Difference between revisions of "Open5gs: Konfigurasi Awal MCC 999 MNC 70 dengan Open5GS dan IMS satu mesin/VM"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 357: | Line 357: | ||
* https://github.com/herlesupreeth/Open5gs_Config/blob/master/nrf.yaml | * https://github.com/herlesupreeth/Open5gs_Config/blob/master/nrf.yaml | ||
| + | cd /etc/open5gs/ | ||
| + | cp /etc/open5gs/nrf.yaml /etc/open5gs/nrf.yaml.old | ||
vi /etc/open5gs/nrf.yaml | vi /etc/open5gs/nrf.yaml | ||
Revision as of 13:39, 9 August 2023
Sumber: https://github.com/herlesupreeth/Open5gs_Config
Asumsi Konfigurasi
- OS Ubuntu 22.04
- Open5GS & IMS satu mesin
- Satu Interface enp0s3
- IP Statik enp0s3 192.168.0.5/24 gateway 192.168.0.222
- IP Statik ogstun 10.45.0.1/16 & 2001:db8:cafe::1/48
- Domain mnc070.mcc999.3gppnetwork.org
- APN internet
- MCC 999 MNC 70
Yang Perlu di Set
- OpenStack VM dengan root user dengan single interface (enp0s3)
- Modifikasi sesuai kebutuhan
- Modifikasi lokasi modul,
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dbg_msg_dumps.fdx .....
- APN name
- UE pool IP address
- P-CSCF address
- Network interface name enp0s3
Setup TUN device (not persistent)
Jika dibutuhkan kita dapat menset interface ogstun, tampaknya ini tidak dibutuhkan jika kita menginstall open5gs dari binary.
Untuk membuat TUN device dengan nama interface ogstun, caranya adalah sebagai berikut,
sudo ip tuntap add name ogstun mode tun sudo ip addr add 10.45.0.1/16 dev ogstun sudo ip addr add 2001:db8:cafe::1/48 dev ogstun sudo ip link set ogstun up
Tip: script ini tersedia di $GIT_REPO/misc/netconf.sh yang akan memudahkan kita dapat mengkonfigurasi TUN device:
sudo ./misc/netconf.sh
Tambahkan Route Untuk UE ke WAN / Internet
Agar ada bridge antara PGWU/UPF dan WAN (Internet), kita perlu meng-enable IP forwarding dan NAT rule di IP Tables.
Untuk mengaktifkan forwarding dan NAT rule, ketik,
### Enable IPv4/IPv6 Forwarding sudo sysctl -w net.ipv4.ip_forward=1 sudo sysctl -w net.ipv6.conf.all.forwarding=1
### Add NAT Rule sudo iptables -t nat -A POSTROUTING -s 10.45.0.0/16 ! -o ogstun -j MASQUERADE sudo ip6tables -t nat -A POSTROUTING -s 2001:db8:cafe::/48 ! -o ogstun -j MASQUERADE
Cek menggunakan perintah,
iptables -L -t nat
Hasilnya harusnya NAT beroperasi seperti dibawah ini,
Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 10.45.0.0/16 anywhere
Konfigurasi firewall dengan benar dan pastikan status ufw inactive.
