Release v2.6.2

TS23.007 17.4.1
19A PFCP based restart procedures

After a PFCP entity has restarted, it shall immediately update all local Recovery Time Stamps and shall clear all remote
Recovery Time Stamps. When peer PFCP entities information is available, i.e. when the PFCP Association is still alive,
the restarted PFCP entity shall send its updated Recovery Time Stamps in a Heartbeat Request message to the peer
PFCP entities before initiating any PFCP session signalling.

.clang-tidy

@@ -0,0 +1,69 @@
+---
+Checks: '*,
+  -altera-id-dependent-backward-branch,
+  -altera-struct-pack-align,
+  -altera-unroll-loops,
+  -android-cloexec-*,
+  -bugprone-branch-clone,
+  -bugprone-easily-swappable-parameters,
+  -bugprone-macro-parentheses,
+  -bugprone-reserved-identifier,
+  -bugprone-sizeof-expression,
+  -cert-dcl37-c,
+  -cert-dcl51-cpp,
+  -cert-err33-c,
+  -cert-err34-c,
+  -clang-analyzer-optin.performance.Padding,
+  -clang-analyzer-security.insecureAPI.bcmp,
+  -clang-analyzer-security.insecureAPI.bcopy,
+  -clang-analyzer-security.insecureAPI.bzero,
+  -clang-diagnostic-error,
+  -clang-diagnostic-typedef-redefinition,
+  -clang-diagnostic-unknown-warning-option,
+  -concurrency-mt-unsafe,
+  -cppcoreguidelines-avoid-magic-numbers,
+  -cppcoreguidelines-avoid-non-const-global-variables,
+  -cppcoreguidelines-init-variables,
+  -google-readability-braces-around-statements,
+  -google-readability-casting,
+  -google-readability-function-size,
+  -google-readability-todo,
+  -hicpp-braces-around-statements,
+  -hicpp-function-size,
+  -hicpp-multiway-paths-covered,
+  -llvm-else-after-return,
+  -llvm-header-guard,
+  -llvm-include-order,
+  -llvmlibc-restrict-system-libc-headers,
+  -misc-no-recursion,
+  -misc-unused-parameters,
+  -performance-no-int-to-ptr,
+  -readability-avoid-const-params-in-decls,
+  -readability-braces-around-statements,
+  -readability-duplicate-include,
+  -readability-else-after-return,
+  -readability-function-cognitive-complexity,
+  -readability-function-size,
+  -readability-identifier-length,
+  -readability-isolate-declaration,
+  -readability-magic-numbers,
+  -readability-non-const-parameter,
+  -readability-redundant-control-flow,
+  -readability-redundant-declaration,
+  -readability-suspicious-call-argument,
+
+
+  -bugprone-implicit-widening-of-multiplication-result,
+  -bugprone-narrowing-conversions,
+  -cert-exp42-c,
+  -cert-flp37-c,
+  -clang-analyzer-core.NullDereference,
+  -clang-analyzer-deadcode.DeadStores,
+  -clang-analyzer-security.insecureAPI.strcpy,
+  -cppcoreguidelines-interfaces-global-init,
+  -cppcoreguidelines-narrowing-conversions,
+  -hicpp-signed-bitwise,
+  '
+
+WarningsAsErrors: false
+HeaderFilterRegex: '(.*\.h)'

.dockerignore

@@ -0,0 +1,10 @@
+**/*.md
+**/docker-compose*.yml
+**/docker-compose*.yaml
+**/Dockerfile*
+.git
+.dockerignore
+.cache
+.gitignore
+.github
+build

.github/FUNDING.yml

@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+#github: [acetcom, open5gs]
+github: acetcom
+#patreon: # Replace with a single Patreon username
+open_collective: open5gs
+#ko_fi: # Replace with a single Ko-fi username
+#tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+#community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+#liberapay: # Replace with a single Liberapay username
+#issuehunt: # Replace with a single IssueHunt username
+#otechie: # Replace with a single Otechie username
+#custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

.github/ISSUE_TEMPLATE/bugreport.yaml

@@ -0,0 +1,58 @@
+name: Bug Report
+description: File a bug report or issue
+title: "[Bug]: "
+labels: ['triage']
+assignees: []
+body:
+  - type: markdown
+    attributes:
+      value: > 
+        **Please note**
+        
+        This form should only be used if _you can reporoduce_ the bug the in the *current* release of
+        Open5GS Stack. For installation, configuration or other help with Open5GS please
+        use our [discussion forum](https://github.com/open5gs/open5gs/discussions).
+        
+        **This form is not for support requests.**
+  - type: input
+    attributes:
+      label: Open5GS Release, Revision, or Tag
+      description: Please check if your issue has been resolved in the latest release.
+      placeholder: v2.6.0
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Steps to reproduce
+      description: >
+        Please describe in detail the steps needed to reproduce this bug. These steps
+        should reproduce the issue on the most current release of Open5GS. Be sure to
+        include configuration and platform details.
+        Please include logs from the relevant daemons as well as any relevant packet captures.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Logs
+      description: Provide any relevant captured logs for the issue
+      render: shell
+  - type: textarea
+    attributes:
+      label: Expected behaviour
+      description: What did you expect to happen?
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Observed Behaviour
+      description: What's the observed behaviour?
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: eNodeB/gNodeB
+      description: If using an eNB or gNB, please identify which vendor/version
+  - type: input
+    attributes:
+      label: UE Models and versions
+      description: Which UE hardware model and version or simulator version are you using?

.github/ISSUE_TEMPLATE/config.yaml

@@ -0,0 +1,9 @@
+blank_issues_enabled: false
+contact_links:
+        - name: Open5GS Contribution Guide
+          url: https://github.com/open5gs/open5gs/wiki/Contribution-guide
+          about: Contribution guide detailing how you can help the project
+        - name: Project Sponsorship
+          url: https://github.com/sponsors/acetcom
+          name: Support the Open5GS developer using GitHub sponsorship
+

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -0,0 +1,48 @@
+name: Feature request
+description: Propose an enhancement to Open5GS
+labels: ['Enhancement', 'triage']
+body:
+  - type: markdown
+    attributes:
+      value: >
+        ## Feature request
+        Please submit your feature request using the form. If your proposal is not sufficiently
+        well formed, we may request further clarification and expansion. If you're unsure about
+        how to formulate your request, please start a [discussion instead](https://github.com/open5gs/open5gs/dicsussions/).
+
+  - type: input
+    attributes:
+      label: Open5GS Release, Revision, or Tag
+      placeholder: v2.6.0
+    validations:
+      required: true
+
+  - type: input
+    attributes:
+      label: Components and subsystems
+      description: Which subsystems and components would this feature be relevant to?
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Proposed functionality
+      description: >
+        Provide a detailed description of the feature or behaviour you are proposing. Please include any
+        Please include any relevant 3GPP standards and references and include any specific changes to
+        current protocols, processing pipelines, DIAMETER requests/responses, and interfaces. The more detail
+        you provide, the greater the chance your proposal has of being discussed.
+
+        If your feature request does not include anything actionable or sufficient details, you may be asked
+        to provide further clarification or your request may be rejected.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: External dependencies
+      description: >
+        Please detail any new dependencies or implementations that this feature might introduce. e.g. Does the 
+        proposal require the installation of additional packages? Are there further external nodes which may be
+        required for integration testing? (Not all feature requests will introduce new dependencies)
+

.github/stale.yml

@@ -0,0 +1,61 @@
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 180
+
+# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
+# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
+daysUntilClose: 7
+
+# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
+onlyLabels: []
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+  - pinned
+  - security
+  - "[Status] Maybe Later"
+
+# Set to true to ignore issues in a project (defaults to false)
+exemptProjects: false
+
+# Set to true to ignore issues in a milestone (defaults to false)
+exemptMilestones: false
+
+# Set to true to ignore issues with an assignee (defaults to false)
+exemptAssignees: false
+
+# Label to use when marking as stale
+staleLabel: wontfix
+
+# Comment to post when marking as stale. Set to `false` to disable
+markComment: >
+  This issue/PR has been automatically marked as stale because it has not had
+  recent activity for 180 days. It will be closed if no further activity
+  occurs in 7 dayss. Thank you for your contributions!
+
+# Comment to post when removing the stale label.
+# unmarkComment: >
+#   Your comment here.
+
+# Comment to post when closing a stale Issue or Pull Request.
+# closeComment: >
+#   Your comment here.
+
+# Limit the number of actions per hour, from 1-30. Default is 30
+limitPerRun: 30
+
+# Limit to only `issues` or `pulls`
+# only: issues
+
+# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
+# pulls:
+#   daysUntilStale: 30
+#   markComment: >
+#     This pull request has been automatically marked as stale because it has not had
+#     recent activity. It will be closed if no further activity occurs. Thank you
+#     for your contributions.
+
+# issues:
+#   exemptLabels:
+#     - confirmed

.github/workflows/meson-ci.yml

@@ -0,0 +1,78 @@
+name: Meson Continuous Integration
+on: [push, pull_request]
+
+jobs:
+  macos-latest:
+    name: Build and Test on MacOS Latest
+    runs-on: macos-latest
+    steps:
+#    - name: Install MongoDB with Package Manager
+#      run: |
+#          brew tap mongodb/brew
+#          brew install mongodb-community
+#          brew services start mongodb-community
+    - name: Create the TUN device with the interface name `ogstun`.
+      run: |
+          sudo ifconfig lo0 alias 127.0.0.2 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.3 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.4 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.5 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.5 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.6 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.7 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.8 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.9 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.10 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.11 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.12 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.13 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.14 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.15 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.16 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.17 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.18 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.19 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.20 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.1.10 netmask 255.255.255.255
+    - name: Install the dependencies for building the source code.
+      run: brew install mongo-c-driver libidn libmicrohttpd nghttp2 bison libusrsctp libtins talloc meson
+    - name: Check out repository code
+      uses: actions/checkout@main
+    - name: Setup Meson Build
+      run: PATH="/usr/local/opt/bison/bin:$PATH" PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig:$PKG_CONFIG_PATH" meson setup build
+      env:
+        CC: gcc
+    - name : Build Open5GS
+      run: ninja -C build
+    - name: Test Open5GS
+      run: sudo meson test -C build -v crypt unit
+
+  ubuntu-latest:
+    name: Build and Test on Ubuntu Latest
+    runs-on: ubuntu-latest
+    services:
+      mongodb:
+        image: mongo
+        ports:
+          - 27017:27017
+    steps:
+    - name: Create the TUN device with the interface name `ogstun`.
+      run: |
+          sudo ip tuntap add name ogstun mode tun
+          sudo ip addr add 10.45.0.1/16 dev ogstun
+          sudo ip addr add 2001:db8:cafe::1/48 dev ogstun
+          sudo ip link set ogstun up
+    - name: Install the dependencies for building the source code.
+      run: |
+          sudo apt update
+          sudo apt install python3-pip python3-setuptools python3-wheel ninja-build build-essential flex bison git libsctp-dev libgnutls28-dev libgcrypt-dev libssl-dev libidn11-dev libmongoc-dev libbson-dev libyaml-dev libnghttp2-dev libmicrohttpd-dev libcurl4-gnutls-dev libnghttp2-dev libtins-dev libtalloc-dev meson
+    - name: Check out repository code
+      uses: actions/checkout@main
+    - name: Setup Meson Build
+      run: meson setup build
+      env:
+        CC: gcc
+    - name : Build Open5GS
+      run: ninja -C build
+    - name: Test Open5GS
+      run: meson test -C build -v

.github/workflows/stale.yml

@@ -0,0 +1,45 @@
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: '30 22 * * *'
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+    - uses: actions/stale@v5
+      with:
+        debug-only: false
+        operations-per-run: 500
+        enable-statistics: true
+        remove-stale-when-updated: true
+        exempt-issue-labels: 'status:accepted,status:blocked,status:more-info-needed,status:milestone-required,Help Wanted'
+        exempt-all-milestones: true
+        stale-issue-label: 'Housekeeping:ToClose'
+        
+        days-before-stale: 60
+        stale-issue-message: >
+          This issue has been marked as stale because there has been no recent activity on it. If there is
+          no further activity, it will be closed. The Open5GS team is a small but dedicated team with limited 
+          resources and may not be able to address every issue directly. **Do not** attempt to circumvent this 
+          by 'bumping' the issue; doing so will result in it's immediate closure and possibly your exclusion 
+          from participating in any future discussions.      
+        stale-pr-message: >
+          As there has been no recent activity on this PR, it has been marked as stale. It will be automatically
+          closed if no further action is taken.
+        
+        
+        days-before-close: 30
+        days-before-pr-close: -1
+        close-issue-message: >
+          This issue has been closed automatically due to lack of activity. This has been done to try
+          and reduce the amount of noise. Please do not comment any further. The Open5GS Team may choose to
+          re-open this issue if necessary.
+        close-pr-message: >
+          This PR has been closed due to an absence of activity.

.gitignore

@@ -1,3 +1,7 @@
 # This directory is fetched during first build and is present in this directory
 subprojects/freeDiameter
+subprojects/libtins
+subprojects/prometheus-client-c
 subprojects/usrsctp
+
+webui/.next

README.md

@@ -1,26 +1,30 @@
-## Documentation
+<p align="center"><a href="https://open5gs.org" target="_blank" rel="noopener noreferrer"><img width="100" src="https://open5gs.org/assets/img/open5gs-logo-only.png" alt="Open5GS logo"></a></p>
 
-If you don't understand something about Open5GS, the [https://open5gs.org/open5gs/docs/](https://open5gs.org/open5gs/docs/) is a great place to look for answers.
+## Getting Started
 
-## Support
+Please follow the [documentation](https://open5gs.org/open5gs/docs/) at [open5gs.org](https://open5gs.org/)!
 
-Problem with Open5GS can be filed as [issues](https://github.com/open5gs/open5gs/issues) in this repository. 
+## Sponsors
 
-Discussions related to this project are happening on the [nextepc@lists.osmocom.org](mailto:nextepc@lists.osmocom.org) mailing list, please see <https://lists.osmocom.org/mailman/listinfo/nextepc> for subscription options and the list archive.
+If you find Open5GS useful for work, please consider supporting this Open Source project by [Becoming a sponsor](https://github.com/sponsors/acetcom). To manage the funding transactions transparently, you can donate through [OpenCollective](https://opencollective.com/open5gs).
 
-Voice and text chat available in Open5GS's [Discord](https://discordapp.com/) workspace. Use [this link](https://discord.gg/GreNkuc) to get started.
+<p align="center">
+  <a target="_blank" href="https://open5gs.org/#sponsors">
+      <img alt="sponsors" src="https://open5gs.org/assets/img/sponsors.svg">
+  </a>
+</p>
+
+## Community
+
+- Problem with Open5GS can be filed as [issues](https://github.com/open5gs/open5gs/issues) in this repository.
+- Other topics related to this project are happening on the [discussions](https://github.com/open5gs/open5gs/discussions).
+- Voice and text chat are available in Open5GS's [Discord](https://discordapp.com/) workspace. Use [this link](https://discord.gg/GreNkuc) to get started.
 
 ## Contributing
 
-Open5GS is a pure/classic FOSS project, open to contributions from anyone.
-
-[Pull requests](https://github.com/open5gs/open5gs/pulls) are always welcome, and I appreciates any help the community can give to help make Open5GS better.
-
-Do you want to be a committer? Please [send me an email](mailto:acetcom@gmail.com). You will be added as a committer to this project. However, if someone consistently causes difficulties with these source repositories due to poor behavior or other serious problems then commit access may be revoked.
+If you're contributing through a pull request to Open5GS project on GitHub, please read the [Contributor License Agreement](https://open5gs.org/open5gs/cla/) in advance.
 
 ## License
 
-Open5GS source files are made available under the terms of the GNU Affero General Public License (GNU AGPLv3).
-
-When you contribute code for Open5GS, the same license applies.
-
+- Open5GS Open Source files are made available under the terms of the GNU Affero General Public License ([GNU AGPL v3.0](https://www.gnu.org/licenses/agpl-3.0.html)).
+- [Commercial licenses](https://open5gs.org/open5gs/support/) are also available from [NeoPlane](https://neoplane.io/)

configs/310014.yaml.in

@@ -0,0 +1,259 @@
+db_uri: mongodb://localhost/open5gs
+
+logger:
+
+sbi:
+    server:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testserver.key
+      cert: @build_configs_dir@/open5gs/tls/testserver.crt
+    client:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testclient.key
+      cert: @build_configs_dir@/open5gs/tls/testclient.crt
+
+parameter:
+#    no_nrf: true
+#    no_scp: true
+#    no_amf: true
+#    no_smf: true
+#    no_upf: true
+#    no_ausf: true
+#    no_udm: true
+#    no_pcf: true
+#    no_nssf: true
+#    no_bsf: true
+#    no_udr: true
+#    no_mme: true
+#    no_sgwc: true
+#    no_sgwu: true
+#    no_pcrf: true
+#    no_hss: true
+#    use_mongodb_change_stream: true
+
+mme:
+    freeDiameter:
+      identity: mme.localdomain
+      realm: localdomain
+      listen_on: 127.0.0.2
+      no_fwd: true
+      load_extension:
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
+          conf: 0x8888
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+      connect:
+        - identity: hss.localdomain
+          addr: 127.0.0.8
+
+    s1ap:
+      - addr: 127.0.0.2
+    gtpc:
+      - addr: 127.0.0.2
+    gummei:
+      plmn_id:
+        mcc: 310
+        mnc: 014
+      mme_gid: 2
+      mme_code: 1
+    tai:
+      plmn_id:
+        mcc: 310
+        mnc: 014
+      tac: 1
+    security:
+        integrity_order : [ EIA2, EIA1, EIA0 ]
+        ciphering_order : [ EEA0, EEA1, EEA2 ]
+
+    network_name:
+        full: Open5GS
+
+sgwc:
+    gtpc:
+      - addr: 127.0.0.3
+    pfcp:
+      - addr: 127.0.0.3
+
+smf:
+    sbi:
+      - addr: 127.0.0.4
+        port: 7777
+    pfcp:
+      - addr: 127.0.0.4
+    gtpc:
+      - addr: 127.0.0.4
+      - addr: ::1
+    gtpu:
+      - addr: 127.0.0.4
+      - addr: ::1
+    subnet:
+      - addr: 10.45.0.1/16
+      - addr: 2001:db8:cafe::1/48
+    dns:
+      - 8.8.8.8
+      - 8.8.4.4
+      - 2001:4860:4860::8888
+      - 2001:4860:4860::8844
+    mtu: 1400
+    freeDiameter:
+      identity: smf.localdomain
+      realm: localdomain
+      listen_on: 127.0.0.4
+      no_fwd: true
+      load_extension:
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
+          conf: 0x8888
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+      connect:
+        - identity: pcrf.localdomain
+          addr: 127.0.0.9
+amf:
+    sbi:
+      - addr: 127.0.0.5
+        port: 7777
+    ngap:
+      - addr: 127.0.0.5
+    guami:
+      - plmn_id:
+          mcc: 310
+          mnc: 014
+        amf_id:
+          region: 2
+          set: 1
+    tai:
+      - plmn_id:
+          mcc: 310
+          mnc: 014
+        tac: 1
+    plmn_support:
+      - plmn_id:
+          mcc: 310
+          mnc: 014
+        s_nssai:
+          - sst: 1
+    security:
+        integrity_order : [ NIA2, NIA1, NIA0 ]
+        ciphering_order : [ NEA0, NEA1, NEA2 ]
+    network_name:
+        full: Open5GS
+    amf_name: open5gs-amf0
+
+sgwu:
+    pfcp:
+      - addr: 127.0.0.6
+    gtpu:
+      - addr: 127.0.0.6
+
+upf:
+    pfcp:
+      - addr: 127.0.0.7
+    gtpu:
+      - addr: 127.0.0.7
+    subnet:
+      - addr: 10.45.0.1/16
+      - addr: 2001:db8:cafe::1/48
+    metrics:
+      - addr: 127.0.0.7
+        port: 9090
+
+hss:
+    freeDiameter:
+      identity: hss.localdomain
+      realm: localdomain
+      listen_on: 127.0.0.8
+      no_fwd: true
+      load_extension:
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
+          conf: 0x8888
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+      connect:
+        - identity: mme.localdomain
+          addr: 127.0.0.2
+pcrf:
+    freeDiameter:
+      identity: pcrf.localdomain
+      realm: localdomain
+      listen_on: 127.0.0.9
+      no_fwd: true
+      load_extension:
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
+          conf: 0x8888
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+      connect:
+        - identity: smf.localdomain
+          addr: 127.0.0.4
+
+nrf:
+    sbi:
+      - addr:
+        - 127.0.0.10
+        - ::1
+        port: 7777
+
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
+ausf:
+    sbi:
+      - addr: 127.0.0.11
+        port: 7777
+
+udm:
+    sbi:
+      - addr: 127.0.0.12
+        port: 7777
+
+pcf:
+    sbi:
+      - addr: 127.0.0.13
+        port: 7777
+    metrics:
+      - addr: 127.0.0.13
+        port: 9090
+
+nssf:
+    sbi:
+      - addr: 127.0.0.14
+        port: 7777
+    nsi:
+      - addr: 127.0.0.10
+        port: 7777
+        s_nssai:
+          sst: 1
+
+bsf:
+    sbi:
+      - addr: 127.0.0.15
+        port: 7777
+
+udr:
+    sbi:
+      - addr: 127.0.0.20
+        port: 7777
+
+time:
+  t3512:
+    value: 540     # 9 mintues * 60 = 540 seconds

configs/csfb.yaml.in

@@ -2,42 +2,71 @@ db_uri: mongodb://localhost/open5gs
 
 logger:
 
+sbi:
+    server:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testserver.key
+      cert: @build_configs_dir@/open5gs/tls/testserver.crt
+    client:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testclient.key
+      cert: @build_configs_dir@/open5gs/tls/testclient.crt
+
 parameter:
-    no_ipv6: true
+#    no_nrf: true
+#    no_scp: true
+#    no_amf: true
+#    no_smf: true
+#    no_upf: true
+#    no_ausf: true
+#    no_udm: true
+#    no_pcf: true
+#    no_nssf: true
+#    no_bsf: true
+#    no_udr: true
+#    no_mme: true
+#    no_sgwc: true
+#    no_sgwu: true
+#    no_pcrf: true
+#    no_hss: true
+#    use_mongodb_change_stream: true
 
 mme:
     freeDiameter:
       identity: mme.localdomain
       realm: localdomain
       listen_on: 127.0.0.2
+      no_fwd: true
       load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
           conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
       connect:
         - identity: hss.localdomain
-          addr: 127.0.0.4
+          addr: 127.0.0.8
 
     s1ap:
-      addr: 127.0.0.1
+      - addr: 127.0.0.2
     gtpc:
-      addr: 127.0.0.1
+      - addr: 127.0.0.2
     sgsap:
       - addr: 127.0.0.2
         map:
           tai:
             plmn_id:
-              mcc: 901
+              mcc: 999
               mnc: 70
             tac: 7
           lai:
             plmn_id:
-              mcc: 901
+              mcc: 999
               mnc: 70
             lac: 2342
         map:
@@ -51,9 +80,9 @@ mme:
               mcc: 724
               mnc: 21
             lac: 51544
-    gummei: 
+    gummei:
       - plmn_id:
-          mcc: 901
+          mcc: 999
           mnc: 70
         mme_gid: 2
         mme_code: 1
@@ -64,7 +93,7 @@ mme:
         mme_code: 1
     tai:
       plmn_id:
-        mcc: 901
+        mcc: 999
         mnc: 70
       tac: 7
     tai:
@@ -73,85 +102,187 @@ mme:
         mnc: 21
       tac: 12345
     security:
-        integrity_order : [ EIA1, EIA2, EIA0 ]
+        integrity_order : [ EIA2, EIA1, EIA0 ]
         ciphering_order : [ EEA0, EEA1, EEA2 ]
 
     network_name:
         full: Open5GS
 
-hss:
-    freeDiameter:
-      identity: hss.localdomain
-      realm: localdomain
-      listen_on: 127.0.0.4
-      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
-          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp.fdx
-      connect:
-        - identity: mme.localdomain
-          addr: 127.0.0.2
-
-sgw:
+sgwc:
     gtpc:
-      addr: 127.0.0.2
-    gtpu:
-      addr: 127.0.0.2
-
-pgw:
-    freeDiameter:
-      identity: pgw.localdomain
-      realm: localdomain
-      listen_on: 127.0.0.3
-      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
-          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp.fdx
-      connect:
-        - identity: pcrf.localdomain
-          addr: 127.0.0.5
-
-    gtpc:
-      - addr:
-        - 127.0.0.3
-        - ::1
-    gtpu:
       - addr: 127.0.0.3
+    pfcp:
+      - addr: 127.0.0.3
+
+smf:
+#    sbi:
+#      - addr: 127.0.0.4
+#        port: 7777
+    pfcp:
+      - addr: 127.0.0.4
+    gtpc:
+      - addr: 127.0.0.4
       - addr: ::1
-    ue_pool:
+    gtpu:
+      - addr: 127.0.0.4
+      - addr: ::1
+    subnet:
       - addr: 10.45.0.1/16
-      - addr: cafe::1/64
+      - addr: 2001:db8:cafe::1/48
     dns:
       - 8.8.8.8
       - 8.8.4.4
       - 2001:4860:4860::8888
       - 2001:4860:4860::8844
     mtu: 1400
+    freeDiameter:
+      identity: smf.localdomain
+      realm: localdomain
+      listen_on: 127.0.0.4
+      no_fwd: true
+      load_extension:
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
+          conf: 0x8888
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+      connect:
+        - identity: pcrf.localdomain
+          addr: 127.0.0.9
+amf:
+    sbi:
+      - addr: 127.0.0.5
+        port: 7777
+    ngap:
+      - addr: 127.0.0.5
+    guami:
+      - plmn_id:
+          mcc: 999
+          mnc: 70
+        amf_id:
+          region: 2
+          set: 1
+    tai:
+      - plmn_id:
+          mcc: 999
+          mnc: 70
+        tac: 1
+    plmn_support:
+      - plmn_id:
+          mcc: 999
+          mnc: 70
+        s_nssai:
+          - sst: 1
+    security:
+        integrity_order : [ NIA2, NIA1, NIA0 ]
+        ciphering_order : [ NEA0, NEA1, NEA2 ]
+    network_name:
+        full: Open5GS
+    amf_name: open5gs-amf0
 
