OPC UA Client

Download Free Demo


Kepware 的 OPC 隧道通讯方案包含 KEPServerEX 连接平台和 OPC UA Client 驱动。OPC UA 统一架构开放标准用于为 KEPServerEX 两个实例之间的设备通信提供理想隧道:一个实例用作隧道客户端,另一实例用作隧道服务器。OPC UA Client 驱动与 KEPServerEX 实施的 UA 服务器接口配对以安全可靠地传输数据。

OPC 隧道通讯

此隧道通讯方案使用客户端/服务器架构,可穿过防火墙,安全而又可靠地实现跨 Internet、WAN 或 LAN的 实时数据通讯。它不依赖于 Microsoft COM 和 DCOM 技术,因此可在设备、数据源和应用程序之间轻松进行远程通信。



  • 支持 OPC DA 1.0 和 2.05a 的 OPC 隧道通讯
  • 经由 VPN 通过防火墙在 Internet、WAN 或 LAN 在企业网络中工作
  • 为 OPC、原生接口和 DDE 提供远程访问
  • 支持介质级别冗余,包括能够配置次要隧道和触发条件
  • 可通过 RSA 标准进行数据加密
  • 可通过 x509 证书进行端点身份验证
  • 自动查找 OPC UA 服务器
  • 支持结构化数据以实现通信和存储优化
  • 支持 Nano 配置文件以允许通过 OPC UA 访问嵌入式设备生成的数据
  • 具有自动生成标签数据库的功能
  • 能够设置 OPC UA 服务器优先级
  • 支持轮询或例外报告(数据更改时)
  • 对每个连接提供端点管理
  • 能够将第三方服务器数据与所有 KEPServerEX 驱动集成
  • 提供“保持活动”和“监视器”功能以确保可靠连接


  • OPC Unified Architecture (UA)


  • Simplified Chinese
  • 德语
  • 日语
  • 英语


  • DDE Format CF_Text and AdvancedDDE
  • NIO Interface for iFIX
  • OPC Alarms and Events (OPC AE) Version 1.10
  • OPC Data Access (OPC DA) Versions 1.0a, 2.0, 2.05a, and 3.0
  • OPC Unified Architecture (OPC UA) Clients
  • SuiteLink and FastDDE for Wonderware




  • Fixed a memory leak that could occur when a subscription request to monitor an item was rejected by the OPC UA Server. This issue was most apparent with a frequent high volume of "Attempt to add item failed” messages posted in the Event Log. 
  • Added new OPC UA Security Policy (Basic256Sha256) for client configuration. 
  • Updated the default Security Policy to use most secure (Basic256Sha256) and to use the message mode “Sign and Encrypt”. 
  • Updated icons in server browse property to display secure Policies (Green lock icon), deprecated Policies (Yellow lock icon), and insecure Policies (red open-lock icon). 



  • 改进了使用“浏览导入项”对话框折叠/展开/导入项目时的性能。
  • 受支持的密码长度增加到最多 512 个字符。


  • 解决了以下问题:在 OPC 客户端驱动程序中连续写入相同值可能导致标签质量差。
  • 修复了以下问题:使用 NULL PolicyId 设置 AnonymousIdentityToken 的客户端被拒绝,其状态为 Status_BadIdentityTokenInvalid。
  • 通道数上限从 128 增加到了 256。