sudo ufw status
Status: active
Jika dibutuhkan, firewall dapat dimatikan menggunakan perintah berikut, dan disable waktu start up,
sudo ufw disable
Matikan firewall dan disable pada system startup
$ sudo ufw status
Status: inactive
Optional, jika dibutuhkan, kita dapat melakukan konfigurasi berikut,
### Ensure that the packets in the `INPUT` chain to the `ogstun` interface are accepted $ sudo iptables -I INPUT -i ogstun -j ACCEPT
### Prevent UE's from connecting to the host on which UPF is running $ sudo iptables -I INPUT -s 10.45.0.0/16 -j DROP $ sudo ip6tables -I INPUT -s 2001:db8:cafe::/48 -j DROP
### If your core network runs over multiple hosts, you probably want to block ### UE originating traffic from accessing other network functions. ### Replace x.x.x.x/y with the VNFs IP/subnet $ sudo iptables -I FORWARD -s 10.45.0.0/16 -d x.x.x.x/y -j DROP
DEBUGGING: Remove Log
rm /var/log/open5gs/*
amf.yaml
cd /etc/open5gs/ cp /etc/open5gs/amf.yaml /etc/open5gs/amf.yaml.old vi /etc/open5gs/amf.yaml
Isi dengan,
logger:
file: /var/log/open5gs/amf.log
sbi:
server:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/amf.key
cert: /etc/open5gs/tls/amf.crt
client:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/amf.key
cert: /etc/open5gs/tls/amf.crt
parameter:
amf:
sbi:
- addr: 127.0.0.5
port: 7777
ngap:
- addr: 127.0.0.5
guami:
- plmn_id:
mcc: 999
mnc: 70
amf_id:
region: 2
set: 1
tai:
- plmn_id:
mcc: 999
mnc: 70
tac: 1
plmn_support:
- plmn_id:
mcc: 999
mnc: 70
s_nssai:
- sst: 1
security:
integrity_order : [ NIA2, NIA1, NIA0 ]
ciphering_order : [ NEA0, NEA1, NEA2 ]
network_name:
full: Open5GS
amf_name: open5gs-amf0
nrf:
sbi:
- addr:
- 127.0.0.10
- ::1
port: 7777
Test & pastikan tidak ada error,
sudo systemctl stop open5gs-amfd sudo sleep 10 sudo systemctl start open5gs-amfd sudo systemctl status open5gs-amfd
cat /var/log/open5gs/amf.log
ausf.yaml
cd /etc/open5gs/ cp /etc/open5gs/ausf.yaml /etc/open5gs/ausf.yaml.old vi /etc/open5gs/ausf.yaml
Isi dengan,
logger:
file: /var/log/open5gs/ausf.log
sbi:
server:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/ausf.key
cert: /etc/open5gs/tls/ausf.crt
client:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/ausf.key
cert: /etc/open5gs/tls/ausf.crt
parameter:
ausf:
sbi:
- addr: 127.0.0.11
port: 7777
# scp:
# sbi:
# - addr: 127.0.1.10
# port: 7777
nrf:
sbi:
- addr:
- 127.0.0.10
- ::1
port: 7777
Test & pastikan tidak ada error,
sudo systemctl stop open5gs-ausfd sudo sleep 10 sudo systemctl start open5gs-ausfd sudo systemctl status open5gs-ausfd
cat /var/log/open5gs/ausf.log
hss.yaml
cd /etc/open5gs/ cp /etc/open5gs/hss.yaml /etc/open5gs/hss.yaml.old vi /etc/open5gs/hss.yaml
Isi dengan,
db_uri: mongodb://localhost/open5gs
logger:
file: /var/log/open5gs/hss.log
parameter:
hss:
freeDiameter:
identity: hss.epc.mnc070.mcc999.3gppnetwork.org
realm: epc.mnc070.mcc999.3gppnetwork.org
port: 3868
sec_port: 5868
listen_on: 127.0.0.8
load_extension:
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dbg_msg_dumps.fdx
conf: 0x8888
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_rfc5777.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_mip6i.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_nasreq.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_nas_mipv6.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca_3gpp.fdx