+sgwu:
+    pfcp:
+      - addr: 127.0.0.6
+    gtpu:
+      - addr: 127.0.0.6
+
+upf:
+    pfcp:
+      - addr: 127.0.0.7
+    gtpu:
+      - addr: 127.0.0.7
+    subnet:
+      - addr: 10.45.0.1/16
+      - addr: 2001:db8:cafe::1/48
+    metrics:
+      - addr: 127.0.0.7
+        port: 9090
+
+hss:
+    freeDiameter:
+      identity: hss.localdomain
+      realm: localdomain
+      listen_on: 127.0.0.8
+      no_fwd: true
+      load_extension:
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
+          conf: 0x8888
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+      connect:
+        - identity: mme.localdomain
+          addr: 127.0.0.2
 pcrf:
     freeDiameter:
       identity: pcrf.localdomain
       realm: localdomain
-      listen_on: 127.0.0.5
+      listen_on: 127.0.0.9
+      no_fwd: true
       load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
           conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
       connect:
-        - identity: pgw.localdomain
-          addr: 127.0.0.3
+        - identity: smf.localdomain
+          addr: 127.0.0.4
+
+#nrf:
+#    sbi:
+#      - addr:
+#        - 127.0.0.10
+#        - ::1
+#        port: 7777
+
+ausf:
+    sbi:
+      - addr: 127.0.0.11
+        port: 7777
+
+udm:
+    sbi:
+      - addr: 127.0.0.12
+        port: 7777
+
+pcf:
+    sbi:
+      - addr: 127.0.0.13
+        port: 7777
+    metrics:
+      - addr: 127.0.0.13
+        port: 9090
+
+nssf:
+    sbi:
+      - addr: 127.0.0.14
+        port: 7777
+    nsi:
+      - addr: 127.0.0.10
+        port: 7777
+        s_nssai:
+          sst: 1
+
+bsf:
+    sbi:
+      - addr: 127.0.0.15
+        port: 7777
+
+udr:
+    sbi:
+      - addr: 127.0.0.20
+        port: 7777
+
+time:
+  t3512:
+    value: 540     # 9 mintues * 60 = 540 seconds

configs/freeDiameter/cacert.pem

@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICrDCCAhWgAwIBAgIUPoUbKXRTWQbrJYUIvyHdacCzw9cwDQYJKoZIhvcNAQEL
-BQAwaDEXMBUGA1UEAwwOY2EubG9jYWxkb21haW4xCzAJBgNVBAYTAktPMQ4wDAYD
-VQQIDAVTZW91bDEOMAwGA1UEBwwFTm93b24xEDAOBgNVBAoMB09wZW41R1MxDjAM
-BgNVBAsMBVRlc3RzMB4XDTE5MTAyMDA2NDM1OFoXDTI5MTAxNzA2NDM1OFowaDEX
-MBUGA1UEAwwOY2EubG9jYWxkb21haW4xCzAJBgNVBAYTAktPMQ4wDAYDVQQIDAVT
-ZW91bDEOMAwGA1UEBwwFTm93b24xEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsM
-BVRlc3RzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2sDnWMj9oXpIw+vcm
-9k/WidMyhSbImINLe9YgibFfozoxZt51Hvi/aAxlqyq7akGtvpL8yVZD6j7o74z7
-6dlnUFDGC4M0WGEkcxqf5NIWe0QplCsXkEOMYHrXLQisAuUk81DNcsXlZr74bmDI
-B0dUM0xJ2JrA5mx1LzTFHSesIwIDAQABo1MwUTAdBgNVHQ4EFgQUxTjcug/DKW49
-mQeW0IcS/bhIzDcwHwYDVR0jBBgwFoAUxTjcug/DKW49mQeW0IcS/bhIzDcwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQB533IwIPOEE1w2RLBF9EKX
-UxaDnUYW05t9eZFLsUtOLFiR84xhCawGEWNtaLvoJE42E17qEjnX4+KGOc6/sa6q
-bLskf7BK7496dQrVY5DO9vdSpN1ep3j+1QKae23wYpjqt2UEU3QtIZpsDjUreYri
-YLVacMQydGgizNQrY3iCvQ==
------END CERTIFICATE-----

configs/freeDiameter/hss.cert.pem

@@ -1,60 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 2 (0x2)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests
-        Validity
-            Not Before: Oct 20 06:43:58 2019 GMT
-            Not After : Oct 17 06:43:58 2029 GMT
-        Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=hss.localdomain
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
-                Modulus:
-                    00:d3:e7:ba:6d:14:65:af:df:90:e5:4a:53:56:a1:
-                    f6:89:2e:cb:ee:ce:d6:73:9f:48:b6:96:78:67:a7:
-                    87:18:b8:ab:c3:0b:31:b3:02:92:48:ed:49:ac:40:
-                    c1:13:3b:13:58:50:cc:2e:59:44:e9:7e:31:02:14:
-                    f0:18:82:95:10:e4:37:b2:5d:14:19:1d:4b:8f:e9:
-                    1f:45:75:cf:0a:e0:8f:7b:e1:70:7b:ab:e4:af:2b:
-                    7c:4d:7f:00:d8:eb:cf:f3:96:ab:fc:04:4f:21:ad:
-                    d8:c4:94:05:02:ff:f3:12:48:88:9e:ce:cf:37:29:
-                    e0:28:39:37:62:05:ed:6d:5d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                AB:0F:C4:B8:B7:6B:56:12:F5:D4:A3:29:B7:D9:5E:3C:DD:8B:79:DD
-            X509v3 Authority Key Identifier: 
-                keyid:C5:38:DC:BA:0F:C3:29:6E:3D:99:07:96:D0:87:12:FD:B8:48:CC:37
-
-    Signature Algorithm: sha256WithRSAEncryption
-         43:95:ee:57:3f:4d:ad:bf:42:6c:48:ae:f8:2f:db:f6:cf:2e:
-         53:a2:3d:48:0a:48:a4:2c:2a:7c:fa:ec:b1:bd:06:a1:21:a5:
-         38:d8:00:05:81:25:91:51:e2:e6:a8:67:a8:c2:f6:5d:2a:f0:
-         40:fe:20:d3:82:2d:d9:8c:4c:61:b7:43:87:7f:fe:e4:a1:b6:
-         fd:54:35:13:4f:63:a5:6b:4a:01:aa:25:e9:80:27:eb:2e:a2:
-         18:e0:36:37:a5:57:09:67:ed:8f:1e:13:fd:b8:b2:d7:4e:cf:
-         93:d4:bf:75:02:38:4e:d4:4a:9c:35:fb:a8:0b:3a:ba:03:1a:
-         e6:9e
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBAjANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s
-b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH
-DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMTkx
-MDIwMDY0MzU4WhcNMjkxMDE3MDY0MzU4WjBZMQswCQYDVQQGEwJLTzEOMAwGA1UE
-CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRgwFgYD
-VQQDDA9oc3MubG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ANPnum0UZa/fkOVKU1ah9okuy+7O1nOfSLaWeGenhxi4q8MLMbMCkkjtSaxAwRM7
-E1hQzC5ZROl+MQIU8BiClRDkN7JdFBkdS4/pH0V1zwrgj3vhcHur5K8rfE1/ANjr
-z/OWq/wETyGt2MSUBQL/8xJIiJ7Ozzcp4Cg5N2IF7W1dAgMBAAGjezB5MAkGA1Ud
-EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
-YXRlMB0GA1UdDgQWBBSrD8S4t2tWEvXUoym32V483Yt53TAfBgNVHSMEGDAWgBTF
-ONy6D8Mpbj2ZB5bQhxL9uEjMNzANBgkqhkiG9w0BAQsFAAOBgQBDle5XP02tv0Js
-SK74L9v2zy5Toj1ICkikLCp8+uyxvQahIaU42AAFgSWRUeLmqGeowvZdKvBA/iDT
-gi3ZjExht0OHf/7kobb9VDUTT2Ola0oBqiXpgCfrLqIY4DY3pVcJZ+2PHhP9uLLX
-Ts+T1L91AjhO1EqcNfuoCzq6Axrmng==
------END CERTIFICATE-----

configs/freeDiameter/hss.conf.in

@@ -79,7 +79,7 @@ Realm = "localdomain";
 #ListenOn = "202.249.37.5";
 #ListenOn = "2001:200:903:2::202:1";
 #ListenOn = "fe80::21c:5ff:fe98:7d62%eth0";
-ListenOn = "127.0.0.4";
+ListenOn = "127.0.0.8";
 
 
 ##############################################################
@@ -106,7 +106,7 @@ ListenOn = "127.0.0.4";
 # Default : NO DEFAULT
 #TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
 #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
-TLS_Cred = "@sysconfdir@/freeDiameter/hss.cert.pem", "@sysconfdir@/freeDiameter/hss.key.pem";
+TLS_Cred = "@sysconfdir@/open5gs/tls/hss.crt", "@sysconfdir@/open5gs/tls/hss.key";
 
 # Certificate authority / trust anchors
 # The file containing the list of trusted Certificate Authorities (PEM list)
@@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/hss.cert.pem", "@sysconfdir@/freeDiameter/
 # The directive can appear several times to specify several files.
 # Default : GNUTLS default behavior
 #TLS_CA = "<file.PEM>";
-TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
+TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt";
 
 # Certificate Revocation List file
 # The information about revoked certificates.
@@ -175,6 +175,7 @@ TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
 # exchanges.
 # Default: Relaying is enabled.
 #NoRelay;
+NoRelay;
 
 # Number of server threads that can handle incoming messages at the same time.
 # Default: 4

configs/freeDiameter/hss.key.pem

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDT57ptFGWv35DlSlNWofaJLsvuztZzn0i2lnhnp4cYuKvDCzGz
-ApJI7UmsQMETOxNYUMwuWUTpfjECFPAYgpUQ5DeyXRQZHUuP6R9Fdc8K4I974XB7
-q+SvK3xNfwDY68/zlqv8BE8hrdjElAUC//MSSIiezs83KeAoOTdiBe1tXQIDAQAB
-AoGBAM7ShI2Ec/9lSInSsmaC7BpW12p87KirFZBIarpYs634SIS0v0xFvTt6hgae
-qRO4/BedvLucG3t91B2BDBoQEaZELCjJ9kCUtzphW+u8/SUvPUCfb5xiLLeDQCVR
-oU45JuqlF+ro9XM0x7f1REuTza1Xr20O5n5TzaCzQkdTlMdtAkEA+Yk9aS589D2c
-TAj7H5nQMFai/z0JKM7kuBmXaqbsPtnYjdNvVYsCRPcjbhyfIjN88o/QGuUuInpb
-PyzUZh3x2wJBANlk8d5ZVco+UE1NX0KzpEXHMY+z8kE4f8IMy0KN1V+An0ZbdxJE
-X0aUMz9/K0+V6n0rlpY4QdOnTnbIEg2hTycCQDXBUM9lylk7JH5kuORX2Ddxkm91
-kJGP8EmQicPZ7a6kczgqQiOlbHm625EO7WEKwnHmdSg2Ergur5VubNsKvF0CQQCc
-sbv8rpu9qOisr2ZIZ7+yY/9/Ow8Un6rGrf4cPKtdqRIk3myXCB08fDnsPLd1J/Pa
-wP5LzMT10BQoXdFVbb3lAkBpNXUkts8O1YxSG5zTruvygjU2n4Lova31icJ8HFaG
-pfKHJpqDGPooupFxeCsPVPBZIRtxW70CZcr77eW/XKXv
------END RSA PRIVATE KEY-----

configs/freeDiameter/meson.build

@@ -22,7 +22,7 @@ meson.add_install_script(python3_exe, '-c',
 freediameter_conf = '''
     mme.conf
     hss.conf
-    pgw.conf
+    smf.conf
     pcrf.conf
 '''.split()
 
@@ -34,24 +34,3 @@ foreach file : freediameter_conf
     meson.add_install_script(python3_exe, '-c',
             install_conf.format(gen, freediameter_sysconfdir))
 endforeach
-
-freediameter_pem = '''
-    cacert.pem
-    mme.cert.pem
-    mme.key.pem
-    hss.cert.pem
-    hss.key.pem
-    pgw.cert.pem
-    pgw.key.pem
-    pcrf.cert.pem
-    pcrf.key.pem
-'''.split()
-
-foreach file : freediameter_pem
-    gen = configure_file(
-            input : file,
-            output : file,
-            configuration : conf_data)
-    meson.add_install_script(python3_exe, '-c',
-            install_conf.format(gen, freediameter_sysconfdir))
-endforeach

configs/freeDiameter/mme.cert.pem

@@ -1,60 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests
-        Validity
-            Not Before: Oct 20 06:43:58 2019 GMT
-            Not After : Oct 17 06:43:58 2029 GMT
-        Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=mme.localdomain
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
-                Modulus:
-                    00:b5:3a:31:ed:bf:fe:cd:e7:50:cc:94:ba:3d:fd:
-                    2f:e6:cb:83:25:3d:82:93:26:57:b4:2f:6b:29:d9:
-                    fd:80:c8:c5:82:9c:09:17:14:38:91:57:ac:72:b0:
-                    86:d4:6f:bd:6b:fa:b9:60:51:9b:ab:6b:68:37:15:
-                    c7:de:8b:bd:e8:da:5a:49:75:03:33:09:8e:49:e4:
-                    d9:5b:3c:2f:ca:47:9b:95:d5:6f:16:e4:8d:39:b4:
-                    39:dd:51:1a:55:27:68:b9:a0:24:ad:1c:18:48:bb:
-                    49:54:ae:03:a3:0b:b8:e5:da:b4:c2:7f:09:a4:12:
-                    8e:97:08:58:24:6a:4b:f4:87
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                20:74:06:F0:AF:F6:2D:90:D1:CB:8C:5C:AB:73:D7:45:99:31:DD:AA
-            X509v3 Authority Key Identifier: 
-                keyid:C5:38:DC:BA:0F:C3:29:6E:3D:99:07:96:D0:87:12:FD:B8:48:CC:37
-
-    Signature Algorithm: sha256WithRSAEncryption
-         0a:f5:fd:1f:19:52:9a:99:ec:34:67:e8:57:dc:61:73:c0:05:
-         b0:53:e3:8f:66:86:c9:99:af:28:5a:2a:06:a8:53:b1:80:ea:
-         5c:c9:ad:93:ec:b8:b4:b0:e4:04:8b:85:1b:08:93:f2:71:b1:
-         21:ab:80:40:e4:27:c6:c5:7a:56:f2:d2:33:6c:f0:1d:f4:99:
-         85:55:60:9c:eb:d3:b8:e3:4b:e5:be:1e:d2:39:d5:55:6f:4c:
-         20:07:c8:24:1c:21:70:e4:54:17:0b:a5:66:17:be:8b:5c:73:
-         ca:5e:42:6e:27:15:18:69:dc:c6:49:97:d7:66:e0:a8:ad:9c:
-         f1:b7
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBATANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s
-b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH
-DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMTkx
-MDIwMDY0MzU4WhcNMjkxMDE3MDY0MzU4WjBZMQswCQYDVQQGEwJLTzEOMAwGA1UE
-CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRgwFgYD
-VQQDDA9tbWUubG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALU6Me2//s3nUMyUuj39L+bLgyU9gpMmV7QvaynZ/YDIxYKcCRcUOJFXrHKwhtRv
-vWv6uWBRm6traDcVx96LvejaWkl1AzMJjknk2Vs8L8pHm5XVbxbkjTm0Od1RGlUn
-aLmgJK0cGEi7SVSuA6MLuOXatMJ/CaQSjpcIWCRqS/SHAgMBAAGjezB5MAkGA1Ud
-EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
-YXRlMB0GA1UdDgQWBBQgdAbwr/YtkNHLjFyrc9dFmTHdqjAfBgNVHSMEGDAWgBTF
-ONy6D8Mpbj2ZB5bQhxL9uEjMNzANBgkqhkiG9w0BAQsFAAOBgQAK9f0fGVKamew0
-Z+hX3GFzwAWwU+OPZobJma8oWioGqFOxgOpcya2T7Li0sOQEi4UbCJPycbEhq4BA
-5CfGxXpW8tIzbPAd9JmFVWCc69O440vlvh7SOdVVb0wgB8gkHCFw5FQXC6VmF76L
-XHPKXkJuJxUYadzGSZfXZuCorZzxtw==
------END CERTIFICATE-----

configs/freeDiameter/mme.conf.in

@@ -106,7 +106,7 @@ ListenOn = "127.0.0.2";
 # Default : NO DEFAULT
 #TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
 #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
-TLS_Cred = "@sysconfdir@/freeDiameter/mme.cert.pem", "@sysconfdir@/freeDiameter/mme.key.pem";
+TLS_Cred = "@sysconfdir@/open5gs/tls/mme.crt", "@sysconfdir@/open5gs/tls/mme.key";
 
 # Certificate authority / trust anchors
 # The file containing the list of trusted Certificate Authorities (PEM list)
@@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/mme.cert.pem", "@sysconfdir@/freeDiameter/
 # The directive can appear several times to specify several files.
 # Default : GNUTLS default behavior
 #TLS_CA = "<file.PEM>";
-TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
+TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt";
 
 # Certificate Revocation List file
 # The information about revoked certificates.
@@ -175,6 +175,7 @@ TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
 # exchanges.
 # Default: Relaying is enabled.
 #NoRelay;
+NoRelay;
 
 # Number of server threads that can handle incoming messages at the same time.
 # Default: 4
@@ -260,7 +261,7 @@ LoadExtension = "@libdir@/freeDiameter/dict_dcca_3gpp.fdx";
 # Examples:
 #ConnectPeer = "aaa.wide.ad.jp";
 #ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ;
-ConnectPeer = "hss.localdomain" { ConnectTo = "127.0.0.4"; No_TLS; };
+ConnectPeer = "hss.localdomain" { ConnectTo = "127.0.0.8"; No_TLS; };
 
 
 ##############################################################

configs/freeDiameter/mme.key.pem

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC1OjHtv/7N51DMlLo9/S/my4MlPYKTJle0L2sp2f2AyMWCnAkX
-FDiRV6xysIbUb71r+rlgUZura2g3Fcfei73o2lpJdQMzCY5J5NlbPC/KR5uV1W8W
-5I05tDndURpVJ2i5oCStHBhIu0lUrgOjC7jl2rTCfwmkEo6XCFgkakv0hwIDAQAB
-AoGBALL3ID1H/8m4Z9tP+EelEzvYt8772kmUcMHYnfw7cJNQMXQUwQlQh7hIG107
-JDr/idDrTUtn69GxhL35PWJxH3z7b9nPQCcPZQ3PZWW8lDXNqNCjV5j+2zDAXqkc
-IyxLQuPnTyn9kcB/OIjNGrr86/6JKS1ipbT9AIllV+br5OMhAkEA7KMLbiAI03JH
-wBhtnHdtj7NETXDnZd0Plj3ATpa7SOtxmBtqVVOH/1ghAqJ0YScrqa9+eEqcn6mv
-sHoJ10wVVwJBAMQOdR6b6H3Swy5dZNYzSKDsWRf4cNK5Kz8HJ8UOLbHTjzcDHNsD
-n09McdcnWgNAxV6J0YJzu4LWQjT4b1e77FECQAd+8rG+Wgk4qYUwQOif79yJdTRu
-yyWy5vd/ZUQYCj65FpQW6jthtgEkrYcD1mPtdbieUodE9cko+uPAOeeUBWkCQQCt
-lL9NImxtOjVkz3t/ylf7YkZfWq9JYnhPjV5AsZTzZIPgCPl7T3G1G9GO1GB1kNsu
-IIdGIIFcDacAjxTFcLSBAkA1Bl7gARE2XZR9iVVJ/On2hWFZhtG9RId+k0pVUxKs
-KXYnYSiD/WIeVZ6IBswqL2AnEV+kBBuZ7D9aEiDYbXQ/
------END RSA PRIVATE KEY-----

configs/freeDiameter/pcrf.cert.pem

@@ -1,60 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 4 (0x4)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests
-        Validity
-            Not Before: Oct 20 06:43:58 2019 GMT
-            Not After : Oct 17 06:43:58 2029 GMT
-        Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=pcrf.localdomain
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
-                Modulus:
-                    00:c4:63:95:b8:b2:99:ca:4d:dd:ac:b8:e2:78:29:
-                    43:03:8a:de:6b:05:99:97:b7:90:39:f8:f6:b8:20:
-                    77:44:4b:1b:95:6c:ad:e1:5f:2c:48:a2:8a:d2:95:
-                    72:0e:f9:e1:cf:70:4e:45:6e:71:7e:2a:41:29:93:
-                    7a:12:01:73:0b:10:20:7a:38:66:9f:75:76:21:d6:
-                    7d:0c:ea:35:47:16:d6:c3:9f:41:ec:e9:98:36:16:
-                    84:9f:43:38:2b:b2:c8:d9:f3:6c:07:82:e4:ce:c8:
-                    a3:f3:c3:60:13:f3:46:44:fa:f0:ee:a9:48:40:8f:
-                    80:3e:60:73:ff:6d:59:03:2f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                53:A8:0E:78:45:FB:38:A6:CF:30:E5:FF:BB:CA:E6:CF:A3:4A:DC:53
-            X509v3 Authority Key Identifier: 
-                keyid:C5:38:DC:BA:0F:C3:29:6E:3D:99:07:96:D0:87:12:FD:B8:48:CC:37
-
-    Signature Algorithm: sha256WithRSAEncryption
-         47:6b:2b:f9:03:8d:c1:fd:84:21:fe:3c:5b:8c:9d:c1:48:bc:
-         ae:90:67:c5:ad:1a:80:e9:97:9c:c2:d4:31:1b:7d:4e:1a:72:
-         09:fb:92:32:b3:82:79:59:cd:92:21:27:c7:34:c3:76:27:a8:
-         11:33:cd:4a:ec:10:cb:44:89:da:47:1a:a4:6a:06:10:fb:f1:
-         6a:de:d5:1a:15:de:4a:54:6f:29:b8:de:ec:20:f2:d1:c3:0c:
-         9a:8e:97:46:8c:21:c3:63:7f:41:52:41:7e:73:47:43:0a:d1:
-         86:0b:f0:fb:9a:1f:6d:b5:93:88:95:88:84:6d:28:8e:29:2e:
-         66:9d
------BEGIN CERTIFICATE-----
-MIICszCCAhygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s
-b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH
-DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMTkx
-MDIwMDY0MzU4WhcNMjkxMDE3MDY0MzU4WjBaMQswCQYDVQQGEwJLTzEOMAwGA1UE
-CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRkwFwYD
-VQQDDBBwY3JmLmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDEY5W4spnKTd2suOJ4KUMDit5rBZmXt5A5+Pa4IHdESxuVbK3hXyxIoorSlXIO
-+eHPcE5FbnF+KkEpk3oSAXMLECB6OGafdXYh1n0M6jVHFtbDn0Hs6Zg2FoSfQzgr
-ssjZ82wHguTOyKPzw2AT80ZE+vDuqUhAj4A+YHP/bVkDLwIDAQABo3sweTAJBgNV
-HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
-Y2F0ZTAdBgNVHQ4EFgQUU6gOeEX7OKbPMOX/u8rmz6NK3FMwHwYDVR0jBBgwFoAU
-xTjcug/DKW49mQeW0IcS/bhIzDcwDQYJKoZIhvcNAQELBQADgYEAR2sr+QONwf2E
-If48W4ydwUi8rpBnxa0agOmXnMLUMRt9ThpyCfuSMrOCeVnNkiEnxzTDdieoETPN
-SuwQy0SJ2kcapGoGEPvxat7VGhXeSlRvKbje7CDy0cMMmo6XRowhw2N/QVJBfnNH
-QwrRhgvw+5ofbbWTiJWIhG0ojikuZp0=
------END CERTIFICATE-----

configs/freeDiameter/pcrf.conf.in

@@ -79,7 +79,7 @@ Realm = "localdomain";
 #ListenOn = "202.249.37.5";
 #ListenOn = "2001:200:903:2::202:1";
 #ListenOn = "fe80::21c:5ff:fe98:7d62%eth0";
-ListenOn = "127.0.0.5";
+ListenOn = "127.0.0.9";
 
 
 ##############################################################
@@ -106,7 +106,7 @@ ListenOn = "127.0.0.5";
 # Default : NO DEFAULT
 #TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
 #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
-TLS_Cred = "@sysconfdir@/freeDiameter/pcrf.cert.pem", "@sysconfdir@/freeDiameter/pcrf.key.pem";
+TLS_Cred = "@sysconfdir@/open5gs/tls/pcrf.crt", "@sysconfdir@/open5gs/tls/pcrf.key";
 
 # Certificate authority / trust anchors
 # The file containing the list of trusted Certificate Authorities (PEM list)
@@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/pcrf.cert.pem", "@sysconfdir@/freeDiameter
 # The directive can appear several times to specify several files.
 # Default : GNUTLS default behavior
 #TLS_CA = "<file.PEM>";
-TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
+TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt";
 
 # Certificate Revocation List file
 # The information about revoked certificates.
@@ -175,6 +175,7 @@ TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
 # exchanges.
 # Default: Relaying is enabled.
 #NoRelay;
+NoRelay;
 
 # Number of server threads that can handle incoming messages at the same time.
 # Default: 4
@@ -260,6 +261,6 @@ LoadExtension = "@libdir@/freeDiameter/dict_dcca_3gpp.fdx";
 # Examples:
 #ConnectPeer = "aaa.wide.ad.jp";
 #ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ;
-ConnectPeer = "pgw.localdomain" { ConnectTo = "127.0.0.3"; No_TLS; };
+ConnectPeer = "smf.localdomain" { ConnectTo = "127.0.0.4"; No_TLS; };
 
