SSC Data Link Tunnel Set Up and Usage
Checklist for Commissioning
The following preconditions must be met in order to put a SSC Data Link Tunnel into operation.
Precondition | Note |
|---|---|
Edge Device must have minimum OS Image Version 24.05.0. | |
Host IP address from the GREEN network must be known | This is the IPv4 from the Edge Device on GREEN interface, you can find this information in Cockpit UI. |
Free IP address range for DataLink clients must be known, inside the GREEN network. | The GREEN network should have 5-10 IPv4 endpoints that are free and available. The service technician should know which addresses are free to use. |
SSC Data Link Tunnel Extension Application has to be set up for the Asset / Machine. | Service Provider: https://symmedia.atlassian.net/wiki/x/P4HuGQQ |
SSC DataLink Client Installer MSI for Windows must be installed with Administrator rights. | The latest SSC DataLink Client MSI must be downloaded. |
Target IPv4 addresses and target ports for the machine / control must be known for configuration. |
Commissioning
Configure the Tunnel Connection
Install SSC Tunnel Client (DataLink)
To use the DataLink Client, you must download and install the SSC Tunnel Client (DataLink) MSI. You need administrator rights on the computer on which you are installing the client. You can find the SSC DataLink Client on the Portal Download page.
Establish a DataLink Tunnel Connection
To use a tunnel connection within an Operator Tenant, Remote Access must be activated on the corresponding Asset.
As a Service Provider, you can use Remote Access when a shared Service Case has been opened for the respective machine and Remote Access has been enabled by the Operator.
Then, you can select the corresponding Data Link Tunnel configuration and press the Start button. The SSC Data Link Client should then start automatically on the client computer.
Example Setups
| Tunnel Endpoint in Machine Network (GREEN network) | Tunnel Endpoint in public Network (RED network) |
|---|---|---|
Description | Tunnel Endpoint in Machine Network (GREEN network)This illustrates a typical Data Link Tunnel connection. The accessible machine endpoints are located in the GREEN machine network. In this case, the technician wants a tunnel connection from TIA Portal, which is running locally on the technician's laptop, to the S7 CPU. The Edge Device has the host IPv4: Once the tunnel is successfully established, the local Data Link client automatically connects to the tunnel entry point ( Afterwards, the remote machine endpoint (S7 CPU) will be reachable from the technician's laptop. The technician can then connect to the S7 CPU from the TIA Portal. The technician's laptop then has the address 192.168.214.190 and is part of the machine network. The laptop then has access to the S7 CPU (IP address 192.168.214.128). | This example describes a scenario in which the remote machine's endpoint is in the RED network. The technician wants to access the S7 CPU at the remote address The Edge Device has the host IPv4: Limitations Unlike the previous scenario, using TIA Portal with an S7 CPU over the public network has some limitations. If the network only supports Layer 3 (IP) communication, some TIA Portal features will not work as expected:
After the tunnel has been successfully established, the local Data Link client will automatically connect to the tunnel entry point ( To reach the target machine endpoint, a route must be added locally on the Windows laptop. The Windows Afterwards, the technician's laptop will have the address 192.168.214.190, meaning it will be part of the machine network. The local route to the remote machine endpoint should then be set. From there, the technician can connect from the TIA Portal to the S7 CPU on 10.10.10.176. |
Tunnel Configuration | Tunnel Type: Data Link Tunnel Remote IP: 192.168.214.128 Remote Port: 102 Local IP: 127.0.0.1 Local Port: 11102 Remote Start IP Address (IPv4): 192.168.214.190 Remote Start IP Address (IPv4): 192.168.214.194 Loglevel Data Link Server: 3 | Tunnel Type: Data Link Tunnel Remote IP: 10.10.10.176 Remote Port: 102 Local IP: 127.0.0.1 Local Port: 11102 |
Architectur |  Click to enlarge. | Click to enlarge.
|
After the SSC DataLink Tunnel Client was started, the connection to the Tunnel Cloud Service will be established.
Troubleshooting
The SSC Data Link Tunnel relies on multiple interconnected components, which means issues can often stem from missing or incorrect prerequisites. Before diving into detailed troubleshooting, verify that all required preconditions are met.
If these checks pass and the problem persists, you’ll find additional guidance in the table below, which lists common issues and recommended solutions.
Problem | Solution |
|---|---|
The SSC Tunnel Client starts very slowly on Windows. | Add the SSC Client to the Windows Defender exclusion list because Windows Defender scans the SSC Client after it starts. |
Error message in SSC Client: Can not configure local route: Failed to set local route. | This could be a problem with the Windows Service SSC Data Link Service:
|
The ssc-data-link-tap interface is not available on Windows. | New installation of the SSC DataLink Client with MSI installer package |
After a Windows upgrade, the ssc-data-link-tap interface may not be working correctly or may be missing. | Contact the symmedia Support. |