paulmataruso/open5gs
1
0
Fork 0
mirror of https://github.com/open5gs/open5gs.git synced 2025-11-02 13:03:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

[SBI] HTTP2-TLS verification - ConfFile Changed

Browse Source 
You should add the following configuration if you would not use TLS.

sbi:
    server:
      no_tls: true
    client:
      no_tls: true
This commit is contained in:
Sukchan Lee
2023-02-18 10:58:29 +09:00
parent 3e61c5984d
commit 05fbaf6958
33 changed files with 1986 additions and 897 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
configs/310014.yaml.in
View File

@@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
logger:
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testserver.key
cert: @build_configs_dir@/open5gs/tls/testserver.crt
client:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testclient.key
cert: @build_configs_dir@/open5gs/tls/testclient.crt

5
configs/csfb.yaml.in
View File

@@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
logger:
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testserver.key
cert: @build_configs_dir@/open5gs/tls/testserver.crt
client:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testclient.key
cert: @build_configs_dir@/open5gs/tls/testclient.crt

5
configs/non3gpp.yaml.in
View File

@@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
logger:
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testserver.key
cert: @build_configs_dir@/open5gs/tls/testserver.crt
client:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testclient.key
cert: @build_configs_dir@/open5gs/tls/testclient.crt

203
configs/open5gs/amf.yaml.in
View File

@@ -1,73 +1,91 @@
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,ngap,nas,gmm,sbi,amf,event,tlv,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/amf.log
#
# tls:
# enabled: auto|yes|no
# - auto: Default. Use TLS only if key/cert is available
# - yes: Use TLS always;
# reject if no key/cert available
# - no: Don't use TLS if there is an key/cert available
# o TLS enable/disable
# sbi:
# server|client:
# no_tls: false|true
# - false: (Default) Use TLS
# - true: TLS disabled
#
# o Server-side Key and Certficiate
# o Verification enable/disable
# sbi:
# server|client:
# no_verify: false|true
# - false: (Default) Verify the PEER
# - true: Skip the verification step
#
# o Server-side does not use TLS
# sbi:
# server:
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# no_tls: true
#
# o Client-side does not use TLS
# o Client-side skips the verification step
# sbi:
# client:
# enabled: no
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
#
# o Use the specified certificate to verify client
# o Use the specified certificate while verifying the client
# sbi:
# server
# cacert: /etc/open5gs/tls/ca.crt
#
# o Use the specified certificate to verify server
# o Use the specified certificate while verifying the server
# sbi:
# client
# cacert: /etc/open5gs/tls/ca.crt
#
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/amf.key
cert: @sysconfdir@/open5gs/tls/amf.crt
client:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/amf.key
cert: @sysconfdir@/open5gs/tls/amf.crt
#
# amf:
#
# <SBI Server>
#
# o SBI Server(http://<all address available>:80)
# sbi:
# server:
# no_tls: true
# amf:
# sbi:
#
# o SBI Server(http://<any address>:7777)
# sbi:
# server:
# no_tls: true
# amf:
# sbi:
# - addr:
# - 0.0.0.0
@@ -75,17 +93,17 @@ tls:
# port: 7777
#
# o SBI Server(https://<all address available>:443)
# tls:
# sbi:
# server:
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# amf:
# sbi:
#
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
# tls:
# enabled: no
# o SBI Server(https://127.0.0.5:443, https://[::1]:443) without verification
# sbi:
# server:
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# amf:
@@ -94,29 +112,48 @@ tls:
# - addr: ::1
#
# o SBI Server(https://amf.open5gs.org:443)
# Use the specified certificate to verify client
# Use the specified certificate while verifying the client
#
# tls:
# sbi:
# server:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# amf:
# sbi:
# - name: amf.open5gs.org
#
# o SBI Server(http://127.0.0.5:7777)
# sbi:
# server:
# no_tls: true
# amf:
# sbi:
# - addr: 127.0.0.5
# port: 7777
#
# o SBI Server(http://<eth0 IP address>:80)
# sbi:
# server:
# no_tls: true
# amf:
# sbi:
# - dev: eth0
#
# o Provide custom SBI address to be advertised to NRF
# sbi:
# server:
# no_tls: true
# amf:
# sbi:
# - dev: eth0
# advertise: open5gs-amf.svc.local
#
# o Another example of advertising on NRF
# sbi:
# server:
# no_tls: true
# amf:
# sbi:
# - addr: localhost
# advertise:
@@ -127,6 +164,10 @@ tls:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# server:
# no_tls: true
# amf:
# sbi:
# addr: 127.0.0.5
# option:
@@ -138,9 +179,11 @@ tls:
# <NF Service>
#
# o NF Service Name(Default : all NF services available)
# amf:
# service_name:
#
# o NF Service Name(Only some NF services are available)
# amf:
# service_name:
# - namf-comm
#
@@ -148,12 +191,21 @@ tls:
#
# o (Default) If you do not set Query Parameter as shown below,
#
# sbi:
# server:
# no_tls: true
# amf:
# sbi:
# - addr: 127.0.0.5
# port: 7777
#
# - 'service-names' is included.
#
# o Service-Names are not included
# sbi:
# server:
# no_tls: true
# amf:
# sbi:
# - addr: 127.0.0.5
# port: 7777
@@ -172,6 +224,10 @@ tls:
#
# o (Default) If you do not set Delegated Discovery as shown below,
#
# sbi:
# server:
# no_tls: true
# amf:
# sbi:
# - addr: 127.0.0.5
# port: 7777
@@ -179,6 +235,10 @@ tls:
# - Use SCP if SCP avaiable. Otherwise NRF is used.
# => App fails if both NRF and SCP are unavailable.
#
# sbi:
# server:
# no_tls: true
# amf:
# sbi:
# - addr: 127.0.0.5
# port: 7777
@@ -194,23 +254,28 @@ tls:
# <NGAP Server>>
#
# o NGAP Server(all address available)
# amf:
# ngap:
#
# o NGAP Server(0.0.0.0:38412)
# amf:
# ngap:
# addr: 0.0.0.0
#
# o NGAP Server(127.0.0.5:38412, [::1]:38412)
# amf:
# ngap:
# - addr: 127.0.0.5
# - addr: ::1
#
# o NGAP Server(different port)
# amf:
# ngap:
# - addr: 127.0.0.5
# port: 38413
#
# o NGAP Server(address available in `eth0` interface)
# amf:
# ngap:
# dev: eth0
#
@@ -218,6 +283,7 @@ tls:
# - sctp_nodelay : true
# - so_linger.l_onoff : false
#
# amf:
# ngap:
# addr: 127.0.0.5
# option:
@@ -237,6 +303,7 @@ tls:
# - sinit_max_attempts : 4
# - sinit_max_init_timeo : 8000(8secs)
#
# amf:
# ngap:
# addr: 127.0.0.5
# option:
@@ -254,6 +321,7 @@ tls:
# <Metrics Server>
#
# o Metrics Server(http://<any address>:9090)
# amf:
# metrics:
# - addr: 0.0.0.0
# port: 9090
@@ -261,6 +329,7 @@ tls:
# <GUAMI>
#
# o Multiple GUAMI
# amf:
# guami:
# - plmn_id:
# mcc: 999
@@ -279,6 +348,7 @@ tls:
# <TAI>
#
# o Multiple TAI
# amf:
# tai:
# - plmn_id:
# mcc: 001
@@ -310,6 +380,7 @@ tls:
# <PLMN Support>
#
# o Multiple PLMN Support
# amf:
# plmn_support:
# - plmn_id:
# mcc: 999
@@ -325,16 +396,19 @@ tls:
#
# <Network Name>
#
# amf:
# network_name:
# full: Open5GS
# short: Next
#
# <AMF Name>
#
# amf:
# amf_name: amf1.open5gs.amf.5gc.mnc70.mcc999.3gppnetwork.org
#
# <Relative Capacity> - Default(255)
#
# amf:
# relative_capacity: 100
#
amf:
@@ -371,19 +445,22 @@ amf:
full: Open5GS
amf_name: open5gs-amf0
#
# scp:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.1.10:7777)
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# port: 7777
#
# o SBI Client(https://127.0.1.10:443, https://[::1]:443)
# tls:
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
# sbi:
# client:
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
@@ -392,11 +469,13 @@ amf:
# - addr: ::1
#
# o SBI Client(https://scp.open5gs.org:443)
# Use the specified certificate to verify server
# Use the specified certificate while verifying the server
#
# tls:
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - name: scp.open5gs.org
@@ -404,6 +483,10 @@ amf:
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr:
# - 127.0.1.10
@@ -413,6 +496,10 @@ amf:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# option:
@@ -427,19 +514,22 @@ scp:
- addr: 127.0.1.10
port: 7777
#
# nrf:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.0.10:7777)
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# port: 7777
#
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
# tls:
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
# sbi:
# client:
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
@@ -448,11 +538,13 @@ scp:
# - addr: ::1
#
# o SBI Client(https://nrf.open5gs.org:443)
# Use the specified certificate to verify server
# Use the specified certificate while verifying the server
#
# tls:
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - name: nrf.open5gs.org
@@ -469,6 +561,10 @@ scp:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# option:
@@ -484,26 +580,28 @@ scp:
# - ::1
# port: 7777
#
# parameter:
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# o Maximum Number of UE
# max:
# ue: 1024
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# max:
# peer: 64
#
max:
@@ -514,35 +612,40 @@ max:
#
usrsctp:
#
# time:
#
# o NF Instance Heartbeat (Default : 0)
# NFs will not send heart-beat timer in NFProfile
# NRF will send heart-beat timer in NFProfile
# (Default values are used, so no configuration is required)
#
# o NF Instance Heartbeat (20 seconds)
# NFs will send heart-beat timer (20 seconds) in NFProfile
# NRF can change heart-beat timer in NFProfile
#
# time:
# nf_instance:
# heartbeat: 20
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
#
# o Handover Wait Duration (Default : 300 ms)
# Time to wait for AMF to send UEContextReleaseCommand
# to the source gNB after receiving HandoverNotify
# (Default values are used, so no configuration is required)
#
# o Handover Wait Duration (500ms)
# time:
# handover:
# duration: 500
#
# o Timers of 5GS mobility/session management
# time:
# t3502:
# value: 720 # 12 minutes * 60 = 720 seconds
# t3512:

