diff --git a/.env b/.env index 6ca0f50..2e6e35f 100644 --- a/.env +++ b/.env @@ -119,3 +119,9 @@ METRICS_IP=172.22.0.36 # SRSRAN GNB SRS_GNB_IP=172.22.0.37 + +# UE IPv4 Subnet Range for APN=internet +UE_IPV4_INTERNET=192.168.100.0/24 + +# UE IPv4 Subnet Range for APN=ims +UE_IPV4_IMS=192.168.101.0/24 diff --git a/README.md b/README.md index 62551ff..1649ad2 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Docker files to build and run open5gs in a docker Docker host machine -- Ubuntu 18.04 and 20.04 +- Ubuntu 18.04 and 20.04 or 22.04 SDRs tested with srsLTE eNB @@ -82,6 +82,8 @@ TEST_NETWORK --> Change this only if it clashes with the internal network at you DOCKER_HOST_IP --> This is the IP address of the host running your docker setup SGWU_ADVERTISE_IP --> Change this to value of DOCKER_HOST_IP set above only if eNB/gNB is not running the same docker network/host UPF_ADVERTISE_IP --> Change this to value of DOCKER_HOST_IP set above only if eNB/gNB is not running the same docker network/host +UE_IPV4_INTERNET --> Change this to your desired (Not conflicted) UE network ip range for internet APN +UE_IPV4_IMS --> Change this to your desired (Not conflicted) UE network ip range for ims APN ``` If eNB/gNB is NOT running in the same docker network/host as the host running the dockerized Core/IMS then follow the below additional steps diff --git a/pcscf/pcscf_init.sh b/pcscf/pcscf_init.sh index 0b700e8..ef0c3bc 100755 --- a/pcscf/pcscf_init.sh +++ b/pcscf/pcscf_init.sh @@ -83,4 +83,4 @@ sed -i 's|RTPENGINE_IP|'$RTPENGINE_IP'|g' /etc/kamailio_pcscf/kamailio_pcscf.cfg #ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone # Add static route to route traffic back to UE as there is not NATing -ip r add 192.168.101.0/24 via ${UPF_IP} +ip r add ${UE_IPV4_IMS} via ${UPF_IP} diff --git a/rtpengine/rtpengine_init.sh b/rtpengine/rtpengine_init.sh index baf4752..0d71103 100755 --- a/rtpengine/rtpengine_init.sh +++ b/rtpengine/rtpengine_init.sh @@ -66,12 +66,12 @@ fi # -N (create a new chain with the name rtpengine) iptables -N rtpengine 2> /dev/null -# -D: Delete the rule for the target "rtpengine" if exists. -j (target): chain name or extension name -# from the table "filter" (the default -without the option '-t') +# -D: Delete the rule for the target "rtpengine" if exists. -j (target): chain name or extension name +# from the table "filter" (the default -without the option '-t') iptables -D INPUT -j rtpengine 2> /dev/null # Add the rule again so the packets will go to rtpengine chain after the (filter-INPUT) hook point. iptables -I INPUT -j rtpengine -# Delete and Insert a rule in the rtpengine chain to forward the UDP traffic +# Delete and Insert a rule in the rtpengine chain to forward the UDP traffic iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null iptables -I rtpengine -p udp -j RTPENGINE --id "$TABLE" iptables-save > /etc/iptables.rules @@ -85,7 +85,7 @@ ip6tables -I rtpengine -p udp -j RTPENGINE --id "$TABLE" ip6tables-save > /etc/ip6tables.rules # Add static route to route traffic back to UE as there is not NATing -ip r add 192.168.101.0/24 via ${UPF_IP} +ip r add ${UE_IPV4_IMS} via ${UPF_IP} set -x diff --git a/smf/smf.yaml b/smf/smf.yaml index da1c1e3..d5550be 100644 --- a/smf/smf.yaml +++ b/smf/smf.yaml @@ -22,13 +22,13 @@ smf: pfcp: - addr: SMF_IP subnet: - - addr: 192.168.100.1/24 + - addr: UE_IPV4_INTERNET dnn: internet dev: ogstun - addr: 2001:230:cafe::1/48 dev: ogstun dnn: internet - - addr: 192.168.101.1/24 + - addr: UE_IPV4_IMS dnn: ims dev: ogstun2 - addr: 2001:230:babe::1/48 diff --git a/smf/smf_init.sh b/smf/smf_init.sh index a5badb8..8c74f3b 100755 --- a/smf/smf_init.sh +++ b/smf/smf_init.sh @@ -41,6 +41,8 @@ sed -i 's|SMF_IP|'$SMF_IP'|g' install/etc/open5gs/smf.yaml sed -i 's|SCP_IP|'$SCP_IP'|g' install/etc/open5gs/smf.yaml sed -i 's|NRF_IP|'$NRF_IP'|g' install/etc/open5gs/smf.yaml sed -i 's|UPF_IP|'$UPF_IP'|g' install/etc/open5gs/smf.yaml +sed -i 's|UE_IPV4_INTERNET|'$UE_IPV4_INTERNET'|g' install/etc/open5gs/smf.yaml +sed -i 's|UE_IPV4_IMS|'$UE_IPV4_IMS'|g' install/etc/open5gs/smf.yaml sed -i 's|PCSCF_IP|'$PCSCF_IP'|g' install/etc/open5gs/smf.yaml sed -i 's|SMF_IP|'$SMF_IP'|g' install/etc/freeDiameter/smf.conf sed -i 's|PCRF_IP|'$PCRF_IP'|g' install/etc/freeDiameter/smf.conf diff --git a/upf/tun_if.py b/upf/tun_if.py index 808871e..d39d649 100755 --- a/upf/tun_if.py +++ b/upf/tun_if.py @@ -34,68 +34,75 @@ e.g: $ python3 tun_if.py --tun_ifname ogstun --ipv4_range 192.168.100.0/24 --ipv6_range 2001:230:cafe::/48 """ + def validate_ip_net(ctx, param, value): - try: - ip_net = ipaddress.ip_network(value) - return ip_net - except ValueError: - raise click.BadParameter('Value does not represent a valid IPv4/IPv6 range') + try: + ip_net = ipaddress.ip_network(value) + return ip_net + except ValueError: + raise click.BadParameter( + 'Value does not represent a valid IPv4/IPv6 range') + @click.command() @click.option('--tun_ifname', - required=True, - help='TUN interface name e.g. ogstun') + required=True, + help='TUN interface name e.g. ogstun') @click.option('--ipv4_range', - required=True, - callback=validate_ip_net, - help='UE IPv4 Address range in CIDR format e.g. 192.168.100.0/24') + required=True, + callback=validate_ip_net, + help='UE IPv4 Address range in CIDR format e.g. 192.168.100.0/24') @click.option('--ipv6_range', - required=True, - callback=validate_ip_net, - help='UE IPv6 Address range in CIDR format e.g. 2001:230:cafe::/48') + required=True, + callback=validate_ip_net, + help='UE IPv6 Address range in CIDR format e.g. 2001:230:cafe::/48') @click.option('--nat_rule', - default='yes', - help='Option specifying whether to add NATing iptables rule or not') + default='yes', + help='Option specifying whether to add NATing iptables rule or not') def start(tun_ifname, - ipv4_range, - ipv6_range, - nat_rule): + ipv4_range, + ipv6_range, + nat_rule): - # Get