 10 years of remote VPN access via our servers included

Physical installation

  1. Attach wall mounting brackets to the chassis
  2. Attach DIN Rail mounting brackets to the chassis
  3. Clip system to the DIN Rail
  4. Connect with 24V power supply
  5. Connect Ethernet 1 with WAN / Internet
  6. Connect Ethernet 3 with local switch (if existing). This connection will be called from now on “LAN”.
  7. (optional, see connection to PLC. If skipped please connect the PLC to Ethernet 3) Connect Ethernet 2 with PLC. This connection will be called from now on “PLC network”.

Verify the installation by turning on the power supply and checking whether all Ethernet LEDs are blinking.

Connection to the PLC

There are two options to connect the PLC. We strongly recommend Option 1, but in some cases (PLC has fixed IP and is communicating with engine controllers or HMI and you cannot change the IP adresses there) you need to go for option 2.

  1. Configure the PLC to retrieve the IP via DHCP
  2. Configure OPNsense to give out the same IP for the MAC-address of the PLC for LAN. Go to Services –> DHCPv4 –> LAN and add the PLC under “DHCP static mappings for this device”

Option 2: The PLC has a static IP, which cannot be changed

New method

This method should be quicker

  1. Add a new interface for the PLC network
  2. Add a new route with the target being the PLC IP and as gateway the automatically created gateway for the PLC (will not be shown by default, need to enter PLC_GW to be shown)
  3. Make sure to activate the gateway:
  4. Change NAT to “Hybrid outbound NAT rule generation” and add a NAT for PLC, Source the LAN network, Destination the PLC
  5. Test if the PLC is reachable
  6. That’s it

Old method

  1. Adding a new interface for the PLC network, e.g. “S7”.
  2. Adding a new gateway (see screenshot. Assuming is the IP of the PLC and the above created interface is called “S7”)
  3. Adding a new route (see screenshot and assumptions of step 2)
  4. Changing NAT to “Manual outbound NAT rule generation” (see screenshot and assumptions of step 2)
  5. Add firewall rule to the PLC interface (see screenshot and assumptions of step 2)
  6. Add firewall rule to LAN allowing interaction between LAN network and PLC network

If you are struggling with these steps and have bought a machineconnect from us, feel free to contact us!

Next steps

After doing the physical setup and connecting the PLC you can continue with part 3 of the getting started guide.

Last modified May 12, 2022: fix: doc build 2 (#1088) (95154fe)