connect:
- identity: mme.epc.mnc070.mcc999.3gppnetwork.org
addr: 127.0.0.2
port: 3868
Test & pastikan tidak ada error,
sudo systemctl stop open5gs-hssd sudo sleep 10 sudo systemctl start open5gs-hssd sudo systemctl status open5gs-hssd
cat /var/log/open5gs/hss.log
mme.yaml
cd /etc/open5gs/ cp /etc/open5gs/mme.yaml /etc/open5gs/mme.yaml.old vi /etc/open5gs/mme.yaml
Isi dengan,
logger:
file: /var/log/open5gs/mme.log
parameter:
mme:
freeDiameter:
identity: mme.epc.mnc070.mcc999.3gppnetwork.org
realm: epc.mnc070.mcc999.3gppnetwork.org
port: 3868
sec_port: 5868
listen_on: 127.0.0.2
load_extension:
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dbg_msg_dumps.fdx
conf: 0x8888
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_rfc5777.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_mip6i.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_nasreq.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_nas_mipv6.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca_3gpp.fdx
connect:
- identity: hss.epc.mnc070.mcc999.3gppnetwork.org
addr: 127.0.0.8
port: 3868
s1ap:
dev: enp0s3
gtpc:
dev: enp0s3
gummei:
plmn_id:
mcc: 999
mnc: 70
mme_gid: 2
mme_code: 1
tai:
plmn_id:
mcc: 999
mnc: 70
tac: 1
security:
integrity_order : [ EIA1, EIA2, EIA0 ]
ciphering_order : [ EEA0, EEA1, EEA2 ]
network_name:
full: Open5GS
mme_name: open5gs-mme0
sgwc:
gtpc:
addr: 127.0.0.3
smf:
gtpc:
- addr:
- 127.0.0.4
- ::1
Test & pastikan tidak ada error,
sudo systemctl stop open5gs-mmed sudo sleep 10 sudo systemctl start open5gs-mmed sudo systemctl status open5gs-mmed
cat /var/log/open5gs/mme.log
nrf.yaml
cd /etc/open5gs/ cp /etc/open5gs/nrf.yaml /etc/open5gs/nrf.yaml.old vi /etc/open5gs/nrf.yaml
Isi dengan,
logger:
file: /var/log/open5gs/nrf.log
sbi:
server:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/nrf.key
cert: /etc/open5gs/tls/nrf.crt
client:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/nrf.key
cert: /etc/open5gs/tls/nrf.crt
parameter:
nrf:
sbi:
addr:
- 127.0.0.10
- ::1
port: 7777
# scp:
# sbi:
# - addr: 127.0.1.10
# port: 7777
Test & pastikan tidak ada error,
sudo systemctl stop open5gs-nrfd sudo sleep 10 sudo systemctl start open5gs-nrfd sudo systemctl status open5gs-nrfd
cat /var/log/open5gs/nrf.log
nssf.yaml
vi /etc/open5gs/nssf.yaml
Isi dengan,
logger:
file: /var/log/open5gs/nssf.log
sbi:
server:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/nssf.key
cert: /etc/open5gs/tls/nssf.crt
client:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/nssf.key
cert: /etc/open5gs/tls/nssf.crt
nssf:
sbi:
- addr: 127.0.0.14
port: 7777
nsi:
- addr: ::1
port: 7777
s_nssai:
sst: 1
nrf:
sbi:
- addr:
- 127.0.0.10
- ::1
port: 7777
# scp:
# sbi:
# - addr: 127.0.1.10
# port: 7777
Test & pastikan tidak ada error,
sudo systemctl stop open5gs-nssfd sudo sleep 10 sudo systemctl start open5gs-nssfd sudo systemctl status open5gs-nssfd
cat /var/log/open5gs/nssf.log
pcf.yaml
vi /etc/open5gs/pcf.yaml
Isi dengan,
db_uri: mongodb://localhost/open5gs
logger:
file: /var/log/open5gs/pcf.log
sbi:
server:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/pcf.key
cert: /etc/open5gs/tls/pcf.crt
client:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/pcf.key
