Difference between revisions of "Open5gs: Konfigurasi Awal"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 169: | Line 169: | ||
| + | |||
| + | |||
| + | ==Tambahkan Router Untuk UE ke WAN / Internet== | ||
| + | |||
| + | Agar ada bridge antara PGWU/UPF dan WAN (Internet), kita perlu meng-enable IP forwarding dan NAT rule di IP Tables. | ||
| + | |||
| + | Untuk mengaktifkan forwarding dan NAT rule, ketik, | ||
| + | |||
| + | ### Enable IPv4/IPv6 Forwarding | ||
| + | sudo sysctl -w net.ipv4.ip_forward=1 | ||
| + | sudo sysctl -w net.ipv6.conf.all.forwarding=1 | ||
| + | |||
| + | ### Add NAT Rule | ||
| + | sudo iptables -t nat -A POSTROUTING -s 10.45.0.0/16 ! -o ogstun -j MASQUERADE | ||
| + | sudo ip6tables -t nat -A POSTROUTING -s 2001:db8:cafe::/48 ! -o ogstun -j MASQUERADE | ||
| + | |||
| + | |||
| + | Konfigurasi firewall dengan benar. | ||
| + | |||
| + | Configure the firewall correctly. Some operating systems (Ubuntu) by default enable firewall rules to block traffic. | ||
| + | |||
| + | $ sudo ufw status | ||
| + | Status: active | ||
| + | $ sudo ufw disable | ||
| + | Firewall stopped and disabled on system startup | ||
| + | $ sudo ufw status | ||
| + | Status: inactive | ||
| + | Optionally, you may consider the settings below for security purposes. | ||
| + | |||
| + | ### Ensure that the packets in the `INPUT` chain to the `ogstun` interface are accepted | ||
| + | $ sudo iptables -I INPUT -i ogstun -j ACCEPT | ||
| + | |||
| + | ### Prevent UE's from connecting to the host on which UPF is running | ||
| + | $ sudo iptables -I INPUT -s 10.45.0.0/16 -j DROP | ||
| + | $ sudo ip6tables -I INPUT -s 2001:db8:cafe::/48 -j DROP | ||
| + | |||
| + | ### If your core network runs over multiple hosts, you probably want to block | ||
| + | ### UE originating traffic from accessing other network functions. | ||
| + | ### Replace x.x.x.x/y with the VNFs IP/subnet | ||
| + | $ sudo iptables -I FORWARD -s 10.45.0.0/16 -d x.x.x.x/y -j DROP | ||
Revision as of 09:42, 23 July 2023
Sumber: https://open5gs.org/open5gs/docs/guide/02-building-open5gs-from-sources/
Catatan PLMN
- Internasional Test Network PLMN 001/01
- Internasional Private Network PLMN 999/99
5G Core
Modifikasi /etc/open5gs/amf.yaml untuk set NGAP IP address, PLMN ID, TAC dan NSSAI.
cd /usr/local/src/open5gs/install/etc/open5gs
kalau install dari binary cd ke folder
cd /etc/open5gs cp amf.yaml amf.yaml.old vi amf.yaml
Pastikan
amf:
sbi:
- addr: 127.0.0.5
port: 7777
ngap:
# - addr: 127.0.0.5
- addr: 10.10.0.5
metrics:
- addr: 127.0.0.5
port: 9090
guami:
- plmn_id:
# mcc: 999
# mnc: 70
mcc: 001
mnc: 01
amf_id:
region: 2
set: 1
tai:
- plmn_id:
# mcc: 999
# mnc: 70
mcc: 001
mnc: 01
tac: 1
plmn_support:
- plmn_id:
# mcc: 999
# mnc: 70
mcc: 001
mnc: 01
s_nssai:
- sst: 1
security:
integrity_order : [ NIA2, NIA1, NIA0 ]
ciphering_order : [ NEA0, NEA1, NEA2 ]
network_name:
full: Open5GS
amf_name: open5gs-amf0
Modify install/etc/open5gs/upf.yaml untuk set GTP-U dan PFCP IP address.