196
configs/open5gs/ausf.yaml.in
View File

@@ -1,20 +1,21 @@
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,sbi,ausf,event,tlv,mem,sock
#
@@ -22,52 +23,69 @@ logger:
file: @localstatedir@/log/open5gs/ausf.log
#
# tls:
# enabled: auto|yes|no
# - auto: Default. Use TLS only if key/cert is available
# - yes: Use TLS always;
# reject if no key/cert available
# - no: Don't use TLS if there is an key/cert available
# o TLS enable/disable
# sbi:
# server|client:
# no_tls: false|true
# - false: (Default) Use TLS
# - true: TLS disabled
#
# o Server-side Key and Certficiate
# o Verification enable/disable
# sbi:
# server|client:
# no_verify: false|true
# - false: (Default) Verify the PEER
# - true: Skip the verification step
#
# o Server-side does not use TLS
# sbi:
# server:
# key: /etc/open5gs/tls/ausf.key
# cert: /etc/open5gs/tls/ausf.crt
# no_tls: true
#
# o Client-side does not use TLS
# o Client-side skips the verification step
# sbi:
# client:
# enabled: no
# key: /etc/open5gs/tls/ausf.key
# cert: /etc/open5gs/tls/ausf.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
#
# o Use the specified certificate to verify client
# o Use the specified certificate while verifying the client
# sbi:
# server
# cacert: /etc/open5gs/tls/ca.crt
#
# o Use the specified certificate to verify server
# o Use the specified certificate while verifying the server
# sbi:
# client
# cacert: /etc/open5gs/tls/ca.crt
#
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/ausf.key
cert: @sysconfdir@/open5gs/tls/ausf.crt
client:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/ausf.key
cert: @sysconfdir@/open5gs/tls/ausf.crt
#
# ausf:
#
# <SBI Server>
#
# o SBI Server(http://<all address available>:80)
# sbi:
# server:
# no_tls: true
# ausf:
# sbi:
#
# o SBI Server(http://<any address>:7777)
# sbi:
# server:
# no_tls: true
# ausf:
# sbi:
# - addr:
# - 0.0.0.0
@@ -75,17 +93,17 @@ tls:
# port: 7777
#
# o SBI Server(https://<all address available>:443)
# tls:
# sbi:
# server:
# key: /etc/open5gs/tls/ausf.key
# cert: /etc/open5gs/tls/ausf.crt
# ausf:
# sbi:
#
# o SBI Server(http://127.0.0.11:80, http://[::1]:80)
# tls:
# enabled: no
# o SBI Server(https://127.0.0.11:443, https://[::1]:443) without verification
# sbi:
# server:
# no_verify: true
# key: /etc/open5gs/tls/ausf.key
# cert: /etc/open5gs/tls/ausf.crt
# ausf:
@@ -94,29 +112,48 @@ tls:
# - addr: ::1
#
# o SBI Server(https://ausf.open5gs.org:443)
# Use the specified certificate to verify client
# Use the specified certificate while verifying the client
#
# tls:
# sbi:
# server:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/ausf.key
# cert: /etc/open5gs/tls/ausf.crt
# ausf:
# sbi:
# - name: ausf.open5gs.org
#
# o SBI Server(http://127.0.0.11:7777)
# sbi:
# server:
# no_tls: true
# ausf:
# sbi:
# - addr: 127.0.0.11
# port: 7777
#
# o SBI Server(http://<eth0 IP address>:80)
# sbi:
# server:
# no_tls: true
# ausf:
# sbi:
# - dev: eth0
#
# o Provide custom SBI address to be advertised to NRF
# sbi:
# server:
# no_tls: true
# ausf:
# sbi:
# - dev: eth0
# advertise: open5gs-ausf.svc.local
#
# o Another example of advertising on NRF
# sbi:
# server:
# no_tls: true
# ausf:
# sbi:
# - addr: localhost
# advertise:
@@ -127,6 +164,10 @@ tls:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# server:
# no_tls: true
# ausf:
# sbi:
# addr: 127.0.0.11
# option:
@@ -138,9 +179,11 @@ tls:
# <NF Service>
#
# o NF Service Name(Default : all NF services available)
# ausf:
# service_name:
#
# o NF Service Name(Only some NF services are available)
# ausf:
# service_name:
# - nausf-auth
#
@@ -148,12 +191,21 @@ tls:
#
# o (Default) If you do not set Query Parameter as shown below,
#
# sbi:
# server:
# no_tls: true
# ausf:
# sbi:
# - addr: 127.0.0.11
# port: 7777
#
# - 'service-names' is included.
#
# o Service-Names are not included
# sbi:
# server:
# no_tls: true
# ausf:
# sbi:
# - addr: 127.0.0.11
# port: 7777
@@ -172,6 +224,10 @@ tls:
#
# o (Default) If you do not set Delegated Discovery as shown below,
#
# sbi:
# server:
# no_tls: true
# ausf:
# sbi:
# - addr: 127.0.0.11
# port: 7777
@@ -179,6 +235,10 @@ tls:
# - Use SCP if SCP avaiable. Otherwise NRF is used.
# => App fails if both NRF and SCP are unavailable.
#
# sbi:
# server:
# no_tls: true
# ausf:
# sbi:
# - addr: 127.0.0.11
# port: 7777
@@ -196,32 +256,37 @@ ausf:
- addr: 127.0.0.11
port: 7777
#
# scp:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.1.10:7777)
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# port: 7777
#
# o SBI Client(https://127.0.1.10:443, https://[::1]:443)
# tls:
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
# sbi:
# client:
# key: /etc/open5gs/tls/ausf.key
# cert: /etc/open5gs/tls/ausf.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - addr: 127.0.1.10
# - addr: ::1
#
# o SBI Client(https://scp.open5gs.org:443)
# Use the specified certificate to verify server
# Use the specified certificate while verifying the server
#
# tls:
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - name: scp.open5gs.org
@@ -229,6 +294,10 @@ ausf:
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr:
# - 127.0.1.10
@@ -238,6 +307,10 @@ ausf:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# option:
@@ -252,32 +325,37 @@ scp:
- addr: 127.0.1.10
port: 7777
#
# nrf:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.0.10:7777)
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# port: 7777
#
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
# tls:
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
# sbi:
# client:
# key: /etc/open5gs/tls/ausf.key
# cert: /etc/open5gs/tls/ausf.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - addr: 127.0.0.10
# - addr: ::1
#
# o SBI Client(https://nrf.open5gs.org:443)
# Use the specified certificate to verify server
# Use the specified certificate while verifying the server
#
# tls:
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - name: nrf.open5gs.org
@@ -294,6 +372,10 @@ scp:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# option:
@@ -309,47 +391,51 @@ scp:
# - ::1
# port: 7777
#
# parameter:
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# o Maximum Number of UE
# max:
# ue: 1024
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# max:
# peer: 64
#
max:
#
# time:
#
# o NF Instance Heartbeat (Default : 0)
# NFs will not send heart-beat timer in NFProfile
# NRF will send heart-beat timer in NFProfile
# (Default values are used, so no configuration is required)
#
# o NF Instance Heartbeat (20 seconds)
# NFs will send heart-beat timer (20 seconds) in NFProfile
# NRF can change heart-beat timer in NFProfile
#
# time:
# nf_instance:
# heartbeat: 20
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
time:

200
configs/open5gs/bsf.yaml.in
View File

@@ -1,75 +1,93 @@
db_uri: mongodb://localhost/open5gs
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,sbi,bsf,event,tlv,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/bsf.log
#
# tls:
# enabled: auto|yes|no
# - auto: Default. Use TLS only if key/cert is available
# - yes: Use TLS always;
# reject if no key/cert available
# - no: Don't use TLS if there is an key/cert available
# o TLS enable/disable
# sbi:
# server|client:
# no_tls: false|true
# - false: (Default) Use TLS
# - true: TLS disabled
#
# o Server-side Key and Certficiate
# o Verification enable/disable
# sbi:
# server|client:
# no_verify: false|true
# - false: (Default) Verify the PEER
# - true: Skip the verification step
#
# o Server-side does not use TLS
# sbi:
# server:
# key: /etc/open5gs/tls/bsf.key
# cert: /etc/open5gs/tls/bsf.crt
# no_tls: true
#
# o Client-side does not use TLS
# o Client-side skips the verification step
# sbi:
# client:
# enabled: no
# key: /etc/open5gs/tls/bsf.key
# cert: /etc/open5gs/tls/bsf.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
#
# o Use the specified certificate to verify client
# o Use the specified certificate while verifying the client
# sbi:
# server
# cacert: /etc/open5gs/tls/ca.crt
#
# o Use the specified certificate to verify server
# o Use the specified certificate while verifying the server
# sbi:
# client
# cacert: /etc/open5gs/tls/ca.crt
#
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/bsf.key
cert: @sysconfdir@/open5gs/tls/bsf.crt
client:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/bsf.key
cert: @sysconfdir@/open5gs/tls/bsf.crt
#
# bsf:
#
# <SBI Server>
#
# o SBI Server(http://<all address available>:80)
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
#
# o SBI Server(http://<any address>:7777)
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# - addr:
# - 0.0.0.0
@@ -77,48 +95,67 @@ tls:
# port: 7777
#
# o SBI Server(https://<all address available>:443)
# tls:
# sbi:
# server:
# key: /etc/open5gs/tls/bsf.key
# cert: /etc/open5gs/tls/bsf.crt
# bsf:
# sbi:
#
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
# tls:
# enabled: no
# o SBI Server(https://127.0.0.15:443, https://[::1]:443) without verification
# sbi:
# server:
# no_verify: true
# key: /etc/open5gs/tls/bsf.key
# cert: /etc/open5gs/tls/bsf.crt
# bsf:
# sbi:
# - addr: 127.0.0.5
# - addr: 127.0.0.15
# - addr: ::1
#
# o SBI Server(https://bsf.open5gs.org:443)
# Use the specified certificate to verify client
# Use the specified certificate while verifying the client
#
# tls:
# sbi:
# server:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/bsf.key
# cert: /etc/open5gs/tls/bsf.crt
# bsf:
# sbi:
# - name: bsf.open5gs.org
#
# o SBI Server(http://127.0.0.15:7777)
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# - addr: 127.0.0.15
# port: 7777
#
# o SBI Server(http://<eth0 IP address>:80)
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# - dev: eth0
#
# o Provide custom SBI address to be advertised to NRF
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# - dev: eth0
# advertise: open5gs-bsf.svc.local
#
# o Another example of advertising on NRF
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# - addr: localhost
# advertise:
@@ -129,6 +166,10 @@ tls:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# addr: 127.0.0.15
# option:
@@ -140,9 +181,11 @@ tls:
# <NF Service>
#
# o NF Service Name(Default : all NF services available)
# bsf:
# service_name:
#
# o NF Service Name(Only some NF services are available)
# bsf:
# service_name:
# - nbsf-management
#
@@ -150,12 +193,21 @@ tls:
#
# o (Default) If you do not set Query Parameter as shown below,
#
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# - addr: 127.0.0.15
# port: 7777
#
# - 'service-names' is included.
#
# o Service-Names are not included
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# - addr: 127.0.0.15
# port: 7777
@@ -174,6 +226,10 @@ tls:
#
# o (Default) If you do not set Delegated Discovery as shown below,
#
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# - addr: 127.0.0.15
# port: 7777
@@ -181,6 +237,10 @@ tls:
# - Use SCP if SCP avaiable. Otherwise NRF is used.
# => App fails if both NRF and SCP are unavailable.
#
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# - addr: 127.0.0.15
# port: 7777
@@ -198,32 +258,37 @@ bsf:
- addr: 127.0.0.15
port: 7777
#
# scp:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.1.10:7777)
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# port: 7777
#
# o SBI Client(https://127.0.1.10:443, https://[::1]:443)
# tls:
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
# sbi:
# client:
# key: /etc/open5gs/tls/bsf.key
# cert: /etc/open5gs/tls/bsf.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - addr: 127.0.1.10
# - addr: ::1
#
# o SBI Client(https://scp.open5gs.org:443)
# Use the specified certificate to verify server
# Use the specified certificate while verifying the server
#
# tls:
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - name: scp.open5gs.org
@@ -231,6 +296,10 @@ bsf:
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr:
# - 127.0.1.10
@@ -240,6 +309,10 @@ bsf:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# option:
@@ -254,32 +327,37 @@ scp:
- addr: 127.0.1.10
port: 7777
#
# nrf:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.0.10:7777)
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# port: 7777
#
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
# tls:
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
# sbi:
# client:
# key: /etc/open5gs/tls/bsf.key
# cert: /etc/open5gs/tls/bsf.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - addr: 127.0.0.10
# - addr: ::1
#
# o SBI Client(https://nrf.open5gs.org:443)
# Use the specified certificate to verify server
# Use the specified certificate while verifying the server
#
# tls:
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - name: nrf.open5gs.org
@@ -296,6 +374,10 @@ scp:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# option:
@@ -311,47 +393,51 @@ scp:
# - ::1
# port: 7777
#
# parameter:
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# o Maximum Number of UE
# max:
# ue: 1024
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# max:
# peer: 64
#
max:
#
# time:
#
# o NF Instance Heartbeat (Default : 0)
# NFs will not send heart-beat timer in NFProfile
# NRF will send heart-beat timer in NFProfile
# (Default values are used, so no configuration is required)
#
# o NF Instance Heartbeat (20 seconds)
# NFs will send heart-beat timer (20 seconds) in NFProfile
# NRF can change heart-beat timer in NFProfile
#
# time:
# nf_instance:
# heartbeat: 20
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
time:

39
configs/open5gs/hss.yaml.in
View File

@@ -1,24 +1,25 @@
db_uri: mongodb://localhost/open5gs
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,fd,hss,event,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/hss.log
@@ -26,29 +27,37 @@ logger:
hss:
freeDiameter: @sysconfdir@/freeDiameter/hss.conf
# sms_over_ims: "sip:smsc.mnc001.mcc001.3gppnetwork.org:7060;transport=tcp"
#
# parameter:
# hss:
# sms_over_ims: "sip:smsc.mnc001.mcc001.3gppnetwork.org:7060;transport=tcp"
#
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
# o Use MongoDB Change Stream
# parameter:
# use_mongodb_change_stream: true
#
parameter:
# use_mongodb_change_stream: true
#
# max:
#
# o Maximum Number of UE
# o Maximum Number of UE
# max:
# ue: 1024
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# max:
# peer: 64
#
max:

109
configs/open5gs/mme.yaml.in
View File

@@ -1,49 +1,53 @@
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,s1ap,nas,fd,gtp,mme,emm,esm,event,tlv,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/mme.log
#
# mme:
#
# <S1AP Server>>
#
# o S1AP Server(all address available)
# mme:
# s1ap:
#
# o S1AP Server(0.0.0.0:36412)
# mme:
# s1ap:
# addr: 0.0.0.0
#
# o S1AP Server(127.0.0.2:36412, [::1]:36412)
# mme:
# s1ap:
# - addr: 127.0.0.2
# - addr: ::1
#
# o S1AP Server(different port)
# mme:
# s1ap:
# - addr: 127.0.0.2
# port: 36413
#
# o S1AP Server(address available in `eth0` interface)
# mme:
# s1ap:
# dev: eth0
#
@@ -51,6 +55,7 @@ logger:
# - sctp_nodelay : true
# - so_linger.l_onoff : false
#
# mme:
# s1ap:
# addr: 127.0.0.2
# option:
@@ -70,6 +75,7 @@ logger:
# - sinit_max_attempts : 4
# - sinit_max_init_timeo : 8000(8secs)
#
# mme:
# s1ap:
# addr: 127.0.0.2
# option:
@@ -87,9 +93,11 @@ logger:
# <GTP-C Server>>
#
# o GTP-C Server(all address available)
# mme:
# gtpc:
#
# o GTP-C Server(127.0.0.2:2123, [::1]:2123)
# mme:
# gtpc:
# - addr: 127.0.0.2
# - addr: ::1
@@ -97,6 +105,7 @@ logger:
# <SGsAP>
#
# o Single MSC/VLR(127.0.0.2)
# mme:
# sgsap:
# addr: 127.0.0.2
# map:
@@ -123,6 +132,7 @@ logger:
# lac: 43692
#
# o Multiple MSC/VLR
# mme:
# sgsap:
# - addr: 127.0.0.2
# port: 29119
@@ -178,6 +188,7 @@ logger:
# <Metrics Server>
#
# o Metrics Server(http://<any address>:9090)
# mme:
# metrics:
# - addr: 0.0.0.0
# port: 9090
@@ -185,6 +196,7 @@ logger:
# <GUMMEI>
#
# o Multiple GUMMEI
# mme:
# gummei:
# - plmn_id:
# mcc: 001
@@ -205,6 +217,7 @@ logger:
# <TAI>
#
# o Multiple TAI
# mme:
# tai:
# - plmn_id:
# mcc: 001
@@ -235,17 +248,17 @@ logger:
#
#
# <Network Name>
#
# mme:
# network_name:
# full: Open5GS
# short: Next
#
# <MME Name>
#
# mme:
# mme_name: open5gs-mme0
#
# <Relative Capacity> - Default(255)
#
# mme:
# relative_capacity: 100
#
mme:
@@ -275,8 +288,6 @@ mme:
full: Open5GS
mme_name: open5gs-mme0
#
# sgwc:
#
# <GTP-C Client>
#
@@ -284,17 +295,20 @@ mme:
#
# o One SGW is defined.
# If prefer_ipv4 is not true, [fd69:f21d:873c:fa::2] is selected.
# sgwc:
# gtpc:
# addr:
# - 127.0.0.3
# - fd69:f21d:873c:fa::2
#
# o Two SGW are defined. MME selects SGW with round-robin manner per UE
# sgwc:
# gtpc:
# - addr: 127.0.0.3
# - addr: fd69:f21d:873c:fa::2
#
# o Three SGW are defined. MME selects SGW with round-robin manner per UE
# sgwc:
# gtpc:
# - addr
# - 127.0.0.3
@@ -306,30 +320,32 @@ mme:
#
# <SGW Selection Mode>
#
# o Round-Robin
# o Round-Robin
# sgwc:
# gtpc:
# addr: 127.0.0.3
# addr: 127.0.2.2
# addr: 127.0.4.2
#
# gtpc:
# addr: 127.0.0.3
# addr: 127.0.2.2
# addr: 127.0.4.2
#
# o SGW selection by eNodeB TAC
# o SGW selection by eNodeB TAC
# (either single TAC or multiple TACs, DECIMAL representation)
#
# gtpc:
# - addr: 127.0.0.3
# tac: 26000
# - addr: 127.0.2.2
# tac: [25000, 27000, 28000]
# sgwc:
# gtpc:
# - addr: 127.0.0.3
# tac: 26000
# - addr: 127.0.2.2
# tac: [25000, 27000, 28000]
#
# o SGW selection by e_cell_id(28bit)
# (either single or multiple e_cell_id, HEX representation)
#
# gtpc:
# - addr: 127.0.0.3
# e_cell_id: abcde01
# - addr: 127.0.2.2
# e_cell_id: [12345, a9413, 98765]
# sgwc:
# gtpc:
# - addr: 127.0.0.3
# e_cell_id: abcde01
# - addr: 127.0.2.2
# e_cell_id: [12345, a9413, 98765]
#
sgwc:
gtpc:
@@ -344,15 +360,18 @@ sgwc:
# - To use a different APN for each SMF, specify gtpc.apn as the APN name.
# - If the HSS uses WebUI to set the SMF IP for each UE,
# you can use a specific SMF node for each UE.
# (Default values are used, so no configuration is required)
#
# o Two SMF are defined. 127.0.0.4:2123 is used.
# [fd69:f21d:873c:fa::3]:2123 is ignored.
# smf:
# gtpc:
# - addr: 127.0.0.4
# - addr: fd69:f21d:873c:fa::3
#
# o One SMF is defined. if prefer_ipv4 is not true,
# [fd69:f21d:873c:fa::3] is selected.
# smf:
# gtpc:
# - addr:
# - 127.0.0.4
@@ -361,6 +380,7 @@ sgwc:
# o Two SMF are defined with a different APN.
# - Note that if SMF IP for UE is configured in HSS,
# the following configurion for this UE is ignored.
# smf:
# gtpc:
# - addr: 127.0.0.4
# apn: internet
@@ -368,6 +388,7 @@ sgwc:
# apn: volte
#
# o If APN is omitted, the default APN uses the first SMF node.
# smf:
# gtpc:
# - addr: 127.0.0.4
# - addr: 127.0.0.5
@@ -378,31 +399,28 @@ smf:
- 127.0.0.4
- ::1
#
# parameter:
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
#
# o Use OAI UE
# - Remove HashMME in Security-mode command message
# - Use the length 1 of EPS network feature support in Attach accept message
# use_openair: true
# parameter:
# prefer_ipv4: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# o Maximum Number of UE
# max:
# ue: 1024
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# max:
# peer: 64
#
max:
@@ -413,24 +431,27 @@ max:
#
usrsctp:
#
# time:
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
#
# o Handover Wait Duration (Default : 300 ms)
# Time to wait for MME to send UEContextReleaseCommand
# to the source eNB after receiving HandoverNotify
# (Default values are used, so no configuration is required)
#
# o Handover Wait Duration (500ms)
# time:
# handover:
# duration: 500
#
# o Timers of EPS mobility/session management
# time:
# t3402:
# value: 720 # 12 minutes * 60 = 720 seconds
# t3412:

177
configs/open5gs/nrf.yaml.in
View File

@@ -1,73 +1,91 @@
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,sbi,nrf,event,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/nrf.log
#
# tls:
# enabled: auto|yes|no
# - auto: Default. Use TLS only if key/cert is available
# - yes: Use TLS always;
# reject if no key/cert available
# - no: Don't use TLS if there is an key/cert available
# o TLS enable/disable
# sbi:
# server|client:
# no_tls: false|true
# - false: (Default) Use TLS
# - true: TLS disabled
#
# o Server-side Key and Certficiate
# o Verification enable/disable
# sbi:
# server|client:
# no_verify: false|true
# - false: (Default) Verify the PEER
# - true: Skip the verification step
#
# o Server-side does not use TLS
# sbi:
# server:
# key: /etc/open5gs/tls/nrf.key
# cert: /etc/open5gs/tls/nrf.crt
# no_tls: true
#
# o Client-side does not use TLS
# o Client-side skips the verification step
# sbi:
# client:
# enabled: no
# key: /etc/open5gs/tls/nrf.key
# cert: /etc/open5gs/tls/nrf.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
#
# o Use the specified certificate to verify client
# o Use the specified certificate while verifying the client
# sbi:
# server
# cacert: /etc/open5gs/tls/ca.crt
#
# o Use the specified certificate to verify server
# o Use the specified certificate while verifying the server
# sbi:
# client
# cacert: /etc/open5gs/tls/ca.crt
#
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/nrf.key
cert: @sysconfdir@/open5gs/tls/nrf.crt
client:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/nrf.key
cert: @sysconfdir@/open5gs/tls/nrf.crt
#
# nrf:
#
# <SBI Server>
#
# o SBI Server(http://<all address available>:80)
# sbi:
# server:
# no_tls: true
# nrf:
# sbi:
#
# o SBI Server(http://<any address>:7777)
# sbi:
# server:
# no_tls: true
# nrf:
# sbi:
# - addr:
# - 0.0.0.0
@@ -75,47 +93,81 @@ tls:
# port: 7777
#
# o SBI Server(https://<all address available>:443)
# tls:
# sbi:
# server:
# key: /etc/open5gs/tls/nrf.key
# cert: /etc/open5gs/tls/nrf.crt
# nrf:
# sbi:
#
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
# tls:
# enabled: no
# o SBI Server(https://127.0.0.10:443, https://[::1]:443) without verification
# sbi:
# server:
# no_verify: true
# key: /etc/open5gs/tls/nrf.key
# cert: /etc/open5gs/tls/nrf.crt
# nrf:
# sbi:
# - addr: 127.0.0.5
# - addr: 127.0.0.10
# - addr: ::1
#
# o SBI Server(https://nrf.open5gs.org:443)
# Use the specified certificate to verify client
# Use the specified certificate while verifying the client
#
# tls:
# sbi:
# server:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/nrf.key
# cert: /etc/open5gs/tls/nrf.crt
# nrf:
# sbi:
# - name: nrf.open5gs.org
#
# o SBI Server(http://127.0.0.10:7777)
# sbi:
# server:
# no_tls: true
# nrf:
# sbi:
# - addr: 127.0.0.10
# port: 7777
#
# o SBI Server(http://<eth0 IP address>:80)
# sbi:
# server:
# no_tls: true
# nrf:
# sbi:
# dev: eth0
# - dev: eth0
#
# o Provide custom SBI address to be advertised to NRF
# sbi:
# server:
# no_tls: true
# nrf:
# sbi:
# - dev: eth0
# advertise: open5gs-nrf.svc.local
#
# o Another example of advertising on NRF
# sbi:
# server:
# no_tls: true
# nrf:
# sbi:
# - addr: localhost
# advertise:
# - 127.0.0.99
# - ::1
#
# o SBI Option (Default)
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# server:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# option:
@@ -127,9 +179,11 @@ tls:
# <NF Service>
#
# o NF Service Name(Default : all NF services available)
# nrf:
# service_name:
#
# o NF Service Name(Only some NF services are available)
# nrf:
# service_name:
# - nnrf-nfm
# - nnrf-disc
@@ -141,32 +195,37 @@ nrf:
- ::1
port: 7777
#
# scp:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.1.10:7777)
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# port: 7777
#
# o SBI Client(https://127.0.1.10:443, https://[::1]:443)
# tls:
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
# sbi:
# client:
# key: /etc/open5gs/tls/nrf.key
# cert: /etc/open5gs/tls/nrf.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - addr: 127.0.1.10
# - addr: ::1
#
# o SBI Client(https://scp.open5gs.org:443)
# Use the specified certificate to verify server
# Use the specified certificate while verifying the server
#
# tls:
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - name: scp.open5gs.org
@@ -174,6 +233,10 @@ nrf:
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr:
# - 127.0.1.10
@@ -183,6 +246,10 @@ nrf:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# option:
@@ -197,62 +264,74 @@ scp:
- addr: 127.0.1.10
port: 7777
#
# parameter:
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# o Maximum Number of UE
# max:
# ue: 1024
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# max:
# peer: 64
#
max:
#
# time:
#
# o NF Instance Heartbeat (Default : 10 seconds)
# (Default values are used, so no configuration is required)
#
# o NF Instance Heartbeat (Disabled)
# time:
# nf_instance:
# heartbeat: 0
#
# o NF Instance Heartbeat (5 seconds)
# time:
# nf_instance:
# heartbeat: 5
#
# o NF Instance Validity (Default : 3600 seconds = 1 hour)
# (Default values are used, so no configuration is required)
#
# o NF Instance Validity (10 seconds)
# time:
# nf_instance:
# validity: 10
#
# o Subscription Validity (Default : 86400 seconds = 1 day)
# (Default values are used, so no configuration is required)
#
# o Subscription Validity (Disabled)
# time:
# subscription:
# validity: 0
#
# o Subscription Validity (3600 seconds = 1 hour)
# time:
# subscription:
# validity: 3600
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
time:

223
configs/open5gs/nssf.yaml.in
View File

@@ -1,73 +1,91 @@
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,sbi,nssf,event,tlv,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/nssf.log
#
# tls:
# enabled: auto|yes|no
# - auto: Default. Use TLS only if key/cert is available
# - yes: Use TLS always;
# reject if no key/cert available
# - no: Don't use TLS if there is an key/cert available
# o TLS enable/disable
# sbi:
# server|client:
# no_tls: false|true
# - false: (Default) Use TLS
# - true: TLS disabled
#
# o Server-side Key and Certficiate
# o Verification enable/disable
# sbi:
# server|client:
# no_verify: false|true
# - false: (Default) Verify the PEER
# - true: Skip the verification step
#
# o Server-side does not use TLS
# sbi:
# server:
# key: /etc/open5gs/tls/nssf.key
# cert: /etc/open5gs/tls/nssf.crt
# no_tls: true
#
# o Client-side does not use TLS
# o Client-side skips the verification step
# sbi:
# client:
# enabled: no
# key: /etc/open5gs/tls/nssf.key
# cert: /etc/open5gs/tls/nssf.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
#
# o Use the specified certificate to verify client
# o Use the specified certificate while verifying the client
# sbi:
# server
# cacert: /etc/open5gs/tls/ca.crt
#
# o Use the specified certificate to verify server
# o Use the specified certificate while verifying the server
# sbi:
# client
# cacert: /etc/open5gs/tls/ca.crt
#
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/nssf.key
cert: @sysconfdir@/open5gs/tls/nssf.crt
client:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/nssf.key
cert: @sysconfdir@/open5gs/tls/nssf.crt
#
# nssf:
#
# <SBI Server>
#
# o SBI Server(http://<all address available>:80)
# sbi:
# server:
# no_tls: true
# nssf:
# sbi:
#
# o SBI Server(http://<any address>:7777)
# sbi:
# server:
# no_tls: true
# nssf:
# sbi:
# - addr:
# - 0.0.0.0
@@ -75,48 +93,67 @@ tls:
# port: 7777
#
# o SBI Server(https://<all address available>:443)
# tls:
# sbi:
# server:
# key: /etc/open5gs/tls/nssf.key
# cert: /etc/open5gs/tls/nssf.crt
# nssf:
# sbi:
#
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
# tls:
# enabled: no
# o SBI Server(https://127.0.0.14:443, https://[::1]:443) without verification
# sbi:
# server:
# no_verify: true
# key: /etc/open5gs/tls/nssf.key
# cert: /etc/open5gs/tls/nssf.crt
# nssf:
# sbi:
# - addr: 127.0.0.5
# - addr: 127.0.0.14
# - addr: ::1
#
# o SBI Server(https://nssf.open5gs.org:443)
# Use the specified certificate to verify client
# Use the specified certificate while verifying the client
#
# tls:
# sbi:
# server:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/nssf.key
# cert: /etc/open5gs/tls/nssf.crt
# nssf:
# sbi:
# - name: nssf.open5gs.org
#
# o SBI Server(http://127.0.0.14:7777)
# sbi:
# server:
# no_tls: true
# nssf:
# sbi:
# - addr: 127.0.0.14
# port: 7777
#
# o SBI Server(http://<eth0 IP address>:80)
# sbi:
# server:
# no_tls: true
# nssf:
# sbi:
# - dev: eth0
#
# o Provide custom SBI address to be advertised to NRF
# sbi:
# server:
# no_tls: true
# nssf:
# sbi:
# - dev: eth0
# advertise: open5gs-nssf.svc.local
#
# o Another example of advertising on NRF
# sbi:
# server:
# no_tls: true
# nssf:
# sbi:
# - addr: localhost
# advertise:
@@ -127,6 +164,10 @@ tls:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# server:
# no_tls: true
# nssf:
# sbi:
# addr: 127.0.0.14
# option:
@@ -141,6 +182,7 @@ tls:
# - NRF[http://::1:7777/nnrf-nfm/v1/nf-instances]
# NSSAI[SST:1]
#
# nssf:
# nsi:
# - addr: ::1
# port: 7777
@@ -157,6 +199,7 @@ tls:
# 2. NRF[http://127.0.0.10:7777/nnrf-nfm/v1/nf-instances]
# NSSAI[SST:1, SD:009000]
#
# nssf:
# nsi:
# - addr: ::1
# port: 7777
@@ -177,6 +220,7 @@ tls:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# nssf:
# nsi:
# addr: ::1
# option:
@@ -188,9 +232,11 @@ tls:
# <NF Service>
#
# o NF Service Name(Default : all NF services available)
# nssf:
# service_name:
#
# o NF Service Name(Only some NF services are available)
# nssf:
# service_name:
# - nnssf-nsselection
#
@@ -198,12 +244,21 @@ tls:
#
# o (Default) If you do not set Query Parameter as shown below,
#
# sbi:
# server:
# no_tls: true
# nssf:
# sbi:
# - addr: 127.0.0.14
# port: 7777
#
# - 'service-names' is included.
#
# o Service-Names are not included
# sbi:
# server:
# no_tls: true
# nssf:
# sbi:
# - addr: 127.0.0.14
# port: 7777
@@ -222,6 +277,10 @@ tls:
#
# o (Default) If you do not set Delegated Discovery as shown below,
#
# sbi:
# server:
# no_tls: true
# nssf:
# sbi:
# - addr: 127.0.0.14
# port: 7777
@@ -229,6 +288,10 @@ tls:
# - Use SCP if SCP avaiable. Otherwise NRF is used.
# => App fails if both NRF and SCP are unavailable.
#
# sbi:
# server:
# no_tls: true
# nssf:
# sbi:
# - addr: 127.0.0.14
# port: 7777
@@ -251,32 +314,37 @@ nssf:
s_nssai:
sst: 1
#
# scp:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.1.10:7777)
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# port: 7777
#
# o SBI Client(https://127.0.1.10:443, https://[::1]:443)
# tls:
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
# sbi:
# client:
# key: /etc/open5gs/tls/nssf.key
# cert: /etc/open5gs/tls/nssf.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - addr: 127.0.1.10
# - addr: ::1
#
# o SBI Client(https://scp.open5gs.org:443)
# Use the specified certificate to verify server
# Use the specified certificate while verifying the server
#
# tls:
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - name: scp.open5gs.org
@@ -284,6 +352,10 @@ nssf:
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr:
# - 127.0.1.10
@@ -293,6 +365,10 @@ nssf:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# option:
@@ -307,32 +383,37 @@ scp:
- addr: 127.0.1.10
port: 7777
#
# nrf:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.0.10:7777)
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# port: 7777
#
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
# tls:
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
# sbi:
# client:
# key: /etc/open5gs/tls/nssf.key
# cert: /etc/open5gs/tls/nssf.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - addr: 127.0.0.10
# - addr: ::1
#
# o SBI Client(https://nrf.open5gs.org:443)
# Use the specified certificate to verify server
# Use the specified certificate while verifying the server
#
# tls:
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - name: nrf.open5gs.org
@@ -345,6 +426,22 @@ scp:
# - 127.0.0.10
# - fd69:f21d:873c:fa::1
#
# o SBI Option (Default)
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# option:
# tcp_nodelay: false
# so_linger:
# l_onoff: true
# l_linger: 10
#
#nrf:
# sbi:
# - addr:
@@ -352,55 +449,51 @@ scp:
# - ::1
# port: 7777
#
# parameter:
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# o Maximum Number of UE
# max:
# ue: 1024
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# max:
# peer: 64
#
max:
#
# time:
#
# o NF Instance Heartbeat (Default : 0)
# NFs will not send heart-beat timer in NFProfile
# NRF will send heart-beat timer in NFProfile
# (Default values are used, so no configuration is required)
#
# o NF Instance Heartbeat (20 seconds)
# NFs will send heart-beat timer (20 seconds) in NFProfile
# NRF can change heart-beat timer in NFProfile
#
# time:
# nf_instance:
# heartbeat: 20
#
# o NF Instance Heartbeat (Disabled)
# nf_instance:
# heartbeat: 0
#
# o NF Instance Heartbeat (10 seconds)
# nf_instance:
# heartbeat: 10
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
time:

139
configs/open5gs/pcf.yaml.in
View File

@@ -1,75 +1,93 @@
db_uri: mongodb://localhost/open5gs
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,sbi,pcf,event,tlv,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/pcf.log
#
# tls:
# enabled: auto|yes|no
# - auto: Default. Use TLS only if key/cert is available
# - yes: Use TLS always;
# reject if no key/cert available
# - no: Don't use TLS if there is an key/cert available
# o TLS enable/disable
# sbi:
# server|client:
# no_tls: false|true
# - false: (Default) Use TLS
# - true: TLS disabled
#
# o Server-side Key and Certficiate
# o Verification enable/disable
# sbi:
# server|client:
# no_verify: false|true
# - false: (Default) Verify the PEER
# - true: Skip the verification step
#
# o Server-side does not use TLS
# sbi:
# server:
# key: /etc/open5gs/tls/pcf.key
# cert: /etc/open5gs/tls/pcf.crt
# no_tls: true
#
# o Client-side does not use TLS
# o Client-side skips the verification step
# sbi:
# client:
# enabled: no
# key: /etc/open5gs/tls/pcf.key
# cert: /etc/open5gs/tls/pcf.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
#
# o Use the specified certificate to verify client
# o Use the specified certificate while verifying the client
# sbi:
# server
# cacert: /etc/open5gs/tls/ca.crt
#
# o Use the specified certificate to verify server
# o Use the specified certificate while verifying the server
# sbi:
# client
# cacert: /etc/open5gs/tls/ca.crt
#
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/pcf.key
cert: @sysconfdir@/open5gs/tls/pcf.crt
client:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/pcf.key
cert: @sysconfdir@/open5gs/tls/pcf.crt
#
# pcf:
#
# <SBI Server>
#
# o SBI Server(http://<all address available>:80)
# sbi:
# server:
# no_tls: true
# pcf:
# sbi:
#
# o SBI Server(http://<any address>:7777)
# sbi:
# server:
# no_tls: true
# pcf:
# sbi:
# - addr:
# - 0.0.0.0
@@ -77,48 +95,67 @@ tls:
# port: 7777
#
# o SBI Server(https://<all address available>:443)
# tls:
# sbi:
# server:
# key: /etc/open5gs/tls/pcf.key
# cert: /etc/open5gs/tls/pcf.crt
# pcf:
# sbi:
#
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
# tls:
# enabled: no
# o SBI Server(https://127.0.0.13:443, https://[::1]:443) without verification
# sbi:
# server:
# no_verify: true
# key: /etc/open5gs/tls/pcf.key
# cert: /etc/open5gs/tls/pcf.crt
# pcf:
# sbi:
# - addr: 127.0.0.5
# - addr: 127.0.0.13
# - addr: ::1
#
# o SBI Server(https://pcf.open5gs.org:443)
# Use the specified certificate to verify client
# Use the specified certificate while verifying the client
#
# tls:
# sbi:
# server:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/pcf.key
# cert: /etc/open5gs/tls/pcf.crt
# pcf:
# sbi:
# - name: pcf.open5gs.org
#
# o SBI Server(http://127.0.0.13:7777)
# sbi:
# server:
# no_tls: true
# pcf:
# sbi:
# - addr: 127.0.0.13
# port: 7777
#
# o SBI Server(http://<eth0 IP address>:80)
# sbi:
# server:
# no_tls: true
# pcf:
# sbi:
# - dev: eth0
#
# o Provide custom SBI address to be advertised to NRF
# sbi:
# server:
# no_tls: true
# pcf:
# sbi:
# - dev: eth0
# advertise: open5gs-pcf.svc.local
#
# o Another example of advertising on NRF
# sbi:
# server:
# no_tls: true
# pcf:
# sbi:
# - addr: localhost
# advertise:
@@ -129,6 +166,10 @@ tls:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# server:
# no_tls: true
# pcf:
# sbi:
# addr: 127.0.0.13
# option:
@@ -140,9 +181,11 @@ tls:
# <NF Service>
#
# o NF Service Name(Default : all NF services available)
# pcf:
# service_name:
#
# o NF Service Name(Only some NF services are available)
# pcf:
# service_name:
# - npcf-am-policy-control
# - npcf-smpolicycontrol
@@ -181,6 +224,10 @@ tls:
#
# o (Default) If you do not set Delegated Discovery as shown below,
#
# sbi:
# server:
# no_tls: true
# pcf:
# sbi:
# - addr: 127.0.0.13
# port: 7777
@@ -188,6 +235,10 @@ tls:
# - Use SCP if SCP avaiable. Otherwise NRF is used.
# => App fails if both NRF and SCP are unavailable.
#
# sbi:
# server:
# no_tls: true
# pcf:
# sbi:
# - addr: 127.0.0.13
# port: 7777
@@ -200,9 +251,11 @@ tls:
# o Don't use SCP server => App fails if no NRF available.
# delegated: no
#
#
# <Metrics Server>
#
# o Metrics Server(http://<any address>:9090)
# pcf:
# metrics:
# - addr: 0.0.0.0
# port: 9090
@@ -324,47 +377,51 @@ scp:
# - ::1
# port: 7777
#
# parameter:
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# o Maximum Number of UE
# max:
# ue: 1024
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# max:
# peer: 64
#
max:
#
# time:
#
# o NF Instance Heartbeat (Default : 0)
# NFs will not send heart-beat timer in NFProfile
# NRF will send heart-beat timer in NFProfile
# (Default values are used, so no configuration is required)
#
# o NF Instance Heartbeat (20 seconds)
# NFs will send heart-beat timer (20 seconds) in NFProfile
# NRF can change heart-beat timer in NFProfile
#
# time:
# nf_instance:
# heartbeat: 20
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
time:

30
configs/open5gs/pcrf.yaml.in
View File

@@ -1,50 +1,54 @@
db_uri: mongodb://localhost/open5gs
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,fd,pcrf,event,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/pcrf.log
pcrf:
freeDiameter: @sysconfdir@/freeDiameter/pcrf.conf
#
# parameter:
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# o Maximum Number of UE
# max:
# ue: 1024
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# max:
# peer: 64
#
max:

217
configs/open5gs/scp.yaml.in
View File

@@ -1,75 +1,93 @@
db_uri: mongodb://localhost/open5gs
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,sbi,scp,event,tlv,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/scp.log
#
# tls:
# enabled: auto|yes|no
# - auto: Default. Use TLS only if key/cert is available
# - yes: Use TLS always;
# reject if no key/cert available
# - no: Don't use TLS if there is an key/cert available
# o TLS enable/disable
# sbi:
# server|client:
# no_tls: false|true
# - false: (Default) Use TLS
# - true: TLS disabled
#
# o Server-side Key and Certficiate
# o Verification enable/disable
# sbi:
# server|client:
# no_verify: false|true
# - false: (Default) Verify the PEER
# - true: Skip the verification step
#
# o Server-side does not use TLS
# sbi:
# server:
# key: /etc/open5gs/tls/scp.key
# cert: /etc/open5gs/tls/scp.crt
# no_tls: true
#
# o Client-side does not use TLS
# o Client-side skips the verification step
# sbi:
# client:
# enabled: no
# key: /etc/open5gs/tls/scp.key
# cert: /etc/open5gs/tls/scp.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
#
# o Use the specified certificate to verify client
# o Use the specified certificate while verifying the client
# sbi:
# server
# cacert: /etc/open5gs/tls/ca.crt
#
# o Use the specified certificate to verify server
# o Use the specified certificate while verifying the server
# sbi:
# client
# cacert: /etc/open5gs/tls/ca.crt
#
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/scp.key
cert: @sysconfdir@/open5gs/tls/scp.crt
client:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/scp.key
cert: @sysconfdir@/open5gs/tls/scp.crt
#
# scp:
#
# <SBI Server>
#
# o SBI Server(http://<all address available>:80)
# sbi:
# server:
# no_tls: true
# scp:
# sbi:
#
# o SBI Server(http://<any address>:7777)
# sbi:
# server:
# no_tls: true
# scp:
# sbi:
# - addr:
# - 0.0.0.0
@@ -77,48 +95,67 @@ tls:
# port: 7777
#
# o SBI Server(https://<all address available>:443)
# tls:
# sbi:
# server:
# key: /etc/open5gs/tls/scp.key
# cert: /etc/open5gs/tls/scp.crt
# scp:
# sbi:
#
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
# tls:
# enabled: no
# o SBI Server(https://127.0.1.10:443, https://[::1]:443) without verification
# sbi:
# server:
# no_verify: true
# key: /etc/open5gs/tls/scp.key
# cert: /etc/open5gs/tls/scp.crt
# scp:
# sbi:
# - addr: 127.0.0.5
# - addr: 127.0.1.10
# - addr: ::1
#
# o SBI Server(https://scp.open5gs.org:443)
# Use the specified certificate to verify client
# Use the specified certificate while verifying the client
#
# tls:
# sbi:
# server:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/scp.key
# cert: /etc/open5gs/tls/scp.crt
# scp:
# sbi:
# - name: scp.open5gs.org
#
# o SBI Server(http://127.0.1.10:7777)
# sbi:
# server:
# no_tls: true
# scp:
# sbi:
# - addr: 127.0.1.10
# port: 7777
#
# o SBI Server(http://<eth0 IP address>:80)
# sbi:
# server:
# no_tls: true
# scp:
# sbi:
# - dev: eth0
#
# o Provide custom SBI address to be advertised to NRF
# sbi:
# server:
# no_tls: true
# scp:
# sbi:
# - dev: eth0
# advertise: open5gs-scp.svc.local
#
# o Another example of advertising on NRF
# sbi:
# server:
# no_tls: true
# scp:
# sbi:
# - addr: localhost
# advertise:
@@ -129,6 +166,10 @@ tls:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# server:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# option:
@@ -141,6 +182,10 @@ tls:
#
# o (Default) If you do not set Delegated Discovery as shown below,
#
# sbi:
# server:
# no_tls: true
# scp:
# sbi:
# - addr: 127.0.1.10
# port: 7777
@@ -148,6 +193,10 @@ tls:
# - Use SCP if SCP avaiable. Otherwise NRF is used.
# => App fails if both NRF and SCP are unavailable.
#
# sbi:
# server:
# no_tls: true
# scp:
# sbi:
# - addr: 127.0.1.10
# port: 7777
@@ -165,82 +214,104 @@ scp:
- addr: 127.0.1.10
port: 7777
#
# next_scp:
#
# <Next hop SCP>
#
# o SBI Client(http://127.0.1.11:7777)
# o SBI Client(http://127.0.1.10:7777)
# sbi:
# client:
# no_tls: true
# next_scp:
# sbi:
# addr: 127.0.1.11
# addr: 127.0.1.10
# port: 7777
#
# o SBI Client(https://127.0.1.11:443, https://[::1]:443)
# tls:
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
# sbi:
# client:
# key: /etc/open5gs/tls/next-scp.key
# cert: /etc/open5gs/tls/next-scp.crt
# scp:
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# next_scp:
# sbi:
# - addr: 127.0.1.11
# - addr: 127.0.1.10
# - addr: ::1
#
# o SBI Client(http://next-scp.open5gs.org:443)
# Use the specified certificate to verify server
# o SBI Client(https://scp.open5gs.org:443)
# Use the specified certificate while verifying the server
#
# tls:
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# scp:
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# next_scp:
# sbi:
# - name: scp.open5gs.org
#
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
# If prefer_ipv4 is true, http://127.0.1.11:80 is selected.
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
#
# sbi:
# client:
# no_tls: true
# next_scp:
# sbi:
# addr:
# - 127.0.1.11
# - 127.0.1.10
# - fd69:f21d:873c:fb::1
#
# o SBI Option (Default)
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# next_scp:
# sbi:
# addr: 127.0.1.11
# addr: 127.0.1.10
# option:
# tcp_nodelay: false
# so_linger:
# l_onoff: true
# l_linger: 10
#
#
# nrf:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.0.10:7777)
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# port: 7777
#
# o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
# sbi:
# client:
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - addr: 127.0.0.10
# tls:
# key: /etc/open5gs/tls/scp.key
# cert: /etc/open5gs/tls/scp.crt
# - name: nrf.open5gs.org
# - addr: ::1
#
# o SBI Client(https://nrf.open5gs.org:443)
# Use the specified certificate to verify peer
# Use the specified certificate while verifying the server
#
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - name: nrf.open5gs.org
# tls:
# cacert: /etc/open5gs/tls/ca.crt
#
# o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
# If prefer_ipv4 is true, http://127.0.0.10:80 is selected.
@@ -254,6 +325,10 @@ scp:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# option:
@@ -269,47 +344,51 @@ nrf:
- ::1
port: 7777
#
# parameter:
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# o Maximum Number of UE
# max:
# ue: 1024
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# max:
# peer: 64
#
max:
#
# time:
#
# o NF Instance Heartbeat (Default : 0)
# NFs will not send heart-beat timer in NFProfile
# NRF will send heart-beat timer in NFProfile
# (Default values are used, so no configuration is required)
#
# o NF Instance Heartbeat (20 seconds)
# NFs will send heart-beat timer (20 seconds) in NFProfile
# NRF can change heart-beat timer in NFProfile
#
# time:
# nf_instance:
# heartbeat: 20
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
time:

52
configs/open5gs/sgwc.yaml.in
View File

@@ -1,32 +1,32 @@
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,pfcp,gtp,sgwc,event,tlv,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/sgwc.log
#
# sgwc:
#
# <GTP-C Server>
#
# o GTP-C Server(127.0.0.3:2123, [fd69:f21d:873c:fa::2]:2123)
# sgwc:
# gtpc:
# addr:
# - 127.0.0.3
@@ -34,6 +34,7 @@ logger:
#
# o On SGW, Same Configuration(127.0.0.3:2123,
# [fd69:f21d:873c:fa::2]:2123) as below.
# sgwc:
# gtpc:
# - addr: 127.0.0.3
# - addr: fd69:f21d:873c:fa::2
@@ -41,6 +42,7 @@ logger:
# o GTP-C Option (Default)
# - so_bindtodevice : NULL
#
# sgwc:
# gtpc:
# addr: 127.0.0.3
# option:
@@ -49,17 +51,20 @@ logger:
# <PFCP Server>
#
# o PFCP Server(127.0.0.3:8805, ::1:8805)
# sgwc:
# pfcp:
# - addr: 127.0.0.3
# - addr: ::1
#
# o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
# sgwc:
# pfcp:
# name: localhost
#
# o PFCP Option (Default)
# - so_bindtodevice : NULL
#
# sgwc:
# pfcp:
# addr: 127.0.0.3
# option:
@@ -71,13 +76,11 @@ sgwc:
pfcp:
- addr: 127.0.0.3
#
# sgwu:
#
# <PFCP Client>>
#
# o PFCP Client(127.0.0.6:8805)
#
# sgwu:
# pfcp:
# addr: 127.0.0.6
#
@@ -122,41 +125,46 @@ sgwu:
pfcp:
- addr: 127.0.0.6
#
# parameter:
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
# o Disable selection of SGW-U PFCP in Round-Robin manner
# no_pfcp_rr_select: true
# parameter:
# no_pfcp_rr_select: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# ue: 1024
# max:
# ue: 1024
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# peer: 64
# max:
# peer: 64
#
# o Maximum Number of GTP peer nodes per SGWC/SMF
# gtp_peer: 64
# max:
# gtp_peer: 64
#
max:
#
# time:
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
time:

48
configs/open5gs/sgwu.yaml.in
View File

@@ -1,43 +1,45 @@
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,pfcp,gtp,sgwu,event,tlv,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/sgwu.log
#
# sgwu:
#
# <PFCP Server>
#
# o PFCP Server(127.0.0.6:8805, ::1:8805)
# sgwu:
# pfcp:
# - addr: 127.0.0.6
# - addr: ::1
#
# o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
# sgwu:
# pfcp:
# - name: localhost
#
# o PFCP Option (Default)
# - so_bindtodevice : NULL
#
# sgwu:
# pfcp:
# addr: 127.0.0.6
# option:
@@ -51,10 +53,12 @@ logger:
# - addr: ::1
#
# o GTP-U Server(127.0.0.1:2152, [::1]:2152)
# sgwu:
# gtpu:
# - name: localhost
#
# o User Plane IP Resource information
# sgwu:
# gtpu:
# - addr:
# - 127.0.0.6
@@ -70,20 +74,24 @@ logger:
# source_interface: 1
#
# o Provide custom SGW-U GTP-U address to be advertised inside S1AP messages
# sgwu:
# gtpu:
# - addr: 10.4.128.21
# advertise: 172.24.15.30
#
# sgwu:
# gtpu:
# - addr: 10.4.128.21
# advertise:
# - 127.0.0.1
# - ::1
#
# sgwu:
# gtpu:
# - addr: 10.4.128.21
# advertise: sgw1.epc.mnc001.mcc001.3gppnetwork.org
#
# sgwu:
# gtpu:
# - dev: ens3
# advertise: sgw1.epc.mnc001.mcc001.3gppnetwork.org
@@ -91,6 +99,7 @@ logger:
# o GTP-U Option (Default)
# - so_bindtodevice : NULL
#
# sgwu:
# gtpu:
# addr: 127.0.0.6
# option:
@@ -102,48 +111,49 @@ sgwu:
gtpu:
- addr: 127.0.0.6
#
# sgwc:
#
# <PFCP Client>>
#
# o PFCP Client(127.0.0.3:8805)
#
# sgwc:
# pfcp:
# addr: 127.0.0.3
#
sgwc:
#
# parameter:
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# ue: 1024
# max:
# ue: 1024
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# peer: 64
# max:
# peer: 64
#
max:
#
# time:
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
time:

256
configs/open5gs/smf.yaml.in
View File

@@ -1,73 +1,91 @@
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,fd,pfcp,gtp,smf,event,tlv,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/smf.log
#
# tls:
# enabled: auto|yes|no
# - auto: Default. Use TLS only if key/cert is available
# - yes: Use TLS always;
# reject if no key/cert available
# - no: Don't use TLS if there is an key/cert available
# o TLS enable/disable
# sbi:
# server|client:
# no_tls: false|true
# - false: (Default) Use TLS
# - true: TLS disabled
#
# o Server-side Key and Certficiate
# o Verification enable/disable
# sbi:
# server|client:
# no_verify: false|true
# - false: (Default) Verify the PEER
# - true: Skip the verification step
#
# o Server-side does not use TLS
# sbi:
# server:
# key: /etc/open5gs/tls/smf.key
# cert: /etc/open5gs/tls/smf.crt
# no_tls: true
#
# o Client-side does not use TLS
# o Client-side skips the verification step
# sbi:
# client:
# enabled: no
# key: /etc/open5gs/tls/smf.key
# cert: /etc/open5gs/tls/smf.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
#
# o Use the specified certificate to verify client
# o Use the specified certificate while verifying the client
# sbi:
# server
# cacert: /etc/open5gs/tls/ca.crt
#
# o Use the specified certificate to verify server
# o Use the specified certificate while verifying the server
# sbi:
# client
# cacert: /etc/open5gs/tls/ca.crt
#
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/smf.key
cert: @sysconfdir@/open5gs/tls/smf.crt
client:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/smf.key
cert: @sysconfdir@/open5gs/tls/smf.crt
#
# smf:
#
# <SBI Server>
#
# o SBI Server(http://<all address available>:80)
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
#
# o SBI Server(http://<any address>:7777)
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - addr:
# - 0.0.0.0
@@ -75,48 +93,67 @@ tls:
# port: 7777
#
# o SBI Server(https://<all address available>:443)
# tls:
# sbi:
# server:
# key: /etc/open5gs/tls/smf.key
# cert: /etc/open5gs/tls/smf.crt
# smf:
# sbi:
#
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
# tls:
# enabled: no
# o SBI Server(https://127.0.0.4:443, https://[::1]:443) without verification
# sbi:
# server:
# no_verify: true
# key: /etc/open5gs/tls/smf.key
# cert: /etc/open5gs/tls/smf.crt
# smf:
# sbi:
# - addr: 127.0.0.5
# - addr: 127.0.0.4
# - addr: ::1
#
# o SBI Server(https://smf.open5gs.org:443)
# Use the specified certificate to verify client
# Use the specified certificate while verifying the client
#
# tls:
# sbi:
# server:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/smf.key
# cert: /etc/open5gs/tls/smf.crt
# smf:
# sbi:
# - name: smf.open5gs.org
#
# o SBI Server(http://127.0.0.4:7777)
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - addr: 127.0.0.4
# port: 7777
#
# o SBI Server(http://<eth0 IP address>:80)
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - dev: eth0
#
# o Provide custom SBI address to be advertised to NRF
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - dev: eth0
# advertise: open5gs-smf.svc.local
#
# o Another example of advertising on NRF
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - addr: localhost
# advertise:
@@ -127,6 +164,10 @@ tls:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# addr: 127.0.0.4
# option:
@@ -135,12 +176,15 @@ tls:
# l_onoff: true
# l_linger: 10
#
#
# <NF Service>
#
# o NF Service Name(Default : all NF services available)
# smf:
# service_name:
#
# o NF Service Name(Only some NF services are available)
# smf:
# service_name:
# - nsmf-pdusession
#
@@ -148,12 +192,21 @@ tls:
#
# o (Default) If you do not set Query Parameter as shown below,
#
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - addr: 127.0.0.4
# port: 7777
#
# - 'service-names' is included.
#
# o Service-Names are not included
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - addr: 127.0.0.4
# port: 7777
@@ -172,6 +225,10 @@ tls:
#
# o (Default) If you do not set Delegated Discovery as shown below,
#
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - addr: 127.0.0.4
# port: 7777
@@ -179,6 +236,10 @@ tls:
# - Use SCP if SCP avaiable. Otherwise NRF is used.
# => App fails if both NRF and SCP are unavailable.
#
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - addr: 127.0.0.4
# port: 7777
@@ -191,21 +252,23 @@ tls:
# o Don't use SCP server => App fails if no NRF available.
# delegated: no
#
#
# <PFCP Server>
#
# o PFCP Server(127.0.0.4:8805, ::1:8805)
# smf:
# pfcp:
# - addr: 127.0.0.4
# - addr: ::1
#
# o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
# smf:
# pfcp:
# name: localhost
#
# o PFCP Option (Default)
# - so_bindtodevice : NULL
#
# smf:
# pfcp:
# addr: 127.0.0.4
# option:
@@ -214,6 +277,7 @@ tls:
# <GTP-C Server>
#
# o GTP-C Server(127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123)
# smf:
# gtpc:
# addr:
# - 127.0.0.4
@@ -221,6 +285,7 @@ tls:
#
# o On SMF, Same configuration
# (127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123).
# smf:
# gtpc:
# - addr: 127.0.0.4
# - addr: fd69:f21d:873c:fa::3
@@ -228,6 +293,7 @@ tls:
# o GTP-C Option (Default)
# - so_bindtodevice : NULL
#
# smf:
# gtpc:
# addr: 127.0.0.4
# option:
@@ -236,17 +302,20 @@ tls:
# <GTP-U Server>>
#
# o GTP-U Server(127.0.0.4:2152, [::1]:2152)
# smf:
# gtpu:
# - addr: 127.0.0.4
# - addr: ::1
#
# o GTP-U Server(127.0.0.1:2152, [::1]:2152)
# smf:
# gtpu:
# name: localhost
#
# o GTP-U Option (Default)
# - so_bindtodevice : NULL
#
# smf:
# gtpu:
# addr: 127.0.0.4
# option:
@@ -255,6 +324,7 @@ tls:
# <Metrics Server>
#
# o Metrics Server(http://<any address>:9090)
# smf:
# metrics:
# - addr: 0.0.0.0
# port: 9090
@@ -262,10 +332,12 @@ tls:
# <Subnet for UE Pool>
#
# o IPv4 Pool
# smf:
# subnet:
# addr: 10.45.0.1/16
#
# o IPv4/IPv6 Pool
# smf:
# subnet:
# - addr: 10.45.0.1/16
# - addr: 2001:db8:cafe::1/48
@@ -274,6 +346,7 @@ tls:
# o Specific DNN/APN(e.g 'ims') uses 10.46.0.1/16, 2001:db8:babe::1/48
# ; If the UE has unknown DNN/APN(not internet/ims), SMF/UPF will crash.
#
# smf:
# subnet:
# - addr: 10.45.0.1/16
# dnn: internet
@@ -287,6 +360,7 @@ tls:
# o Specific DNN/APN with the FALLBACK SUBNET(10.47.0.1/16)
# ; Note that put the FALLBACK SUBNET last to avoid SMF/UPF crash.
#
# smf:
# subnet:
# - addr: 10.45.0.1/16
# dnn: internet
@@ -295,22 +369,26 @@ tls:
# - addr: 10.50.0.1/16 ## FALLBACK SUBNET
#
# o Pool Range Sample
# smf:
# subnet:
# - addr: 10.45.0.1/24
# range: 10.45.0.100-10.45.0.200
#
# smf:
# subnet:
# - addr: 10.45.0.1/24
# range:
# - 10.45.0.5-10.45.0.50
# - 10.45.0.100-
#
# smf:
# subnet:
# - addr: 10.45.0.1/24
# range:
# - -10.45.0.200
# - 10.45.0.210-10.45.0.220
#
# smf:
# subnet:
# - addr: 10.45.0.1/16
# range:
@@ -325,6 +403,7 @@ tls:
#
# o Primary/Secondary can be configured. Others are ignored.
#
# smf:
# dns:
# - 8.8.8.8
# - 8.8.4.4
@@ -343,6 +422,7 @@ tls:
#
# o Proxy Call Session Control Function
#
# smf:
# p-cscf:
# - 127.0.0.1
# - ::1
@@ -356,6 +436,7 @@ tls:
# reject subscribers if no OCS available among Diameter peers
# o no: Don't use Gy interface if there is an OCS available
#
# smf:
# ctf:
# enabled: auto|yes|no
#
@@ -368,6 +449,7 @@ tls:
# Note that if there is no SmfInfo, any AMF can select this SMF.
#
# o S-NSSAI[SST:1] and DNN[internet] - At least 1 DNN is required in S-NSSAI
# smf:
# info:
# - s_nssai:
# - sst: 1
@@ -375,6 +457,7 @@ tls:
# - internet
#
# o S-NSSAI[SST:1 SD:009000] and DNN[internet or ims]
# smf:
# info:
# - s_nssai:
# - sst: 1
@@ -384,6 +467,7 @@ tls:
# - ims
#
# o S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1]
# smf:
# info:
# - s_nssai:
# - sst: 1
@@ -400,6 +484,7 @@ tls:
# - S-NSSAI[SST:2 SD:000080] and DNN[internet or ims]
# - S-NSSAI[SST:4] and DNN[internet] and TAI[PLMN-ID:99970 TAC:10-20,30-40]
#
# smf:
# info:
# - s_nssai:
# - sst: 1
@@ -430,6 +515,7 @@ tls:
# - 30-40
#
# o Complex Example
# smf:
# info:
# - s_nssai:
# - sst: 1
@@ -497,6 +583,7 @@ tls:
# If you set the security_indication in smf.yaml,
# this information is delivered using PDU Session Resource Request Transfer IE
#
# smf:
# security_indication:
# integrity_protection_indication: required|preferred|not-needed
# confidentiality_protection_indication: required|preferred|not-needed
@@ -532,35 +619,48 @@ smf:
enabled: auto
freeDiameter: @sysconfdir@/freeDiameter/smf.conf
#
# scp:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.1.10:7777)
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# port: 7777
#
# o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80)
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
# sbi:
# client:
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - addr: 127.0.1.10
# tls:
# key: /etc/open5gs/tls/smf.key
# cert: /etc/open5gs/tls/smf.crt
# - name: scp.open5gs.org
# - addr: ::1
#
# o SBI Client(https://scp.open5gs.org:443)
# Use the specified certificate to verify peer
# Use the specified certificate while verifying the server
#
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - name: scp.open5gs.org
# tls:
# cacert: /etc/open5gs/tls/ca.crt
#
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr:
# - 127.0.1.10
@@ -570,6 +670,10 @@ smf:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# option:
@@ -584,32 +688,37 @@ scp:
- addr: 127.0.1.10
port: 7777
#
# nrf:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.0.1:7777)
# o SBI Client(http://127.0.0.10:7777)
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# port: 7777
#
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
# tls:
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
# sbi:
# client:
# key: /etc/open5gs/tls/smf.key
# cert: /etc/open5gs/tls/smf.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - addr: 127.0.0.10
# - addr: ::1
#
# o SBI Client(https://nrf.open5gs.org:443)
# Use the specified certificate to verify server
# Use the specified certificate while verifying the server
#
# tls:
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - name: nrf.open5gs.org
@@ -626,6 +735,10 @@ scp:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# option:
@@ -641,13 +754,11 @@ scp:
# - ::1
# port: 7777
#
# upf:
#
# <PFCP Client>>
#
# o PFCP Client(127.0.0.7:8805)
#
# upf:
# pfcp:
# addr: 127.0.0.7
#
@@ -697,56 +808,63 @@ upf:
pfcp:
- addr: 127.0.0.7
#
# parameter:
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
# o Disable selection of UPF PFCP in Round-Robin manner
# no_pfcp_rr_select: true
# parameter:
# no_pfcp_rr_select: true
#
# o Legacy support for pre-release LTE 11 devices
# - Omits adding local address in packet filters for compatibility
# no_ipv4v6_local_addr_in_packet_filter: true
# parameter:
# no_ipv4v6_local_addr_in_packet_filter: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# ue: 1024
# max:
# ue: 1024
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# peer: 64
# max:
# peer: 64
#
# o Maximum Number of GTP peer nodes per SGWC/SMF
# gtp_peer: 64
# max:
# gtp_peer: 64
#
max:
#
# time:
#
# o NF Instance Heartbeat (Default : 0)
# NFs will not send heart-beat timer in NFProfile
# NRF will send heart-beat timer in NFProfile
# (Default values are used, so no configuration is required)
#
# o NF Instance Heartbeat (20 seconds)
# NFs will send heart-beat timer (20 seconds) in NFProfile
# NRF can change heart-beat timer in NFProfile
#
# time:
# nf_instance:
# heartbeat: 20
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
#
@@ -754,8 +872,10 @@ max:
# Time to wait for SMF to send
# PFCP Session Modification Request(Remove Indirect Tunnel) to the UPF
# after sending Nsmf_PDUSession_UpdateSMContext Response(hoState:COMPLETED)
# (Default values are used, so no configuration is required)
#
# o Handover Wait Duration (500ms)
# time:
# handover:
# duration: 500
time:

208
configs/open5gs/udm.yaml.in
View File

@@ -1,60 +1,72 @@
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,sbi,udm,event,tlv,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/udm.log
#
# tls:
# enabled: auto|yes|no
# - auto: Default. Use TLS only if key/cert is available
# - yes: Use TLS always;
# reject if no key/cert available
# - no: Don't use TLS if there is an key/cert available
# o TLS enable/disable
# sbi:
# server|client:
# no_tls: false|true
# - false: (Default) Use TLS
# - true: TLS disabled
#
# o Server-side Key and Certficiate
# o Verification enable/disable
# sbi:
# server|client:
# no_verify: false|true
# - false: (Default) Verify the PEER
# - true: Skip the verification step
#
# o Server-side does not use TLS
# sbi:
# server:
# key: /etc/open5gs/tls/udm.key
# cert: /etc/open5gs/tls/udm.crt
# no_tls: true
#
# o Client-side does not use TLS
# o Client-side skips the verification step
# sbi:
# client:
# enabled: no
# key: /etc/open5gs/tls/udm.key
# cert: /etc/open5gs/tls/udm.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
#
# o Use the specified certificate to verify client
# o Use the specified certificate while verifying the client
# sbi:
# server
# cacert: /etc/open5gs/tls/ca.crt
#
# o Use the specified certificate to verify server
# o Use the specified certificate while verifying the server
# sbi:
# client
# cacert: /etc/open5gs/tls/ca.crt
#
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/udm.key
cert: @sysconfdir@/open5gs/tls/udm.crt
client:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/udm.key
cert: @sysconfdir@/open5gs/tls/udm.crt
@@ -114,15 +126,21 @@ hnet:
scheme: 2
key: @sysconfdir@/open5gs/hnet/secp256r1-6.key
#
# udm:
#
# <SBI Server>
#
# o SBI Server(http://<all address available>:80)
# sbi:
# server:
# no_tls: true
# udm:
# sbi:
#
# o SBI Server(http://<any address>:7777)
# sbi:
# server:
# no_tls: true
# udm:
# sbi:
# - addr:
# - 0.0.0.0
@@ -130,48 +148,67 @@ hnet:
# port: 7777
#
# o SBI Server(https://<all address available>:443)
# tls:
# sbi:
# server:
# key: /etc/open5gs/tls/udm.key
# cert: /etc/open5gs/tls/udm.crt
# udm:
# sbi:
#
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
# tls:
# enabled: no
# o SBI Server(https://127.0.0.12:443, https://[::1]:443) without verification
# sbi:
# server:
# no_verify: true
# key: /etc/open5gs/tls/udm.key
# cert: /etc/open5gs/tls/udm.crt
# udm:
# sbi:
# - addr: 127.0.0.5
# - addr: 127.0.0.12
# - addr: ::1
#
# o SBI Server(https://udm.open5gs.org:443)
# Use the specified certificate to verify client
# Use the specified certificate while verifying the client
#
# tls:
# sbi:
# server:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/udm.key
# cert: /etc/open5gs/tls/udm.crt
# udm:
# sbi:
# - name: udm.open5gs.org
#
# o SBI Server(http://127.0.0.12:7777)
# sbi:
# server:
# no_tls: true
# udm:
# sbi:
# - addr: 127.0.0.12
# port: 7777
#
# o SBI Server(http://<eth0 IP address>:80)
# sbi:
# server:
# no_tls: true
# udm:
# sbi:
# - dev: eth0
#
# o Provide custom SBI address to be advertised to NRF
# sbi:
# server:
# no_tls: true
# udm:
# sbi:
# - dev: eth0
# advertise: open5gs-udm.svc.local
#
# o Another example of advertising on NRF
# sbi:
# server:
# no_tls: true
# udm:
# sbi:
# - addr: localhost
# advertise:
@@ -182,6 +219,10 @@ hnet:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# server:
# no_tls: true
# udm:
# sbi:
# addr: 127.0.0.12
# option:
@@ -193,9 +234,11 @@ hnet:
# <NF Service>
#
# o NF Service Name(Default : all NF services available)
# udm:
# service_name:
#
# o NF Service Name(Only some NF services are available)
# udm:
# service_name:
# - nudm-sdm
# - nudm-uecm
@@ -205,12 +248,21 @@ hnet:
#
# o (Default) If you do not set Query Parameter as shown below,
#
# sbi:
# server:
# no_tls: true
# udm:
# sbi:
# - addr: 127.0.0.12
# port: 7777
#
# - 'service-names' is included.
#
# o Service-Names are not included
# sbi:
# server:
# no_tls: true
# udm:
# sbi:
# - addr: 127.0.0.12
# port: 7777
@@ -229,6 +281,10 @@ hnet:
#
# o (Default) If you do not set Delegated Discovery as shown below,
#
# sbi:
# server:
# no_tls: true
# udm:
# sbi:
# - addr: 127.0.0.12
# port: 7777
@@ -236,6 +292,10 @@ hnet:
# - Use SCP if SCP avaiable. Otherwise NRF is used.
# => App fails if both NRF and SCP are unavailable.
#
# sbi:
# server:
# no_tls: true
# udm:
# sbi:
# - addr: 127.0.0.12
# port: 7777
@@ -253,35 +313,48 @@ udm:
- addr: 127.0.0.12
port: 7777
#
# scp:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.1.10:7777)
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# port: 7777
#
# o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80)
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
# sbi:
# client:
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - addr: 127.0.1.10
# tls:
# key: /etc/open5gs/tls/udm.key
# cert: /etc/open5gs/tls/udm.crt
# - name: scp.open5gs.org
# - addr: ::1
#
# o SBI Client(https://scp.open5gs.org:443)
# Use the specified certificate to verify peer
# Use the specified certificate while verifying the server
#
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - name: scp.open5gs.org
# tls:
# cacert: /etc/open5gs/tls/ca.crt
#
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr:
# - 127.0.1.10
@@ -291,6 +364,10 @@ udm:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# option:
@@ -305,32 +382,37 @@ scp:
- addr: 127.0.1.10
port: 7777
#
# nrf:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.0.10:7777)
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# port: 7777
#
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
# tls:
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
# sbi:
# client:
# key: /etc/open5gs/tls/udm.key
# cert: /etc/open5gs/tls/udm.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - addr: 127.0.0.10
# - addr: ::1
#
# o SBI Client(https://nrf.open5gs.org:443)
# Use the specified certificate to verify server
# Use the specified certificate while verifying the server
#
# tls:
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - name: nrf.open5gs.org
@@ -347,6 +429,10 @@ scp:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# option:
@@ -362,47 +448,51 @@ scp:
# - ::1
# port: 7777
#
# parameter:
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# o Maximum Number of UE
# max:
# ue: 1024
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# max:
# peer: 64
#
max:
#
# time:
#
# o NF Instance Heartbeat (Default : 0)
# NFs will not send heart-beat timer in NFProfile
# NRF will send heart-beat timer in NFProfile
# (Default values are used, so no configuration is required)
#
# o NF Instance Heartbeat (20 seconds)
# NFs will send heart-beat timer (20 seconds) in NFProfile
# NRF can change heart-beat timer in NFProfile
#
# time:
# nf_instance:
# heartbeat: 20
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
time:

243
configs/open5gs/udr.yaml.in
View File

@@ -1,75 +1,93 @@
db_uri: mongodb://localhost/open5gs
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,sbi,udr,event,tlv,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/udr.log
#
# tls:
# enabled: auto|yes|no
# - auto: Default. Use TLS only if key/cert is available
# - yes: Use TLS always;
# reject if no key/cert available
# - no: Don't use TLS if there is an key/cert available
# o TLS enable/disable
# sbi:
# server|client:
# no_tls: false|true
# - false: (Default) Use TLS
# - true: TLS disabled
#
# o Server-side Key and Certficiate
# o Verification enable/disable
# sbi:
# server|client:
# no_verify: false|true
# - false: (Default) Verify the PEER
# - true: Skip the verification step
#
# o Server-side does not use TLS
# sbi:
# server:
# key: /etc/open5gs/tls/udr.key
# cert: /etc/open5gs/tls/udr.crt
# no_tls: true
#
# o Client-side does not use TLS
# o Client-side skips the verification step
# sbi:
# client:
# enabled: no
# key: /etc/open5gs/tls/udr.key
# cert: /etc/open5gs/tls/udr.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
#
# o Use the specified certificate to verify client
# o Use the specified certificate while verifying the client
# sbi:
# server
# cacert: /etc/open5gs/tls/ca.crt
#
# o Use the specified certificate to verify server
# o Use the specified certificate while verifying the server
# sbi:
# client
# cacert: /etc/open5gs/tls/ca.crt
#
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/udr.key
cert: @sysconfdir@/open5gs/tls/udr.crt
client:
no_tls: true
cacert: @sysconfdir@/open5gs/tls/ca.crt
key: @sysconfdir@/open5gs/tls/udr.key
cert: @sysconfdir@/open5gs/tls/udr.crt
#
# udr:
#
# <SBI Server>
#
# o SBI Server(http://<all address available>:80)
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
#
# o SBI Server(http://<any address>:7777)
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# - addr:
# - 0.0.0.0
@@ -77,48 +95,67 @@ tls:
# port: 7777
#
# o SBI Server(https://<all address available>:443)
# tls:
# sbi:
# server:
# key: /etc/open5gs/tls/udr.key
# cert: /etc/open5gs/tls/udr.crt
# udr:
# key: /etc/open5gs/tls/bsf.key
# cert: /etc/open5gs/tls/bsf.crt
# bsf:
# sbi:
#
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
# tls:
# enabled: no
# o SBI Server(https://127.0.0.15:443, https://[::1]:443) without verification
# sbi:
# server:
# key: /etc/open5gs/tls/udr.key
# cert: /etc/open5gs/tls/udr.crt
# udr:
# no_verify: true
# key: /etc/open5gs/tls/bsf.key
# cert: /etc/open5gs/tls/bsf.crt
# bsf:
# sbi:
# - addr: 127.0.0.5
# - addr: 127.0.0.15
# - addr: ::1
#
# o SBI Server(https://udr.open5gs.org:443)
# Use the specified certificate to verify client
# o SBI Server(https://bsf.open5gs.org:443)
# Use the specified certificate while verifying the client
#
# tls:
# sbi:
# server:
# cacert: /etc/open5gs/tls/ca.crt
# udr:
# key: /etc/open5gs/tls/bsf.key
# cert: /etc/open5gs/tls/bsf.crt
# bsf:
# sbi:
# - name: udr.open5gs.org
# - name: bsf.open5gs.org
#
# o SBI Server(http://127.0.0.20:7777)
# o SBI Server(http://127.0.0.15:7777)
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# - addr: 127.0.0.20
# - addr: 127.0.0.15
# port: 7777
#
# o SBI Server(http://<eth0 IP address>:80)
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# - dev: eth0
#
# o Provide custom SBI address to be advertised to NRF
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# - dev: eth0
# advertise: open5gs-udr.svc.local
# advertise: open5gs-bsf.svc.local
#
# o Another example of advertising on NRF
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# - addr: localhost
# advertise:
@@ -129,20 +166,27 @@ tls:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# server:
# no_tls: true
# bsf:
# sbi:
# addr: 127.0.0.20
# addr: 127.0.0.15
# option:
# tcp_nodelay: false
# so_linger:
# l_onoff: true
# l_linger: 10
#
#
# <NF Service>
#
# o NF Service Name(Default : all NF services available)
# udr:
# service_name:
#
# o NF Service Name(Only some NF services are available)
# udr:
# service_name:
# - nudr-dr
#
@@ -150,12 +194,21 @@ tls:
#
# o (Default) If you do not set Query Parameter as shown below,
#
# sbi:
# server:
# no_tls: true
# udr:
# sbi:
# - addr: 127.0.0.20
# port: 7777
#
# - 'service-names' is included.
#
# o Service-Names are not included
# sbi:
# server:
# no_tls: true
# udr:
# sbi:
# - addr: 127.0.0.20
# port: 7777
@@ -174,6 +227,10 @@ tls:
#
# o (Default) If you do not set Delegated Discovery as shown below,
#
# sbi:
# server:
# no_tls: true
# udr:
# sbi:
# - addr: 127.0.0.20
# port: 7777
@@ -181,6 +238,10 @@ tls:
# - Use SCP if SCP avaiable. Otherwise NRF is used.
# => App fails if both NRF and SCP are unavailable.
#
# sbi:
# server:
# no_tls: true
# udr:
# sbi:
# - addr: 127.0.0.20
# port: 7777
@@ -198,35 +259,48 @@ udr:
- addr: 127.0.0.20
port: 7777
#
# scp:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.1.10:7777)
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# port: 7777
#
# o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80)
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
# sbi:
# client:
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - addr: 127.0.1.10
# tls:
# key: /etc/open5gs/tls/udr.key
# cert: /etc/open5gs/tls/udr.crt
# - name: scp.open5gs.org
# - addr: ::1
#
# o SBI Client(https://scp.open5gs.org:443)
# Use the specified certificate to verify peer
# Use the specified certificate while verifying the server
#
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - name: scp.open5gs.org
# tls:
# cacert: /etc/open5gs/tls/ca.crt
#
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr:
# - 127.0.1.10
@@ -236,6 +310,10 @@ udr:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# option:
@@ -250,32 +328,37 @@ scp:
- addr: 127.0.1.10
port: 7777
#
# nrf:
#
# <SBI Client>>
#
# o SBI Client(http://127.0.0.10:7777)
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# port: 7777
#
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
# tls:
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
# sbi:
# client:
# key: /etc/open5gs/tls/udr.key
# cert: /etc/open5gs/tls/udr.crt
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - addr: 127.0.0.10
# - addr: ::1
#
# o SBI Client(https://nrf.open5gs.org:443)
# Use the specified certificate to verify server
# Use the specified certificate while verifying the server
#
# tls:
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - name: nrf.open5gs.org
@@ -292,6 +375,10 @@ scp:
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# option:
@@ -307,55 +394,51 @@ scp:
# - ::1
# port: 7777
#
# parameter:
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# o Maximum Number of UE
# max:
# ue: 1024
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# max:
# peer: 64
#
max:
#
# time:
#
# o NF Instance Heartbeat (Default : 0)
# NFs will not send heart-beat timer in NFProfile
# NRF will send heart-beat timer in NFProfile
# (Default values are used, so no configuration is required)
#
# o NF Instance Heartbeat (20 seconds)
# NFs will send heart-beat timer (20 seconds) in NFProfile
# NRF can change heart-beat timer in NFProfile
#
# time:
# nf_instance:
# heartbeat: 20
#
# o NF Instance Heartbeat (Disabled)
# nf_instance:
# heartbeat: 0
#
# o NF Instance Heartbeat (10 seconds)
# nf_instance:
# heartbeat: 10
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
time:

59
configs/open5gs/upf.yaml.in
View File

@@ -1,43 +1,45 @@
#
# logger:
#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Nothing is needed)
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,pfcp,gtp,upf,event,tlv,mem,sock
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
file: @localstatedir@/log/open5gs/upf.log
#
# upf:
#
# <PFCP Server>
#
# o PFCP Server(127.0.0.7:8805, ::1:8805)
# upf:
# pfcp:
# - addr: 127.0.0.7
# - addr: ::1
#
# o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
# upf:
# pfcp:
# name: localhost
#
# o PFCP Option (Default)
# - so_bindtodevice : NULL
#
# upf:
# pfcp:
# addr: 127.0.0.7
# option:
@@ -46,15 +48,18 @@ logger:
# <GTP-U Server>>
#
# o GTP-U Server(127.0.0.7:2152, [::1]:2152)
# upf:
# gtpu:
# - addr: 127.0.0.7
# - addr: ::1
#
# o GTP-U Server(127.0.0.1:2152, [::1]:2152)
# upf:
# gtpu:
# name: localhost
#
# o User Plane IP Resource information
# upf:
# gtpu:
# - addr:
# - 127.0.0.7
@@ -70,20 +75,24 @@ logger:
# source_interface: 1
#
# o Provide custom UPF GTP-U address to be advertised inside NGAP messages
# upf:
# gtpu:
# - addr: 10.4.128.21
# advertise: 172.24.15.30
#
# upf:
# gtpu:
# - addr: 10.4.128.21
# advertise:
# - 127.0.0.1
# - ::1
#
# upf:
# gtpu:
# - addr: 10.4.128.21
# advertise: upf1.5gc.mnc001.mcc001.3gppnetwork.org
#
# upf:
# gtpu:
# - dev: ens3
# advertise: upf1.5gc.mnc001.mcc001.3gppnetwork.org
@@ -91,6 +100,7 @@ logger:
# o GTP-U Option (Default)
# - so_bindtodevice : NULL
#
# upf:
# gtpu:
# addr: 127.0.0.7
# option:
@@ -104,6 +114,7 @@ logger:
# o IPv4 Pool
# $ sudo ip addr add 10.45.0.1/16 dev ogstun
#
# upf:
# subnet:
# addr: 10.45.0.1/16
#
@@ -111,6 +122,7 @@ logger:
# $ sudo ip addr add 10.45.0.1/16 dev ogstun
# $ sudo ip addr add 2001:db8:cafe::1/48 dev ogstun
#
# upf:
# subnet:
# - addr: 10.45.0.1/16
# - addr: 2001:db8:cafe::1/48
@@ -125,6 +137,7 @@ logger:
#
# ; If the UE has unknown DNN/APN(not internet/ims), SMF/UPF will crash.
#
# upf:
# subnet:
# - addr: 10.45.0.1/16
# dnn: internet
@@ -138,6 +151,7 @@ logger:
# o Specific DNN/APN with the FALLBACK SUBNET(10.47.0.1/16)
# ; Note that put the FALLBACK SUBNET last to avoid SMF/UPF crash.
#
# upf:
# subnet:
# - addr: 10.45.0.1/16
# dnn: internet
@@ -151,6 +165,7 @@ logger:
# $ sudo ip addr add 10.46.0.1/16 dev ogstun3
# $ sudo ip addr add 2001:db8:babe::1/48 dev ogstun3
#
# upf:
# subnet:
# - addr: 10.45.0.1/16
# dnn: internet
@@ -167,6 +182,7 @@ logger:
# <Metrics Server>
#
# o Metrics Server(http://<any address>:9090)
# upf:
# metrics:
# - addr: 0.0.0.0
# port: 9090
@@ -183,51 +199,52 @@ upf:
- addr: 127.0.0.7
port: 9090
#
# smf:
#
# <PFCP Client>>
#
# o PFCP Client(127.0.0.4:8805)
#
# smf:
# pfcp:
# addr: 127.0.0.4
#
smf:
#
# parameter:
#
# o Number of output streams per SCTP associations.
# sctp_streams: 30
# parameter:
# sctp_streams: 30
#
# o Disable use of IPv4 addresses (only IPv6)
# no_ipv4: true
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# no_ipv6: true
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# prefer_ipv4: true
# parameter:
# prefer_ipv4: true
#
parameter:
#
# max:
#
# o Maximum Number of UE
# ue: 1024
# max:
# ue: 1024
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# peer: 64
# max:
# peer: 64
#
max:
#
# time:
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
time:

5
configs/sample.yaml.in
View File

@@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
logger:
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testserver.key
cert: @build_configs_dir@/open5gs/tls/testserver.crt
client:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testclient.key
cert: @build_configs_dir@/open5gs/tls/testclient.crt

5
configs/slice.yaml.in
View File

@@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
logger:
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testserver.key
cert: @build_configs_dir@/open5gs/tls/testserver.crt
client:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testclient.key
cert: @build_configs_dir@/open5gs/tls/testclient.crt

5
configs/srsenb.yaml.in
View File

@@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
logger:
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testserver.key
cert: @build_configs_dir@/open5gs/tls/testserver.crt
client:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testclient.key
cert: @build_configs_dir@/open5gs/tls/testclient.crt

5
configs/volte.yaml.in
View File

@@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
logger:
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testserver.key
cert: @build_configs_dir@/open5gs/tls/testserver.crt
client:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testclient.key
cert: @build_configs_dir@/open5gs/tls/testclient.crt

5
configs/vonr.yaml.in
View File

@@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
logger:
tls:
enabled: no
sbi:
server:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testserver.key
cert: @build_configs_dir@/open5gs/tls/testserver.crt
client:
no_tls: true
cacert: @build_configs_dir@/open5gs/tls/ca.crt
key: @build_configs_dir@/open5gs/tls/testclient.key
cert: @build_configs_dir@/open5gs/tls/testclient.crt