204 lines
5.1 KiB
Markdown
204 lines
5.1 KiB
Markdown
|
|
|
|
# DHI OsmocomCNI + Open5GS - 2/3G + 4/5G Core
|
|
|
|
Open5gs and OsmocomCNI are running on two different VMs, on a single Proxmox host. We present two networks to each VM.
|
|
|
|
Internal NET/Internet - 172.16.0.0/24 (ens18 on both VM's)
|
|
eNodeB/hNodeB Net - 10.0.1.0/24 (ens19 on both VM's)
|
|
|
|
4G S1-MME/S1-AP on Open5gs: 10.0.1.2
|
|
5G NGAP on Open5gs: 10.0.1.5
|
|
OGSTUN: 10.45.0.0/16 (Masquerade this out the Internet interface)
|
|
|
|
3G MME/A-BIS on OsmocomCNI: 10.0.1.50
|
|
GGSN on OsmocomCNI: 10.0.1.49
|
|
SG Bind Interface on OsmocomCNI: 10.0.1.48
|
|
APN0: 192.168.42.0/24 (Masquerade this out the Internet interface)
|
|
|
|
Reference the netplan YAMLS files for each respective VM for correct IP config
|
|
|
|
|
|
# Software Install Open5GS
|
|
|
|
Install MongoDB 4 if you have AVX support, use a newer version
|
|
|
|
Add repo for needed library
|
|
```
|
|
echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list
|
|
```
|
|
|
|
Install libssl, and don't forget to apt hold this package
|
|
```
|
|
sudo apt-get install libssl1.1
|
|
```
|
|
|
|
Remove repo after, don't need it.
|
|
```
|
|
sudo rm /etc/apt/sources.list.d/focal-security.list
|
|
```
|
|
|
|
Get MongoDB Key
|
|
```
|
|
curl -fsSL https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
|
|
```
|
|
|
|
Add repo
|
|
```
|
|
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
|
|
```
|
|
|
|
Install MongoDB
|
|
```
|
|
apt update && apt install mongodb-org -y
|
|
```
|
|
|
|
Add Ubuntu Open5gs PPA, and install Open5GS
|
|
```
|
|
add-apt-repository ppa:open5gs/latest && apt update && apt install -y open5gs
|
|
```
|
|
|
|
Next install Open5GS WebUI
|
|
|
|
Make folder for keys
|
|
```
|
|
mkdir -p /etc/apt/keyrings
|
|
```
|
|
|
|
Get keys and store them
|
|
```
|
|
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
|
|
```
|
|
|
|
Create and add deb repo
|
|
```
|
|
NODE_MAJOR=20
|
|
```
|
|
```
|
|
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list
|
|
```
|
|
|
|
Update and install NodeJS
|
|
```
|
|
apt -y update && apt install -y nodejs
|
|
```
|
|
|
|
And now run Open5GS WebUI Install script
|
|
```
|
|
curl -fsSL https://open5gs.org/open5gs/assets/webui/install | sudo -E bash -
|
|
```
|
|
|
|
Make WebUI bind to something other then localhost
|
|
|
|
Edit this file
|
|
```
|
|
/lib/systemd/system/open5gs-webui.service
|
|
```
|
|
|
|
Add the following
|
|
```
|
|
ENVIRONMENT=HOSTNAME=0.0.0.0
|
|
ENVIROMENT=PORT=8080
|
|
```
|
|
|
|
Reload services and start WebUI
|
|
```
|
|
systemctl daemon-reload && systemctl restart open5gs-webui
|
|
```
|
|
|
|
While we are here let's add the NAT rules for UE Connectivity
|
|
```
|
|
Enable IPv4/IPv6 Forwarding
|
|
sysctl -w net.ipv4.ip_forward=1
|
|
sysctl -w net.ipv6.conf.all.forwarding=1
|
|
|
|
Add NAT Rule
|
|
iptables -t nat -A POSTROUTING -s 10.45.0.0/16 ! -o ogstun -j MASQUERADE
|
|
ip6tables -t nat -A POSTROUTING -s 2001:db8:cafe::/48 ! -o ogstun -j MASQUERADE
|
|
|
|
Ensure that the packets in the `INPUT` chain to the `ogstun` interface are accepted
|
|
iptables -I INPUT -i ogstun -j ACCEPT
|
|
|
|
Prevent UE's from connecting to the host on which UPF is running
|
|
iptables -I INPUT -s 10.45.0.0/16 -j DROP
|
|
ip6tables -I INPUT -s 2001:db8:cafe::/48 -j DROP
|
|
|
|
If your core network runs over multiple hosts, you probably want to block
|
|
UE originating traffic from accessing other network functions.
|
|
Replace x.x.x.x/y with the VNFs IP/subnet
|
|
iptables -I FORWARD -s 10.45.0.0/16 -d x.x.x.x/y -j DROP
|
|
```
|
|
|
|
Copy all the Open5GS config files in this git repo to /etc/open5gs, make a backup of the oringal conf files to
|
|
be safe
|
|
```
|
|
Navigate to the root git repo folder first
|
|
|
|
Backup orginal conf files
|
|
cd /etc/open5gs && cp -r * /home/user/open5gs_backup
|
|
|
|
Copy conf files from repo
|
|
cp -r * /etc/open5gs
|
|
```
|
|
|
|
Use the service_control.sh script to start/stop all services in a sane and easy way
|
|
```./service_control.sh restart/stop/enable/status```
|
|
|
|
# Software Install Osmocom Stack
|
|
|
|
First setup the Repo
|
|
|
|
https://downloads.osmocom.org/packages/osmocom:/latest/
|
|
|
|
You will replace the repo below with the correct one for your OS, use the link above to see supported OS's
|
|
|
|
```
|
|
wget https://obs.osmocom.org/projects/osmocom/public_key
|
|
|
|
sha256sum public_key 51d8df2fcd8f6c857e0e7f7c936fe1fea6d69bc2671e3ddecb13c7656ca6a168 public_key
|
|
|
|
sudo mv public_key /etc/apt/trusted.gpg.d/osmocom.asc
|
|
|
|
export OSMOCOM_REPO="https://downloads.osmocom.org/packages/osmocom:/latest/Debian_XX"
|
|
echo "deb [signed-by=/etc/apt/trusted.gpg.d/osmocom.asc] $OSMOCOM_REPO/ ./" | sudo tee
|
|
/etc/apt/sources.list.d/osmocom-latest.list
|
|
|
|
sudo apt-get update
|
|
```
|
|
|
|
Next install the Osmocom Stack
|
|
```
|
|
apt install osmo-bsc osmo-ggsn osmo-hlr osmo-hnbgw osmo-mgw osmo-msc osmo-pcu osmo-sgsn osmo-sip-connector osmo-stp osmo-upf
|
|
```
|
|
|
|
Same deal, backup original conf files, and copy the conf files from the git repo
|
|
```
|
|
cd /etc/osmocom
|
|
mkdir backup_conf
|
|
mv * backup_conf/
|
|
cp -r /root-git-dir/* ./
|
|
```
|
|
|
|
Setup NAT Rules again for UE connectivity
|
|
```
|
|
Enable IPv4/IPv6 Forwarding
|
|
sysctl -w net.ipv4.ip_forward=1
|
|
sysctl -w net.ipv6.conf.all.forwarding=1
|
|
|
|
Add NAT Rule
|
|
iptables -t nat -A POSTROUTING -s 192.168.42.0/244 ! -o apn0 -j MASQUERADE
|
|
```
|
|
|
|
Use the service_control.sh script to start/stop all services in a sane and easy way
|
|
```./service_control.sh restart/stop/enable/status```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|