 ##############################################################

configs/freeDiameter/pcrf.key.pem

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDEY5W4spnKTd2suOJ4KUMDit5rBZmXt5A5+Pa4IHdESxuVbK3h
-XyxIoorSlXIO+eHPcE5FbnF+KkEpk3oSAXMLECB6OGafdXYh1n0M6jVHFtbDn0Hs
-6Zg2FoSfQzgrssjZ82wHguTOyKPzw2AT80ZE+vDuqUhAj4A+YHP/bVkDLwIDAQAB
-AoGBAJG6b+RhK3uSMjcz7mFKBP9A8fCqdCG/xdcu5i0VcksMDMjhn1mIXPz9GFRR
-LxTr2eMrK/mbjb4YLshiNgfcaXdzpZGauK15PNEHemygI4et9b0iE3ZfGM3dGEGi
-UmWzXgO347S8CNmm6JX/gtAaCafeapmyms6E4teYFp1UMRIBAkEA7zrq9HZT1CZu
-fWN9DraOUVrgMdV8Q/qdKzAqMsTf95r43aRxxe8ZkXpQuf1X0kBDH8cIeOAVu96/
-hmfxCcVZAQJBANIn3YU7xCnUbdK29tYuxAzEw7j4pdfjHEPgkvjV1xsGVwM+DQkF
-/yrSgAujxR70uGfBcUF/M9XRniBWg+FRrC8CQBXJ5vZnBJGRAoU3F3/Mjr/IKB1B
-1XSXkdMKKv2+wqtZmQsO3DHr6gc+/bVC5snGgpaVWScxOamHyyfhtalvKQECQG+w
-PCyo3NIWUd+g2YJvDEZ09EgD7a/UxZrVaYbRryZvsiLJAYiAJWKOyPpmqUaQbMjH
-p/dVMSk75Dvvfttq2oUCQQDuEO0xY0gHxzFYH1K82Yw5aDdRsryEQYpb5e+jduH1
-EHACfc2H4Oc3/a39q7On+HnZgxK7gFMpGW+D0MdDDoL6
------END RSA PRIVATE KEY-----

configs/freeDiameter/pgw.cert.pem

@@ -1,60 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 3 (0x3)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests
-        Validity
-            Not Before: Oct 20 06:43:58 2019 GMT
-            Not After : Oct 17 06:43:58 2029 GMT
-        Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=pgw.localdomain
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
-                Modulus:
-                    00:bf:bc:94:38:f4:03:a5:23:8c:21:ba:4e:5e:51:
-                    f7:76:f5:e1:1e:43:fc:04:a0:f9:b9:9f:47:dd:d3:
-                    b5:aa:83:e8:cb:d0:3c:56:0e:4d:fd:de:b6:93:fa:
-                    eb:a3:94:4a:79:68:1d:84:61:cf:b7:d0:ac:d0:41:
-                    ef:66:e0:8a:40:ec:b4:d2:5b:ce:cc:2c:cd:7d:7e:
-                    87:73:b0:4b:4d:79:54:3b:a4:48:bb:19:4f:9f:7e:
-                    30:e7:af:17:32:a3:95:af:c4:a5:19:8f:53:3c:16:
-                    cd:54:9d:38:98:2b:0f:b7:cd:33:91:f0:ef:b8:d2:
-                    9f:0e:fe:8e:77:9d:e8:ba:f3
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                EB:F6:EA:D3:F2:F2:C6:C6:83:EF:13:CD:AF:49:A8:ED:03:DF:7F:ED
-            X509v3 Authority Key Identifier: 
-                keyid:C5:38:DC:BA:0F:C3:29:6E:3D:99:07:96:D0:87:12:FD:B8:48:CC:37
-
-    Signature Algorithm: sha256WithRSAEncryption
-         3b:00:ef:c4:9f:69:c3:22:06:76:6f:70:88:50:1c:f3:a2:9a:
-         68:00:34:fa:3a:68:b2:94:fe:7c:31:7d:4e:95:bd:47:4d:69:
-         1f:76:32:64:83:1b:5b:11:71:bb:0a:7a:af:72:54:7a:dc:30:
-         51:e5:93:27:8c:8a:51:e6:e5:15:53:70:14:85:3b:77:1a:87:
-         ce:d0:6f:31:07:5d:14:30:d7:de:a0:b5:a7:a1:96:18:1a:fd:
-         ea:9f:c2:ea:bb:72:52:84:b6:57:6d:70:93:35:64:d3:8b:82:
-         1b:7b:ea:85:8a:fb:c6:b3:e0:66:ad:db:11:dd:5e:6e:22:dd:
-         b4:23
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBAzANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s
-b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH
-DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMTkx
-MDIwMDY0MzU4WhcNMjkxMDE3MDY0MzU4WjBZMQswCQYDVQQGEwJLTzEOMAwGA1UE
-CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRgwFgYD
-VQQDDA9wZ3cubG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AL+8lDj0A6UjjCG6Tl5R93b14R5D/ASg+bmfR93TtaqD6MvQPFYOTf3etpP666OU
-SnloHYRhz7fQrNBB72bgikDstNJbzswszX1+h3OwS015VDukSLsZT59+MOevFzKj
-la/EpRmPUzwWzVSdOJgrD7fNM5Hw77jSnw7+jned6LrzAgMBAAGjezB5MAkGA1Ud
-EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
-YXRlMB0GA1UdDgQWBBTr9urT8vLGxoPvE82vSajtA99/7TAfBgNVHSMEGDAWgBTF
-ONy6D8Mpbj2ZB5bQhxL9uEjMNzANBgkqhkiG9w0BAQsFAAOBgQA7AO/En2nDIgZ2
-b3CIUBzzoppoADT6OmiylP58MX1Olb1HTWkfdjJkgxtbEXG7CnqvclR63DBR5ZMn
-jIpR5uUVU3AUhTt3GofO0G8xB10UMNfeoLWnoZYYGv3qn8Lqu3JShLZXbXCTNWTT
-i4Ibe+qFivvGs+BmrdsR3V5uIt20Iw==
------END CERTIFICATE-----

configs/freeDiameter/pgw.conf.in

@@ -1,266 +0,0 @@
-# This is a sample configuration file for freeDiameter daemon.
-
-# Most of the options can be omitted, as they default to reasonable values.
-# Only TLS-related options must be configured properly in usual setups.
-
-# It is possible to use "include" keyword to import additional files
-# e.g.: include "/etc/freeDiameter.d/*.conf"
-# This is exactly equivalent as copy & paste the content of the included file(s) 
-# where the "include" keyword is found.
-
-
-##############################################################
-##  Peer identity and realm 
-
-# The Diameter Identity of this daemon.
-# This must be a valid FQDN that resolves to the local host.
-# Default: hostname's FQDN
-#Identity = "aaa.koganei.freediameter.net";
-Identity = "pgw.localdomain";
-
-# The Diameter Realm of this daemon.
-# Default: the domain part of Identity (after the first dot).
-#Realm = "koganei.freediameter.net";
-Realm = "localdomain";
-
-##############################################################
-##  Transport protocol configuration
-
-# The port this peer is listening on for incoming connections (TCP and SCTP).
-# Default: 3868. Use 0 to disable.
-#Port = 3868;
-
-# The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP).
-# See TLS_old_method for more information about TLS flavours.
-# Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter.
-# Default: 5868. Use 0 to disable.
-#SecPort = 5868;
-
-# Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed 
-# on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the 
-# CER/CEA exchange on a dedicated secure port.
-# This parameter only affects outgoing connections. 
-# The setting can be also defined per-peer (see Peers configuration section).
-# Default: use RFC6733 method with separate port for TLS.
-#TLS_old_method;
-
-# Disable use of TCP protocol (only listen and connect over SCTP)
-# Default : TCP enabled
-#No_TCP;
-
-# Disable use of SCTP protocol (only listen and connect over TCP)
-# Default : SCTP enabled
-#No_SCTP;
-# This option is ignored if freeDiameter is compiled with DISABLE_SCTP option.
-
-# Prefer TCP instead of SCTP for establishing new connections.
-# This setting may be overwritten per peer in peer configuration blocs.
-# Default : SCTP is attempted first.
-#Prefer_TCP;
-
-# Default number of streams per SCTP associations.
-# This setting may be overwritten per peer basis.
-# Default : 30 streams
-#SCTP_streams = 30;
-
-##############################################################
-##  Endpoint configuration
-
-# Disable use of IP addresses (only IPv6)
-# Default : IP enabled
-#No_IP;
-
-# Disable use of IPv6 addresses (only IP)
-# Default : IPv6 enabled
-#No_IPv6;
-
-# Specify local addresses the server must bind to
-# Default : listen on all addresses available.
-#ListenOn = "202.249.37.5";
-#ListenOn = "2001:200:903:2::202:1";
-#ListenOn = "fe80::21c:5ff:fe98:7d62%eth0";
-ListenOn = "127.0.0.3";
-
-
-##############################################################
-##  Server configuration
-
-# How many Diameter peers are allowed to be connecting at the same time ?
-# This parameter limits the number of incoming connections from the time
-# the connection is accepted until the first CER is received.
-# Default: 5 unidentified clients in paralel.
-#ThreadsPerServer = 5;
-
-##############################################################
-##  TLS Configuration
-
-# TLS is managed by the GNUTLS library in the freeDiameter daemon.
-# You may find more information about parameters and special behaviors
-# in the relevant documentation.
-# http://www.gnu.org/software/gnutls/manual/
-
-# Credentials of the local peer
-# The X509 certificate and private key file to use for the local peer.
-# The files must contain PKCS-1 encoded RSA key, in PEM format.
-# (These parameters are passed to gnutls_certificate_set_x509_key_file function)
-# Default : NO DEFAULT
-#TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
-#TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
-TLS_Cred = "@sysconfdir@/freeDiameter/pgw.cert.pem", "@sysconfdir@/freeDiameter/pgw.key.pem";
-
-# Certificate authority / trust anchors
-# The file containing the list of trusted Certificate Authorities (PEM list)
-# (This parameter is passed to gnutls_certificate_set_x509_trust_file function)
-# The directive can appear several times to specify several files.
-# Default : GNUTLS default behavior
-#TLS_CA = "<file.PEM>";
-TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
-
-# Certificate Revocation List file
-# The information about revoked certificates.
-# The file contains a list of trusted CRLs in PEM format. They should have been verified before. 
-# (This parameter is passed to gnutls_certificate_set_x509_crl_file function)
-# Note: openssl CRL format might have interoperability issue with GNUTLS format.
-# Default : GNUTLS default behavior
-#TLS_CRL = "<file.PEM>";
-
-# GNU TLS Priority string
-# This string allows to configure the behavior of GNUTLS key exchanges 
-# algorithms. See gnutls_priority_init function documentation for information.
-# You should also refer to the Diameter required TLS support here:
-#   http://tools.ietf.org/html/rfc6733#section-13.1
-# Default : "NORMAL"
-# Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL";
-#TLS_Prio = "NORMAL";
-
-# Diffie-Hellman parameters size
-# Set the number of bits for generated DH parameters
-# Valid value should be 768, 1024, 2048, 3072 or 4096.
-# (This parameter is passed to gnutls_dh_params_generate2 function, 
-# it usually should match RSA key size)
-# Default : 1024
-#TLS_DH_Bits = 1024;
-
-# Alternatively, you can specify a file to load the PKCS#3 encoded
-# DH parameters directly from. This accelerates the daemon start 
-# but is slightly less secure. If this file is provided, the
-# TLS_DH_Bits parameters has no effect.
-# Default : no default.
-#TLS_DH_File = "<file.PEM>";
-
-
-##############################################################
-##  Timers configuration
-
-# The Tc timer of this peer.
-# It is the delay before a new attempt is made to reconnect a disconnected peer.
-# The value is expressed in seconds. The recommended value is 30 seconds.
-# Default: 30
-#TcTimer = 30;
-
-# The Tw timer of this peer.
-# It is the delay before a watchdog message is sent, as described in RFC 3539.
-# The value is expressed in seconds. The default value is 30 seconds. Value must
-# be greater or equal to 6 seconds. See details in the RFC.
-# Default: 30
-#TwTimer = 30;
-
-##############################################################
-##  Applications configuration
-
-# Disable the relaying of Diameter messages?
-# For messages not handled locally, the default behavior is to forward the
-# message to another peer if any is available, according to the routing 
-# algorithms. In addition the "0xffffff" application is advertised in CER/CEA 
-# exchanges.
-# Default: Relaying is enabled.
-#NoRelay;
-
-# Number of server threads that can handle incoming messages at the same time.
-# Default: 4
-#AppServThreads = 4;
-
-# Other applications are configured by loaded extensions.
-
-##############################################################
-##  Extensions configuration
-
-#  The freeDiameter framework merely provides support for
-# Diameter Base Protocol. The specific application behaviors,
-# as well as advanced functions, are provided
-# by loadable extensions (plug-ins).
-#  These extensions may in addition receive the name of a 
-# configuration file, the format of which is extension-specific.
-#
-# Format:
-#LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ;
-#
-# Examples:
-#LoadExtension = "extensions/sample.fdx";
-#LoadExtension = "extensions/sample.fdx":"conf/sample.conf";
-
-# Extensions are named as follow:
-# dict_* for extensions that add content to the dictionary definitions.
-# dbg_*  for extensions useful only to retrieve more information on the framework execution.
-# acl_*  : Access control list, to control which peers are allowed to connect.
-# rt_*   : routing extensions that impact how messages are forwarded to other peers.
-# app_*  : applications, these extensions usually register callbacks to handle specific messages.
-# test_* : dummy extensions that are useful only in testing environments.
-
-
-# The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some
-# information about some events. This extension does not actually use a configuration file
-# but receives directly a parameter in the string passed to the extension. Here are some examples:
-## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors.
-## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details.
-## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages.
-# The four digits respectively control: connections, routing decisions, sent/received messages, errors.
-# The values for each digit are:
-#  0 - default - keep the default behavior
-#  1 - quiet   - remove any specific log
-#  2 - compact - display only a summary of the information
-#  4 - full    - display the complete information on a single long line
-#  8 - tree    - display the complete information in an easier to read format spanning several lines.
-
-LoadExtension = "@libdir@/freeDiameter/dbg_msg_dumps.fdx" : "0x8888";
-LoadExtension = "@libdir@/freeDiameter/dict_rfc5777.fdx";
-LoadExtension = "@libdir@/freeDiameter/dict_mip6i.fdx";
-LoadExtension = "@libdir@/freeDiameter/dict_nasreq.fdx";
-LoadExtension = "@libdir@/freeDiameter/dict_nas_mipv6.fdx";
-LoadExtension = "@libdir@/freeDiameter/dict_dcca.fdx";
-LoadExtension = "@libdir@/freeDiameter/dict_dcca_3gpp.fdx";
-
-
-##############################################################
-##  Peers configuration
-
-#  The local server listens for incoming connections. By default,
-# all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl).
-# 
-#  In addition to incoming connections, the local peer can
-# be configured to establish and maintain connections to some 
-# Diameter nodes and allow connections from these nodes.
-#  This is achieved with the ConnectPeer directive described below.
-#
-# Note that the configured Diameter Identity MUST match
-# the information received inside CEA, or the connection will be aborted.
-#
-# Format:
-#ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ;
-# Parameters that can be specified in the peer's parameter list:
-#  No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method;
-#  No_TLS;       # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions).
-#  Port = 5868;  # The port to connect to
-#  TcTimer = 30;
-#  TwTimer = 30;
-#  ConnectTo = "202.249.37.5";
-#  ConnectTo = "2001:200:903:2::202:1";
-#  TLS_Prio = "NORMAL";
-#  Realm = "realm.net"; # Reject the peer if it does not advertise this realm.
-# Examples:
-#ConnectPeer = "aaa.wide.ad.jp";
-#ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ;
-ConnectPeer = "pcrf.localdomain" { ConnectTo = "127.0.0.5"; No_TLS; };
-
-
-##############################################################

configs/freeDiameter/pgw.key.pem

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC/vJQ49AOlI4whuk5eUfd29eEeQ/wEoPm5n0fd07Wqg+jL0DxW
-Dk393raT+uujlEp5aB2EYc+30KzQQe9m4IpA7LTSW87MLM19fodzsEtNeVQ7pEi7
-GU+ffjDnrxcyo5WvxKUZj1M8Fs1UnTiYKw+3zTOR8O+40p8O/o53nei68wIDAQAB
-AoGAarZPHH+aw79MD718PnyKKVhhqZGW4xCgzFG9EtXwpu1xlHXaDt85QxFANo4R
-teIjrPxoaTRzAlAOzn3T+0L/TnhU67WUOvSQEhGzS1liNNw024NekOy3rrqAvB3D
-esmOtR5+LtadCb2CuJdL0XALUp+F/g25CoryXsKMIg4Eg9ECQQD9fbT7n3GurBlF
-s1E+Ah1+fpD2qOvyFrK4Yzs/CYn5s1yEO0AMwLavO71Y+SIGzFnuIASbyEX4Adl/
-hxSvDp5ZAkEAwaJmOzgLsLvSf5RkYzaX+/IO/DBYowDknalMobDplaOlK5LLFNiM
-naEH6A6UV981OnIr6ScU8knC0HyDmmTyKwJAfu3jIdvE4OHsBaq0k4gbnKtjix8q
-hh43f3ywve/Y1t+pA81nVPtqfnQ7a8HT9/N7VHFT3W17G6RRdDn/cWiwgQJAOuD+
-5RLtuxfhshmVTPXU0S+Rju3EhgxHeAl628/Ht1DDcLR6PCR83ZGRreaBBRdCQDtn
-TsYrgGEdc/forJH1cQJBAMzBcACt51/OuHtPF+kxeRqgLINji82EQOGmZBvtWySI
-cRFndLh6N8OOkDnP2MwGY7j0jWveKE8mVA12ymMWZuU=
------END RSA PRIVATE KEY-----

configs/freeDiameter/smf.conf.in

@@ -0,0 +1,267 @@
+# This is a sample configuration file for freeDiameter daemon.
+
+# Most of the options can be omitted, as they default to reasonable values.
+# Only TLS-related options must be configured properly in usual setups.
+
+# It is possible to use "include" keyword to import additional files
+# e.g.: include "/etc/freeDiameter.d/*.conf"
+# This is exactly equivalent as copy & paste the content of the included file(s) 
+# where the "include" keyword is found.
+
+
+##############################################################
+##  Peer identity and realm 
+
+# The Diameter Identity of this daemon.
+# This must be a valid FQDN that resolves to the local host.
+# Default: hostname's FQDN
+#Identity = "aaa.koganei.freediameter.net";
+Identity = "smf.localdomain";
+
+# The Diameter Realm of this daemon.
+# Default: the domain part of Identity (after the first dot).
+#Realm = "koganei.freediameter.net";
+Realm = "localdomain";
+
+##############################################################
+##  Transport protocol configuration
+
+# The port this peer is listening on for incoming connections (TCP and SCTP).
+# Default: 3868. Use 0 to disable.
+#Port = 3868;
+
+# The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP).
+# See TLS_old_method for more information about TLS flavours.
+# Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter.
+# Default: 5868. Use 0 to disable.
+#SecPort = 5868;
+
+# Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed 
+# on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the 
+# CER/CEA exchange on a dedicated secure port.
+# This parameter only affects outgoing connections. 
+# The setting can be also defined per-peer (see Peers configuration section).
+# Default: use RFC6733 method with separate port for TLS.
+#TLS_old_method;
+
+# Disable use of TCP protocol (only listen and connect over SCTP)
+# Default : TCP enabled
+#No_TCP;
+
+# Disable use of SCTP protocol (only listen and connect over TCP)
+# Default : SCTP enabled
+#No_SCTP;
+# This option is ignored if freeDiameter is compiled with DISABLE_SCTP option.
+
+# Prefer TCP instead of SCTP for establishing new connections.
+# This setting may be overwritten per peer in peer configuration blocs.
+# Default : SCTP is attempted first.
+#Prefer_TCP;
+
+# Default number of streams per SCTP associations.
+# This setting may be overwritten per peer basis.
+# Default : 30 streams
+#SCTP_streams = 30;
+
+##############################################################
+##  Endpoint configuration
+
+# Disable use of IP addresses (only IPv6)
+# Default : IP enabled
+#No_IP;
+
+# Disable use of IPv6 addresses (only IP)
+# Default : IPv6 enabled
+#No_IPv6;
+
+# Specify local addresses the server must bind to
+# Default : listen on all addresses available.
+#ListenOn = "202.249.37.5";
+#ListenOn = "2001:200:903:2::202:1";
+#ListenOn = "fe80::21c:5ff:fe98:7d62%eth0";
+ListenOn = "127.0.0.4";
+
+
+##############################################################
+##  Server configuration
+
+# How many Diameter peers are allowed to be connecting at the same time ?
+# This parameter limits the number of incoming connections from the time
+# the connection is accepted until the first CER is received.
+# Default: 5 unidentified clients in paralel.
+#ThreadsPerServer = 5;
+
+##############################################################
+##  TLS Configuration
+
+# TLS is managed by the GNUTLS library in the freeDiameter daemon.
+# You may find more information about parameters and special behaviors
+# in the relevant documentation.
+# http://www.gnu.org/software/gnutls/manual/
+
+# Credentials of the local peer
+# The X509 certificate and private key file to use for the local peer.
+# The files must contain PKCS-1 encoded RSA key, in PEM format.
+# (These parameters are passed to gnutls_certificate_set_x509_key_file function)
+# Default : NO DEFAULT
+#TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
+#TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
+TLS_Cred = "@sysconfdir@/open5gs/tls/smf.crt", "@sysconfdir@/open5gs/tls/smf.key";
+
+# Certificate authority / trust anchors
+# The file containing the list of trusted Certificate Authorities (PEM list)
+# (This parameter is passed to gnutls_certificate_set_x509_trust_file function)
+# The directive can appear several times to specify several files.
+# Default : GNUTLS default behavior
+#TLS_CA = "<file.PEM>";
+TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt";
+
+# Certificate Revocation List file
+# The information about revoked certificates.
+# The file contains a list of trusted CRLs in PEM format. They should have been verified before. 
+# (This parameter is passed to gnutls_certificate_set_x509_crl_file function)
+# Note: openssl CRL format might have interoperability issue with GNUTLS format.
+# Default : GNUTLS default behavior
+#TLS_CRL = "<file.PEM>";
+
+# GNU TLS Priority string
+# This string allows to configure the behavior of GNUTLS key exchanges 
+# algorithms. See gnutls_priority_init function documentation for information.
+# You should also refer to the Diameter required TLS support here:
+#   http://tools.ietf.org/html/rfc6733#section-13.1
+# Default : "NORMAL"
+# Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL";
+#TLS_Prio = "NORMAL";
+
+# Diffie-Hellman parameters size
+# Set the number of bits for generated DH parameters
+# Valid value should be 768, 1024, 2048, 3072 or 4096.
+# (This parameter is passed to gnutls_dh_params_generate2 function, 
+# it usually should match RSA key size)
+# Default : 1024
+#TLS_DH_Bits = 1024;
+
+# Alternatively, you can specify a file to load the PKCS#3 encoded
+# DH parameters directly from. This accelerates the daemon start 
+# but is slightly less secure. If this file is provided, the
+# TLS_DH_Bits parameters has no effect.
+# Default : no default.
+#TLS_DH_File = "<file.PEM>";
+
+
+##############################################################
+##  Timers configuration
+
+# The Tc timer of this peer.
+# It is the delay before a new attempt is made to reconnect a disconnected peer.
+# The value is expressed in seconds. The recommended value is 30 seconds.
+# Default: 30
+#TcTimer = 30;
+
+# The Tw timer of this peer.
+# It is the delay before a watchdog message is sent, as described in RFC 3539.
+# The value is expressed in seconds. The default value is 30 seconds. Value must
+# be greater or equal to 6 seconds. See details in the RFC.
+# Default: 30
+#TwTimer = 30;
+
+##############################################################
+##  Applications configuration
+
+# Disable the relaying of Diameter messages?
+# For messages not handled locally, the default behavior is to forward the
+# message to another peer if any is available, according to the routing 
+# algorithms. In addition the "0xffffff" application is advertised in CER/CEA 
+# exchanges.
+# Default: Relaying is enabled.
+#NoRelay;
+NoRelay;
+
+# Number of server threads that can handle incoming messages at the same time.
+# Default: 4
+#AppServThreads = 4;
+
+# Other applications are configured by loaded extensions.
+
+##############################################################
+##  Extensions configuration
+
+#  The freeDiameter framework merely provides support for
+# Diameter Base Protocol. The specific application behaviors,
+# as well as advanced functions, are provided
+# by loadable extensions (plug-ins).
+#  These extensions may in addition receive the name of a 
+# configuration file, the format of which is extension-specific.
+#
+# Format:
+#LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ;
+#
+# Examples:
+#LoadExtension = "extensions/sample.fdx";
+#LoadExtension = "extensions/sample.fdx":"conf/sample.conf";
+
+# Extensions are named as follow:
+# dict_* for extensions that add content to the dictionary definitions.
+# dbg_*  for extensions useful only to retrieve more information on the framework execution.
+# acl_*  : Access control list, to control which peers are allowed to connect.
+# rt_*   : routing extensions that impact how messages are forwarded to other peers.
+# app_*  : applications, these extensions usually register callbacks to handle specific messages.
+# test_* : dummy extensions that are useful only in testing environments.
+
+
+# The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some
+# information about some events. This extension does not actually use a configuration file
+# but receives directly a parameter in the string passed to the extension. Here are some examples:
+## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors.
+## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details.
+## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages.
+# The four digits respectively control: connections, routing decisions, sent/received messages, errors.
+# The values for each digit are:
+#  0 - default - keep the default behavior
+#  1 - quiet   - remove any specific log
+#  2 - compact - display only a summary of the information
+#  4 - full    - display the complete information on a single long line
+#  8 - tree    - display the complete information in an easier to read format spanning several lines.
+
+LoadExtension = "@libdir@/freeDiameter/dbg_msg_dumps.fdx" : "0x8888";
+LoadExtension = "@libdir@/freeDiameter/dict_rfc5777.fdx";
+LoadExtension = "@libdir@/freeDiameter/dict_mip6i.fdx";
+LoadExtension = "@libdir@/freeDiameter/dict_nasreq.fdx";
+LoadExtension = "@libdir@/freeDiameter/dict_nas_mipv6.fdx";
+LoadExtension = "@libdir@/freeDiameter/dict_dcca.fdx";
+LoadExtension = "@libdir@/freeDiameter/dict_dcca_3gpp.fdx";
+
+
+##############################################################
+##  Peers configuration
+
+#  The local server listens for incoming connections. By default,
+# all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl).
+# 
+#  In addition to incoming connections, the local peer can
+# be configured to establish and maintain connections to some 
+# Diameter nodes and allow connections from these nodes.
+#  This is achieved with the ConnectPeer directive described below.
+#
+# Note that the configured Diameter Identity MUST match
+# the information received inside CEA, or the connection will be aborted.
+#
+# Format:
+#ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ;
+# Parameters that can be specified in the peer's parameter list:
+#  No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method;
+#  No_TLS;       # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions).
+#  Port = 5868;  # The port to connect to
+#  TcTimer = 30;
+#  TwTimer = 30;
+#  ConnectTo = "202.249.37.5";
+#  ConnectTo = "2001:200:903:2::202:1";
+#  TLS_Prio = "NORMAL";
+#  Realm = "realm.net"; # Reject the peer if it does not advertise this realm.
+# Examples:
+#ConnectPeer = "aaa.wide.ad.jp";
+#ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ;
+ConnectPeer = "pcrf.localdomain" { ConnectTo = "127.0.0.9"; No_TLS; };
+
+
+##############################################################

