TeamViewer VPN Configuration Guide

Remote Access to Siemens S7-1200 PLC via TeamViewer VPN

This guide explains how to configure TeamViewer VPN to remotely access industrial PLCs (specifically Siemens S7-1200) that are on a remote local network.

---

⚠️ Important Notes

• TeamViewer VPN requires TeamViewer License (Premium, Corporate, or Tensor)
• Free version does NOT support VPN feature
• This guide assumes you have a valid TeamViewer license
• PLC programming requires TIA Portal or STEP 7
• Industrial network security best practices should be followed

---

Network Topology

Your Computer (Engineer/Programmer)
    ↓ (Internet)
TeamViewer VPN Connection
    ↓ (Virtual VPN Tunnel)
Remote Gateway PC (with TeamViewer)
    ↓ (Local Network: 192.168.10.0/24)
Siemens S7-1200 PLC (192.168.10.100)

---

Prerequisites

Software Requirements

On Your Computer (Client):

• TeamViewer (Full version with VPN license)
• TIA Portal V16/V17/V18 or STEP 7
• Windows 10/11 or Linux with Wine (for TIA Portal)

On Remote Gateway PC:

• TeamViewer (Full version with VPN license)
• Windows 7 or later / Linux
• Access to 192.168.10.0/24 network where PLC is located
• Must be always running and connected to internet

Network Requirements

• Remote PC must have network access to PLC network (192.168.10.0/24)
• PLC must be reachable from remote gateway PC
• Firewall rules allowing TeamViewer VPN traffic
• Static IP recommended for PLC (e.g., 192.168.10.100)

---

Information to Collect

Before starting, gather this information:

Remote Gateway PC Information:

• TeamViewer ID: _________________
• Computer Name: _________________
• Local IP Address: _________________ (e.g., 192.168.10.50)
• Network Interface connected to PLC network: _________________ (e.g., eth0, Ethernet)
• Gateway/Router IP: _________________ (e.g., 192.168.10.1)

PLC Network Information:

• PLC Network Subnet: _________________ (e.g., 192.168.10.0/24)
• PLC IP Address: _________________ (e.g., 192.168.10.100)
• PLC Subnet Mask: _________________ (e.g., 255.255.255.0)
• Other devices on network: _________________

TeamViewer VPN Information:

• Your VPN IP (assigned by TeamViewer): _________________ (e.g., 7.x.x.x)
• Remote PC VPN IP (assigned by TeamViewer): _________________ (e.g., 7.x.x.x)

---

Step-by-Step Configuration

Part 1: Remote Gateway PC Setup

STEP 1: Install TeamViewer on Remote Gateway PC

For Windows:

1. Download TeamViewer from https://www.teamviewer.com
2. Install with "Install to access this computer remotely" option
3. Set up unattended access with password
4. Configure to start with Windows

For Linux (Debian/Ubuntu):

# Download TeamViewer
wget https://download.teamviewer.com/download/linux/teamviewer_amd64.deb

# Install
sudo dpkg -i teamviewer_amd64.deb
sudo apt-get install -f

# Start TeamViewer
teamviewer

# Enable daemon for unattended access
sudo teamviewer daemon enable

For Linux (CentOS/RHEL):

# Download TeamViewer
wget https://download.teamviewer.com/download/linux/teamviewer.x86_64.rpm

# Install
sudo yum install ./teamviewer.x86_64.rpm

# Start TeamViewer
teamviewer

---

STEP 2: Configure TeamViewer for Unattended Access

1. Open TeamViewer
2. Go to Extras → Options
3. General Tab:
   • Set TeamViewer to start with system
   • Enable "Start TeamViewer with Windows/System"
4. Security Tab:
   • Set a strong password for unattended access
   • Configure "Random password" to "Disabled" (use permanent password)
5. Remote Control Tab:
   • Disable "Confirm all" if needed for automation
6. Note the TeamViewer ID - you'll need this to connect

---

STEP 3: Verify Network Access to PLC

On Remote Gateway PC:

Windows:

# Test ping to PLC
ping 192.168.10.100

# Check network configuration
ipconfig /all

# Test connection to PLC port (usually 102 for S7 comm)
# Install telnet first if not available
telnet 192.168.10.100 102

Linux:

# Test ping to PLC
ping -c 4 192.168.10.100

# Check network configuration
ip addr show
ip route show

# Test connection to PLC port
nc -zv 192.168.10.100 102
# or
telnet 192.168.10.100 102

✅ Checkpoint: Gateway PC must be able to ping and reach PLC before continuing

---

STEP 4: Enable IP Forwarding (Linux Gateway Only)