  • 通道数上限从 128 增加到了 256。



  • 增加了中文支持。



  • 根据德国和日本文化本地化了自定义对话框。



  • 修复了德语/日语本地化缺陷。



  • 增强了 UA Client 标签浏览器,以导入复杂变量的组成部分。导入期间,如果复杂变量组成部分的数据类型衍生自支持的内置类型或枚举,驱动程序会自动将其导入。
  • 增强了浏览功能,允许将所有项导入为默认数据类型。
  • OPC UA URL 中的转义空格导致某些服务器在进行安全连接时出现问题。从 KEPServerEX V6.0 升级到 V6.1 需要重新发放证书才能解决。从 V5.X 升级到 V6.1 会自动重新发放证书。
  • 解决了以下问题:驱动程序无法重新订阅已超时的订阅项。
  • 解决了以下问题:服务器可能崩溃,导致“用户信息无效或缺失”(Invalid or missing user information) 出错消息,直至重新安装或修复服务器。如果多个 OPC UA 客户端驱动程序通道尝试同时连接,可能出现此问题。
  • 通过会话监视器检测传输层断连,现在可配置监视器的超时。增强了重新连接逻辑,以尝试在传输层断连后重复使用会话、订阅并重新发布缺失的任何数据。
  • 增加了对 UA Nano、Micro 和 Micro Embedded UA Server 配置文件的支持,不再需要为“已轮询”(Polled) 模式下的设备创建监控项目。现在可将“已轮询”(Polled) 模式下的设备配置为使用寄存读取或无寄存读取。



  • 修复了在轮询模式下写入后读取行为的问题,以正确地验证接收到新值的目标地址。



  • 增加了对最高 2048 位非对称密钥大小的支持。
  • 解决了使用端口转发连接路由器时出现的问题。
  • 解决了连接到不支持证书或密码安全性的服务器时出现的故障。
  • 解决了以下问题:尝试连接到不受信任的服务器时,不提示用户从 UA 服务器的通道属性中信任一个证书。
  • 添加了写入失败时对连接的 OPC DA 客户端的通知。
  • 解决了以下问题:MLR 故障切换没有正确切回到主 OPC 服务器。
  • 添加了一个属性以控制写入后是否发生显式读取。
  • 增加了德语支持。
  • 增加了日语支持。


  • 添加了一个用于控制写入后是否进行显式读取的复选框。
  • 解析了来自 UA 标记地址的 _InternalTags 组名称,以使其可读写。
  • 修复了在轮询模式下写入后读取行为的问题,以正确地验证接收到新值的目标地址。


  • 解决了以下问题:连续写入相同值可能导致标签低质。
  • 添加了一个属性以控制写入后是否发生显式读取。
  • 解决了以下问题:UA Client 驱动程序无法正确解析类似 _System 标签的内部标签。
  • 解决了以下问题:服务器可能崩溃,导致“用户信息无效或缺失”(Invalid or missing user information) 出错消息,直至重新安装或修复服务器。如果多个 OPC UA 客户端驱动程序通道尝试同时连接,可能出现此问题。


  • Fixed a buffer overflow that could result in a crash.
  • Fixed an issue where the driver could delete monitored items immediately after creating them.
  • Fixed an issue in Polled Mode where all items were set to “Bad” quality if a keep-alive or data change was not received within the watchdog timeout. These only apply to Exception Mode and are not required for Polled Mode.



  • Added support for 64-bit data types (LLong, QWord).
  • Fixed a race condition that could result in a runtime crash in limited scenarios.
  • Improved driver to prompt the user to trust a connection to the UA server when creating an initial connection using security if the certificate is not yet trusted.



  • Enhanced Automatic Tag Generation for a device object while one or more clients are actively connected.
  • Resolved an issue that could cause the client to receive a newly written value, then a stale cached value, before receiving the new value again.
  • Resolved an issue where the posted error message was not representative of the actual cause of the error.
  • Resolved an issue that caused tag import to hang while loading large branches of tags.



  • Upgraded OpenSSL (open source library) to version 1.0.2d to address security vulnerabilities pertaining to certificate validation.



  • The driver no longer creates subscriptions and monitored items for inactive tags. This allows the driver to act in a cold redundancy mode when used with the Media Level Redundancy plug-in.
  • Increased time for UA clients to disconnect when shutting down to allow for proper shutdowns.
  • Changed the driver to request both the server and source timestamps from the UA server. The driver uses the source timestamp supplied by the UA server if it is available. If it is not available, the driver uses the UA server timestamp. If that is not available, the driver sets the timestamp to the current system time.
  • Fixed an issue to allow importing a tag branch containing a tag with an unsupported data type.