configs/installed.yaml.in

@@ -1,589 +0,0 @@
-db_uri: mongodb://localhost/open5gs
-
-logger:
-    file: @localstatedir@/log/open5gs/open5gs.log
-# 
-#  o Set OGS_LOG_INFO to all domain level
-#   - If `level` is omitted, the default level is OGS_LOG_INFO)
-#   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
-#
-#  o Set OGS_LOG_ERROR to all domain level
-#   - `level` can be set with none, fatal, error, warn, info, debug, trace
-#    level: error
-#
-#  o Set OGS_LOG_DEBUG to mme/emm domain level
-#    level: debug
-#    domain: mme,emm
-#
-#  o Set OGS_LOG_TRACE to all domain level
-#    level: trace
-#    domain: core,s1ap,nas,fd,gtp,mme,emm,esm,sgw,pgw,hss,pcrf,event,tlv,mem,sock
-#
-
-# 
-# parameter:
-#
-#  o Number of output streams per SCTP associations.
-#      sctp_streams: 30
-#
-#  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
-#
-#  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
-#
-#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
-#
-#  o Enable Multicast traffic to the UE
-#      multicast: true
-#
-#  o Disable Stateless Address Autoconfiguration for IPv6
-#      no_slaac: true
-#
-#
-parameter:
-    no_ipv6: true
-
-# 
-# sctp:
-#
-#  o heartbit_interval : 5000 (5secs)
-#  o rto_initial : 3000 (3secs)
-#  o rto_min : 1000 (1sec)
-#  o rto_max : 5000 (5secs)
-#  o max_num_of_ostreams : 30
-#  o max_num_of_istreams : 65535
-#  o max_attempts : 4
-#  o max_initial_timeout : 8000(8secs)
-#  o usrsctp_udp_port : 9899
-sctp:
-
-# 
-# max:
-#
-# o Maximum Number of SGW per MME 
-#    sgw: 32
-# o Maximum Number of PGW per MME 
-#    pgw: 32
-# o Maximum Number of VLR per MME 
-#    vlr: 32
-# o Maximum Number of eNodeB per MME 
-#    enb: 32
-# o Maximum Number of UE per eNodeB 
-#    ue: 128
-#
-max:
-
-# 
-# pool:
-#
-# o The Number of Default Memory Pool Size
-#
-#   - Pool-size 128         => 8192 Number
-#   - Pool-size 256         => 4096 Number
-#   - Pool-size 512         => 2048 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  8192
-#    256:  4096
-#    512:  2048
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-# o Memory of Packet Buffering in SGW
-#   - Maximum Number of packet(SDU size = 8Kbytes) pool in SGW 
-#   - SGW Memory Usage : 65536 * 8Kbytes = 512Mbytes
-#
-#   packet: 65536
-pool:
-
-mme:
-    freeDiameter: @sysconfdir@/freeDiameter/mme.conf
-
-#
-#  <S1AP Server>>
-#
-#  o S1AP Server(all address avaiable)
-#    s1ap:
-#
-#  o S1AP Server(0.0.0.0:36412)
-#    s1ap:
-#      addr: 0.0.0.0
-#
-#  o S1AP Server(127.0.0.1:36412, [::1]:36412)
-#    s1ap:
-#      - addr: 127.0.0.1
-#      - addr: ::1
-
-#  o S1AP Server(different port)
-#    s1ap:
-#      - addr: 127.0.0.1
-#        port: 36413
-#
-#  o S1AP Server(address avaiable in `eth0` interface)
-#    s1ap:
-#      dev: eth0
-#
-    s1ap:
-
-#
-#  <GTP-C Server>>
-#
-#  o GTP-C Server(all address avaiable)
-#    gtpc:
-#
-#  o GTP-C Server(127.0.0.1:2123, [::1]:2123)
-#    gtpc:
-#      - addr: 127.0.0.1
-#      - addr: ::1
-#
-    gtpc:
-
-#
-#  <sgsap>
-#
-#  o Single MSC/VLR(127.0.0.2)
-#    sgsap:
-#      addr: 127.0.0.2
-#      map:
-#        tai:
-#          plmn_id:
-#            mcc: 001
-#            mnc: 01
-#          tac: 4130
-#        lai:
-#          plmn_id:
-#            mcc: 001
-#            mnc: 01
-#          lac: 43690
-#      map:
-#        tai:
-#          plmn_id:
-#            mcc: 002
-#            mnc: 02
-#          tac: 4132
-#        lai:
-#          plmn_id:
-#            mcc: 002
-#            mnc: 02
-#          lac: 43692
-#
-#  o Multiple MSC/VLR
-#    sgsap:
-#      - addr: 127.0.0.2
-#        port: 29119
-#        map:
-#          tai:
-#            plmn_id:
-#              mcc: 001
-#              mnc: 01
-#            tac: 4131
-#          lai:
-#            plmn_id:
-#              mcc: 001
-#              mnc: 01
-#            lac: 43691
-#        map:
-#          tai:
-#            plmn_id:
-#              mcc: 002
-#              mnc: 02
-#            tac: 4132
-#          lai:
-#            plmn_id:
-#              mcc: 002
-#              mnc: 02
-#            lac: 43692
-#      - addr
-#         - 127.0.0.3
-#         - fe80::2%@loopback_devname@
-#        map:
-#          tai:
-#            plmn_id:
-#              mcc: 001
-#              mnc: 01
-#            tac: 4132
-#          lai:
-#            plmn_id:
-#              mcc: 002
-#              mnc: 02
-#            lac: 43692
-#      - name: msc.open5gs.org
-#        map:
-#          tai:
-#            plmn_id:
-#              mcc: 001
-#              mnc: 01
-#            tac: 4133
-#          lai:
-#            plmn_id:
-#              mcc: 002
-#              mnc: 02
-#            lac: 43693
-#
-    sgsap:
-
-
-#
-#  <GUMMEI>
-#
-#  o Multiple GUMMEI
-#    gummei: 
-#      - plmn_id:
-#          mcc: 001
-#          mnc: 01
-#        mme_gid: 2
-#        mme_code: 1
-#      - plmn_id:
-#          - mcc: 002
-#            mnc: 02
-#          - mcc: 003
-#            mnc: 03
-#        mme_gid: [3, 4]
-#        mme_code:
-#          - 2
-#          - 3
-#
-    gummei: 
-      plmn_id:
-        mcc: 001
-        mnc: 01
-      mme_gid: 2
-      mme_code: 1
-
-#
-#  <TAI>
-#
-#  o Multiple TAI
-#    tai:
-#      - plmn_id:
-#          mcc: 001
-#          mnc: 01
-#        tac: [1, 2, 3]
-#    tai:
-#      - plmn_id:
-#          mcc: 002
-#          mnc: 02
-#        tac: 4
-#      - plmn_id:
-#          mcc: 003
-#          mnc: 03
-#        tac: 5
-#    tai:
-#      - plmn_id:
-#          mcc: 004
-#          mnc: 04
-#        tac: [6, 7]
-#      - plmn_id:
-#          mcc: 005
-#          mnc: 05
-#        tac: 8
-#      - plmn_id:
-#          mcc: 006
-#          mnc: 06
-#        tac: [9, 10]
-#
-    tai:
-      plmn_id:
-        mcc: 001
-        mnc: 01
-      tac: 12345
-
-    security:
-        integrity_order : [ EIA1, EIA2, EIA0 ]
-        ciphering_order : [ EEA0, EEA1, EEA2 ]
-
-#
-#  <Network Name>
-#    network_name:
-#        full: Open5GS
-#        short: Next
-#
-
-    network_name:
-        full: Open5GS
-
-hss:
-    freeDiameter: @sysconfdir@/freeDiameter/hss.conf
-
-sgw:
-#
-#  ------------------------ MME --------------------------
-#
-#  o Specify SGW addresses the GTP-C must connect to
-#
-#  o One SGW is defined. If prefer_ipv4 is not true, [fe80::2%@loopback_devname@] is selected.
-#    gtpc:
-#      addr:
-#        - 127.0.0.2
-#        - fe80::2%@loopback_devname@
-#
-#  o Two SGW are defined. MME selects SGW with round-robin manner per UE
-#    gtpc:
-#      - addr: 127.0.0.2
-#      - addr: fe80::2%@loopback_devname@
-#
-#  o Three SGW are defined. MME selects SGW with round-robin manner per UE
-#    gtpc:
-#      - addr
-#        - 127.0.0.2
-#        - fe80::2%@loopback_devname@
-#      - addr
-#        - 127.0.0.12
-#        - fe80::12%@loopback_devname@
-#      - name: sgw3.open5gs.org
-#
-#  ------------------------ SGW --------------------------
-#
-#  o GTP-C Server(127.0.0.2:2123, [fe80::2%@loopback_devname@]:2123)
-#    gtpc:
-#      addr:
-#        - 127.0.0.2
-#        - fe80::2%@loopback_devname@
-#
-#  o On SGW, Same Configuration(127.0.0.2:2123, [fe80::2%@loopback_devname@]:2123) as below.
-#    gtpc:
-#      - addr: 127.0.0.2
-#      - addr: fe80::2%@loopback_devname@
-#
-    gtpc:
-      addr: 127.0.0.2
-
-#
-# <SGW Selection Mode>
-# 
-# o Round-Robin
-#   (If `selection_mode` is omitted, the default mode is Round-Robin)
-#
-#   selection_mode: rr
-#   gtpc:
-#     addr: 127.0.0.2
-#     addr: 127.0.2.2
-#     addr: 127.0.4.2
-#
-# o SGW selection by eNodeB TAC
-#
-#   selection_mode: tac
-#   gtpc:
-#     - addr: 127.0.0.2
-#       tac: 26000
-#     - addr: 127.0.2.2
-#       tac: [25000, 27000, 28000]
-#
-
-#
-#  <GTP-U Server>
-#
-#  o GTP-U Server(all address avaiable)
-#    gtpu:
-#
-#  o Provide custom SGW GTP-U address to be advertised inside S1AP messages
-#    gtpu:
-#      addr: 10.4.128.21
-#      advertise_addr: 172.24.15.30
-#
-#    gtpu:
-#      addr: 10.4.128.21
-#      advertise_name: sgw1.epc.mnc001.mcc001.3gppnetwork.org
-#
-#    gtpu:
-#     dev: ens3
-#     advertise_name: sgw1.epc.mnc001.mcc001.3gppnetwork.org
-#    
-    gtpu:
-
-pgw:
-    freeDiameter: @sysconfdir@/freeDiameter/pgw.conf
-
-#
-#  ------------------------ MME --------------------------
-#
-#  o By default, the PGW uses the first PGW node.
-#    - To use a different APN for each PGW, specify gtpc.apn as the APN name.
-#    - If the HSS uses WebUI to set the PGW IP for eacho UE,
-#      you can use a specific PGW node for each UE.
-#
-#  o Two PGW are defined. 127.0.0.3:2123 is used.
-#    [fe80::3%@loopback_devname@]:2123 is ignored.
-#    gtpc:
-#      - addr: 127.0.0.3
-#      - addr: fe80::3%@loopback_devname@
-#
-#  o One PGW is defined. if prefer_ipv4 is not true,
-#    [fe80::3%@loopback_devname@] is selected.
-#    gtpc:
-#      - addr: 
-#        - 127.0.0.3
-#        - fe80::3%@loopback_devname@
-#
-#  o Two PGW are defined with a different APN.
-#    - Note that if PGW IP for UE is configured in HSS,
-#      the following configurion for this UE is ignored.
-#    gtpc:
-#      - addr: 127.0.0.3
-#        apn: internet
-#      - addr: 127.0.0.5
-#        apn: volte
-#
-#  o If APN is omitted, the default APN uses the first PGW node.
-#    gtpc:
-#      - addr: 127.0.0.3
-#      - addr: 127.0.0.5
-#        apn: volte
-#  ------------------------ PGW --------------------------
-#
-#  o GTP-C Server(127.0.0.3:2123, [fe80::3%@loopback_devname@]:2123)
-#    gtpc:
-#      addr:
-#        - 127.0.0.3
-#        - fe80::3%@loopback_devname@
-#
-#  o On PGW, Same configuration(127.0.0.3:2123, [fe80::3%@loopback_devname@]:2123).
-#    gtpc:
-#      - addr: 127.0.0.3
-#      - addr: fe80::3%@loopback_devname@
-#
-    gtpc:
-      addr:
-        - 127.0.0.3
-        - ::1
-
-#
-#  <GTP-U Server>>
-#
-#  o GTP-U Server(127.0.0.3:2152, [::1]:2152)
-#    gtpu:
-#      - addr: 127.0.0.3
-#      - addr: ::1
-#
-#  o Same configuration(127.0.0.3:2152, [::1]:2152) as below.
-#    gtpu:
-#      name: localhost
-#
-    gtpu:
-      - addr: 127.0.0.3
-      - addr: ::1
-
-#
-#  <UE Pool>
-#
-#  o IPv4 Pool
-#    $ sudo ip addr add 10.45.0.1/16 dev ogstun
-#
-#    ue_pool:
-#      addr: 10.45.0.1/16
-#
-#  o IPv4/IPv6 Pool
-#    $ sudo ip addr add 10.45.0.1/16 dev ogstun
-#    $ sudo ip addr add cafe:1::1/64 dev ogstun
-#
-#    ue_pool:
-#      - addr: 10.45.0.1/16
-#      - addr: cafe:1::1/64
-#
-#
-#  o Specific APN(e.g 'volte') uses 10.46.0.1/16, cafe:2::1/64
-#    All other APNs use 10.45.0.1/16, cafe:1::1/64
-#    $ sudo ip addr add 10.45.0.1/16 dev ogstun
-#    $ sudo ip addr add 10.46.0.1/16 dev ogstun
-#    $ sudo ip addr add cafe:1::1/64 dev ogstun
-#    $ sudo ip addr add cafe:2::1/64 dev ogstun
-#
-#    ue_pool:
-#      - addr: 10.45.0.1/16
-#      - addr: cafe:1::1/64
-#      - addr: 10.46.0.1/16
-#        apn: volte
-#      - addr: cafe:2::1/64
-#        apn: volte
-#
-#  o Multiple Devices (default: ogstun)
-#    $ sudo ip addr add 10.45.0.1/16 dev ogstun
-#    $ sudo ip addr add cafe:1::1/64 dev ogstun2
-#    $ sudo ip addr add 10.46.0.1/16 dev ogstun3
-#    $ sudo ip addr add cafe:2::1/64 dev ogstun3
-#
-#    ue_pool:
-#      - addr: 10.45.0.1/16
-#      - addr: cafe:1::1/64
-#        dev: ogstun2
-#      - addr: 10.46.0.1/16
-#        apn: volte
-#        dev: ogstun3
-#      - addr: cafe:2::1/64
-#        apn: volte
-#        dev: ogstun3
-#
-#  o Pool Range Sample
-#    ue_pool:
-#      - addr: 10.45.0.1/24
-#        range: 10.45.0.100-10.45.0.200
-#
-#    ue_pool:
-#      - addr: 10.45.0.1/24
-#        range:
-#          - 10.45.0.5-10.45.0.50
-#          - 10.45.0.100-
-#
-#    ue_pool:
-#      - addr: 10.45.0.1/24
-#        range:
-#          - -10.45.0.200
-#          - 10.45.0.210-10.45.0.220
-#
-#    ue_pool:
-#      - addr: 10.45.0.1/16
-#        range:
-#          - 10.45.0.100-10.45.0.200
-#          - 10.45.1.100-10.45.1.200
-#      - addr: cafe::1/64
-#        range:
-#          - cafe::a0-cafe:b0
-#          - cafe::c0-cafe:d0
-#
-#
-    ue_pool:
-      - addr: 10.45.0.1/16
-      - addr: cafe::1/64
-
-#
-#  <Domain Name Server>
-#
-#  o Primary/Secondary can be configured. Others are ignored.
-#
-    dns:
-      - 8.8.8.8
-      - 8.8.4.4
-      - 2001:4860:4860::8888
-      - 2001:4860:4860::8844
-
-#
-#  <MTU Size>
-#
-#  o Provisioning a limit on the size of the packets sent by the MS
-#    to avoid packet fragmentation in the backbone network
-#    between the MS and the GGSN/PGW and/or across the (S)Gi reference point)
-#    when some of the backbone links does not support
-#    packets larger then 1500 octets
-#
-    mtu: 1400
-
-#
-#  <P-CSCF>
-#
-#  o Proxy Call Session Control Function
-#
-#    p-cscf:
-#      - 127.0.0.1
-#      - ::1
-#
-
-pcrf:
-    freeDiameter: @sysconfdir@/freeDiameter/pcrf.conf

configs/logrotate/open5gs.in

@@ -7,7 +7,7 @@
     create 640 open5gs open5gs
 
     postrotate
-        for i in pcrfd pgwd sgwd hssd mmed; do
+        for i in nrfd scpd pcrfd hssd ausfd udmd udrd upfd sgwcd sgwud smfd mmed amfd; do
             systemctl reload open5gs-$i
         done
     endscript

configs/meson.build

@@ -22,25 +22,23 @@ conf_data.set('sysconfdir', sysconfdir)
 conf_data.set('libdir', libdir)
 conf_data.set('localstatedir', localstatedir)
 
-freediameter_extensions_builddir = join_paths(
-        meson.build_root(), 'subprojects', 'freeDiameter', 'extensions')
-conf_data.set('freediameter_extensions_builddir',
-        freediameter_extensions_builddir)
+build_configs_dir = join_paths(open5gs_build_dir, 'configs')
+conf_data.set('build_configs_dir', build_configs_dir)
 
-if host_system == 'linux'
-    conf_data.set('loopback_devname', 'lo')
-else
-    conf_data.set('loopback_devname', 'lo0')
-endif
+build_subprojects_freeDiameter_extensions_dir = join_paths(
+        open5gs_build_dir, 'subprojects', 'freeDiameter', 'extensions')
+conf_data.set('build_subprojects_freeDiameter_extensions_dir',
+        build_subprojects_freeDiameter_extensions_dir)
 
 example_conf = '''
-    simple.yaml
-    installed.yaml
-    split.yaml
-    mnc3.yaml
+    sample.yaml
+    310014.yaml
     csfb.yaml
     volte.yaml
-    srslte.yaml
+    vonr.yaml
+    slice.yaml
+    srsenb.yaml
+    non3gpp.yaml
 '''.split()
 
 foreach file : example_conf

configs/mnc3.yaml.in

@@ -1,127 +0,0 @@
-db_uri: mongodb://localhost/open5gs
-
-logger:
-
-parameter:
-    no_ipv6: true
-
-mme:
-    freeDiameter:
-      identity: mme.localdomain
-      realm: localdomain
-      listen_on: 127.0.0.2
-      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
-          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp.fdx
-      connect:
-        - identity: hss.localdomain
-          addr: 127.0.0.4
-
-    s1ap:
-      addr: 127.0.0.1
-    gtpc:
-      addr: 127.0.0.1
-    gummei: 
-      plmn_id:
-        mcc: 310
-        mnc: 014
-      mme_gid: 32798
-      mme_code: 100
-    tai:
-      plmn_id:
-        mcc: 310
-        mnc: 014
-      tac: [50, 51, 52, 53]
-    security:
-        integrity_order : [ EIA1, EIA2, EIA0 ]
-        ciphering_order : [ EEA0, EEA1, EEA2 ]
-
-    network_name:
-        full: Open5GS
-
-hss:
-    freeDiameter:
-      identity: hss.localdomain
-      realm: localdomain
-      listen_on: 127.0.0.4
-      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
-          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp.fdx
-      connect:
-        - identity: mme.localdomain
-          addr: 127.0.0.2
-
-sgw:
-    gtpc:
-      addr: 127.0.0.2
-    gtpu:
-      addr: 127.0.0.2
-
-pgw:
-    freeDiameter:
-      identity: pgw.localdomain
-      realm: localdomain
-      listen_on: 127.0.0.3
-      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
-          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp.fdx
-      connect:
-      connect:
-        - identity: pcrf.localdomain
-          addr: 127.0.0.5
-
-    gtpc:
-      - addr:
-        - 127.0.0.3
-        - ::1
-      - addr:
-        - 127.0.0.4
-        apn: starent.com
-    gtpu:
-      - addr: 127.0.0.3
-      - addr: ::1
-    ue_pool:
-      - addr: 10.45.0.1/16
-      - addr: cafe::1/64
-    dns:
-      - 8.8.8.8
-      - 8.8.4.4
-      - 2001:4860:4860::8888
-      - 2001:4860:4860::8844
-    mtu: 1400
-
-pcrf:
-    freeDiameter:
-      identity: pcrf.localdomain
-      realm: localdomain
-      listen_on: 127.0.0.5
-      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
-          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp.fdx
-      connect:
-        - identity: pgw.localdomain
-          addr: 127.0.0.3

configs/newsyslog/open5gs.conf.in

@@ -1,8 +1,16 @@
 # truncate rails logs every day at midnight, keep 14 previous logs, compress previous logs
 #
 # logfilename                         [owner:group] mode count size  when  flags [/pid_file]        [sig_num]
-@localstatedir@/log/open5gs/pcrf.log              644  14    *     $D0   GZ    @localstatedir@/run/open5gs-pcrfd/pid`
-@localstatedir@/log/open5gs/pgw.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-pgwd/pid`
-@localstatedir@/log/open5gs/sgw.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-sgwd/pid`
+@localstatedir@/log/open5gs/nrf.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-nrfd/pid`
+@localstatedir@/log/open5gs/scp.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-scpd/pid`
+@localstatedir@/log/open5gs/pcrf.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-pcrfd/pid`
 @localstatedir@/log/open5gs/hss.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-hssd/pid`
+@localstatedir@/log/open5gs/ausf.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-ausfd/pid`
+@localstatedir@/log/open5gs/udm.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-udmd/pid`
+@localstatedir@/log/open5gs/udr.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-udrd/pid`
+@localstatedir@/log/open5gs/upf.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-upfd/pid`
+@localstatedir@/log/open5gs/sgwc.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-sgwcd/pid`
+@localstatedir@/log/open5gs/sgwu.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-sgwud/pid`
+@localstatedir@/log/open5gs/smf.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-smfd/pid`
 @localstatedir@/log/open5gs/mme.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-mmed/pid`
+@localstatedir@/log/open5gs/amf.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-amfd/pid`

configs/non3gpp.yaml.in

@@ -0,0 +1,257 @@
+db_uri: mongodb://localhost/open5gs
+
+logger:
+
+sbi:
+    server:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testserver.key
+      cert: @build_configs_dir@/open5gs/tls/testserver.crt
+    client:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testclient.key
+      cert: @build_configs_dir@/open5gs/tls/testclient.crt
+
+parameter:
+#    no_nrf: true
+#    no_scp: true
+#    no_amf: true
+#    no_smf: true
+#    no_upf: true
+#    no_ausf: true
+#    no_udm: true
+#    no_pcf: true
+#    no_nssf: true
+#    no_bsf: true
+#    no_udr: true
+#    no_mme: true
+#    no_sgwc: true
+#    no_sgwu: true
+#    no_pcrf: true
+#    no_hss: true
+#    use_mongodb_change_stream: true
+
+mme:
+    freeDiameter:
+      identity: mme.localdomain
+      realm: localdomain
+      listen_on: 127.0.0.2
+      no_fwd: true
+      load_extension:
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
+          conf: 0x8888
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+      connect:
+        - identity: hss.localdomain
+          addr: 127.0.0.8
+
+    s1ap:
+      - addr: 127.0.0.2
+    gtpc:
+      - addr: 127.0.0.2
+    gummei:
+      plmn_id:
+        mcc: 999
+        mnc: 70
+      mme_gid: 2
+      mme_code: 1
+    tai:
+      plmn_id:
+        mcc: 999
+        mnc: 70
+      tac: 1
+    security:
+        integrity_order : [ EIA2, EIA1, EIA0 ]
+        ciphering_order : [ EEA0, EEA1, EEA2 ]
+
+    network_name:
+        full: Open5GS
+
+sgwc:
+    gtpc:
+      - addr: 127.0.0.3
+    pfcp:
+      - addr: 127.0.0.3
+
+smf:
+    sbi:
+      - addr: 127.0.0.4
+        port: 7777
+    pfcp:
+      - addr: 127.0.0.4
+    gtpc:
+      - addr: 127.0.0.4
+      - addr: ::1
+    gtpu:
+      - addr: 127.0.0.4
+      - addr: ::1
+    subnet:
+      - addr: 10.45.0.1/16
+      - addr: 2001:db8:cafe::1/48
+    dns:
+      - 8.8.8.8
+      - 8.8.4.4
+      - 2001:4860:4860::8888
+      - 2001:4860:4860::8844
+    mtu: 1400
+    freeDiameter:
+      identity: smf.localdomain
+      realm: localdomain
+      listen_on: 127.0.0.4
+      no_fwd: true
+      load_extension:
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
+          conf: 0x8888
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+      connect:
+        - identity: pcrf.localdomain
+          addr: 127.0.0.9
+        - identity: aaa.localdomain
+          addr: 127.0.0.1
+amf:
+    sbi:
+      - addr: 127.0.0.5
+        port: 7777
+    ngap:
+      - addr: 127.0.0.5
+    guami:
+      - plmn_id:
+          mcc: 999
+          mnc: 70
+        amf_id:
+          region: 2
+          set: 1
+    tai:
+      - plmn_id:
+          mcc: 999
+          mnc: 70
+        tac: 1
+    plmn_support:
+      - plmn_id:
+          mcc: 999
+          mnc: 70
+        s_nssai:
+          - sst: 1
+    security:
+        integrity_order : [ NIA2, NIA1, NIA0 ]
+        ciphering_order : [ NEA0, NEA1, NEA2 ]
+    network_name:
+        full: Open5GS
+    amf_name: open5gs-amf0
+
+sgwu:
+    pfcp:
+      - addr: 127.0.0.6
+    gtpu:
+      - addr: 127.0.0.6
+
+upf:
+    pfcp:
+      - addr: 127.0.0.7
+    gtpu:
+      - addr: 127.0.0.7
+    subnet:
+      - addr: 10.45.0.1/16
+      - addr: 2001:db8:cafe::1/48
+    metrics:
+      - addr: 127.0.0.7
+        port: 9090
+
+hss:
+    freeDiameter:
+      identity: hss.localdomain
+      realm: localdomain
+      listen_on: 127.0.0.8
+      no_fwd: true
+      load_extension:
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
+          conf: 0x8888
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+      connect:
+        - identity: mme.localdomain
+          addr: 127.0.0.2
+        - identity: aaa.localdomain
+          addr: 127.0.0.1
+pcrf:
+    freeDiameter:
+      identity: pcrf.localdomain
+      realm: localdomain
+      listen_on: 127.0.0.9
+      no_fwd: true
+      load_extension:
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
+          conf: 0x8888
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+      connect:
+        - identity: smf.localdomain
+          addr: 127.0.0.4
+
+nrf:
+    sbi:
+      - addr:
+        - 127.0.0.10
+        - ::1
+        port: 7777
+
+ausf:
+    sbi:
+      - addr: 127.0.0.11
+        port: 7777
+
+udm:
+    sbi:
+      - addr: 127.0.0.12
+        port: 7777
+
+pcf:
+    sbi:
+      - addr: 127.0.0.13
+        port: 7777
+    metrics:
+      - addr: 127.0.0.13
+        port: 9090
+
+nssf:
+    sbi:
+      - addr: 127.0.0.14
+        port: 7777
+    nsi:
+      - addr: 127.0.0.10
+        port: 7777
+        s_nssai:
+          sst: 1
+bsf:
+    sbi:
+      - addr: 127.0.0.15
+        port: 7777
+
+udr:
+    sbi:
+      - addr: 127.0.0.20
+        port: 7777
+
+time:
+  t3512:
+    value: 540     # 9 mintues * 60 = 540 seconds

