paulmataruso/DHI-CNI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
37 Commits 1 Branch 0 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
paulmataruso f687e62f25 Update README.md
2025-01-25 19:24:57 +00:00
open5gs
Delete open5gs/conf/tls/.ph
2025-01-25 18:03:46 +00:00
osmocom
Delete osmocom/iptables/.ph
2025-01-25 18:18:18 +00:00
README.md
Update README.md
2025-01-25 19:24:57 +00:00

README.md

DHI OsmocomCNI + Open5GS - 2/3G + 4/5G Core

Open5gs and OsmocomCNI are running on two different VMs, on a single Proxmox host. We present two networks to each VM.

Internal NET/Internet - 172.16.0.0/24 (ens18 on both VM's) eNodeB/hNodeB Net - 10.0.1.0/24 (ens19 on both VM's)

4G S1-MME/S1-AP on Open5gs: 10.0.1.2 5G NGAP on Open5gs: 10.0.1.5 OGSTUN: 10.45.0.0/16 (Masquerade this out the Internet interface)

3G MME/A-BIS on OsmocomCNI: 10.0.1.50 GGSN on OsmocomCNI: 10.0.1.49 SG Bind Interface on OsmocomCNI: 10.0.1.48 APN0: 192.168.42.0/24 (Masquerade this out the Internet interface)

Reference the netplan YAMLS files for each respective VM for correct IP config

Software Install Open5GS

Install MongoDB 4 if you have AVX support, use a newer version

Add repo for needed library

echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list

Install libssl, and don't forget to apt hold this package

sudo apt-get install libssl1.1

Remove repo after, don't need it.

sudo rm /etc/apt/sources.list.d/focal-security.list

Get MongoDB Key

curl -fsSL https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -

Add repo

echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list

Install MongoDB

apt update && apt install mongodb-org -y

Add Ubuntu Open5gs PPA, and install Open5GS

add-apt-repository ppa:open5gs/latest && apt update && apt install -y open5gs

Next install Open5GS WebUI

Make folder for keys

mkdir -p /etc/apt/keyrings

Get keys and store them

curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg

Create and add deb repo

NODE_MAJOR=20

echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list

Update and install NodeJS

apt -y update && apt install -y nodejs

And now run Open5GS WebUI Install script

curl -fsSL https://open5gs.org/open5gs/assets/webui/install | sudo -E bash -

Make WebUI bind to something other then localhost

Edit this file

/lib/systemd/system/open5gs-webui.service

Add the following

ENVIRONMENT=HOSTNAME=0.0.0.0
ENVIROMENT=PORT=8080

Reload services and start WebUI

systemctl daemon-reload && systemctl restart open5gs-webui

While we are here let's add the NAT rules for UE Connectivity

Enable IPv4/IPv6 Forwarding
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1

Add NAT Rule
iptables -t nat -A POSTROUTING -s 10.45.0.0/16 ! -o ogstun -j MASQUERADE
ip6tables -t nat -A POSTROUTING -s 2001:db8:cafe::/48 ! -o ogstun -j MASQUERADE

Ensure that the packets in the `INPUT` chain to the `ogstun` interface are accepted
iptables -I INPUT -i ogstun -j ACCEPT

Prevent UE's from connecting to the host on which UPF is running
iptables -I INPUT -s 10.45.0.0/16 -j DROP
ip6tables -I INPUT -s 2001:db8:cafe::/48 -j DROP

If your core network runs over multiple hosts, you probably want to block
UE originating traffic from accessing other network functions.
Replace x.x.x.x/y with the VNFs IP/subnet
iptables -I FORWARD -s 10.45.0.0/16 -d x.x.x.x/y -j DROP

Copy all the Open5GS config files in this git repo to /etc/open5gs, make a backup of the oringal conf files to be safe

Navigate to the root git repo folder first

Backup orginal conf files
cd /etc/open5gs && cp -r * /home/user/open5gs_backup

Copy conf files from repo
cp -r * /etc/open5gs

Use the service_control.sh script to start/stop all services in a sane and easy way ./service_control.sh restart/stop/enable/status

Software Install Osmocom Stack

First setup the Repo

https://downloads.osmocom.org/packages/osmocom:/latest/

You will replace the repo below with the correct one for your OS, use the link above to see supported OS's

wget https://obs.osmocom.org/projects/osmocom/public_key

sha256sum public_key 51d8df2fcd8f6c857e0e7f7c936fe1fea6d69bc2671e3ddecb13c7656ca6a168  public_key

sudo mv public_key /etc/apt/trusted.gpg.d/osmocom.asc

export OSMOCOM_REPO="https://downloads.osmocom.org/packages/osmocom:/latest/Debian_XX" 
echo "deb [signed-by=/etc/apt/trusted.gpg.d/osmocom.asc] $OSMOCOM_REPO/ ./" | sudo tee 
/etc/apt/sources.list.d/osmocom-latest.list

sudo apt-get update

Next install the Osmocom Stack

apt install osmo-bsc osmo-ggsn osmo-hlr osmo-hnbgw osmo-mgw osmo-msc osmo-pcu osmo-sgsn osmo-sip-connector osmo-stp osmo-upf

Same deal, backup original conf files, and copy the conf files from the git repo

cd /etc/osmocom
mkdir backup_conf
mv * backup_conf/
cp -r /root-git-dir/* ./

Setup NAT Rules again for UE connectivity

Enable IPv4/IPv6 Forwarding
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1

Add NAT Rule
iptables -t nat -A POSTROUTING -s 192.168.42.0/244 ! -o apn0 -j MASQUERADE

Use the service_control.sh script to start/stop all services in a sane and easy way ./service_control.sh restart/stop/enable/status

Description
DHI OsmocomCNI + Open5GS - 2/3G + 4/5G Core
Readme 136 KiB
Languages
Shell 100%