the first IP address in the IP range and netmask prefix length - first_ipv4_addr = next(ipv4_range.hosts(), None) - if not first_ipv4_addr: - raise ValueError('Invalid UE IPv4 range. Only one IP given') - else: - first_ipv4_addr = first_ipv4_addr.exploded - first_ipv6_addr = next(ipv6_range.hosts(), None) - if not first_ipv6_addr: - raise ValueError('Invalid UE IPv6 range. Only one IP given') - else: - first_ipv6_addr = first_ipv6_addr.exploded + # Get the first IP address in the IP range and netmask prefix length + first_ipv4_addr = next(ipv4_range.hosts(), None) + if not first_ipv4_addr: + raise ValueError('Invalid UE IPv4 range. Only one IP given') + else: + first_ipv4_addr = first_ipv4_addr.exploded + first_ipv6_addr = next(ipv6_range.hosts(), None) + if not first_ipv6_addr: + raise ValueError('Invalid UE IPv6 range. Only one IP given') + else: + first_ipv6_addr = first_ipv6_addr.exploded - ipv4_netmask_prefix = ipv4_range.prefixlen - ipv6_netmask_prefix = ipv6_range.prefixlen + ipv4_netmask_prefix = ipv4_range.prefixlen + ipv6_netmask_prefix = ipv6_range.prefixlen + + # Setup the TUN interface, set IP address and setup IPtables + # if ls /sys/class/net | grep "ogstun" ; then ip link delete ogstun; fi + execute_bash_cmd('ip tuntap add name ' + tun_ifname + ' mode tun') + execute_bash_cmd('ip addr add ' + first_ipv4_addr + '/' + + str(ipv4_netmask_prefix) + ' dev ' + tun_ifname) + execute_bash_cmd('ip addr add ' + first_ipv6_addr + '/' + + str(ipv6_netmask_prefix) + ' dev ' + tun_ifname) + execute_bash_cmd('ip link set ' + tun_ifname + ' mtu 1450') + execute_bash_cmd('ip link set ' + tun_ifname + ' up') + if nat_rule == 'yes': + execute_bash_cmd('if ! iptables-save | grep -- \"-A POSTROUTING -s ' + ipv4_range.with_prefixlen + ' ! -o ' + tun_ifname + ' -j MASQUERADE\" ; then ' + + 'iptables -t nat -A POSTROUTING -s ' + ipv4_range.with_prefixlen + ' ! -o ' + tun_ifname + ' -j MASQUERADE; fi') + execute_bash_cmd('if ! ip6tables-save | grep -- \"-A POSTROUTING -s ' + ipv6_range.with_prefixlen + ' ! -o ' + tun_ifname + ' -j MASQUERADE\" ; then ' + + 'ip6tables -t nat -A POSTROUTING -s ' + ipv6_range.with_prefixlen + ' ! -o ' + tun_ifname + ' -j MASQUERADE; fi') + execute_bash_cmd('if ! iptables-save | grep -- \"-A INPUT -i ' + tun_ifname + ' -j ACCEPT\" ; then ' + + 'iptables -A INPUT -i ' + tun_ifname + ' -j ACCEPT; fi') + execute_bash_cmd('if ! ip6tables-save | grep -- \"-A INPUT -i ' + tun_ifname + ' -j ACCEPT\" ; then ' + + 'ip6tables -A INPUT -i ' + tun_ifname + ' -j ACCEPT; fi') - # Setup the TUN interface, set IP address and setup IPtables - # if ls /sys/class/net | grep "ogstun" ; then ip link delete ogstun; fi - execute_bash_cmd('ip tuntap add name ' + tun_ifname + ' mode tun') - execute_bash_cmd('ip addr add ' + first_ipv4_addr + '/' + str(ipv4_netmask_prefix) + ' dev ' + tun_ifname) - execute_bash_cmd('ip addr add ' + first_ipv6_addr + '/' + str(ipv6_netmask_prefix) + ' dev ' + tun_ifname) - execute_bash_cmd('ip link set ' + tun_ifname + ' mtu 1450') - execute_bash_cmd('ip link set ' + tun_ifname + ' up') - if nat_rule == 'yes': - execute_bash_cmd('if ! iptables-save | grep -- \"-A POSTROUTING -s ' + ipv4_range.with_prefixlen + ' ! -o ' + tun_ifname + ' -j MASQUERADE\" ; then ' + - 'iptables -t nat -A POSTROUTING -s ' + ipv4_range.with_prefixlen + ' ! -o ' + tun_ifname + ' -j MASQUERADE; fi') - execute_bash_cmd('if ! ip6tables-save | grep -- \"-A POSTROUTING -s ' + ipv6_range.with_prefixlen + ' ! -o ' + tun_ifname + ' -j MASQUERADE\" ; then ' + - 'ip6tables -t nat -A POSTROUTING -s ' + ipv6_range.with_prefixlen + ' ! -o ' + tun_ifname + ' -j MASQUERADE; fi') - execute_bash_cmd('if ! iptables-save | grep -- \"-A INPUT -i ' + tun_ifname + ' -j ACCEPT\" ; then ' + - 'iptables -A INPUT -i ' + tun_ifname + ' -j ACCEPT; fi') - execute_bash_cmd('if ! ip6tables-save | grep -- \"-A INPUT -i ' + tun_ifname + ' -j ACCEPT\" ; then ' + - 'ip6tables -A INPUT -i ' + tun_ifname + ' -j ACCEPT; fi') def execute_bash_cmd(bash_cmd): - #print("Executing: /bin/bash -c " + bash_cmd) - return subprocess.run(bash_cmd, stdout=subprocess.PIPE, shell=True) + # print("Executing: /bin/bash -c " + bash_cmd) + return subprocess.run(bash_cmd, stdout=subprocess.PIPE, shell=True) + if __name__ == '__main__': - start() + start() diff --git a/upf/upf.yaml b/upf/upf.yaml index 7651d41..cd83df7 100644 --- a/upf/upf.yaml +++ b/upf/upf.yaml @@ -10,13 +10,13 @@ upf: - addr: UPF_IP advertise: UPF_ADVERTISE_IP subnet: - - addr: 192.168.100.1/24 + - addr: UE_IPV4_INTERNET dev: ogstun dnn: internet - addr: 2001:230:cafe::1/48 dev: ogstun dnn: internet - - addr: 192.168.101.1/24 + - addr: UE_IPV4_IMS dnn: ims dev: ogstun2 - addr: 2001:230:babe::1/48 diff --git a/upf/upf_init.sh b/upf/upf_init.sh index 80bd02d..7277a25 100755 --- a/upf/upf_init.sh +++ b/upf/upf_init.sh @@ -31,12 +31,14 @@ export LANG=C.UTF-8 export IP_ADDR=$(awk 'END{print $1}' /etc/hosts) export IF_NAME=$(ip r | awk '/default/ { print $5 }') -python3 /mnt/upf/tun_if.py --tun_ifname ogstun --ipv4_range 192.168.100.0/24 --ipv6_range 2001:230:cafe::/48 -python3 /mnt/upf/tun_if.py --tun_ifname ogstun2 --ipv4_range 192.168.101.0/24 --ipv6_range 2001:230:babe::/48 --nat_rule 'no' +python3 /mnt/upf/tun_if.py --tun_ifname ogstun --ipv4_range $UE_IPV4_INTERNET --ipv6_range 2001:230:cafe::/48 +python3 /mnt/upf/tun_if.py --tun_ifname ogstun2 --ipv4_range $UE_IPV4_IMS --ipv6_range 2001:230:babe::/48 --nat_rule 'no' cp /mnt/upf/upf.yaml install/etc/open5gs sed -i 's|UPF_IP|'$UPF_IP'|g' install/etc/open5gs/upf.yaml sed -i 's|SMF_IP|'$SMF_IP'|g' install/etc/open5gs/upf.yaml +sed -i 's|UE_IPV4_INTERNET|'$UE_IPV4_INTERNET'|g' install/etc/open5gs/upf.yaml +sed -i 's|UE_IPV4_IMS|'$UE_IPV4_IMS'|g' install/etc/open5gs/upf.yaml sed -i 's|UPF_ADVERTISE_IP|'$UPF_ADVERTISE_IP'|g' install/etc/open5gs/upf.yaml # Sync docker time