configs/open5gs/amf.yaml.in

@@ -0,0 +1,714 @@
+#
+#  o Set OGS_LOG_INFO to all domain level
+#   - If `level` is omitted, the default level is OGS_LOG_INFO)
+#   - If `domain` is omitted, the all domain level is set from 'level'
+#    (Default values are used, so no configuration is required)
+#
+#  o Set OGS_LOG_ERROR to all domain level
+#   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
+#    level: error
+#
+#  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
+#    level: debug
+#    domain: mme,emm
+#
+#  o Set OGS_LOG_TRACE to all domain level
+#  logger:
+#    level: trace
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
+logger:
+    file: @localstatedir@/log/open5gs/amf.log
+
+#
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/amf.key
+      cert: @sysconfdir@/open5gs/tls/amf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/amf.key
+      cert: @sysconfdir@/open5gs/tls/amf.crt
+
+#
+#  <SBI Server>
+#
+#  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - addr:
+#          - 0.0.0.0
+#          - ::0
+#        port: 7777
+#
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  amf:
+#    sbi:
+#
+#  o SBI Server(https://127.0.0.5:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  amf:
+#    sbi:
+#      - addr: 127.0.0.5
+#      - addr: ::1
+#
+#  o SBI Server(https://amf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  amf:
+#    sbi:
+#      - name: amf.open5gs.org
+#
+#  o SBI Server(http://127.0.0.5:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - addr: 127.0.0.5
+#        port: 7777
+#
+#  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - dev: eth0
+#
+#  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - dev: eth0
+#        advertise: open5gs-amf.svc.local
+#
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - addr: localhost
+#        advertise:
+#          - 127.0.0.99
+#          - ::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      addr: 127.0.0.5
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  amf:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  amf:
+#    service_name:
+#      - namf-comm
+#
+#  <NF Discovery Query Parameter>
+#
+#  o (Default) If you do not set Query Parameter as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - addr: 127.0.0.5
+#        port: 7777
+#
+#    - 'service-names' is included.
+#
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - addr: 127.0.0.5
+#        port: 7777
+#    discovery:
+#      option:
+#        no_service_names: false
+#
+#  o To remove 'service-names' from URI query parameters in NS Discovery
+#         no_service_names: true
+#
+#    * For Indirect Communication with Delegated Discovery,
+#      'service-names' is always included in the URI query parameter.
+#    * That is, 'no_service_names' has no effect.
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - addr: 127.0.0.5
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - addr: 127.0.0.5
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
+#  <NGAP Server>>
+#
+#  o NGAP Server(all address available)
+#  amf:
+#    ngap:
+#
+#  o NGAP Server(0.0.0.0:38412)
+#  amf:
+#    ngap:
+#      addr: 0.0.0.0
+#
+#  o NGAP Server(127.0.0.5:38412, [::1]:38412)
+#  amf:
+#    ngap:
+#      - addr: 127.0.0.5
+#      - addr: ::1
+#
+#  o NGAP Server(different port)
+#  amf:
+#    ngap:
+#      - addr: 127.0.0.5
+#        port: 38413
+#
+#  o NGAP Server(address available in `eth0` interface)
+#  amf:
+#    ngap:
+#      dev: eth0
+#
+#  o NGAP Option (Default)
+#    - sctp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  amf:
+#    ngap:
+#      addr: 127.0.0.5
+#      option:
+#        stcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  o NGAP SCTP Option (Default)
+#    - spp_hbinterval : 5000 (5secs)
+#    - spp_sackdelay : 200 (200ms)
+#    - srto_initial : 3000 (3secs)
+#    - srto_min : 1000 (1sec)
+#    - srto_max : 5000 (5secs)
+#    - sinit_num_ostreams : 30
+#    - sinit_max_instreams : 65535
+#    - sinit_max_attempts : 4
+#    - sinit_max_init_timeo : 8000(8secs)
+#
+#  amf:
+#    ngap:
+#      addr: 127.0.0.5
+#      option:
+#        sctp:
+#          spp_hbinterval : 5000
+#          spp_sackdelay : 200
+#          srto_initial : 3000
+#          srto_min : 1000
+#          srto_max : 5000
+#          sinit_num_ostreams : 30
+#          sinit_max_instreams : 65535
+#          sinit_max_attempts : 4
+#          sinit_max_init_timeo : 8000
+#
+#  <Metrics Server>
+#
+#  o Metrics Server(http://<any address>:9090)
+#  amf:
+#    metrics:
+#      - addr: 0.0.0.0
+#        port: 9090
+#
+#  <GUAMI>
+#
+#  o Multiple GUAMI
+#  amf:
+#    guami:
+#      - plmn_id:
+#          mcc: 999
+#          mnc: 70
+#        amf_id:
+#          region: 2
+#          set: 1
+#          pointer: 4
+#      - plmn_id:
+#          mcc: 001
+#          mnc: 01
+#        amf_id:
+#          region: 5
+#          set: 2
+#
+#  <TAI>
+#
+#  o Multiple TAI
+#
+#  When multiple TAIs are configured as shown below,
+#  the Served TAI is determined by comparing UserLocationInformation
+#  of UplinkNASTransport sent from gNB.
+#
+#  For example, if the gNB sends TAC with 30 to the AMF,
+#  the fourth TAI (TAC: 20, 28, 29-32, 36-38, 40-42, 50, 60, 70, 70)
+#  is determined as the Served TAI. The result is transmitted to the gNB
+#  as a Tracking Area identity List in Registration Accept.
+#
+#  amf:
+#    tai:
+#      - plmn_id:
+#          mcc: 001
+#          mnc: 01
+#        tac: [1, 3, 5]
+#    tai:
+#      - plmn_id:
+#          mcc: 002
+#          mnc: 02
+#        tac: [6-10, 15-18]
+#    tai:
+#      - plmn_id:
+#          mcc: 003
+#          mnc: 03
+#        tac: 20
+#      - plmn_id:
+#          mcc: 004
+#          mnc: 04
+#        tac: 21
+#    tai:
+#      - plmn_id:
+#          mcc: 005
+#          mnc: 05
+#        tac: [22, 28]
+#      - plmn_id:
+#          mcc: 006
+#          mnc: 06
+#        tac: [30-32, 34, 36-38, 40-42, 44, 46, 48]
+#      - plmn_id:
+#          mcc: 007
+#          mnc: 07
+#        tac: 50
+#      - plmn_id:
+#          mcc: 008
+#          mnc: 08
+#        tac: 60
+#      - plmn_id:
+#          mcc: 009
+#          mnc: 09
+#        tac: [70, 80]
+#
+#  <PLMN Support>
+#
+#  o Multiple PLMN Support
+#  amf:
+#    plmn_support:
+#      - plmn_id:
+#          mcc: 999
+#          mnc: 70
+#        s_nssai:
+#          - sst: 1
+#            sd: 010000
+#      - plmn_id:
+#          mcc: 999
+#          mnc: 70
+#        s_nssai:
+#          - sst: 1
+#
+#
+#  <Access Control>
+#
+#  If access_control is not specified, then all networks are allowed
+#  If access_control is defined,
+#  no other networks are allowed  other than matching plmn_id.
+#
+#  default_reject_cause may be used to overwrite the default error cause #11
+#  for non matching plmn_id
+#
+#  for matching plmn_id with reject_cause defined,
+#  the AMF rejects access with the reject_cause error cause
+#
+#  for matching plmn_id without reject_cause defined,
+#  the AMF accepts the PLMN traffic
+#
+#  o The example below only accepts 002/02 and 999/70 PLMNs.
+#    001/01 is rejected with cause 15,
+#    and the rest of the PLMNs are rejected with default cause 13.
+#
+#  amf:
+#    access_control:
+#      - default_reject_cause: 13
+#      - plmn_id:
+#          reject_cause: 15
+#          mcc: 001
+#          mnc: 01
+#      - plmn_id:
+#          mcc: 002
+#          mnc: 02
+#      - plmn_id:
+#          mcc: 999
+#          mnc: 70
+#
+#
+#  <Network Name>
+#
+#  amf:
+#    network_name:
+#        full: Open5GS
+#        short: Next
+#
+#  <AMF Name>
+#
+#  amf:
+#    amf_name: amf1.open5gs.amf.5gc.mnc70.mcc999.3gppnetwork.org
+#
+#  <Relative Capacity> - Default(255)
+#
+#  amf:
+#    relative_capacity: 100
+#
+amf:
+    sbi:
+      - addr: 127.0.0.5
+        port: 7777
+    ngap:
+      - addr: 127.0.0.5
+    metrics:
+      - addr: 127.0.0.5
+        port: 9090
+    guami:
+      - plmn_id:
+          mcc: 999
+          mnc: 70
+        amf_id:
+          region: 2
+          set: 1
+    tai:
+      - plmn_id:
+          mcc: 999
+          mnc: 70
+        tac: 1
+    plmn_support:
+      - plmn_id:
+          mcc: 999
+          mnc: 70
+        s_nssai:
+          - sst: 1
+    security:
+        integrity_order : [ NIA2, NIA1, NIA0 ]
+        ciphering_order : [ NEA0, NEA1, NEA2 ]
+    network_name:
+        full: Open5GS
+    amf_name: open5gs-amf0
+
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
+#      - addr: 127.0.0.10
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
+#      - name: nrf.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
+#    If prefer_ipv4 is true, http://127.0.0.10:80 is selected.
+#
+#    sbi:
+#      addr:
+#        - 127.0.0.10
+#        - fd69:f21d:873c:fa::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777
+
+#
+#  o Disable use of IPv4 addresses (only IPv6)
+#  parameter:
+#    no_ipv4: true
+#
+#  o Disable use of IPv6 addresses (only IPv4)
+#  parameter:
+#    no_ipv6: true
+#
+#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
+#  parameter:
+#    prefer_ipv4: true
+#
+parameter:
+
+#
+#  o Maximum Number of UE
+#  max:
+#    ue: 1024
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
+#
+max:
+
+#
+# usrsctp:
+#    udp_port : 9899
+#
+usrsctp:
+
+#
+#  o NF Instance Heartbeat (Default : 0)
+#    NFs will not send heart-beat timer in NFProfile
+#    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
+#
+#  o NF Instance Heartbeat (20 seconds)
+#    NFs will send heart-beat timer (20 seconds) in NFProfile
+#    NRF can change heart-beat timer in NFProfile
+#
+#  time:
+#    nf_instance:
+#      heartbeat: 20
+#
+#  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
+#
+#  o Message Wait Duration (3000 ms)
+#  time:
+#    message:
+#        duration: 3000
+#
+#  o Handover Wait Duration (Default : 300 ms)
+#    Time to wait for AMF to send UEContextReleaseCommand
+#    to the source gNB after receiving HandoverNotify
+#    (Default values are used, so no configuration is required)
+#
+#  o Handover Wait Duration (500ms)
+#  time:
+#    handover:
+#        duration: 500
+#
+#  o Timers of 5GS mobility/session management
+#  time:
+#    t3502:
+#      value: 720  # 12 minutes * 60 = 720 seconds
+#    t3512:
+#      value: 3240 # 54 minutes * 60 = 3240 seconds
+#
+time:
+  t3512:
+    value: 540     # 9 mintues * 60 = 540 seconds

configs/open5gs/ausf.yaml.in

@@ -0,0 +1,441 @@
+#
+#  o Set OGS_LOG_INFO to all domain level
+#   - If `level` is omitted, the default level is OGS_LOG_INFO)
+#   - If `domain` is omitted, the all domain level is set from 'level'
+#    (Default values are used, so no configuration is required)
+#
+#  o Set OGS_LOG_ERROR to all domain level
+#   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
+#    level: error
+#
+#  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
+#    level: debug
+#    domain: mme,emm
+#
+#  o Set OGS_LOG_TRACE to all domain level
+#  logger:
+#    level: trace
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
+logger:
+    file: @localstatedir@/log/open5gs/ausf.log
+
+#
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/ausf.key
+      cert: @sysconfdir@/open5gs/tls/ausf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/ausf.key
+      cert: @sysconfdir@/open5gs/tls/ausf.crt
+
+#
+#  <SBI Server>
+#
+#  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - addr:
+#          - 0.0.0.0
+#          - ::0
+#        port: 7777
+#
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/ausf.key
+#      cert: /etc/open5gs/tls/ausf.crt
+#  ausf:
+#    sbi:
+#
+#  o SBI Server(https://127.0.0.11:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/ausf.key
+#      cert: /etc/open5gs/tls/ausf.crt
+#  ausf:
+#    sbi:
+#      - addr: 127.0.0.11
+#      - addr: ::1
+#
+#  o SBI Server(https://ausf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/ausf.key
+#      cert: /etc/open5gs/tls/ausf.crt
+#  ausf:
+#    sbi:
+#      - name: ausf.open5gs.org
+#
+#  o SBI Server(http://127.0.0.11:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - addr: 127.0.0.11
+#        port: 7777
+#
+#  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - dev: eth0
+#
+#  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - dev: eth0
+#        advertise: open5gs-ausf.svc.local
+#
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - addr: localhost
+#        advertise:
+#          - 127.0.0.99
+#          - ::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      addr: 127.0.0.11
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  ausf:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  ausf:
+#    service_name:
+#      - nausf-auth
+#
+#  <NF Discovery Query Parameter>
+#
+#  o (Default) If you do not set Query Parameter as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - addr: 127.0.0.11
+#        port: 7777
+#
+#    - 'service-names' is included.
+#
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - addr: 127.0.0.11
+#        port: 7777
+#    discovery:
+#      option:
+#        no_service_names: false
+#
+#  o To remove 'service-names' from URI query parameters in NS Discovery
+#         no_service_names: true
+#
+#    * For Indirect Communication with Delegated Discovery,
+#      'service-names' is always included in the URI query parameter.
+#    * That is, 'no_service_names' has no effect.
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - addr: 127.0.0.11
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - addr: 127.0.0.11
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
+ausf:
+    sbi:
+      - addr: 127.0.0.11
+        port: 7777
+
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
+#      - addr: 127.0.0.10
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
+#      - name: nrf.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
+#    If prefer_ipv4 is true, http://127.0.0.10:80 is selected.
+#
+#    sbi:
+#      addr:
+#        - 127.0.0.10
+#        - fd69:f21d:873c:fa::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777
+
+#
+#  o Disable use of IPv4 addresses (only IPv6)
+#  parameter:
+#    no_ipv4: true
+#
+#  o Disable use of IPv6 addresses (only IPv4)
+#  parameter:
+#    no_ipv6: true
+#
+#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
+#  parameter:
+#    prefer_ipv4: true
+#
+parameter:
+
+#
+#  o Maximum Number of UE
+#  max:
+#    ue: 1024
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
+#
+max:
+
+#
+#  o NF Instance Heartbeat (Default : 0)
+#    NFs will not send heart-beat timer in NFProfile
+#    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
+#
+#  o NF Instance Heartbeat (20 seconds)
+#    NFs will send heart-beat timer (20 seconds) in NFProfile
+#    NRF can change heart-beat timer in NFProfile
+#
+#  time:
+#    nf_instance:
+#      heartbeat: 20
+#
+#  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
+#
+#  o Message Wait Duration (3000 ms)
+#  time:
+#    message:
+#        duration: 3000
+time:

configs/open5gs/bsf.yaml.in

@@ -0,0 +1,441 @@
+#
+#  o Set OGS_LOG_INFO to all domain level
+#   - If `level` is omitted, the default level is OGS_LOG_INFO)
+#   - If `domain` is omitted, the all domain level is set from 'level'
+#    (Default values are used, so no configuration is required)
+#
+#  o Set OGS_LOG_ERROR to all domain level
+#   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
+#    level: error
+#
+#  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
+#    level: debug
+#    domain: mme,emm
+#
+#  o Set OGS_LOG_TRACE to all domain level
+#  logger:
+#    level: trace
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
+logger:
+    file: @localstatedir@/log/open5gs/bsf.log
+
+#
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/bsf.key
+      cert: @sysconfdir@/open5gs/tls/bsf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/bsf.key
+      cert: @sysconfdir@/open5gs/tls/bsf.crt
+
+#
+#  <SBI Server>
+#
+#  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr:
+#          - 0.0.0.0
+#          - ::0
+#        port: 7777
+#
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
+#    sbi:
+#
+#  o SBI Server(https://127.0.0.15:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
+#    sbi:
+#      - addr: 127.0.0.15
+#      - addr: ::1
+#
+#  o SBI Server(https://bsf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
+#    sbi:
+#      - name: bsf.open5gs.org
+#
+#  o SBI Server(http://127.0.0.15:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr: 127.0.0.15
+#        port: 7777
+#
+#  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - dev: eth0
+#
+#  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - dev: eth0
+#        advertise: open5gs-bsf.svc.local
+#
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr: localhost
+#        advertise:
+#          - 127.0.0.99
+#          - ::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      addr: 127.0.0.15
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  bsf:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  bsf:
+#    service_name:
+#      - nbsf-management
+#
+#  <NF Discovery Query Parameter>
+#
+#  o (Default) If you do not set Query Parameter as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr: 127.0.0.15
+#        port: 7777
+#
+#    - 'service-names' is included.
+#
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr: 127.0.0.15
+#        port: 7777
+#    discovery:
+#      option:
+#        no_service_names: false
+#
+#  o To remove 'service-names' from URI query parameters in NS Discovery
+#         no_service_names: true
+#
+#    * For Indirect Communication with Delegated Discovery,
+#      'service-names' is always included in the URI query parameter.
+#    * That is, 'no_service_names' has no effect.
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr: 127.0.0.15
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr: 127.0.0.15
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
+bsf:
+    sbi:
+      - addr: 127.0.0.15
+        port: 7777
+
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
+#      - addr: 127.0.0.10
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
+#      - name: nrf.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
+#    If prefer_ipv4 is true, http://127.0.0.10:80 is selected.
+#
+#    sbi:
+#      addr:
+#        - 127.0.0.10
+#        - fd69:f21d:873c:fa::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777
+
+#
+#  o Disable use of IPv4 addresses (only IPv6)
+#  parameter:
+#    no_ipv4: true
+#
+#  o Disable use of IPv6 addresses (only IPv4)
+#  parameter:
+#    no_ipv6: true
+#
+#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
+#  parameter:
+#    prefer_ipv4: true
+#
+parameter:
+
+#
+#  o Maximum Number of UE
+#  max:
+#    ue: 1024
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
+#
+max:
+
+#
+#  o NF Instance Heartbeat (Default : 0)
+#    NFs will not send heart-beat timer in NFProfile
+#    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
+#
+#  o NF Instance Heartbeat (20 seconds)
+#    NFs will send heart-beat timer (20 seconds) in NFProfile
+#    NRF can change heart-beat timer in NFProfile
+#
+#  time:
+#    nf_instance:
+#      heartbeat: 20
+#
+#  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
+#
+#  o Message Wait Duration (3000 ms)
+#  time:
+#    message:
+#        duration: 3000
+time:

configs/open5gs/hnet/curve25519-1.key

@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VuBCIEIBDJxn6GGlYloduPaEEjiW2bNQYZnT3xlo4HtshEi7FH
+-----END PRIVATE KEY-----

configs/open5gs/hnet/curve25519-3.key

@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VuBCIEIFAK2WjCQjB8TU7COXwdIKVhKGjPa+SJuyOVObjfW9hM
+-----END PRIVATE KEY-----

configs/open5gs/hnet/curve25519-5.key

@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VuBCIEIHh8rsYF8otbnyb8bcrhD1AAV5C9iBtjTlYJY3k5k0dt
+-----END PRIVATE KEY-----

configs/open5gs/hnet/meson.build

@@ -0,0 +1,38 @@
+# Copyright (C) 2022 by Sukchan Lee <acetcom@gmail.com>
+
+# This file is part of Open5GS.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+hnet_sysconfdir = join_paths(open5gs_sysconfdir, 'hnet')
+meson.add_install_script(python3_exe, '-c',
+        mkdir_p.format(hnet_sysconfdir))
+
+hnet_security = '''
+  curve25519-1.key
+  secp256r1-2.key
+  curve25519-3.key
+  secp256r1-4.key
+  curve25519-5.key
+  secp256r1-6.key
+'''.split()
+
+foreach file : hnet_security
+    gen = configure_file(
+            input : file,
+            output : file,
+            configuration : conf_data)
+    meson.add_install_script(python3_exe, '-c',
+            install_conf.format(gen, hnet_sysconfdir))
+endforeach

configs/open5gs/hnet/secp256r1-2.key

@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIHSp+RhHH1bzvv2lxR1zij+U9aUtS8nbl5n1Il+8zd5BoAoGCCqGSM49
+AwEHoUQDQgAEre/NExfRzoVi7CW5G0gAEg4SNtbiZh6kI1qE48hdokS8QqWUz1YS
+9J6PvihX2OSZ+RMixzf8zxu9tuTUJKgKlQ==
+-----END EC PRIVATE KEY-----

configs/open5gs/hnet/secp256r1-4.key

@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIAGZvsOAU0YMHhBK33hRkGMPkA3Xefq5b5hPQD6qnf5goAoGCCqGSM49
+AwEHoUQDQgAEdXfTAGY+0ibQoO9bfmk7+M/l//BiMzO6lNIUEMSj1k3k9SQPygGY
+jAuUHpVM4Uo6cWxuyurEn8pWn1vF3tVhbg==
+-----END EC PRIVATE KEY-----

configs/open5gs/hnet/secp256r1-6.key

@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIG3VKSXh/3WK0HzCkN1DgeUjF7TSLgAUyMn/WGHsxrZ3oAoGCCqGSM49
+AwEHoUQDQgAENU1ibHe7oWu4m6M8P0XoA78ZNKtdIsJgVU0nCk/c5sC3V+/4GuxU
+owtbASEXQZg4SGvts+1Yqz0p4WwCAAcwpQ==
+-----END EC PRIVATE KEY-----

configs/open5gs/hss.yaml.in

@@ -1,9 +1,63 @@
 db_uri: mongodb://localhost/open5gs
 
+#
+#  o Set OGS_LOG_INFO to all domain level
+#   - If `level` is omitted, the default level is OGS_LOG_INFO)
+#   - If `domain` is omitted, the all domain level is set from 'level'
+#    (Default values are used, so no configuration is required)
+#
+#  o Set OGS_LOG_ERROR to all domain level
+#   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
+#    level: error
+#
+#  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
+#    level: debug
+#    domain: mme,emm
+#
+#  o Set OGS_LOG_TRACE to all domain level
+#  logger:
+#    level: trace
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
 logger:
     file: @localstatedir@/log/open5gs/hss.log
 
-parameter:
-
 hss:
     freeDiameter: @sysconfdir@/freeDiameter/hss.conf
+
+#
+#  hss:
+#    sms_over_ims: "sip:smsc.mnc001.mcc001.3gppnetwork.org:7060;transport=tcp"
+#
+
+#
+#  o Disable use of IPv4 addresses (only IPv6)
+#  parameter:
+#    no_ipv4: true
+#
+#  o Disable use of IPv6 addresses (only IPv4)
+#  parameter:
+#    no_ipv6: true
+#
+#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
+#  parameter:
+#    prefer_ipv4: true
+#
+#  o Use MongoDB Change Stream
+#  parameter:
+#    use_mongodb_change_stream: true
+#
+parameter:
+
+#
+#  o Maximum Number of UE
+#  max:
+#    ue: 1024
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
+#
+max:

configs/open5gs/meson.build

@@ -21,10 +21,21 @@ meson.add_install_script(python3_exe, '-c',
 
 open5gs_conf = '''
     mme.yaml
+    sgwc.yaml
+    sgwu.yaml
+    smf.yaml
+    amf.yaml
+    upf.yaml
     hss.yaml
-    sgw.yaml
-    pgw.yaml
     pcrf.yaml
+    nrf.yaml
+    scp.yaml
+    ausf.yaml
+    udm.yaml
+    udr.yaml
+    pcf.yaml
+    nssf.yaml
+    bsf.yaml
 '''.split()
 
 foreach file : open5gs_conf
@@ -35,3 +46,6 @@ foreach file : open5gs_conf
     meson.add_install_script(python3_exe, '-c',
             install_conf.format(gen, open5gs_sysconfdir))
 endforeach
+
+subdir('tls')
+subdir('hnet')

configs/open5gs/mme.yaml.in

@@ -1,35 +1,518 @@
+#
+#  o Set OGS_LOG_INFO to all domain level
+#   - If `level` is omitted, the default level is OGS_LOG_INFO)
+#   - If `domain` is omitted, the all domain level is set from 'level'
+#    (Default values are used, so no configuration is required)
+#
+#  o Set OGS_LOG_ERROR to all domain level
+#   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
+#    level: error
+#
+#  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
+#    level: debug
+#    domain: mme,emm
+#
+#  o Set OGS_LOG_TRACE to all domain level
+#  logger:
+#    level: trace
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
 logger:
     file: @localstatedir@/log/open5gs/mme.log
 
-parameter:
-
+#
+#  <S1AP Server>>
+#
+#  o S1AP Server(all address available)
+#  mme:
+#    s1ap:
+#
+#  o S1AP Server(0.0.0.0:36412)
+#  mme:
+#    s1ap:
+#      addr: 0.0.0.0
+#
+#  o S1AP Server(127.0.0.2:36412, [::1]:36412)
+#  mme:
+#    s1ap:
+#      - addr: 127.0.0.2
+#      - addr: ::1
+#
+#  o S1AP Server(different port)
+#  mme:
+#    s1ap:
+#      - addr: 127.0.0.2
+#        port: 36413
+#
+#  o S1AP Server(address available in `eth0` interface)
+#  mme:
+#    s1ap:
+#      dev: eth0
+#
+#  o S1AP Option (Default)
+#    - sctp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  mme:
+#    s1ap:
+#      addr: 127.0.0.2
+#      option:
+#        stcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  o S1AP SCTP Option (Default)
+#    - spp_hbinterval : 5000 (5secs)
+#    - spp_sackdelay : 200 (200ms)
+#    - srto_initial : 3000 (3secs)
+#    - srto_min : 1000 (1sec)
+#    - srto_max : 5000 (5secs)
+#    - sinit_num_ostreams : 30
+#    - sinit_max_instreams : 65535
+#    - sinit_max_attempts : 4
+#    - sinit_max_init_timeo : 8000(8secs)
+#
+#  mme:
+#    s1ap:
+#      addr: 127.0.0.2
+#      option:
+#        sctp:
+#          spp_hbinterval : 5000
+#          spp_sackdelay : 200
+#          srto_initial : 3000
+#          srto_min : 1000
+#          srto_max : 5000
+#          sinit_num_ostreams : 30
+#          sinit_max_instreams : 65535
+#          sinit_max_attempts : 4
+#          sinit_max_init_timeo : 8000
+#
+#  <GTP-C Server>>
+#
+#  o GTP-C Server(all address available)
+#  mme:
+#    gtpc:
+#
+#  o GTP-C Server(127.0.0.2:2123, [::1]:2123)
+#  mme:
+#    gtpc:
+#      - addr: 127.0.0.2
+#      - addr: ::1
+#
+#  <SGsAP>
+#
+#  o Single MSC/VLR(127.0.0.2)
+#  mme:
+#    sgsap:
+#      addr: 127.0.0.2
+#      map:
+#        tai:
+#          plmn_id:
+#            mcc: 001
+#            mnc: 01
+#          tac: 4130
+#        lai:
+#          plmn_id:
+#            mcc: 001
+#            mnc: 01
+#          lac: 43690
+#      map:
+#        tai:
+#          plmn_id:
+#            mcc: 002
+#            mnc: 02
+#          tac: 4132
+#        lai:
+#          plmn_id:
+#            mcc: 002
+#            mnc: 02
+#          lac: 43692
+#
+#  o Multiple MSC/VLR
+#  mme:
+#    sgsap:
+#      - addr: 127.0.0.2
+#        port: 29119
+#        map:
+#          tai:
+#            plmn_id:
+#              mcc: 001
+#              mnc: 01
+#            tac: 4131
+#          lai:
+#            plmn_id:
+#              mcc: 001
+#              mnc: 01
+#            lac: 43691
+#        map:
+#          tai:
+#            plmn_id:
+#              mcc: 002
+#              mnc: 02
+#            tac: 4132
+#          lai:
+#            plmn_id:
+#              mcc: 002
+#              mnc: 02
+#            lac: 43692
+#      - addr
+#         - 127.0.0.4
+#         - fd69:f21d:873c:fa::2
+#        map:
+#          tai:
+#            plmn_id:
+#              mcc: 001
+#              mnc: 01
+#            tac: 4132
+#          lai:
+#            plmn_id:
+#              mcc: 002
+#              mnc: 02
+#            lac: 43692
+#      - name: msc.open5gs.org
+#        map:
+#          tai:
+#            plmn_id:
+#              mcc: 001
+#              mnc: 01
+#            tac: 4133
+#          lai:
+#            plmn_id:
+#              mcc: 002
+#              mnc: 02
+#            lac: 43693
+#
+#  <Metrics Server>
+#
+#  o Metrics Server(http://<any address>:9090)
+#  mme:
+#    metrics:
+#      - addr: 0.0.0.0
+#        port: 9090
+#
+#  <GUMMEI>
+#
+#  o Multiple GUMMEI
+#  mme:
+#    gummei:
+#      - plmn_id:
+#          mcc: 001
+#          mnc: 01
+#        mme_gid: 2
+#        mme_code: 1
+#      - plmn_id:
+#          - mcc: 002
+#            mnc: 02
+#          - mcc: 003
+#            mnc: 03
+#        mme_gid: [3, 4]
+#        mme_code:
+#          - 2
+#          - 3
+#
+#
+#  <TAI>
+#
+#  o Multiple TAI
+#
+#  When multiple TAIs are configured as shown below,
+#  the Served TAI is determined by comparing UserLocationInformation
+#  of UplinkNASTransport sent from eNB.
+#
+#  For example, if the eNB sends TAC with 30 to the MME,
+#  the fourth TAI (TAC: 20, 28, 29-32, 36-38, 40-42, 50, 60, 70, 70)
+#  is determined as the Served TAI. The result is transmitted to the eNB
+#  as a Tracking Area identity List in Registration Accept.
+#
+#  mme:
+#    tai:
+#      - plmn_id:
+#          mcc: 001
+#          mnc: 01
+#        tac: [1, 3, 5]
+#    tai:
+#      - plmn_id:
+#          mcc: 002
+#          mnc: 02
+#        tac: [6-10, 15-18]
+#    tai:
+#      - plmn_id:
+#          mcc: 003
+#          mnc: 03
+#        tac: 20
+#      - plmn_id:
+#          mcc: 004
+#          mnc: 04
+#        tac: 21
+#    tai:
+#      - plmn_id:
+#          mcc: 005
+#          mnc: 05
+#        tac: [22, 28]
+#      - plmn_id:
+#          mcc: 006
+#          mnc: 06
+#        tac: [30-32, 34, 36-38, 40-42, 44, 46, 48]
+#      - plmn_id:
+#          mcc: 007
+#          mnc: 07
+#        tac: 50
+#      - plmn_id:
+#          mcc: 008
+#          mnc: 08
+#        tac: 60
+#      - plmn_id:
+#          mcc: 009
+#          mnc: 09
+#        tac: [70, 80]
+#
+#
+#  <Access Control>
+#
+#  If access_control is not specified, then all networks are allowed
+#  If access_control is defined,
+#  no other networks are allowed  other than matching plmn_id.
+#
+#  default_reject_cause may be used to overwrite the default error cause #11
+#  for non matching plmn_id
+#
+#  for matching plmn_id with reject_cause defined,
+#  the MME rejects access with the reject_cause error cause
+#
+#  for matching plmn_id without reject_cause defined,
+#  the MME accepts the PLMN traffic
+#
+#  o The example below only accepts 002/02 and 999/70 PLMNs.
+#    001/01 is rejected with cause 15,
+#    and the rest of the PLMNs are rejected with default cause 13.
+#
+#  mme:
+#    access_control:
+#      - default_reject_cause: 13
+#      - plmn_id:
+#          reject_cause: 15
+#          mcc: 001
+#          mnc: 01
+#      - plmn_id:
+#          mcc: 002
+#          mnc: 02
+#      - plmn_id:
+#          mcc: 999
+#          mnc: 70
+#
+#
+#  <Network Name>
+#  mme:
+#    network_name:
+#        full: Open5GS
+#        short: Next
+#
+#  <MME Name>
+#  mme:
+#    mme_name: open5gs-mme0
+#
+#  <Relative Capacity> - Default(255)
+#  mme:
+#    relative_capacity: 100
+#
 mme:
     freeDiameter: @sysconfdir@/freeDiameter/mme.conf
     s1ap:
+      - addr: 127.0.0.2
     gtpc:
-    gummei: 
+      - addr: 127.0.0.2
+    metrics:
+      - addr: 127.0.0.2
+        port: 9090
+    gummei:
       plmn_id:
-        mcc: 001
-        mnc: 01
+        mcc: 999
+        mnc: 70
       mme_gid: 2
       mme_code: 1
     tai:
       plmn_id:
-        mcc: 001
-        mnc: 01
-      tac: 12345
+        mcc: 999
+        mnc: 70
+      tac: 1
     security:
-        integrity_order : [ EIA1, EIA2, EIA0 ]
+        integrity_order : [ EIA2, EIA1, EIA0 ]
         ciphering_order : [ EEA0, EEA1, EEA2 ]
     network_name:
         full: Open5GS
+    mme_name: open5gs-mme0
 
