Not a VPN. A Secure Tunnel:
How Simplinx P2P Works
Why peer-to-peer tunneling is fundamentally different from VPN, how it behaves like a direct network cable to the machine, and what that means for performance, data limits, and security.
The first question we get from IT departments is usually "is this a VPN?" It's a reasonable question — remote access to industrial equipment sounds like a VPN use case. But the answer is no, and the difference matters more than most people expect.
We Are Not a VPN
A traditional VPN works by routing your traffic through a central server. Your data leaves your machine, travels to a VPN server somewhere on the internet, gets forwarded to the destination, and the response takes the same path back. Every byte of your session passes through infrastructure you don't own or control.
VPNs also typically require inbound ports or firewall rules at the remote site. That means negotiating with the factory IT team, waiting for a change request, and hoping the configuration survives the next network audit. In practice, this is the step that kills most industrial remote access projects.
Simplinx is a peer-to-peer encrypted tunnel. There is no central server routing your traffic. There are no inbound ports. The machine reaches out — you reach out — and a direct encrypted channel opens between the two of you.
It Behaves Like a Network Cable to the Machine
Once the tunnel is established, your engineering tools see the remote PLC or HMI exactly as they would if you were physically connected to the same switch. You open Siemens TIA Portal, enter the PLC's IP address, and it connects. You open a browser and navigate to the HMI's web interface. You ping the device. Everything works the same way — because from your network stack's perspective, it is the same way.
This is why tools like Observ — and similar OT monitoring and visibility platforms — work seamlessly over a Simplinx connection. They don't need special adapters, proxy configurations, or API integrations. They talk to the network, the tunnel carries the packets, and they see what they'd see on-site.
Any tool that works over a local network works over a Simplinx tunnel. That's a deliberate design goal, not a coincidence.
No Data Limits — Now or Ever
Many cloud-based remote access platforms meter data. You get a certain number of gigabytes per month per device, and when you hit the cap, sessions slow down or stop. For occasional support calls, this is manageable. For continuous data collection or long diagnostic sessions on a complex machine, it becomes a real operational constraint.
Because Simplinx traffic is peer-to-peer — direct between engineer and device — we never see it and we never meter it. There are no data caps, no throttling tiers, and no plans to introduce them. Your session bandwidth is limited only by the network connections on each end.
Why P2P Is Faster
In a relay-based architecture, every packet makes at least two extra hops: to the relay server and back. If the relay server is in a different continent than either endpoint, latency compounds quickly. A 50ms round-trip between engineer and machine becomes 150ms or worse when both legs of the relay are included.
In a P2P connection, packets travel the shortest path the internet allows — directly between the two endpoints. For most sessions, this means latency that's indistinguishable from being on-site. Screen sharing is smooth. File transfers to the PLC are fast. Long upload/download operations during a firmware update don't stall.
Relay Servers for When P2P Isn't Possible
P2P connections require that both endpoints can reach each other — which isn't always the case. Strict NAT configurations, certain mobile carrier networks, and some satellite or LTE-M connections block the direct path. In these situations, falling back to a relay is the only option.
Simplinx maintains relay infrastructure in three regions: Turkey, Europe, and the United States. When a direct P2P path can't be established, the session automatically falls back to the nearest relay. The connection still works. The session is still encrypted end-to-end. The engineer doesn't notice anything different.
Mobile networks — particularly 4G and 5G connections with unstable signal — are the most common scenario where relay becomes necessary. Machines in remote locations, vehicles, and temporary installations on construction sites often rely on cellular connectivity. The relay infrastructure ensures these sites are just as reachable as a factory with a stable fiber connection.
P2P and Security: No Server, No Attack Surface
The security argument for P2P is simple: a server that never sees your traffic can never leak it.
In a relay-based architecture, the relay server is a single point of failure for security. If it's misconfigured, compromised, or subject to a legal request, the data flowing through it is at risk. Operators are trusting the vendor to operate that infrastructure securely — indefinitely.
With P2P, the Simplinx signal server handles only the connection handshake — coordinating the initial contact between engineer and device. Once the tunnel is established, the signal server is out of the picture. It sees that a connection was made, not what was transferred. Industrial process data, PLC programs, HMI configurations — none of it ever touches Simplinx infrastructure.
For OT environments where data sovereignty and network security are primary concerns, this architecture isn't just a nice-to-have — it's a requirement that traditional VPN and relay-based platforms simply can't meet.
Why P2P Matters — at a Glance
Want to Know More About How Simplinx Works?
Talk to our engineering team — we're happy to go deeper on any aspect of the platform.