cert: /etc/open5gs/tls/pcf.crt
pcf:
sbi:
- addr: 127.0.0.13
port: 7777
# pcf:
# sbi:
# - addr: 127.0.0.13
# port: 7777
# metrics:
# - addr: 127.0.0.13
# port: 9090
nrf:
sbi:
- addr:
- 127.0.0.10
- ::1
port: 7777
# scp:
# sbi:
# - addr: 127.0.1.10
# port: 7777
Test & pastikan tidak ada error,
sudo systemctl stop open5gs-pcfd sudo sleep 10 sudo systemctl start open5gs-pcfd sudo systemctl status open5gs-pcfd
cat /var/log/open5gs/pcf.log
pcrf.yaml
vi /etc/open5gs/pcrf.yaml
Isi dengan,
db_uri: mongodb://localhost/open5gs
logger:
file: /var/log/open5gs/pcrf.log
parameter:
# pcrf:
# freeDiameter: /etc/freeDiameter/pcrf.conf
pcrf:
freeDiameter:
identity: pcrf.epc.mnc070.mcc999.3gppnetwork.org
realm: epc.mnc070.mcc999.3gppnetwork.org
port: 3868
sec_port: 5868
listen_on: 127.0.0.9
load_extension:
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dbg_msg_dumps.fdx
conf: 0x8888
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_rfc5777.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_mip6i.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_nasreq.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_nas_mipv6.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca_3gpp.fdx
connect:
- identity: smf.epc.mnc070.mcc999.3gppnetwork.org
addr: 127.0.0.4
port: 3868
- identity: pcscf.ims.mnc070.mcc999.3gppnetwork.org
addr: 192.168.0.4
port: 3871
Test & pastikan tidak ada error,
sudo systemctl stop open5gs-pcrfd sudo sleep 10 sudo systemctl start open5gs-pcrfd sudo systemctl status open5gs-pcrfd
cat /var/log/open5gs/pcrf.log
sgwc.yaml
vi /etc/open5gs/sgwc.yaml
Isi dengan,
logger:
file: /var/log/open5gs/sgwc.log
parameter:
sgwc:
gtpc:
- addr: 127.0.0.3
pfcp:
- addr: 127.0.0.3
sgwu:
pfcp:
- addr: 127.0.0.6
Test & pastikan tidak ada error,
sudo systemctl stop open5gs-sgwcd sudo sleep 10 sudo systemctl start open5gs-sgwcd sudo systemctl status open5gs-sgwcd
cat /var/log/open5gs/sgwc.log
sgwu.yaml
vi /etc/open5gs/sgwu.yaml
Isi dengan,
logger:
file: /var/log/open5gs/sgwu.log
parameter:
sgwu:
gtpu:
dev: enp0s3
pfcp:
- addr: 127.0.0.6
sgwc:
pfcp:
- addr: 127.0.0.3
Test & pastikan tidak ada error,
sudo systemctl stop open5gs-sgwud sudo sleep 10 sudo systemctl start open5gs-sgwud sudo systemctl status open5gs-sgwud
cat /var/log/open5gs/sgwu.log
smf.yaml
vi /etc/open5gs/smf.yaml
Isi dengan,
logger:
file: /var/log/open5gs/smf.log
sbi:
server:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/smf.key
cert: /etc/open5gs/tls/smf.crt
client:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/smf.key
cert: /etc/open5gs/tls/smf.crt
parameter:
smf:
freeDiameter:
identity: smf.epc.mnc070.mcc999.3gppnetwork.org
realm: epc.mnc070.mcc999.3gppnetwork.org
port: 3868
sec_port: 5868
listen_on: 127.0.0.4
load_extension:
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dbg_msg_dumps.fdx
conf: 0x8888
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_rfc5777.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_mip6i.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_nasreq.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_nas_mipv6.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca.fdx
- module: /usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca_3gpp.fdx