cd /usr/local/src/open5gs/install/etc/open5gs
kalau install dari binary cd ke folder
cd /etc/open5gs cp upf.yaml upf.yaml.old vi upf.yaml
Pastikan
upf:
pfcp:
- addr: 127.0.0.7
gtpu:
# - addr: 127.0.0.7
- addr: 10.11.0.7
subnet:
- addr: 10.45.0.1/16
- addr: 2001:db8:cafe::1/48
metrics:
- addr: 127.0.0.7
port: 9090
Restart Open5GS,
sudo systemctl restart open5gs-amfd sudo systemctl restart open5gs-upfd
4G/ 5G NSA Core
Modify install/etc/open5gs/mme.yaml untuk set S1AP IP address, PLMN ID, dan TAC.
cd /usr/local/src/open5gs/install/etc/open5gs
kalau install dari binary cd ke folder
cd /etc/open5gs cp mme.yaml mme.yaml.old vi mme.yaml
Pastikan
mme:
freeDiameter: /etc/freeDiameter/mme.conf
s1ap:
# - addr: 127.0.0.2
- addr: 10.10.0.2
gtpc:
- addr: 127.0.0.2
metrics:
- addr: 127.0.0.2
port: 9090
gummei:
plmn_id:
# mcc: 999
# mnc: 70
mcc: 001
mnc: 01
mme_gid: 2
mme_code: 1
tai:
plmn_id:
# mcc: 999
# mnc: 70
mcc: 001
mnc: 01
tac: 1
security:
integrity_order : [ EIA2, EIA1, EIA0 ]
ciphering_order : [ EEA0, EEA1, EEA2 ]
network_name:
full: Open5GS
Modify install/etc/open5gs/sgwu.yaml untuk set GTP-U IP address.
cd /usr/local/src/open5gs/install/etc/open5gs
kalau install dari binary cd ke folder
cd /etc/open5gs cp sgwu.yaml sgwu.yaml.old vi sgwu.yaml
Pastikan,
sgwu:
pfcp:
- addr: 127.0.0.6
gtpu:
# - addr: 127.0.0.6
- addr: 10.11.0.6
Restart,
sudo systemctl restart open5gs-mmed sudo systemctl restart open5gs-sgwud
Jika kita compile open5gs, kemungkinan script untuk systemctl belum ada. Ini akan menimbulkan ERROR.
Tambahkan Router Untuk UE ke WAN / Internet
Agar ada bridge antara PGWU/UPF dan WAN (Internet), kita perlu meng-enable IP forwarding dan NAT rule di IP Tables.
Untuk mengaktifkan forwarding dan NAT rule, ketik,
### Enable IPv4/IPv6 Forwarding sudo sysctl -w net.ipv4.ip_forward=1 sudo sysctl -w net.ipv6.conf.all.forwarding=1
### Add NAT Rule sudo iptables -t nat -A POSTROUTING -s 10.45.0.0/16 ! -o ogstun -j MASQUERADE sudo ip6tables -t nat -A POSTROUTING -s 2001:db8:cafe::/48 ! -o ogstun -j MASQUERADE
Konfigurasi firewall dengan benar.
Configure the firewall correctly. Some operating systems (Ubuntu) by default enable firewall rules to block traffic.
$ sudo ufw status Status: active $ sudo ufw disable Firewall stopped and disabled on system startup $ sudo ufw status Status: inactive Optionally, you may consider the settings below for security purposes.
- Ensure that the packets in the `INPUT` chain to the `ogstun` interface are accepted
$ sudo iptables -I INPUT -i ogstun -j ACCEPT
- Prevent UE's from connecting to the host on which UPF is running
$ sudo iptables -I INPUT -s 10.45.0.0/16 -j DROP $ sudo ip6tables -I INPUT -s 2001:db8:cafe::/48 -j DROP
- If your core network runs over multiple hosts, you probably want to block
- UE originating traffic from accessing other network functions.
- Replace x.x.x.x/y with the VNFs IP/subnet
$ sudo iptables -I FORWARD -s 10.45.0.0/16 -d x.x.x.x/y -j DROP