Skip this step if using Windows as gateway

For Linux Gateway:

# Check current setting
cat /proc/sys/net/ipv4/ip_forward

# Enable IP forwarding
sudo sysctl -w net.ipv4.ip_forward=1

# Make permanent
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf

# Apply changes
sudo sysctl -p

---

STEP 5: Configure Firewall (Linux Gateway Only)

For Linux Gateway with iptables:

# Allow forwarding from TeamViewer VPN to local network
# Get TeamViewer VPN interface name first
ip addr show | grep -A 2 "^[0-9].*teamviewer"

# Usually it's something like: teamviewer0 or tap0
# Replace <TV_INTERFACE> with actual interface name
# Replace <LOCAL_INTERFACE> with interface connected to PLC network (e.g., eth0)

# Allow forwarding
sudo iptables -A FORWARD -i <TV_INTERFACE> -o <LOCAL_INTERFACE> -j ACCEPT
sudo iptables -A FORWARD -i <LOCAL_INTERFACE> -o <TV_INTERFACE> -m state --state RELATED,ESTABLISHED -j ACCEPT

# Example:
sudo iptables -A FORWARD -i teamviewer0 -o eth0 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o teamviewer0 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Save rules
sudo iptables-save | sudo tee /etc/iptables/rules.v4

For Linux Gateway with firewalld:

# Add TeamViewer interface to trusted zone
sudo firewall-cmd --zone=trusted --add-interface=teamviewer0 --permanent

# Allow forwarding
sudo firewall-cmd --permanent --add-masquerade
sudo firewall-cmd --reload

---

Part 2: Your Computer (Client) Setup

STEP 6: Install TeamViewer on Your Computer

1. Download and install TeamViewer from https://www.teamviewer.com
2. Log in with your TeamViewer account (required for VPN)
3. Ensure you have VPN feature enabled (check your license)

---

STEP 7: Establish TeamViewer VPN Connection

1. Open TeamViewer
2. Enter the Remote Gateway PC's TeamViewer ID
3. Instead of clicking "Remote Control", click the dropdown arrow next to it
4. Select "VPN" from the dropdown menu
5. Enter the unattended access password
6. Wait for VPN connection to establish

What happens:

• TeamViewer creates a virtual network adapter on both computers
• Both computers get IPs in the 7.x.x.x range (e.g., 7.x.x.1 and 7.x.x.2)
• A point-to-point VPN tunnel is created

---

STEP 8: Identify TeamViewer VPN IP Addresses

On Your Computer:

Windows:

ipconfig /all
# Look for "TeamViewer VPN Adapter"
# Note the IPv4 Address (e.g., 7.254.0.1)

Linux:

ip addr show | grep -A 5 teamviewer
# Note the inet address

Record:

• Your VPN IP: _________________
• Remote PC VPN IP: _________________ (usually your IP ± 1)

✅ Test VPN Connection:

# Ping remote gateway PC via VPN
ping <REMOTE_VPN_IP>

---

STEP 9: Add Static Route to PLC Network

You need to tell your computer that to reach 192.168.10.0/24, it should route through the TeamViewer VPN.

On Your Computer (Windows):

# Add route to PLC network via TeamViewer VPN
# Template:
route ADD <PLC_NETWORK> MASK <SUBNET_MASK> <REMOTE_VPN_IP>

# Example:
route ADD 192.168.10.0 MASK 255.255.255.0 7.254.0.2

# Make permanent (add -p flag):
route ADD 192.168.10.0 MASK 255.255.255.0 7.254.0.2 -p

# Verify route
route PRINT

On Your Computer (Linux):

# Add route to PLC network via TeamViewer VPN
# Template:
sudo ip route add <PLC_NETWORK>/<CIDR> via <REMOTE_VPN_IP>

# Example:
sudo ip route add 192.168.10.0/24 via 7.254.0.2

# Verify route
ip route show | grep 192.168.10

---

STEP 10: Configure Static Route on Remote Gateway PC (Windows Only)

If Remote Gateway is Windows:

The remote PC needs to know that traffic destined for your VPN IP should go through the TeamViewer VPN interface.

# Usually not needed if TeamViewer handles routing automatically
# But if you have issues, add this route:

# Get your VPN IP (e.g., 7.254.0.1)
# Add route on remote PC:
route ADD 7.254.0.0 MASK 255.255.0.0 <TEAMVIEWER_GATEWAY> IF <INTERFACE_INDEX>

# Check with:
route PRINT

Most times this is automatic, so skip if you can ping the PLC from your computer.