-sgw:
+#
+# <GTP-C Client>
+#
+#  o Specify SGW addresses the GTP-C must connect to
+#
+#  o One SGW is defined.
+#    If prefer_ipv4 is not true, [fd69:f21d:873c:fa::2] is selected.
+#  sgwc:
+#    gtpc:
+#      addr:
+#        - 127.0.0.3
+#        - fd69:f21d:873c:fa::2
+#
+#  o Two SGW are defined. MME selects SGW with round-robin manner per UE
+#  sgwc:
+#    gtpc:
+#      - addr: 127.0.0.3
+#      - addr: fd69:f21d:873c:fa::2
+#
+#  o Three SGW are defined. MME selects SGW with round-robin manner per UE
+#  sgwc:
+#    gtpc:
+#      - addr
+#        - 127.0.0.3
+#        - fd69:f21d:873c:fa::2
+#      - addr
+#        - 127.0.0.22
+#        - fd69:f21d:873c:fa::12
+#      - name: sgw3.open5gs.org
+#
+# <SGW Selection Mode>
+#
+#  o Round-Robin
+#  sgwc:
+#    gtpc:
+#      addr: 127.0.0.3
+#      addr: 127.0.2.2
+#      addr: 127.0.4.2
+#
+#  o SGW selection by eNodeB TAC
+#   (either single TAC or multiple TACs, DECIMAL representation)
+#
+#  sgwc:
+#    gtpc:
+#      - addr: 127.0.0.3
+#        tac: 26000
+#      - addr: 127.0.2.2
+#        tac: [25000, 27000, 28000]
+#
+# o SGW selection by e_cell_id(28bit)
+#   (either single or multiple e_cell_id, HEX representation)
+#
+#  sgwc:
+#    gtpc:
+#      - addr: 127.0.0.3
+#        e_cell_id: abcde01
+#      - addr: 127.0.2.2
+#        e_cell_id: [12345, a9413, 98765]
+#
+sgwc:
     gtpc:
-      addr: 127.0.0.2
+      - addr: 127.0.0.3
 
-pgw:
+#
+# smf:
+#
+#  <GTP-C Client>
+#
+#  o By default, the SMF uses the first SMF node.
+#    - To use a different APN for each SMF, specify gtpc.apn as the APN name.
+#    - If the HSS uses WebUI to set the SMF IP for each UE,
+#      you can use a specific SMF node for each UE.
+#    (Default values are used, so no configuration is required)
+#
+#  o Two SMF are defined. 127.0.0.4:2123 is used.
+#    [fd69:f21d:873c:fa::3]:2123 is ignored.
+#  smf:
+#    gtpc:
+#      - addr: 127.0.0.4
+#      - addr: fd69:f21d:873c:fa::3
+#
+#  o One SMF is defined. if prefer_ipv4 is not true,
+#    [fd69:f21d:873c:fa::3] is selected.
+#  smf:
+#    gtpc:
+#      - addr:
+#        - 127.0.0.4
+#        - fd69:f21d:873c:fa::3
+#
+#  o Two SMF are defined with a different APN.
+#    - Note that if SMF IP for UE is configured in HSS,
+#      the following configurion for this UE is ignored.
+#  smf:
+#    gtpc:
+#      - addr: 127.0.0.4
+#        apn: internet
+#      - addr: 127.0.0.5
+#        apn: volte
+#
+#  o If APN is omitted, the default APN uses the first SMF node.
+#  smf:
+#    gtpc:
+#      - addr: 127.0.0.4
+#      - addr: 127.0.0.5
+#        apn: volte
+smf:
     gtpc:
-      addr:
-        - 127.0.0.3
+      - addr:
+        - 127.0.0.4
         - ::1
+
+#
+#  o Disable use of IPv4 addresses (only IPv6)
+#  parameter:
+#    no_ipv4: true
+#
+#  o Disable use of IPv6 addresses (only IPv4)
+#  parameter:
+#    no_ipv6: true
+#
+#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
+#  parameter:
+#    prefer_ipv4: true
+#
+parameter:
+
+#
+#  o Maximum Number of UE
+#  max:
+#    ue: 1024
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
+#
+max:
+
+#
+# usrsctp:
+#    udp_port : 9899
+#
+usrsctp:
+
+#
+#  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
+#
+#  o Message Wait Duration (3000 ms)
+#  time:
+#    message:
+#        duration: 3000
+#
+#  o Handover Wait Duration (Default : 300 ms)
+#    Time to wait for MME to send UEContextReleaseCommand
+#    to the source eNB after receiving HandoverNotify
+#    (Default values are used, so no configuration is required)
+#
+#  o Handover Wait Duration (500ms)
+#  time:
+#    handover:
+#        duration: 500
+#
+#  o Timers of EPS mobility/session management
+#  time:
+#    t3402:
+#      value: 720  # 12 minutes * 60 = 720 seconds
+#    t3412:
+#      value: 3240 # 54 minutes * 60 = 3240 seconds
+#    t3423:
+#      value: 720  # 12 minutes * 60 = 720 seconds
+time:

configs/open5gs/nrf.yaml.in

@@ -0,0 +1,337 @@
+#
+#  o Set OGS_LOG_INFO to all domain level
+#   - If `level` is omitted, the default level is OGS_LOG_INFO)
+#   - If `domain` is omitted, the all domain level is set from 'level'
+#    (Default values are used, so no configuration is required)
+#
+#  o Set OGS_LOG_ERROR to all domain level
+#   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
+#    level: error
+#
+#  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
+#    level: debug
+#    domain: mme,emm
+#
+#  o Set OGS_LOG_TRACE to all domain level
+#  logger:
+#    level: trace
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
+logger:
+    file: @localstatedir@/log/open5gs/nrf.log
+
+#
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/nrf.key
+      cert: @sysconfdir@/open5gs/tls/nrf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/nrf.key
+      cert: @sysconfdir@/open5gs/tls/nrf.crt
+
+#
+#  <SBI Server>
+#
+#  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      - addr:
+#          - 0.0.0.0
+#          - ::0
+#        port: 7777
+#
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/nrf.key
+#      cert: /etc/open5gs/tls/nrf.crt
+#  nrf:
+#    sbi:
+#
+#  o SBI Server(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/nrf.key
+#      cert: /etc/open5gs/tls/nrf.crt
+#  nrf:
+#    sbi:
+#      - addr: 127.0.0.10
+#      - addr: ::1
+#
+#  o SBI Server(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/nrf.key
+#      cert: /etc/open5gs/tls/nrf.crt
+#  nrf:
+#    sbi:
+#      - name: nrf.open5gs.org
+#
+#  o SBI Server(http://127.0.0.10:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      - addr: 127.0.0.10
+#        port: 7777
+#
+#  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      - dev: eth0
+#
+#  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      - dev: eth0
+#        advertise: open5gs-nrf.svc.local
+#
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      - addr: localhost
+#        advertise:
+#          - 127.0.0.99
+#          - ::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  nrf:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  nrf:
+#    service_name:
+#      - nnrf-nfm
+#      - nnrf-disc
+#
+nrf:
+    sbi:
+      - addr:
+        - 127.0.0.10
+        - ::1
+        port: 7777
+
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
+
+#
+#  o Disable use of IPv4 addresses (only IPv6)
+#  parameter:
+#    no_ipv4: true
+#
+#  o Disable use of IPv6 addresses (only IPv4)
+#  parameter:
+#    no_ipv6: true
+#
+#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
+#  parameter:
+#    prefer_ipv4: true
+#
+parameter:
+
+#
+#  o Maximum Number of UE
+#  max:
+#    ue: 1024
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
+#
+max:
+
+#
+#
+#  o NF Instance Heartbeat (Default : 10 seconds)
+#    (Default values are used, so no configuration is required)
+#
+#  o NF Instance Heartbeat (Disabled)
+#  time:
+#    nf_instance:
+#      heartbeat: 0
+#
+#  o NF Instance Heartbeat (5 seconds)
+#  time:
+#    nf_instance:
+#      heartbeat: 5
+#
+#  o NF Instance Validity (Default : 3600 seconds = 1 hour)
+#    (Default values are used, so no configuration is required)
+#
+#  o NF Instance Validity (10 seconds)
+#  time:
+#    nf_instance:
+#      validity: 10
+#
+#  o Subscription Validity (Default : 86400 seconds = 1 day)
+#    (Default values are used, so no configuration is required)
+#
+#  o Subscription Validity (Disabled)
+#  time:
+#    subscription:
+#      validity: 0
+#
+#  o Subscription Validity (3600 seconds = 1 hour)
+#  time:
+#    subscription:
+#      validity: 3600
+#
+#  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
+#
+#  o Message Wait Duration (3000 ms)
+#  time:
+#    message:
+#        duration: 3000
+time:

configs/open5gs/nssf.yaml.in

@@ -0,0 +1,499 @@
+#
+#  o Set OGS_LOG_INFO to all domain level
+#   - If `level` is omitted, the default level is OGS_LOG_INFO)
+#   - If `domain` is omitted, the all domain level is set from 'level'
+#    (Default values are used, so no configuration is required)
+#
+#  o Set OGS_LOG_ERROR to all domain level
+#   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
+#    level: error
+#
+#  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
+#    level: debug
+#    domain: mme,emm
+#
+#  o Set OGS_LOG_TRACE to all domain level
+#  logger:
+#    level: trace
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
+logger:
+    file: @localstatedir@/log/open5gs/nssf.log
+
+#
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/nssf.key
+      cert: @sysconfdir@/open5gs/tls/nssf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/nssf.key
+      cert: @sysconfdir@/open5gs/tls/nssf.crt
+
+#
+#  <SBI Server>
+#
+#  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - addr:
+#          - 0.0.0.0
+#          - ::0
+#        port: 7777
+#
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/nssf.key
+#      cert: /etc/open5gs/tls/nssf.crt
+#  nssf:
+#    sbi:
+#
+#  o SBI Server(https://127.0.0.14:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/nssf.key
+#      cert: /etc/open5gs/tls/nssf.crt
+#  nssf:
+#    sbi:
+#      - addr: 127.0.0.14
+#      - addr: ::1
+#
+#  o SBI Server(https://nssf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/nssf.key
+#      cert: /etc/open5gs/tls/nssf.crt
+#  nssf:
+#    sbi:
+#      - name: nssf.open5gs.org
+#
+#  o SBI Server(http://127.0.0.14:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - addr: 127.0.0.14
+#        port: 7777
+#
+#  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - dev: eth0
+#
+#  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - dev: eth0
+#        advertise: open5gs-nssf.svc.local
+#
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - addr: localhost
+#        advertise:
+#          - 127.0.0.99
+#          - ::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      addr: 127.0.0.14
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <List of available Network Slice Instance(NSI)>
+#
+#  o One NSI
+#   - NRF[http://::1:7777/nnrf-nfm/v1/nf-instances]
+#     NSSAI[SST:1]
+#
+#  nssf:
+#    nsi:
+#      - addr: ::1
+#        port: 7777
+#        s_nssai:
+#          sst: 1
+#
+#  o Three NSI
+#   1. NRF[http://::1:7777/nnrf-nfm/v1/nf-instances]
+#      S-NSSAI[SST:1]
+#
+#   2. NRF[http://127.0.0.19:7777/nnrf-nfm/v1/nf-instances]
+#      NSSAI[SST:1, SD:000080]
+#
+#   2. NRF[http://127.0.0.10:7777/nnrf-nfm/v1/nf-instances]
+#      NSSAI[SST:1, SD:009000]
+#
+#  nssf:
+#    nsi:
+#      - addr: ::1
+#        port: 7777
+#        s_nssai:
+#          sst: 1
+#      - addr: 127.0.0.19
+#        port: 7777
+#        s_nssai:
+#          sst: 1
+#          sd: 000080
+#      - addr: 127.0.0.10
+#        port: 7777
+#        s_nssai:
+#          sst: 1
+#          sd: 009000
+#
+#  o NSI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  nssf:
+#    nsi:
+#      addr: ::1
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  nssf:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  nssf:
+#    service_name:
+#      - nnssf-nsselection
+#
+#  <NF Discovery Query Parameter>
+#
+#  o (Default) If you do not set Query Parameter as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - addr: 127.0.0.14
+#        port: 7777
+#
+#    - 'service-names' is included.
+#
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - addr: 127.0.0.14
+#        port: 7777
+#    discovery:
+#      option:
+#        no_service_names: false
+#
+#  o To remove 'service-names' from URI query parameters in NS Discovery
+#         no_service_names: true
+#
+#    * For Indirect Communication with Delegated Discovery,
+#      'service-names' is always included in the URI query parameter.
+#    * That is, 'no_service_names' has no effect.
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - addr: 127.0.0.14
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - addr: 127.0.0.14
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
+nssf:
+    sbi:
+      - addr: 127.0.0.14
+        port: 7777
+    nsi:
+      - addr: 127.0.0.10
+        port: 7777
+        s_nssai:
+          sst: 1
+
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
+#      - addr: 127.0.0.10
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
+#      - name: nrf.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
+#    If prefer_ipv4 is true, http://127.0.0.10:80 is selected.
+#
+#    sbi:
+#      addr:
+#        - 127.0.0.10
+#        - fd69:f21d:873c:fa::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777
+
+#
+#  o Disable use of IPv4 addresses (only IPv6)
+#  parameter:
+#    no_ipv4: true
+#
+#  o Disable use of IPv6 addresses (only IPv4)
+#  parameter:
+#    no_ipv6: true
+#
+#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
+#  parameter:
+#    prefer_ipv4: true
+#
+parameter:
+
+#
+#  o Maximum Number of UE
+#  max:
+#    ue: 1024
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
+#
+max:
+
+#
+#  o NF Instance Heartbeat (Default : 0)
+#    NFs will not send heart-beat timer in NFProfile
+#    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
+#
+#  o NF Instance Heartbeat (20 seconds)
+#    NFs will send heart-beat timer (20 seconds) in NFProfile
+#    NRF can change heart-beat timer in NFProfile
+#
+#  time:
+#    nf_instance:
+#      heartbeat: 20
+#
+#  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
+#
+#  o Message Wait Duration (3000 ms)
+#  time:
+#    message:
+#        duration: 3000
+time:

configs/open5gs/pcf.yaml.in

@@ -0,0 +1,427 @@
+db_uri: mongodb://localhost/open5gs
+
+#
+#  o Set OGS_LOG_INFO to all domain level
+#   - If `level` is omitted, the default level is OGS_LOG_INFO)
+#   - If `domain` is omitted, the all domain level is set from 'level'
+#    (Default values are used, so no configuration is required)
+#
+#  o Set OGS_LOG_ERROR to all domain level
+#   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
+#    level: error
+#
+#  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
+#    level: debug
+#    domain: mme,emm
+#
+#  o Set OGS_LOG_TRACE to all domain level
+#  logger:
+#    level: trace
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
+logger:
+    file: @localstatedir@/log/open5gs/pcf.log
+
+#
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/pcf.key
+      cert: @sysconfdir@/open5gs/tls/pcf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/pcf.key
+      cert: @sysconfdir@/open5gs/tls/pcf.crt
+
+#
+#  <SBI Server>
+#
+#  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
+#    sbi:
+#
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
+#    sbi:
+#      - addr:
+#          - 0.0.0.0
+#          - ::0
+#        port: 7777
+#
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/pcf.key
+#      cert: /etc/open5gs/tls/pcf.crt
+#  pcf:
+#    sbi:
+#
+#  o SBI Server(https://127.0.0.13:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/pcf.key
+#      cert: /etc/open5gs/tls/pcf.crt
+#  pcf:
+#    sbi:
+#      - addr: 127.0.0.13
+#      - addr: ::1
+#
+#  o SBI Server(https://pcf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/pcf.key
+#      cert: /etc/open5gs/tls/pcf.crt
+#  pcf:
+#    sbi:
+#      - name: pcf.open5gs.org
+#
+#  o SBI Server(http://127.0.0.13:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
+#    sbi:
+#      - addr: 127.0.0.13
+#        port: 7777
+#
+#  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
+#    sbi:
+#      - dev: eth0
+#
+#  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
+#    sbi:
+#      - dev: eth0
+#        advertise: open5gs-pcf.svc.local
+#
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
+#    sbi:
+#      - addr: localhost
+#        advertise:
+#          - 127.0.0.99
+#          - ::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
+#    sbi:
+#      addr: 127.0.0.13
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  pcf:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  pcf:
+#    service_name:
+#      - npcf-am-policy-control
+#      - npcf-smpolicycontrol
+#      - npcf-policyauthorization
+#
+#  == NOTE ==
+#  Placing npcf-smpolicycontrol and pcf-policyauthorization
+#  in different NFs is not supported. Both npcf-smpolicycontrol
+#  and pcf-policyauthorization should be placed in the same NF.
+#
+#  <NF Discovery Query Parameter>
+#
+#  o (Default) If you do not set Query Parameter as shown below,
+#
+#    sbi:
+#      - addr: 127.0.0.13
+#        port: 7777
+#
+#    - 'service-names' is included.
+#
+#    sbi:
+#      - addr: 127.0.0.13
+#        port: 7777
+#    discovery:
+#      option:
+#        no_service_names: false
+#
+#  o To remove 'service-names' from URI query parameters in NS Discovery
+#         no_service_names: true
+#
+#    * For Indirect Communication with Delegated Discovery,
+#      'service-names' is always included in the URI query parameter.
+#    * That is, 'no_service_names' has no effect.
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
+#    sbi:
+#      - addr: 127.0.0.13
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
+#    sbi:
+#      - addr: 127.0.0.13
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
+#
+#  <Metrics Server>
+#
+#  o Metrics Server(http://<any address>:9090)
+#  pcf:
+#    metrics:
+#    - addr: 0.0.0.0
+#      port: 9090
+#
+pcf:
+    sbi:
+      - addr: 127.0.0.13
+        port: 7777
+    metrics:
+      - addr: 127.0.0.13
+        port: 9090
+
+#
+# scp:
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80)
+#    sbi:
+#      - addr: 127.0.1.10
+#        tls:
+#          key: /etc/open5gs/tls/pcf.key
+#          cert: /etc/open5gs/tls/pcf.crt
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate to verify peer
+#
+#    sbi:
+#      - name: scp.open5gs.org
+#        tls:
+#          cacert: /etc/open5gs/tls/ca.crt
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
+#
+# nrf:
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.0.10:7777)
+#    sbi:
+#      addr: 127.0.0.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443)
+#  tls:
+#    client:
+#      key: /etc/open5gs/tls/pcf.key
+#      cert: /etc/open5gs/tls/pcf.crt
+#  nrf:
+#    sbi:
+#      - addr: 127.0.0.10
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate to verify server
+#
+#  tls:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#  nrf:
+#    sbi:
+#      - name: nrf.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
+#    If prefer_ipv4 is true, http://127.0.0.10:80 is selected.
+#
+#    sbi:
+#      addr:
+#        - 127.0.0.10
+#        - fd69:f21d:873c:fa::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777
+
+#
+#  o Disable use of IPv4 addresses (only IPv6)
+#  parameter:
+#    no_ipv4: true
+#
+#  o Disable use of IPv6 addresses (only IPv4)
+#  parameter:
+#    no_ipv6: true
+#
+#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
+#  parameter:
+#    prefer_ipv4: true
+#
+parameter:
+
+#
+#  o Maximum Number of UE
+#  max:
+#    ue: 1024
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
+#
+max:
+
+#
+#  o NF Instance Heartbeat (Default : 0)
+#    NFs will not send heart-beat timer in NFProfile
+#    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
+#
+#  o NF Instance Heartbeat (20 seconds)
+#    NFs will send heart-beat timer (20 seconds) in NFProfile
+#    NRF can change heart-beat timer in NFProfile
+#
+#  time:
+#    nf_instance:
+#      heartbeat: 20
+#
+#  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
+#
+#  o Message Wait Duration (3000 ms)
+#  time:
+#    message:
+#        duration: 3000
+time:

configs/open5gs/pcrf.yaml.in

@@ -1,9 +1,54 @@
 db_uri: mongodb://localhost/open5gs
 
+#
+#  o Set OGS_LOG_INFO to all domain level
+#   - If `level` is omitted, the default level is OGS_LOG_INFO)
+#   - If `domain` is omitted, the all domain level is set from 'level'
+#    (Default values are used, so no configuration is required)
+#
+#  o Set OGS_LOG_ERROR to all domain level
+#   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
+#    level: error
+#
+#  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
+#    level: debug
+#    domain: mme,emm
+#
+#  o Set OGS_LOG_TRACE to all domain level
+#  logger:
+#    level: trace
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
 logger:
     file: @localstatedir@/log/open5gs/pcrf.log
 
-parameter:
-
 pcrf:
     freeDiameter: @sysconfdir@/freeDiameter/pcrf.conf
+
+#
+#  o Disable use of IPv4 addresses (only IPv6)
+#  parameter:
+#    no_ipv4: true
+#
+#  o Disable use of IPv6 addresses (only IPv4)
+#  parameter:
+#    no_ipv6: true
+#
+#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
+#  parameter:
+#    prefer_ipv4: true
+#
+parameter:
+
+#
+#  o Maximum Number of UE
+#  max:
+#    ue: 1024
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
+#
+max:

configs/open5gs/pgw.yaml.in

@@ -1,22 +0,0 @@
-logger:
-    file: @localstatedir@/log/open5gs/pgw.log
-
-parameter:
-
-pgw:
-    freeDiameter: @sysconfdir@/freeDiameter/pgw.conf
-    gtpc:
-      - addr: 127.0.0.3
-      - addr: ::1
-    gtpu:
-      - addr: 127.0.0.3
-      - addr: ::1
-    ue_pool:
-      - addr: 10.45.0.1/16
-      - addr: cafe::1/64
-    dns:
-      - 8.8.8.8
-      - 8.8.4.4
-      - 2001:4860:4860::8888
-      - 2001:4860:4860::8844
-    mtu: 1400

configs/open5gs/scp.yaml.in

@@ -0,0 +1,394 @@
+db_uri: mongodb://localhost/open5gs
+
+#
+#  o Set OGS_LOG_INFO to all domain level
+#   - If `level` is omitted, the default level is OGS_LOG_INFO)
+#   - If `domain` is omitted, the all domain level is set from 'level'
+#    (Default values are used, so no configuration is required)
+#
+#  o Set OGS_LOG_ERROR to all domain level
+#   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
+#    level: error
+#
+#  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
+#    level: debug
+#    domain: mme,emm
+#
+#  o Set OGS_LOG_TRACE to all domain level
+#  logger:
+#    level: trace
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
+logger:
+    file: @localstatedir@/log/open5gs/scp.log
+
+#
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/scp.key
+      cert: @sysconfdir@/open5gs/tls/scp.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/scp.key
+      cert: @sysconfdir@/open5gs/tls/scp.crt
+
+#
+#  <SBI Server>
+#
+#  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      - addr:
+#          - 0.0.0.0
+#          - ::0
+#        port: 7777
+#
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/scp.key
+#      cert: /etc/open5gs/tls/scp.crt
+#  scp:
+#    sbi:
+#
+#  o SBI Server(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/scp.key
+#      cert: /etc/open5gs/tls/scp.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Server(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/scp.key
+#      cert: /etc/open5gs/tls/scp.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Server(http://127.0.1.10:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#        port: 7777
+#
+#  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      - dev: eth0
+#
+#  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      - dev: eth0
+#        advertise: open5gs-scp.svc.local
+#
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      - addr: localhost
+#        advertise:
+#          - 127.0.0.99
+#          - ::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
+#  <Next hop SCP>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  next_scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  next_scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  next_scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  next_scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  next_scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
+#      - addr: 127.0.0.10
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
+#      - name: nrf.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
+#    If prefer_ipv4 is true, http://127.0.0.10:80 is selected.
+#
+#    sbi:
+#      addr:
+#        - 127.0.0.10
+#        - fd69:f21d:873c:fa::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+nrf:
+    sbi:
+      - addr:
+          - 127.0.0.10
+          - ::1
+        port: 7777
+
+#
+#  o Disable use of IPv4 addresses (only IPv6)
+#  parameter:
+#    no_ipv4: true
+#
+#  o Disable use of IPv6 addresses (only IPv4)
+#  parameter:
+#    no_ipv6: true
+#
+#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
+#  parameter:
+#    prefer_ipv4: true
+#
+parameter:
+
+#
+#  o Maximum Number of UE
+#  max:
+#    ue: 1024
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
+#
+max:
+
+#
+#  o NF Instance Heartbeat (Default : 0)
+#    NFs will not send heart-beat timer in NFProfile
+#    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
+#
+#  o NF Instance Heartbeat (20 seconds)
+#    NFs will send heart-beat timer (20 seconds) in NFProfile
+#    NRF can change heart-beat timer in NFProfile
+#
+#  time:
+#    nf_instance:
+#      heartbeat: 20
+#
+#  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
+#
+#  o Message Wait Duration (3000 ms)
+#  time:
+#    message:
+#        duration: 3000
+time:

configs/open5gs/sgw.yaml.in

@@ -1,10 +0,0 @@
-logger:
-    file: @localstatedir@/log/open5gs/sgw.log
-
-parameter:
-    no_ipv6: true
-
-sgw:
-    gtpc:
-      addr: 127.0.0.2
-    gtpu:

configs/open5gs/sgwc.yaml.in

@@ -0,0 +1,177 @@
+#
+#  o Set OGS_LOG_INFO to all domain level
+#   - If `level` is omitted, the default level is OGS_LOG_INFO)
+#   - If `domain` is omitted, the all domain level is set from 'level'
+#    (Default values are used, so no configuration is required)
+#
+#  o Set OGS_LOG_ERROR to all domain level
+#   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
+#    level: error
+#
+#  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
+#    level: debug
+#    domain: mme,emm
+#
+#  o Set OGS_LOG_TRACE to all domain level
+#  logger:
+#    level: trace
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
+logger:
+    file: @localstatedir@/log/open5gs/sgwc.log
+
+#
+#  <GTP-C Server>
+#
+#  o GTP-C Server(127.0.0.3:2123, [fd69:f21d:873c:fa::2]:2123)
+#  sgwc:
+#    gtpc:
+#      addr:
+#        - 127.0.0.3
+#        - fd69:f21d:873c:fa::2
+#
+#  o On SGW, Same Configuration(127.0.0.3:2123,
+#  [fd69:f21d:873c:fa::2]:2123) as below.
+#  sgwc:
+#    gtpc:
+#      - addr: 127.0.0.3
+#      - addr: fd69:f21d:873c:fa::2
+#
+#  o GTP-C Option (Default)
+#    - so_bindtodevice : NULL
+#
+#  sgwc:
+#    gtpc:
+#      addr: 127.0.0.3
+#      option:
+#        so_bindtodevice: vrf-blue
+#
+#  <PFCP Server>
+#
+#  o PFCP Server(127.0.0.3:8805, ::1:8805)
+#  sgwc:
+#    pfcp:
+#      - addr: 127.0.0.3
+#      - addr: ::1
+#
+#  o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
+#  sgwc:
+#    pfcp:
+#      name: localhost
+#
+#  o PFCP Option (Default)
+#    - so_bindtodevice : NULL
+#
+#  sgwc:
+#    pfcp:
+#      addr: 127.0.0.3
+#      option:
+#        so_bindtodevice: vrf-blue
+#
+#  o Provide custom PFCP address to be advertised in PFCP association
+#      request/respond
+#  sgwc:
+#    pfcp:
+#      - addr: 0.0.0.0
+#        advertise: open5gs-smf.svc.local
+#
+sgwc:
+    gtpc:
+      - addr: 127.0.0.3
+    pfcp:
+      - addr: 127.0.0.3
+
+#
+#  <PFCP Client>>
+#
+#  o PFCP Client(127.0.0.6:8805)
+#  sgwu:
+#    pfcp:
+#      addr: 127.0.0.6
+#
+#  <SGWU_SELECTION_MODE - EPC only>
+#
+#  sgwu:
+#    pfcp:
+#      - addr: 127.0.0.6
+#      - addr: 127.0.0.12
+#      - addr: 127.0.0.18
+#
+# o SGWU selection by eNodeB TAC
+#   (either single TAC or multiple TACs, DECIMAL representation)
+#
+#  sgwu:
+#    pfcp:
+#      - addr: 127.0.0.6
+#        tac: 1
+#      - addr: 127.0.0.12
+#        tac: [3,5,8]
+#
+# o SGWU selection by UE's APN (either single APN or multiple APNs)
+#
+#  sgwu:
+#    pfcp:
+#      - addr: 127.0.0.6
+#        apn: ims
+#      - addr: 127.0.0.12
+#        apn: [internet, web]
+#
+# o SGWU selection by CellID(e_cell_id: 28bit)
+#   (either single e_cell_id or multiple e_cell_id, HEX representation)
+#
+#  sgwu:
+#    pfcp:
+#      - addr: 127.0.0.6
+#        e_cell_id: 463
+#      - addr: 127.0.0.12
+#        e_cell_id: [123456789, 9413]
+#
+sgwu:
+    pfcp:
+      - addr: 127.0.0.6
+
+#
+#  o Disable use of IPv4 addresses (only IPv6)
+#  parameter:
+#    no_ipv4: true
+#
+#  o Disable use of IPv6 addresses (only IPv4)
+#  parameter:
+#    no_ipv6: true
+#
+#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
+#  parameter:
+#    prefer_ipv4: true
+#
+#  o Disable selection of SGW-U PFCP in Round-Robin manner
+#  parameter:
+#    no_pfcp_rr_select: true
+#
+parameter:
+
+#
+# o Maximum Number of UE
+# max:
+#   ue: 1024
+#
+# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+# max:
+#   peer: 64
+#
+# o Maximum Number of GTP peer nodes per SGWC/SMF
+# max:
+#   gtp_peer: 64
+#
+max:
+
+#
+#  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
+#
+#  o Message Wait Duration (3000 ms)
+#  time:
+#    message:
+#        duration: 3000
+time:

configs/open5gs/sgwu.yaml.in

@@ -0,0 +1,166 @@
+#
+#  o Set OGS_LOG_INFO to all domain level
+#   - If `level` is omitted, the default level is OGS_LOG_INFO)
+#   - If `domain` is omitted, the all domain level is set from 'level'
+#    (Default values are used, so no configuration is required)
+#
+#  o Set OGS_LOG_ERROR to all domain level
+#   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
+#    level: error
+#
+#  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
+#    level: debug
+#    domain: mme,emm
+#
+#  o Set OGS_LOG_TRACE to all domain level
+#  logger:
+#    level: trace
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
+logger:
+    file: @localstatedir@/log/open5gs/sgwu.log
+
+#
+#  <PFCP Server>
+#
+#  o PFCP Server(127.0.0.6:8805, ::1:8805)
+#  sgwu:
+#    pfcp:
+#      - addr: 127.0.0.6
+#      - addr: ::1
+#
+#  o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
+#  sgwu:
+#    pfcp:
+#      - name: localhost
+#
+#  o PFCP Option (Default)
+#    - so_bindtodevice : NULL
+#
+#  sgwu:
+#    pfcp:
+#      addr: 127.0.0.6
+#      option:
+#        so_bindtodevice: vrf-blue
+#
+#  o Provide custom PFCP address to be advertised in PFCP association
+#      request/respond
+#  sgwc:
+#    pfcp:
+#      - addr: 0.0.0.0
+#        advertise: open5gs-smf.svc.local
+#
+#  <GTP-U Server>
+#
+#  o GTP-U Server(127.0.0.6:2152, [::1]:2152)
+#    gtpu:
+#      - addr: 127.0.0.6
+#      - addr: ::1
+#
+#  o GTP-U Server(127.0.0.1:2152, [::1]:2152)
+#  sgwu:
+#    gtpu:
+#      - name: localhost
+#
+#  o User Plane IP Resource information
+#  sgwu:
+#    gtpu:
+#      - addr:
+#        - 127.0.0.6
+#        - ::1
+#        teid_range_indication: 4
+#        teid_range: 10
+#        network_instance: internet
+#        source_interface: 0
+#      - addr: 127.0.10.4
+#        teid_range_indication: 4
+#        teid_range: 5
+#        network_instance: ims
+#        source_interface: 1
+#
+#  o Provide custom SGW-U GTP-U address to be advertised inside S1AP messages
+#  sgwu:
+#    gtpu:
+#      - addr: 10.4.128.21
+#        advertise: 172.24.15.30
+#
+#  sgwu:
+#    gtpu:
+#      - addr: 10.4.128.21
+#        advertise:
+#        - 127.0.0.1
+#        - ::1
+#
+#  sgwu:
+#    gtpu:
+#      - addr: 10.4.128.21
+#        advertise: sgw1.epc.mnc001.mcc001.3gppnetwork.org
+#
+#  sgwu:
+#    gtpu:
+#      - dev: ens3
+#        advertise: sgw1.epc.mnc001.mcc001.3gppnetwork.org
+#
+#  o GTP-U Option (Default)
+#    - so_bindtodevice : NULL
+#
+#  sgwu:
+#    gtpu:
+#      addr: 127.0.0.6
+#      option:
+#        so_bindtodevice: vrf-blue
+#
+sgwu:
+    pfcp:
+      - addr: 127.0.0.6
+    gtpu:
+      - addr: 127.0.0.6
+
+#
+#  <PFCP Client>>
+#
+#  o PFCP Client(127.0.0.3:8805)
+#  sgwc:
+#    pfcp:
+#      addr: 127.0.0.3
+#
+sgwc:
+
+#
+#  o Disable use of IPv4 addresses (only IPv6)
+#  parameter:
+#    no_ipv4: true
+#
+#  o Disable use of IPv6 addresses (only IPv4)
+#  parameter:
+#    no_ipv6: true
+#
+#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
+#  parameter:
+#    prefer_ipv4: true
+#
+parameter:
+
+#
+# o Maximum Number of UE
+# max:
+#   ue: 1024
+#
+# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+# max:
+#   peer: 64
+#
+max:
+
+#
+#
+#  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
+#
+#  o Message Wait Duration (3000 ms)
+#  time:
+#    message:
+#        duration: 3000
+time:

configs/open5gs/smf.yaml.in

@@ -0,0 +1,883 @@
+#
+#  o Set OGS_LOG_INFO to all domain level
+#   - If `level` is omitted, the default level is OGS_LOG_INFO)
+#   - If `domain` is omitted, the all domain level is set from 'level'
+#    (Default values are used, so no configuration is required)
+#
+#  o Set OGS_LOG_ERROR to all domain level
+#   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
+#    level: error
+#
+#  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
+#    level: debug
+#    domain: mme,emm
+#
+#  o Set OGS_LOG_TRACE to all domain level
+#  logger:
+#    level: trace
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
+logger:
+    file: @localstatedir@/log/open5gs/smf.log
+
+#
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/smf.key
+      cert: @sysconfdir@/open5gs/tls/smf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/smf.key
+      cert: @sysconfdir@/open5gs/tls/smf.crt
+
+#
+#  <SBI Server>
+#
+#  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - addr:
+#          - 0.0.0.0
+#          - ::0
+#        port: 7777
+#
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/smf.key
+#      cert: /etc/open5gs/tls/smf.crt
+#  smf:
+#    sbi:
+#
+#  o SBI Server(https://127.0.0.4:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/smf.key
+#      cert: /etc/open5gs/tls/smf.crt
+#  smf:
+#    sbi:
+#      - addr: 127.0.0.4
+#      - addr: ::1
+#
+#  o SBI Server(https://smf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/smf.key
+#      cert: /etc/open5gs/tls/smf.crt
+#  smf:
+#    sbi:
+#      - name: smf.open5gs.org
+#
+#  o SBI Server(http://127.0.0.4:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - addr: 127.0.0.4
+#        port: 7777
+#
+#  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - dev: eth0
+#
+#  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - dev: eth0
+#        advertise: open5gs-smf.svc.local
+#
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - addr: localhost
+#        advertise:
+#          - 127.0.0.99
+#          - ::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      addr: 127.0.0.4
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  smf:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  smf:
+#    service_name:
+#      - nsmf-pdusession
+#
+#  <NF Discovery Query Parameter>
+#
+#  o (Default) If you do not set Query Parameter as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - addr: 127.0.0.4
+#        port: 7777
+#
+#    - 'service-names' is included.
+#
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - addr: 127.0.0.4
+#        port: 7777
+#    discovery:
+#      option:
+#        no_service_names: false
+#
+#  o To remove 'service-names' from URI query parameters in NS Discovery
+#         no_service_names: true
+#
+#    * For Indirect Communication with Delegated Discovery,
+#      'service-names' is always included in the URI query parameter.
+#    * That is, 'no_service_names' has no effect.
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - addr: 127.0.0.4
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - addr: 127.0.0.4
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
+#  <PFCP Server>
+#
+#  o PFCP Server(127.0.0.4:8805, ::1:8805)
+#  smf:
+#    pfcp:
+#      - addr: 127.0.0.4
+#      - addr: ::1
+#
+#  o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
+#  smf:
+#    pfcp:
+#      name: localhost
+#
+#  o PFCP Option (Default)
+#    - so_bindtodevice : NULL
+#
+#  smf:
+#    pfcp:
+#      addr: 127.0.0.4
+#      option:
+#        so_bindtodevice: vrf-blue
+#
+#  o Provide custom PFCP address to be advertised to UPF in PFCP association
+#      request/respond
+#  smf:
+#    pfcp:
+#      - addr: 0.0.0.0
+#        advertise: open5gs-smf.svc.local
+#
+#  <GTP-C Server>
+#
+#  o GTP-C Server(127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123)
+#  smf:
+#    gtpc:
+#      addr:
+#        - 127.0.0.4
+#        - fd69:f21d:873c:fa::3
+#
+#  o On SMF, Same configuration
+#    (127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123).
+#  smf:
+#    gtpc:
+#      - addr: 127.0.0.4
+#      - addr: fd69:f21d:873c:fa::3
+#
+#  o GTP-C Option (Default)
+#    - so_bindtodevice : NULL
+#
+#  smf:
+#    gtpc:
+#      addr: 127.0.0.4
+#      option:
+#        so_bindtodevice: vrf-blue
+#
+#  <GTP-U Server>>
+#
+#  o GTP-U Server(127.0.0.4:2152, [::1]:2152)
+#  smf:
+#    gtpu:
+#      - addr: 127.0.0.4
+#      - addr: ::1
+#
+#  o GTP-U Server(127.0.0.1:2152, [::1]:2152)
+#  smf:
+#    gtpu:
+#      name: localhost
+#
+#  o GTP-U Option (Default)
+#    - so_bindtodevice : NULL
+#
+#  smf:
+#    gtpu:
+#      addr: 127.0.0.4
+#      option:
+#        so_bindtodevice: vrf-blue
+#
+#  <Metrics Server>
+#
+#  o Metrics Server(http://<any address>:9090)
+#  smf:
+#    metrics:
+#      - addr: 0.0.0.0
+#        port: 9090
+#
+#  <Subnet for UE Pool>
+#
+#  o IPv4 Pool
+#  smf:
+#    subnet:
+#      addr: 10.45.0.1/16
+#
+#  o IPv4/IPv6 Pool
+#  smf:
+#    subnet:
+#      - addr: 10.45.0.1/16
+#      - addr: 2001:db8:cafe::1/48
+#
+#
+#  o Specific DNN/APN(e.g 'ims') uses 10.46.0.1/16, 2001:db8:babe::1/48
+#    ; If the UE has unknown DNN/APN(not internet/ims), SMF/UPF will crash.
+#
+#  smf:
+#    subnet:
+#      - addr: 10.45.0.1/16
+#        dnn: internet
+#      - addr: 2001:db8:cafe::1/48
+#        dnn: internet
+#      - addr: 10.46.0.1/16
+#        dnn: ims
+#      - addr: 2001:db8:babe::1/48
+#        dnn: ims
+#
+#  o Specific DNN/APN with the FALLBACK SUBNET(10.47.0.1/16)
+#    ; Note that put the FALLBACK SUBNET last to avoid SMF/UPF crash.
+#
+#  smf:
+#    subnet:
+#      - addr: 10.45.0.1/16
+#        dnn: internet
+#      - addr: 10.46.0.1/16
+#        dnn: ims
+#      - addr: 10.50.0.1/16 ## FALLBACK SUBNET
+#
+#  o Pool Range Sample
+#  smf:
+#    subnet:
+#      - addr: 10.45.0.1/24
+#        range: 10.45.0.100-10.45.0.200
+#
+#  smf:
+#    subnet:
+#      - addr: 10.45.0.1/24
+#        range:
+#          - 10.45.0.5-10.45.0.50
+#          - 10.45.0.100-
+#
+#  smf:
+#    subnet:
+#      - addr: 10.45.0.1/24
+#        range:
+#          - -10.45.0.200
+#          - 10.45.0.210-10.45.0.220
+#
+#  smf:
+#    subnet:
+#      - addr: 10.45.0.1/16
+#        range:
+#          - 10.45.0.100-10.45.0.200
+#          - 10.45.1.100-10.45.1.200
+#      - addr: 2001:db8:cafe::1/48
+#        range:
+#          - 2001:db8:cafe:a0::0-2001:db8:cafe:b0::0
+#          - 2001:db8:cafe:c0::0-2001:db8:cafe:d0::0
+#
+#  <Domain Name Server>
+#
+#  o Primary/Secondary can be configured. Others are ignored.
+#
+#  smf:
+#    dns:
+#      - 8.8.8.8
+#      - 8.8.4.4
+#      - 2001:4860:4860::8888
+#      - 2001:4860:4860::8844
+#
+#  <MTU Size>
+#
+#  o Provisioning a limit on the size of the packets sent by the MS
+#    to avoid packet fragmentation in the backbone network
+#    between the MS and the GGSN/PGW and/or across the (S)Gi reference point)
+#    when some of the backbone links does not support
+#    packets larger then 1500 octets
+#
+#  <P-CSCF>
+#
+#  o Proxy Call Session Control Function
+#
+#  smf:
+#    p-cscf:
+#      - 127.0.0.1
+#      - ::1
+#
+#  <CTF>
+#
+#  o Gy interface parameters towards OCS.
+#  o enabled:
+#    o auto: Default. Use Gy only if OCS available among Diameter peers
+#    o yes:  Use Gy always;
+#            reject subscribers if no OCS available among Diameter peers
+#    o no:   Don't use Gy interface if there is an OCS available
+#
+#  smf:
+#    ctf:
+#      enabled: auto|yes|no
+#
+#
+#  <SMF Selection - 5G Core only>
+#  1. SMF sends SmfInfo(S-NSSAI, DNN, TAI) to the NRF
+#  2. NRF responds to AMF with SmfInfo during NF-Discovery.
+#  3. AMF selects SMF based on S-NSSAI, DNN and TAI in SmfInfo.
+#
+#  Note that if there is no SmfInfo, any AMF can select this SMF.
+#
+#  o S-NSSAI[SST:1] and DNN[internet] - At least 1 DNN is required in S-NSSAI
+#  smf:
+#    info:
+#      - s_nssai:
+#          - sst: 1
+#            dnn:
+#              - internet
+#
+#  o S-NSSAI[SST:1 SD:009000] and DNN[internet or ims]
+#  smf:
+#    info:
+#      - s_nssai:
+#          - sst: 1
+#            sd: 009000
+#            dnn:
+#              - internet
+#              - ims
+#
+#  o S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1]
+#  smf:
+#    info:
+#      - s_nssai:
+#          - sst: 1
+#            dnn:
+#              - internet
+#        tai:
+#          - plmn_id:
+#              mcc: 999
+#              mnc: 70
+#            tac: 1
+#
+#  o If any of conditions below are met:
+#   - S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1-9]
+#   - S-NSSAI[SST:2 SD:000080] and DNN[internet or ims]
+#   - S-NSSAI[SST:4] and DNN[internet] and TAI[PLMN-ID:99970 TAC:10-20,30-40]
+#
+#  smf:
+#    info:
+#      - s_nssai:
+#          - sst: 1
+#            dnn:
+#              - internet
+#        tai:
+#          - plmn_id:
+#              mcc: 999
+#              mnc: 70
+#            tac:
+#              - 1-9
+#      - s_nssai:
+#          - sst: 2
+#            sd: 000080
+#            dnn:
+#              - internet
+#              - ims
+#      - s_nssai:
+#          - sst: 4
+#            dnn:
+#              - internet
+#        tai:
+#          - plmn_id:
+#              mcc: 999
+#              mnc: 70
+#            tac:
+#              - 10-20
+#              - 30-40
+#
+#  o Complex Example
+#  smf:
+#    info:
+#      - s_nssai:
+#          - sst: 1
+#            dnn:
+#              - internet
+#          - sst: 1
+#            sd: 000080
+#            dnn:
+#              - internet
+#              - ims
+#          - sst: 1
+#            sd: 009000
+#            dnn:
+#              [internet, ims]
+#          - sst: 2
+#            dnn:
+#              - internet
+#          - sst: 3
+#            sd: 123456
+#            dnn:
+#              - internet
+#        tai:
+#          - plmn_id:
+#              mcc: 999
+#              mnc: 70
+#            tac: [1, 2, 3]
+#          - plmn_id:
+#              mcc: 999
+#              mnc: 70
+#            tac: 4
+#          - plmn_id:
+#              mcc: 999
+#              mnc: 70
+#            tac:
+#              - 5
+#              - 6
+#          - plmn_id:
+#              mcc: 999
+#              mnc: 70
+#            tac:
+#              - 100-200
+#              - 300-400
+#          - plmn_id:
+#              mcc: 999
+#              mnc: 70
+#            tac:
+#              - 500-600
+#              - 700-800
+#              - 900-1000
+#      - s_nssai:
+#          - sst: 4
+#            dnn:
+#              - internet
+#        tai:
+#          - plmn_id:
+#              mcc: 999
+#              mnc: 70
+#            tac: 99
+#
+#  <Security Indication - 5G Core only>
+#
+#   According to 3GPP TS38.413 Section 9.3.1.27,
+#   Security Indication IE may be instructed to 5G gNB.
+#
+#   If you set the security_indication in smf.yaml,
+#   this information is delivered using PDU Session Resource Request Transfer IE
+#
+#  smf:
+#    security_indication:
+#      integrity_protection_indication: required|preferred|not-needed
+#      confidentiality_protection_indication: required|preferred|not-needed
+#      maximum_integrity_protected_data_rate_uplink: bitrate64kbs|maximum-UE-rate
+#      maximum_integrity_protected_data_rate_downlink: bitrate64kbs|maximum-UE-rate
+#
+smf:
+    sbi:
+      - addr: 127.0.0.4
+        port: 7777
+    pfcp:
+      - addr: 127.0.0.4
+      - addr: ::1
+    gtpc:
+      - addr: 127.0.0.4
+      - addr: ::1
+    gtpu:
+      - addr: 127.0.0.4
+      - addr: ::1
+    metrics:
+      - addr: 127.0.0.4
+        port: 9090
+    subnet:
+      - addr: 10.45.0.1/16
+      - addr: 2001:db8:cafe::1/48
+    dns:
+      - 8.8.8.8
+      - 8.8.4.4
+      - 2001:4860:4860::8888
+      - 2001:4860:4860::8844
+    mtu: 1400
+    ctf:
+      enabled: auto
+    freeDiameter: @sysconfdir@/freeDiameter/smf.conf
+
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
+#      - addr: 127.0.0.10
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
+#      - name: nrf.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
+#    If prefer_ipv4 is true, http://127.0.0.10:80 is selected.
+#
+#    sbi:
+#      addr:
+#        - 127.0.0.10
+#        - fd69:f21d:873c:fa::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777
+
+#
+#  <PFCP Client>>
+#
+#  o PFCP Client(127.0.0.7:8805)
+#  upf:
+#    pfcp:
+#      addr: 127.0.0.7
+#
+#  <UPF Selection>
+#
+#  upf:
+#    pfcp:
+#      - addr: 127.0.0.7
+#      - addr: 127.0.0.12
+#      - addr: 127.0.0.19
+#
+#  o UPF selection by eNodeB TAC
+#    (either single TAC or multiple TACs, DECIMAL representation)
+#
+#  upf:
+#    pfcp:
+#      - addr: 127.0.0.7
+#        tac: 1
+#      - addr: 127.0.0.12
+#        tac: [3,5,8]
+#
+#  o UPF selection by UE's DNN/APN (either single DNN/APN or multiple DNNs/APNs)
+#
+#  upf:
+#    pfcp:
+#      - addr: 127.0.0.7
+#        dnn: ims
+#      - addr: 127.0.0.12
+#        dnn: [internet, web]
+#
+#  o UPF selection by CellID(e_cell_id: 28bit, nr_cell_id: 36bit)
+#    (either single enb_id or multiple enb_ids, HEX representation)
+#
+#  upf:
+#    pfcp:
+#      - addr: 127.0.0.7
+#        e_cell_id: 463
+#      - addr: 127.0.0.12
+#        nr_cell_id: [123456789, 9413]
+#
+upf:
+    pfcp:
+      - addr: 127.0.0.7
+
+#
+#  o Disable use of IPv4 addresses (only IPv6)
+#  parameter:
+#    no_ipv4: true
+#
+#  o Disable use of IPv6 addresses (only IPv4)
+#  parameter:
+#    no_ipv6: true
+#
+#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
+#  parameter:
+#    prefer_ipv4: true
+#
+#  o Disable selection of UPF PFCP in Round-Robin manner
+#  parameter:
+#    no_pfcp_rr_select: true
+#
+#  o Legacy support for pre-release LTE 11 devices
+#    - Omits adding local address in packet filters for compatibility
+#  parameter:
+#    no_ipv4v6_local_addr_in_packet_filter: true
+#
+parameter:
+
+#
+# o Maximum Number of UE
+# max:
+#   ue: 1024
+#
+# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+# max:
+#   peer: 64
+#
+# o Maximum Number of GTP peer nodes per SGWC/SMF
+# max:
+#   gtp_peer: 64
+#
+max:
+
+#
+#  o NF Instance Heartbeat (Default : 0)
+#    NFs will not send heart-beat timer in NFProfile
+#    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
+#
+#  o NF Instance Heartbeat (20 seconds)
+#    NFs will send heart-beat timer (20 seconds) in NFProfile
+#    NRF can change heart-beat timer in NFProfile
+#  time:
+#    nf_instance:
+#      heartbeat: 20
+#
+#  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
+#
+#  o Message Wait Duration (3000 ms)
+#  time:
+#    message:
+#        duration: 3000
+#
+#  o Handover Wait Duration (Default : 300 ms)
+#    Time to wait for SMF to send
+#    PFCP Session Modification Request(Remove Indirect Tunnel) to the UPF
+#    after sending Nsmf_PDUSession_UpdateSMContext Response(hoState:COMPLETED)
+#    (Default values are used, so no configuration is required)
+#
+#  o Handover Wait Duration (500ms)
+#  time:
+#    handover:
+#        duration: 500
+time:

configs/open5gs/tls/amf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjVaFw0zMjExMDgyMzM3MjVaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD2FtZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL5q1eXK8wzvyymrEpxLgdGg8ArHUiGk0BerkwIwOvkJRkqolQx1CVV+
+SZAsnLxrt1+DEb9PTEpqrAXXAWxGtjDCW8FARPFfhziq4B0NPHuTtXusvT+9xF0I
+EY/HFyO/3EYh5vRh5gGZdW5Ukgh4We4Zw/lw0d2BFA2/L5Xz4zOV1P3vSeATyNMq
+4mPWD5xUs0utUzOevmom/+vMO8HGecKv8dpdcM45Gget5pH9OwT0nEAOusW8vYZK
+kCVKNFAvfyCOVzVG82jS8XARrMGzFPfnrkadYrf/sV4OQ7hLc4ZdO83kXubOoCJm
+xrxp7Z8aaXjNEpGW2dZQqU9w57SP9sMCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQU2olHBnRSjS69sZRJT5rFpHAQDhcwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAIEUFoQQ1yuR4apyUddE26Hm
+tnYmXWaTFtL3D98rSj+mwyUOOPD/r7JcsK36XUj8bbMZ4avxMJpYhQGV7x8LG1t1
+3mKlq9JAvLzIREe7zvR8BbOmPu8AVO2Z4uCGrSAa1BsxGgobZ5E2btPHR5RVWiQS
+yYhaIjBuUlPqpa20Pc5cKhZKa8bgfdVs/gsZVwa7T6Xr+hMiSlH0uGIUx85oW4sY
+MidmaMRM1dabSo6nTLcQA0k7h3iC4nZ1MpyMpzt98vZCzVZzWlcJ7AW+py9xKUlN
+48TKTdqHSwt5R9cLnrR7fSVzoPrS9H7KHcemP3poSN/E0PlD+Wou8AFBGBgle8o=
+-----END CERTIFICATE-----