  • Enhanced the driver to reconnect the UA session after encountering an invalid Session ID error.
  • The Device _Error flag is now set if the driver is unable to connect on the initial connection.



  • Changed the driver to pass through source timestamp to tags instead of server timestamp. The timestamp will not be updated if the source timestamp is not provided.



  • The driver now passes the source timestamp instead of the server timestamp to tags.



  • Enhanced the driver to support Media Level Redundancy.
  • Modified the self-signed certificate to make the AppURI and SubjectAltName fields equal for OPC UA Compliance.



  • Fixed a memory leak caused by unremoved items in a subscription. The leak occurred for Subscriptions using the "Poll" Update Mode.


  • Resolved an issue where the driver failed to import tags if the data type returned by the target server was VT_EMPTY.



  • Fixed an issue where the Default data type on a Static Tag using a dynamic address had Bad Quality.
  • Fixed an exception that would occur when invalidating tags while unloading the driver.



  • Fixed an issue where tags containing the "GUID" Node ID type were not being validated correctly.
  • Fixed an issue in the Tag Import Browser where parent node tags would be imported even when only a child node was selected.


  • Fixed the failure to decrypt persisted password information stored in projects that were created before 5.6.


  • Added support for two-dimensional arrays.
  • Added support for Certificate Validation when importing or trusting certificates.


  • Fixed an issue wherein the initial update was not passed on to client applications.
  • Improved the browse code to report a single failure instead of multiple failures per browse request.
  • Added support for the browseNext method, allowing clients to browse and import nodes from a server that limits the max returned nodes.
  • Fixed a deadband issue wherein we were not correctly passing in the client item handle for the item to which deadband was applied.
  • Removed the driver tag address limit of 1024.
  • Fixed duplicate browse entries when performing a full refresh through the context menu in the server browser.


  • The driver now reports a value, quality, and timestamp for invalid tags (tags that can't be added to the remote server). Previously we would keep attempting to read the tags, expecting an initial update. In the case that the tag is invalid we won't receive an update, and should report the tag is BAD.
  • Fixed issue where the requested data type was not being honored when providing tag updates on monitored items.
  • Fixed a bug where the password was not cleared in the decryption logic if the password was empty. This caused the runtime and the configuration to get out of sync with channel passwords.
  • The performance of Auto Tag Generation has been enhanced.
  • Fixed an issue where we fail to connect to our own UA server if we are using a username/password and no security.
  • The client driver now places the server certificate in the rejected store if it fails to connect with security. In the configuration we also display a message box that allows the user to trust an untrusted endpoint.
  • Added synchronization and error checking for session read and write callbacks. It was possible to get an invalid subscription handle in the callback.
  • The driver now removes all items from the underlying server when the UA Client's device is configured as disabled.
  • Fixed an issue where the UA Client Driver returned an invalid read value when an item did not receive an update from the UA Server. We now continue to process the read request until we have a valid return value.


  • New Driver


  • 相比 DCOM,配置更为简单
  • 对防火墙友好
  • 强大的客户端接口与设备组合
  • 使用 256 位 AES 消息签名和加密提供安全可靠的数据传输
  • 多线程体系结构和非阻塞的异步消息传递提供出色性能、可扩展性和可靠性
  • 通过诊断工具轻松进行故障排除


KEPServerEX 不仅是 OPC 服务器,它还是一种用于工业自动化和 IoT 的连接平台。只需下载 KEPServerEX,然后从包含 150 多种设备驱动、客户端驱动和高级插件的 Kepware 库中选择,就能满足您的工业控制系统的独特通信要求。

驱动是一种软件组件,能够使 KEPServerEX 满足某个特定设备、系统或其他数据源的连接要求。驱动可处理 KEPServerEX 与数据源进行的所有专属通信;客户端接口处理通向监控或控制设备的应用程序的所有连接,包括支持的 OPC 连接、专属连接和开放式标准连接。



OPC UA Client

KEPServerEX 的安全数据隧道通讯

获取步骤说明,了解如何在两个 KEPServerEX 实例之间配置安全、加密的数据隧道。