---

STEP 11: Test Connectivity to PLC

From Your Computer:

Test 1: Ping the PLC

ping 192.168.10.100

Test 2: Check route

# Windows
tracert 192.168.10.100

# Linux
traceroute 192.168.10.100

Expected path:

1. Your computer (local)
2. Remote VPN IP (e.g., 7.254.0.2)
3. PLC (192.168.10.100)

Test 3: Test S7 Communication Port

# Windows (if telnet enabled)
telnet 192.168.10.100 102

# Linux
nc -zv 192.168.10.100 102

✅ Checkpoint: Should be able to ping and reach port 102 on PLC

---

Part 3: TIA Portal / STEP 7 Configuration

STEP 12: Configure TIA Portal for Remote PLC Access

1. Open TIA Portal

2. Open your project or create new one

3. Add new device or go to existing PLC configuration

4. Configure PLC Connection:

   • Go to Online & Diagnostics or Online Access
   • Click "Accessible Devices" → "Update accessible devices"
   • Set PG/PC Interface: Choose the network adapter
   • Important: Select your main network adapter (not TeamViewer VPN adapter)

5. Add PLC Manually if not auto-detected:

   • Right-click on network → Add new subnet
   • Set subnet: PN/IE_1 (or similar)
   • Add PLC with IP: 192.168.10.100
   • Set interface: PN/IE with IP 192.168.10.100

6. Go Online with PLC:

   • Select your PLC in project tree
   • Click "Go Online" button
   • If connection dialog appears, verify IP 192.168.10.100
   • Click Connect

Alternative: Use NetPro (STEP 7 Classic)

1. Open NetPro
2. Configure PG/PC Interface
3. Set route to PLC: 192.168.10.100
4. Test connection

---

Part 4: Automation & Scripts

For easier setup, use the provided configuration scripts.

Windows Automation Script

See: teamviewer-vpn-setup-windows.bat

Linux Automation Script

See: teamviewer-vpn-setup-linux.sh

---

Troubleshooting Guide

Issue 1: Cannot Connect TeamViewer VPN

Symptoms:

• VPN option grayed out
• "VPN not available" error

Solutions:

1. Verify TeamViewer license includes VPN feature
2. Log in to TeamViewer account on both computers
3. Update TeamViewer to latest version
4. Check firewall isn't blocking TeamViewer (port 5938)
5. Try restarting TeamViewer service:

   # Windows
   net stop TeamViewer
   net start TeamViewer
   

---

Issue 2: VPN Connects but Cannot Ping Remote PC

Symptoms:

• VPN status shows "Connected"
• Cannot ping remote VPN IP (e.g., 7.254.0.2)

Solutions:

1. Check VPN adapter status:

   # Windows
   ipconfig /all
   # Look for TeamViewer VPN adapter - should show IP 7.x.x.x
   

2. Check Windows Firewall on remote PC:

   # Temporarily disable to test
   netsh advfirewall set allprofiles state off
   
   # If this fixes it, create rules:
   netsh advfirewall firewall add rule name="TeamViewer VPN" dir=in action=allow protocol=any remoteip=7.0.0.0/8
   
   # Re-enable firewall
   netsh advfirewall set allprofiles state on
   

3. Restart network adapter:

   • Network Connections → Disable/Enable TeamViewer VPN adapter

---

Issue 3: Can Ping Remote PC but Cannot Reach PLC

Symptoms:

• Can ping remote VPN IP (7.254.0.2)
• Cannot ping PLC (192.168.10.100)

Solutions:

1. Verify route is configured:

   # Windows
   route PRINT | findstr 192.168.10
   
   # Linux
   ip route show | grep 192.168.10
   

2. Test from remote gateway PC:

   • Connect via TeamViewer Remote Control to gateway PC
   • Try pinging PLC from there: ping 192.168.10.100
   • If this fails, problem is in local network, not VPN

3. Check IP forwarding on Linux gateway:

   cat /proc/sys/net/ipv4/ip_forward
   # Should return 1
   

4. Check firewall on gateway PC (see Step 5)

5. Verify PLC is actually at that IP:

   • Use PLC web server (if enabled): http://192.168.10.100
   • Check PLC front panel/display for IP address
   • Use TIA Portal hardware detection

---

Issue 4: TIA Portal Cannot Find PLC

Symptoms:

• Can ping PLC (192.168.10.100)
• TIA Portal shows "No accessible devices found"
• Communication test fails

Solutions:

1. Check TIA Portal Network Settings:

   • File → Settings → PG/PC Interface
   • Make sure correct adapter is selected
   • Try selecting "PN/IE" interface

2. Use correct subnet mask in TIA Portal:

   • PLC properties → PROFINET Interface
   • Ensure subnet matches: 192.168.10.0/24