connect:
- identity: pcrf.epc.mnc070.mcc999.3gppnetwork.org
addr: 127.0.0.9
port: 3868
sbi:
- addr: 127.0.0.4
port: 7777
gtpc:
- addr: 127.0.0.4
- addr: ::1
gtpu:
- addr: 127.0.0.4
- addr: ::1
pfcp:
- addr: 127.0.0.4
- addr: ::1
subnet:
- addr: 192.168.100.1/24
apn: internet
dev: ogstun
- addr: fd84:6aea:c36e:2b69::/48
dev: ogstun
apn: internet
- addr: 192.168.101.1/24
apn: ims
dev: ogstun2
- addr: fd1f:76f3:da9b:0101::/48
apn: ims
dev: ogstun2
dns:
- 8.8.8.8
- 8.8.4.4
- 2001:4860:4860::8888
- 2001:4860:4860::8844
p-cscf:
- 192.168.0.4
nrf:
sbi:
- addr:
- 127.0.0.10
- ::1
port: 7777
upf:
pfcp:
- addr: 127.0.0.7
Test & pastikan tidak ada error,
sudo systemctl stop open5gs-smfd sudo sleep 10 sudo systemctl start open5gs-smfd sudo systemctl status open5gs-smfd
cat /var/log/open5gs/smf.log
udm.yaml
vi /etc/open5gs/udm.yaml
Isi dengan,
logger:
file: /var/log/open5gs/udm.log
sbi:
server:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/udm.key
cert: /etc/open5gs/tls/udm.crt
client:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/udm.key
cert: /etc/open5gs/tls/udm.crt
parameter:
# udm:
# hnet:
# - id: 1
# scheme: 1
# key: /etc/open5gs/hnet/curve25519-1.key
# - id: 2
# scheme: 2
# key: /etc/open5gs/hnet/secp256r1-2.key
# - id: 3
# scheme: 1
# key: /etc/open5gs/hnet/curve25519-3.key
# - id: 4
# scheme: 2
# key: /etc/open5gs/hnet/secp256r1-4.key
# - id: 5
# scheme: 1
# key: /etc/open5gs/hnet/curve25519-5.key
# - id: 6
# scheme: 2
# key: /etc/open5gs/hnet/secp256r1-6.key
# sbi:
# - addr: 127.0.0.12
# port: 7777
udm:
sbi:
- addr: 127.0.0.12
port: 7777
# scp:
# sbi:
# - addr: 127.0.1.10
# port: 7777
nrf:
sbi:
- addr:
- 127.0.0.10
- ::1
port: 7777
Test & pastikan tidak ada error,
sudo systemctl stop open5gs-udmd sudo sleep 10 sudo systemctl start open5gs-udmd sudo systemctl status open5gs-udmd
cat /var/log/open5gs/udm.log
udr.yaml
vi /etc/open5gs/udr.yaml
Isi dengan,
db_uri: mongodb://localhost/open5gs
logger:
file: /var/log/open5gs/udr.log
sbi:
server:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/udr.key
cert: /etc/open5gs/tls/udr.crt
client:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/udr.key
cert: /etc/open5gs/tls/udr.crt
parameter:
udr:
sbi:
- addr: 127.0.0.20
port: 7777
# scp:
# sbi:
# - addr: 127.0.1.10
# port: 7777
nrf:
sbi:
- addr:
- 127.0.0.10
- ::1
port: 7777
Test & pastikan tidak ada error,
sudo systemctl stop open5gs-udrd sudo sleep 10 sudo systemctl start open5gs-udrd sudo systemctl status open5gs-udrd
cat /var/log/open5gs/udr.log
upf.yaml
vi /etc/open5gs/upf.yaml
Isi dengan,
logger:
file: /var/log/open5gs/upf.log
parameter:
# upf:
# pfcp:
# - addr: 127.0.0.7
# gtpu:
# - addr: 127.0.0.7
# subnet:
# - addr: 10.45.0.1/16
# - addr: 2001:db8:cafe::1/48
# metrics:
# - addr: 127.0.0.7
# port: 9090
upf:
pfcp:
- addr: 127.0.0.7
gtpu:
- addr: 127.0.0.7
subnet:
- addr: 10.45.0.1/24
dev: ogstun
apn: internet
- addr: 2001:db8:cafe::1/48
dev: ogstun
apn: internet
# - addr: 192.168.101.1/24
# apn: ims
# dev: ogstun2
# - addr: fd1f:76f3:da9b:0101::/48
# apn: ims
# dev: ogstun2
smf:
pfcp:
- addr: 127.0.0.4
Test & pastikan tidak ada error,
sudo systemctl stop open5gs-upfd sudo sleep 10 sudo systemctl start open5gs-upfd sudo systemctl status open5gs-upfd
cat /var/log/open5gs/upf.log