3. Disable Windows Firewall temporarily:

   netsh advfirewall set allprofiles state off
   

   If this works, add specific rules for TIA Portal

4. Check PLC CPU is in RUN or STOP mode:

   • Some operations require STOP mode
   • Check LED indicators on PLC

5. Verify PLC protection level:

   • Protection level 3 blocks write access
   • Password may be required

6. Try Online → Accessible Devices → Update

   • Click "Update Accessible Devices"
   • Wait 30-60 seconds for scan

7. Add PLC manually in TIA Portal:

   • Don't rely on auto-detection
   • Manually specify IP: 192.168.10.100

---

Issue 5: Connection Drops Frequently

Symptoms:

• VPN disconnects randomly
• Connection unstable

Solutions:

1. Check internet stability on both ends:

   • Run speed test
   • Check for packet loss: ping -t 8.8.8.8

2. Adjust TeamViewer settings:

   • Extras → Options → Advanced
   • Disable "Optimize quality"
   • Set connection quality to "Low quality"

3. Use TeamViewer Wake-on-LAN:

   • Set up WoL for remote PC
   • Configure in TeamViewer options

4. Keep remote PC from sleeping:

   # Windows - Disable sleep
   powercfg -change -standby-timeout-ac 0
   powercfg -change -hibernate-timeout-ac 0
   

---

Issue 6: Slow PLC Communication

Symptoms:

• Connection works but very slow
• Uploads/downloads take forever
• TIA Portal timeouts

Solutions:

1. Reduce communication load:

   • Close unnecessary programs on both PCs
   • Disable cloud sync, updates during work

2. Increase TIA Portal timeout:

   • Options → Settings → Communication
   • Increase timeout values

3. Check TeamViewer quality settings:

   • Reduce quality when VPN is active
   • Close remote control sessions when using VPN

4. Use wired connection on both ends:

   • WiFi can cause latency issues

---

Issue 7: Linux-Specific Issues

TeamViewer doesn't start:

# Check service status
sudo systemctl status teamviewerd

# Restart service
sudo systemctl restart teamviewerd

# Check logs
journalctl -u teamviewerd -n 50

VPN adapter not created:

# Check loaded kernel modules
lsmod | grep tun

# Load tun module if missing
sudo modprobe tun

# Make permanent
echo "tun" | sudo tee -a /etc/modules

---

Quick Reference Commands

Windows Commands

REM View all network routes
route PRINT

REM Add route to PLC network
route ADD 192.168.10.0 MASK 255.255.255.0 7.254.0.2 -p

REM Remove route
route DELETE 192.168.10.0

REM View network adapters
ipconfig /all

REM Test PLC connectivity
ping 192.168.10.100
telnet 192.168.10.100 102

REM Restart TeamViewer service
net stop TeamViewer
net start TeamViewer

Linux Commands

# View all network routes
ip route show

# Add route to PLC network
sudo ip route add 192.168.10.0/24 via 7.254.0.2

# Remove route
sudo ip route del 192.168.10.0/24

# View network adapters
ip addr show

# Test PLC connectivity
ping 192.168.10.100
nc -zv 192.168.10.100 102

# Restart TeamViewer service
sudo systemctl restart teamviewerd

---

Security Considerations

Best Practices

1. Use Strong Passwords:

   • Set complex TeamViewer password (15+ characters)
   • Enable two-factor authentication on TeamViewer account

2. Limit Access:

   • Only allow VPN connections from known TeamViewer IDs
   • Use TeamViewer Management Console for access control

3. PLC Security:

   • Set PLC protection level appropriately
   • Use password protection on PLC
   • Enable access control lists if PLC supports it

4. Network Segmentation:

   • Keep PLC network separate from office network
   • Use VLAN if possible
   • Gateway PC should only have access to PLC network

5. Logging:

   • Enable TeamViewer connection logging
   • Monitor who connects and when
   • Keep audit trail of PLC changes

6. Regular Updates:

   • Keep TeamViewer updated
   • Update PLC firmware when security patches available
   • Keep Windows/Linux updated on gateway PC

7. Backup:

   • Regular PLC program backups
   • Version control for PLC code
   • Document all changes

---

Advanced Configuration

Multiple PLCs on Same Network

If you have multiple PLCs on 192.168.10.0/24:

PLC1: 192.168.10.100
PLC2: 192.168.10.101
PLC3: 192.168.10.102

No additional routing needed - the single route covers entire subnet:

route ADD 192.168.10.0 MASK 255.255.255.0 7.254.0.2 -p

Multiple Remote Sites

For accessing PLCs at different sites:

Site A: 192.168.10.0/24 (Gateway TeamViewer ID: 123456789) Site B: 192.168.20.0/24 (Gateway TeamViewer ID: 987654321)

Solution:

1. Connect VPN to Site A → Add route for 192.168.10.0/24
2. Disconnect VPN
3. Connect VPN to Site B → Add route for 192.168.20.0/24
4. Use script to automate route changes (see provided scripts)

Permanent vs. Temporary Routes

Temporary Route (lost on reboot):

route ADD 192.168.10.0 MASK 255.255.255.0 7.254.0.2

Permanent Route (Windows):

route ADD 192.168.10.0 MASK 255.255.255.0 7.254.0.2 -p

Permanent Route (Linux): Add to /etc/network/interfaces or create systemd service

---

Performance Optimization

Recommended Settings

TeamViewer Settings:

• Quality: Medium (for VPN mode)
• Display: 16-bit colors
• Disable wallpaper/animations
• Close remote control when using VPN only

TIA Portal Settings:

• Communication timeout: 10000ms (10 seconds)
• Disable automatic compile
• Work offline, upload/download when ready

Network Recommendations:

• Minimum 5 Mbps upload/download on both ends
• Latency < 100ms preferred
• Wired connection recommended
• Close bandwidth-heavy applications

---

Alternatives to TeamViewer VPN

If TeamViewer VPN doesn't meet your needs:

1. ZeroTier (covered in separate guide)

   • More flexible routing
   • Free tier available
   • Mesh network topology

2. OpenVPN

   • Full VPN solution
   • Requires server setup
   • More complex configuration

3. WireGuard

   • Modern, fast VPN
   • Simple configuration
   • Requires server

4. Tailscale

   • Built on WireGuard
   • Easy mesh network
   • Free tier available

5. Direct PLC Remote Access (Siemens specific)

   • TeleService
   • Siemens Cloud Connect
   • Industrial VPN routers (e.g., mGuard)

---

Appendix A: Port Reference

Device/Service	Port	Protocol	Purpose
TeamViewer	5938	TCP	Primary connection
S7-1200 PLC	102	TCP	ISO-on-TCP (S7 Communication)
S7-1200 PLC	80	TCP	HTTP (Web Server)
S7-1200 PLC	443	TCP	HTTPS (Secure Web Server)
PROFINET	34962-34964	UDP	Real-time communication
TIA Portal	Various	TCP/UDP	Project transfer

---

Appendix B: Common S7-1200 IP Configurations

Parameter	Typical Value	Notes
IP Address	192.168.0.1 - 192.168.0.254	Factory default varies by CPU
Subnet Mask	255.255.255.0	/24 network
Gateway	192.168.0.1	Usually router IP
DHCP	Disabled	Static IP recommended

To find PLC IP:

1. Check PLC display (if HMI attached)
2. Use TIA Portal "Accessible Devices" scan
3. Check DHCP server lease table
4. Connect via USB and read configuration

---

Appendix C: TIA Portal Version Compatibility

TIA Portal Version	S7-1200 CPU Support	Notes
V11	V1.x, V2.x	Older
V12	V1.x, V2.x, V3.x
V13 SP1+	V1.x - V4.x
V14	V1.x - V4.x
V15	V1.x - V4.x
V16	V1.x - V4.x	Recommended
V17	V1.x - V4.5	Latest features
V18	V1.x - V4.6	Current

---

Post-Configuration Checklist

• TeamViewer installed on both computers
• TeamViewer license verified (VPN feature enabled)
• Unattended access configured on remote gateway PC
• VPN connection established successfully
• VPN IP addresses identified
• Static route added to PLC network
• Can ping remote VPN IP from your computer
• Can ping PLC IP from your computer
• IP forwarding enabled (Linux gateway)
• Firewall rules configured (Linux gateway)
• TIA Portal can detect/connect to PLC
• Successfully uploaded/downloaded PLC program
• Routes made persistent (optional but recommended)
• Connection documented for future use
• Backup of PLC program created

---

Support Resources

TeamViewer:

• Official Documentation: https://www.teamviewer.com/en/documents/
• VPN Guide: https://community.teamviewer.com/

Siemens:

• TIA Portal Documentation: https://support.industry.siemens.com/
• S7-1200 Manual: Search for "S7-1200 System Manual"
• Siemens Forum: https://support.industry.siemens.com/tf/ww/en/

Community:

• PLCTalk Forum: https://www.plctalk.net/
• Reddit r/PLC: https://www.reddit.com/r/PLC/

---

Document Version: 1.0
Last Updated: February 16, 2026
Tested With: TeamViewer 15, TIA Portal V17, S7-1214C DC/DC/DC