configs/open5gs/tls/amf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPYW1mLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmrV5crzDO/LKasSnEuB0aDwCsdSIaTQ
+F6uTAjA6+QlGSqiVDHUJVX5JkCycvGu3X4MRv09MSmqsBdcBbEa2MMJbwUBE8V+H
+OKrgHQ08e5O1e6y9P73EXQgRj8cXI7/cRiHm9GHmAZl1blSSCHhZ7hnD+XDR3YEU
+Db8vlfPjM5XU/e9J4BPI0yriY9YPnFSzS61TM56+aib/68w7wcZ5wq/x2l1wzjka
+B63mkf07BPScQA66xby9hkqQJUo0UC9/II5XNUbzaNLxcBGswbMU9+euRp1it/+x
+Xg5DuEtzhl07zeRe5s6gImbGvGntnxppeM0SkZbZ1lCpT3DntI/2wwIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAGaPpZwtBx66RzpY4jkjHuIjxD4SQop5XbzfNr+l
+HupHV/maWqEwlExTiRqQLUYJ01f4d6y/X8ABU4dyXbaqzWBEBtNg8uIifXLyGcfw
+yzn9zzuE6Vlj2366ssJEP+YFYetrzGYkj4SrXQG7k9ZIM7cTTzD/ZjOAX4VI61LZ
+VXpEOUsjdP9BcxwI6U17NkFePLfLKByp0uTwECFonIyxzlJLSTbk9xtzPtxA7pax
+F/ZrQBEsTdzFQoZca1ZH3UTnmjpcbYJwOpzzlSfrMJs9sv42MZlBuSGzn8xq88xy
+KylL9BUn7ZCOhawIz4FEi335e9aq8xcZXnx40OBMOTFE+xo=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/amf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC+atXlyvMM78sp
+qxKcS4HRoPAKx1IhpNAXq5MCMDr5CUZKqJUMdQlVfkmQLJy8a7dfgxG/T0xKaqwF
+1wFsRrYwwlvBQETxX4c4quAdDTx7k7V7rL0/vcRdCBGPxxcjv9xGIeb0YeYBmXVu
+VJIIeFnuGcP5cNHdgRQNvy+V8+MzldT970ngE8jTKuJj1g+cVLNLrVMznr5qJv/r
+zDvBxnnCr/HaXXDOORoHreaR/TsE9JxADrrFvL2GSpAlSjRQL38gjlc1RvNo0vFw
+EazBsxT3565GnWK3/7FeDkO4S3OGXTvN5F7mzqAiZsa8ae2fGml4zRKRltnWUKlP
+cOe0j/bDAgMBAAECggEAU0sRaLTXj4ufH4l9GRAwZ73R8q0QwLXC7u+23Siyyzfi
+3wqSNEJHxHV7AU16fDNUIbwIOdqaoRy7Rcywiyf9TyPdlhGidsEWOdQJN7wP/nB0
+3PYJTIYajKVYZT+t4A3vcWAoEjN2tLFnfE0TGhBnKi9sGcNfkdiCKKc+TgZCls/M
++ltrp3+QVH9UO6AMj74mNjNSN6EQOcsO8BUqNnzTsJ5mkTLfLyfoerWXtZlppXZM
+/0gyYshP+SN4d3Iuj1NUlM3LLTAx/hg08u3ioBURcRBF0wSIkywpgC9SdqAWKWsX
+V6BEIbNwRQk+0V782HTWaZ8H9aCRg6MOk5KO137r1QKBgQDkF5lApIoDAkVb0tFI
+wyRNnoNtv0HitbXGLGKS3KGyPPqCLgdnngeEgEqB8ejqjkMzdOmn0eaSmg/yml5O
+Vkkw1nSmYholzEbEzl7A34f3AOLMx5hegTjiJe3MrBjZN2qoyDJH8xikl+XFyV5J
+sNZe6uRyFozIRrzEPMxgW+R3hQKBgQDVtys66kqUz+5EGwY/n6kIV3ip8zp08KQj
+Q+a/h/2EZWvulKLv+Wcr8bwSqOs/ZSaKKgK6VOUK76CYQcHDIHuJEd6TEOC32wLM
+uhsjX+aVcTuWPHmGZdJxk5JCI1W0NIxdLVJKg5J1nAmsfRmhtk3yG+C+1i7PSQRT
+Y1m/92SzpwKBgQCpM3hUI7rdkImzHCh0OY5spfIJL5/IddNqNvLIzzKD7ghHGa4U
+h348JI8g5jtKBE6FlWzfOS46Al9iMHFU211gBTZzVsLe1zKIPC6+FRPff6C/GDFH
+qcRwvoIxGlk0iY9ttVTXWtYlAylIF6ECOVRNBSKCH4g/6XmOeSuDL6fDoQKBgQCk
+UWouqTdgxaKnwLOENakMXdzLptR6Vw+Mgcen2dJlemmLDcNdiT/3PKzjF/eQTaBd
+OMHSLDXSu72Zc22cLpxtHk0ofCCbnAvCBxGYmEK9AkvTTnoNiLpOUy1wJqTdok2N
+0qvj2NfCD5AsjB8qA/ZYQXECqcFh5P0rdEbsXzWRHwKBgQCM/GGUXWI0LrkcQpDY
+dpO1C161b+zNJHWwM+7cL2kM9azVwW3CNq1YV7c+GRuJG8YyToIYJJfIIUSiAFH0
+97J/JoQ2a/1baMXNaZf06WATtjsFywtG+O8FwZs9rAQ7oDeSe7l5jP5Mw/WjY/Kq
+BKoi+9Nz8JldcTIi1rj/YyuHag==
+-----END PRIVATE KEY-----

configs/open5gs/tls/ausf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAkSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjVaFw0zMjExMDgyMzM3MjVaMEsxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGTAX
+BgNVBAMMEGF1c2YubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC4kKPcYH2eCayT80Ye9dBf6JmJGwfpkkHlwSlMNW8hh/aCEhDF8pj6
+8xU1Wqqptxs6hHHyLMdtqw9AlnOZlOZdTh8zwA5ExR+vf0IPK/bCDkRtUwBlyOUy
+LsEOoqMbdTEhGmriykQS0t7O63vsPeiX6oF31AgaNfI5glxZpjUI61rKcHTxCYAX
+XALSnIw13fnaQxz2ucmnioTToM28X0GA4ByGs8zgPkAf8F+tDYr+vfiYPZ0ELmLY
+AXJCdK4e/VzY1DsfkqnWCCbVZYg/sCjxFIa77PEQ8rUJ0VBdKE0n+O6hqR/7lL6g
+Idrk9Vh0LWueQI+cNy/IcVQbBOJaPVZXAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYD
+VR0OBBYEFBxp6AfQv4qeBrN5tM2WjNjC23pkMB8GA1UdIwQYMBaAFLFq+pyZvAQq
+Qohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQBBnrBNSkmzMM5TTBrzCmgo
+GktZJy5iM5394OSNKwYdIAxFUotIP7PKwE4GGA9fMauYw+Q5AictubsZEW6Pc4SK
+wtvgDUkCmtOitdMxRGYa7lmVpLxsyCvyMVTH5eKvSWQeMBomOP6WR4Huzj+RGcTc
+dU3BbNByNMnGGoXO0WYoW6nal/cEIaogYtH2JM7v3otDztGN5ixmvkNxmd9ewLEu
+jYkcpqY6WPpK7TM55fBr4f7N5Tin7GM8lE/SQfnJzREsCDPrkLoEuB6DXG7dgjvA
+ZdrM3eD77xamzT3nA0/5Up2bDoQLtYMph0muVfDrOKL+pzrtSrR6CnkPVgX2aWrF
+-----END CERTIFICATE-----

configs/open5gs/tls/ausf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICkDCCAXgCAQAwSzEZMBcGA1UEAwwQYXVzZi5sb2NhbGRvbWFpbjELMAkGA1UE
+BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALiQo9xgfZ4JrJPzRh710F/omYkbB+mS
+QeXBKUw1byGH9oISEMXymPrzFTVaqqm3GzqEcfIsx22rD0CWc5mU5l1OHzPADkTF
+H69/Qg8r9sIORG1TAGXI5TIuwQ6ioxt1MSEaauLKRBLS3s7re+w96JfqgXfUCBo1
+8jmCXFmmNQjrWspwdPEJgBdcAtKcjDXd+dpDHPa5yaeKhNOgzbxfQYDgHIazzOA+
+QB/wX60Niv69+Jg9nQQuYtgBckJ0rh79XNjUOx+SqdYIJtVliD+wKPEUhrvs8RDy
+tQnRUF0oTSf47qGpH/uUvqAh2uT1WHQta55Aj5w3L8hxVBsE4lo9VlcCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQBUpX2wR4LNsuhCeFLjjiJKClOdkqKel/U2gCr5
+pW7JisU1pnSBW1ZnI0usssGQeejJUvS+24fTb4aQp68DJ4E70s4N6M+oMyUlCIhH
+5ELkG/rlXtir4/l7WP/vF5M1F0bPKLCA51nRfV9tvBR1nAVFfr5ZBGWo8vZBKz9v
+v43beNjJxmCkurN7j78WP0TYEs7ehGCXh0mDtW6SurKpnWswsjInKtyUR470XHwt
+cVJy0HelsBsqpf6I9SlY2J7SakGPDtqARkIisKA6vO4sZdKP0aYapY3nCB5rLvNH
+mC28DCX1R0gqBoHTML0lNUiGEsDe4R4O70dHvWHdZr+zPow6
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/ausf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC4kKPcYH2eCayT
+80Ye9dBf6JmJGwfpkkHlwSlMNW8hh/aCEhDF8pj68xU1Wqqptxs6hHHyLMdtqw9A
+lnOZlOZdTh8zwA5ExR+vf0IPK/bCDkRtUwBlyOUyLsEOoqMbdTEhGmriykQS0t7O
+63vsPeiX6oF31AgaNfI5glxZpjUI61rKcHTxCYAXXALSnIw13fnaQxz2ucmnioTT
+oM28X0GA4ByGs8zgPkAf8F+tDYr+vfiYPZ0ELmLYAXJCdK4e/VzY1DsfkqnWCCbV
+ZYg/sCjxFIa77PEQ8rUJ0VBdKE0n+O6hqR/7lL6gIdrk9Vh0LWueQI+cNy/IcVQb
+BOJaPVZXAgMBAAECggEAIqhShNb/r7YMWKn1kGnDa8cfUa4oQbWLt0ua6Cseh7Li
+2NDwomMoU/Nil6bDZmQycj4dsYa0GkVlc1DtOzlJOtspI8wcQdCsXwWsD3JHf3Az
+bD4KVJKxa0d5TDjBHS5X/+nYiWbG+qvrV/rDRfzoGOLZ1fkUXmuj5SW0FseNrPNH
+VaRrC+YdnFfOs1m+U7PZQmxSrp3C9FxQWCg1xTXT4vnOeoqsJLDQX6njCI6AONPD
+9vfeGLMD3D45Bk06xfv1zFz7oNgdu0TbOISiDKewUJX1MIpZbaDvx0LO7dBeJBWI
+x7yZymTy6B7cspyO9WuC7B3uvSZb4Dj0kmityXze0QKBgQDk/6QY2FMZbOpC0xuw
+8T67sxiF9omr23lxWZD+2PMe4IgcD3mijr50bg+pnoZ/R1cPs9IRT27gtuKdpQlS
+FOrV9kmJqXGGMO8R2edafzGRim3M+oKVOC8KuI0z/euGTKtKpozMKaoUF68nrMx4
+/7ybauLVYOuWDEqI+Fu6/yY+MQKBgQDOU8OOe5oW3BcNY3/yq+PWlaI9qEehsJTn
+kyMvzn5YbKg5yfF6rexm04pY9WCOZfOzvP5NdwwG/InR86YaVOxuuiDE/4WMip18
+rDLabGhlcxsja137c14h8hr936xcF2A4Nd5Q6GYOtCMYNAvCTSAgI98jyiwDGxsY
+vXl7WdQTBwKBgQCgZa8698q89FzhkZzDwzZ9omR68MRda80UZ/f3iV5BMmQjw3Mf
+OXyNcMnntPHgFMgWZ42sMkcnfvIcGYz9wUj7tRatJdIue/f4OPijmpPNrXhbKtxs
+SH4qtDmzQRfHacxQ7XeRSV2n1S8KSy6tUfN5qNRZQRnCb7mFVvBpem3/AQKBgEIs
+VUzuUXZBcldF8TRIctNQvG8f+JFgC/HVm/RqOtVrS+z02rDo9SfpcrajRCuHgUjF
+NZ5srvvSpPUkOsK5N/cvVPE5roBruKTSqaCqIjVfXHXYqpTJ5IfomUWRJjuG98Iv
+bLTwREM0/Qh3MMpJaCNGvftBjSoV2HPv2PV50u2jAoGBALbTtPaHLmSjTE6L675y
+Qb440nmgkI+5jl/KX21Gjnes5OqqVmmFzz/1fj1/ZwGpbzp10jdBG2zKChATMsjl
+xqPq6G0Gu5RKUeRbT64at3e1+aukU1W4L05GAS8FQru4qixKVK5be/24bmTLTpJ8
+tm0reJD9N9KJQouyqctAnf1O
+-----END PRIVATE KEY-----

configs/open5gs/tls/bsf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD2JzZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKOY6GHHkFrexUafHFilmA+vsnx7tfbFS7Mkk41QmSXR2+xjG1MenpOQ
+kOJdDq5tFm8SsBIqaNmyTM1Tx2j6vT01KnludLJait4Q1F8o5npF5YFwMegVf06o
+ZcDrsFpdyIi1EjoFt1bhM02j1GkRVzfIycPi3xrJ1croWWtIj0J/CN4TkoAYaqUW
+8B2pccwVbb4jvUyGU61xIARkm/pHIYrCEjiuWP99imbROSUMBX9ne/krtgsJYylZ
+XPvZiZkrAXCFHx2KKrm9zOaXeYHSCEiHJQRAaSJICJA2COz3zzN8XpIJVP8paiXF
+B5oFoUwex/VdZ/a0m8jm05++jcHXVIECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUgkNWEi5vGgi/rNh4n4WI3VkWdxQwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAE4+FPquzZPJfAg3namKryWe
+zJjibTvvZenRDoYhkJ9HWhi4tPvLAUqCHLe8sUfxcf5k17T+u7pYfK/+1IpGomWh
+Y6OxrxnNK4bnhxTFEch9j90x+cLyAAKVzDAotAgI/OoBQgqiSo0I3pe6MBVPZVIH
+Ga5aghA1u9QsLOr7XcuHLAXzMpYPq+6vjHTy1cSi3csQcVNLo67pB3l+b9o1lVGz
+6Y8V1L5n19OQ+gbCOSQrGXPAivWWJIDvKW6mtinFLNZ2f1/WDvkh9L/nSFNUsNOj
+uWqheRX7FegwvwpjhFfe7TdLQg4OZ5Q82JRFiVmcwx3cDRHPe8BlIdkkTmJvilo=
+-----END CERTIFICATE-----

configs/open5gs/tls/bsf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPYnNmLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5joYceQWt7FRp8cWKWYD6+yfHu19sVL
+sySTjVCZJdHb7GMbUx6ek5CQ4l0Orm0WbxKwEipo2bJMzVPHaPq9PTUqeW50slqK
+3hDUXyjmekXlgXAx6BV/TqhlwOuwWl3IiLUSOgW3VuEzTaPUaRFXN8jJw+LfGsnV
+yuhZa0iPQn8I3hOSgBhqpRbwHalxzBVtviO9TIZTrXEgBGSb+kchisISOK5Y/32K
+ZtE5JQwFf2d7+Su2CwljKVlc+9mJmSsBcIUfHYoqub3M5pd5gdIISIclBEBpIkgI
+kDYI7PfPM3xekglU/ylqJcUHmgWhTB7H9V1n9rSbyObTn76NwddUgQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAGh+iW6t1TL6ylPvzJpICuoSitSF2FsxbfNBpu+o
+rZpVlwUsJNRzofxoU7HGEJ8gIAs3MmkkMacaAnZ+o2sHuxtyVnHlXWBfFdRmJIW8
+WikaJTDV2s3lSgntvQJk9PiRtRJfUAO+z78WQisLah/lxKjDEUQs1PTKPbtQTj2O
+S4ys26g0OsBwRV11qB93EEQFjz9eExYk18CKgmzntTU5yOJJ3PFj8rjvyyybNtdY
+WulE9Ht0rcBZcsDfYw2DvOaz50MtUviTjAZxFHLuyE8igbjy3H5BORFOp5Vm2ybH
+/YUwcmvXBiszycaG0JRL+vOIEXAc1lsgmfg3er1QK5N2u7o=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/bsf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCjmOhhx5Ba3sVG
+nxxYpZgPr7J8e7X2xUuzJJONUJkl0dvsYxtTHp6TkJDiXQ6ubRZvErASKmjZskzN
+U8do+r09NSp5bnSyWoreENRfKOZ6ReWBcDHoFX9OqGXA67BaXciItRI6BbdW4TNN
+o9RpEVc3yMnD4t8aydXK6FlrSI9CfwjeE5KAGGqlFvAdqXHMFW2+I71MhlOtcSAE
+ZJv6RyGKwhI4rlj/fYpm0TklDAV/Z3v5K7YLCWMpWVz72YmZKwFwhR8diiq5vczm
+l3mB0ghIhyUEQGkiSAiQNgjs988zfF6SCVT/KWolxQeaBaFMHsf1XWf2tJvI5tOf
+vo3B11SBAgMBAAECggEAAlCr87PItz99LlPauWatA2ZQrd4sj9ugh85IBAVAqJJK
+5OJNaQCHPRZ79WccmcNvkIZ0vUoSOifxuitiCFpZhpnnsiiZ8ErzmYNGlRrpoY/3
+CK0VOLgCqWLcz0VKlWnLuGMLGSz66GjnEmWD0FGTcNW3pLzzfDAgZVbiyo/QHrBS
+mhayw3ceTgggFDeqBXEpG3w1CeWIdOLafdQ7fCUkv34Qww9/kJ7gERbX4eoAHZMO
+fwkkOZ6xsKxH4tKOEAo4hkTnTo95P9n5UpvDGG/8fKV4vkto9KMWnCUSMUZz/t0Y
+G/Jv5aHOQJkfnzS1QtfgfZiHGbto5R5oOGZsy0NdkQKBgQDbJgQwVErskpYGNJwc
+tOcz3gooTEkE9tTsX6mT5cCtY2A59k/y6rXSv8X1es2CCkDFLqGHuOW/TBG6ZE9d
+8JrQVqQbjLe3kcdRdHlwdfzaj9HfQa/ZBZ2gGzhzqrB9Cry7v14F8vQ1M4qWtEXn
+XhWFbR3YP8qjFs3eKLS7DC3x0QKBgQC/G4DJPXvivz+M6iQOYWZH6aO+00Lrm0iv
+UsHPphP3LbIz3cDSAqXRTG18oOikmFCQkfNCRzB55JFwf6Udd/A3CdrIQ4rsqEWn
+kgtY2ZKkU2ZFtCs5wOiD9gk9CnsAb6D8rSaiKkp1X7VMssyoMrHkBFXvQKHtXuCk
+OkEqR56zsQKBgQC43sst0g4aoFY7CeqgNOPN14QOFryKmYdpmBHAGFOAcZLdkrJD
+JEkabnka6uuuxeN59CqECjCWPh++c5yYjL6s/koWi5D4JNxWFMHVY1NZNXZAtnMX
+yyr7w7rNqLKV6ZbpczhoIFpu/vnsxEssMSxKkJBauwXAqx4kSYadPFsN4QKBgQCT
+2SVDi0ui2q7ByArpDTViAUFrSmoFePc8nFvQ1/2uRy4MrkyUrPO3/tbdimcxn50E
+m8WEyyqXwts6G6aUK8wt6HPYZ1i9SlnJEFWzAXBPrS38Uyz122aHYPs4vDj412PG
+1/aBkxJTyB2tHs7yeXXin/ATzv73c2V76I2ttgbzoQKBgF3J7l1yUQ+4yxMUF9PI
+Ta1S87ShIM6B6XgzmdGYyn27lB9jAvmnwNe4pLd5GXZsvIZi8FuQQ9WNPEl78Nj1
+8kSBwSi/MZS1/fiLyP+IaGuaKrfYbEzIlT2rXSgO9IG1gdfO/MouuL4+brynXeDS
+BUuR/ojPd0aSsdGhNFvcwUYA
+-----END PRIVATE KEY-----

configs/open5gs/tls/ca.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDczCCAlugAwIBAgIUWqr1d8XhDsM5Gk5y7G9u6KeTF1wwDQYJKoZIhvcNAQEL
+BQAwSTEXMBUGA1UEAwwOY2EubG9jYWxkb21haW4xCzAJBgNVBAYTAktPMQ4wDAYD
+VQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUwHhcNMjIxMTExMjMzNzI1WhcN
+MzIxMTA4MjMzNzI1WjBJMRcwFQYDVQQDDA5jYS5sb2NhbGRvbWFpbjELMAkGA1UE
+BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOfs1L9v9DIXY21LuT8+Gvkmie4Zc1fN
+OXP+rZAwZYiQpu9Awtk/L2YgAnJ9zXCNrL8DoGJGWGp9KyN3LJeFu6XUbyXgYDWu
+Beg6LN6OUPv30zdjm6iIwEmBtiBgL5HYJZunP3b/OdABIJu9foeWdKVuT+jFNlHK
+f6Arod4sVGp2kc6owkGgYE920m04a4UsYuDGhpGvIAv/r5/SBNdKuysF6gE5YHHv
+4Hk8RnrxrRwQIGasMAlguwhNfbNqupQ1cxcOtMTBZ8KMv+dji+2f5PI0tmmbSeJO
+nENk+A/i0JiuBH6szjZ3ylAuMiMZ42FqFLb9k3FHV/YosxZlzTyFldECAwEAAaNT
+MFEwHQYDVR0OBBYEFLFq+pyZvAQqQohl136+YHCiDtpAMB8GA1UdIwQYMBaAFLFq
++pyZvAQqQohl136+YHCiDtpAMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggEBAK01l12RIId/hjjaQy0pEbB8LU0DV9KYw3ibkFTrVnxXdAtOEvsAAGOX
+s5hwltZChJJyIVEh5uwAHUMrOs3MazAMhD/FiWBeqeHjh60BTR66tof2Gll1uPRR
+D7HHg8E2q01OQmZ1zhj25gd5FP7OSAgXh71TfB6CpRC/gPtYv4vrfe7ca7ZCXKM8
+h3sQxwAMajjHzIKn4ZbqzUfP+ALpOGokbCo+a83PlZgTrG0wHH5MheGQmGKUQaMP
+THXAPNaAaoKXbA8rup/fzdinBG0aj5op8bNS+iZUKOLws6M2Zrns2UQ+PxkhlSoa
+soOVoABREvi8iSj0hkEFrVdp8loESs0=
+-----END CERTIFICATE-----

configs/open5gs/tls/ca.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDn7NS/b/QyF2Nt
+S7k/Phr5JonuGXNXzTlz/q2QMGWIkKbvQMLZPy9mIAJyfc1wjay/A6BiRlhqfSsj
+dyyXhbul1G8l4GA1rgXoOizejlD799M3Y5uoiMBJgbYgYC+R2CWbpz92/znQASCb
+vX6HlnSlbk/oxTZRyn+gK6HeLFRqdpHOqMJBoGBPdtJtOGuFLGLgxoaRryAL/6+f
+0gTXSrsrBeoBOWBx7+B5PEZ68a0cECBmrDAJYLsITX2zarqUNXMXDrTEwWfCjL/n
+Y4vtn+TyNLZpm0niTpxDZPgP4tCYrgR+rM42d8pQLjIjGeNhahS2/ZNxR1f2KLMW
+Zc08hZXRAgMBAAECggEACK8vkDOK+00w5ejN+PZEYEv3IjlFvmXq3tMMgLevNZvl
+BFRyd1wMVFCihtL7HFnRvB1Qph1oNiSVtvBBdTMGwcDgoJR0Rc5MXlO/Vl4R3j17
+ZTmPnJHyUU5QGYpAfb+QOPHcSIJqEcXZCLvhvwX9PCyTRW4NCKcCfGbl2sHiL1JL
+BQ4++zPfjqoK7sJ+WC6bcEYQLpRHZSIZm+kzlBNUyWdtY9WzT8mTdfpzS4X8sZIH
+DrmUFufMkgyciN7qt/jBhps/4/S4yjrbRcOsltcg/1Oba7ayC+vGyzGeGPGA1ddS
++bprG7+nUGRvo/bTC5YxVpIXSlOXizpwpzufpyV+GQKBgQDrVVROaG4dcUKdg35y
+dLjhRcAAgR2gRJYxG2tYRGsDhBWAvVqJ5MwY919j4kdwQ6UBTnWgCFsByiv6OX6P
+kK5Em8ImLEOPHn0nIYNFst5S9GfeEPaCo2jtH1k8KJYbIsUWg8toONv54Ee1VxXV
+r6kS9H66zOC0GlayNazQV85JvwKBgQD8SuFHrKrGdo1Wa49LnWRQsTF0rkBXXUR8
+2NC3SiwyrCH8A+nGv4msbkKRcEOQjkbAthYjdhSXdYFtNLYsYa3VCsMDGV3YwA4w
+LhjHUsdt2W8Wl26Oo+WcDa22NjTyc5kk827EsgB52N8ug/ylVP01AVr5kEeQ/t+T
+yzQzeftkbwKBgAccINvtk8YX8edIXb2fgSZtMQvS2s5IxDDfnzKffowwpWWqUt3v
+p6rpblxaLcZahNWxRSR8nCNFtGZu7j/wIxO3kPoORExCo41XGdw1NzpSYAD5ijkQ
+Ls9bLxr+LurK9iFkAfU4Io0+FWyJIQO/tt/3uwxxvCg004G21W3F+VmJAoGBAPJZ
+U7IwERP3yakcRVgTZsuEisdUo4XImAN9mnCXFYHPjA20DJrYXv1+JP/kYWK46Qox
+X27M/NbJD3zBx8U2R2+AmPefJGETjA2IGlFOGThSR73h1Ve75NJU6WtBAvdrR88Q
+8HSNsJtbUngyXTzMOTbziFp21+hWjJpB9nEEWhKNAoGAVLy+5NBYg3XUSZRDhjgG
+D4LyKf7PjaleMceeZHlhOfG03pjnqZ6vEH6g86fUj4CT4m9JNJPtmhTu8vb96h9X
+EVuEkfctkYy8KPmmqqiasZb8viMA3yz4o0gY2Vh/ZgEuFTjLVANmrP4FnPPQSLPX
+OoF11bTHRPDa1vAN0sBCVoY=
+-----END PRIVATE KEY-----

configs/open5gs/tls/hss.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD2hzcy5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALljW/sKEWWc9NmMz8NpkskbjXtlhkduRWDapIKLTdUUjl+xP2Rbve0l
+ag7Gxw/bX3IkSKQcHwiT1+QMD+CgCcMMd9txI4nVkCP/7+YQVGfEe+2iclp1CrM8
+P7a2oaG3LzzS8Xz+iTWFW+eLE20B4QHygCyQwN14IPGYLkzQvGAe8MfiBfOCIJnm
+t4NKGyXGs31Tvbl5+Wzpm6hIXvlqPUEgjHXNtC6u6FQdCPPxcWwt2O8zT9aB5B4G
+n/914qWlzurUTlnhYg8HV9L+iyidD66v8JMiKQ9xuPNWMKdoxaw034qH3Dg9in9j
+Jqdk3AJdvuqjdmQvPBoOFBQKDcYW06kCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQU5GTunEyNMXr1ZZTh79w1hSC6wDYwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBADYTkXOb9Kx31MN3LSLCz+ky
+KEi3Pio+eI65vTByclmfu/ej2AmGMmHylJQ2RpHzbWOe2MPmpFyI/yfqR7ZoIcfs
+soEnYk3vi4Ul7ooYqWTIvAl24/g5ujb9vZ2+7ZtiyFsTNG3kB/zdtS6X6CUk+e3H
+GbYTHjxvN+VmFJmCJjQpSMTQC9JGuqof3z+R7OODyJG24aw2g7rVtSDW3J0rvDgc
+1RylH/D2KJMBGjo/JlXB6y6wCTu9iLQ5prqk7YunFlpLxjsEdqrQ+yukLhwRH93x
+C0GQA6rMQEhC3paBukP2ePAJoGCqanipp/oJ6OJLnKqVDha69IXPSJLEhqAqtX4=
+-----END CERTIFICATE-----

configs/open5gs/tls/hss.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPaHNzLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWNb+woRZZz02YzPw2mSyRuNe2WGR25F
+YNqkgotN1RSOX7E/ZFu97SVqDsbHD9tfciRIpBwfCJPX5AwP4KAJwwx323EjidWQ
+I//v5hBUZ8R77aJyWnUKszw/trahobcvPNLxfP6JNYVb54sTbQHhAfKALJDA3Xgg
+8ZguTNC8YB7wx+IF84Igmea3g0obJcazfVO9uXn5bOmbqEhe+Wo9QSCMdc20Lq7o
+VB0I8/FxbC3Y7zNP1oHkHgaf/3XipaXO6tROWeFiDwdX0v6LKJ0Prq/wkyIpD3G4
+81Ywp2jFrDTfiofcOD2Kf2Mmp2TcAl2+6qN2ZC88Gg4UFAoNxhbTqQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBABWDs9H10OPMkVJspViUa7DpykmjwqgwZeobtUsn
+7MRP7a4/UUA/OMEgK3HQArIE36byYQM9u80FQRVmlgdM8h3gOABNlyD+Xq/PPCdV
+/+YrAWrLkPGbPgKeyAlVYlqi0j8laC9JB/5bEVh8JUxZ9RlZdYmMVITAnIAUfmJ+
+avGxytm5bss//Vat89HlUvPt5NzrmR2YgxzH5PmMx6AB13JIItg05YBE/KPZd+KC
+CsLyCzjZj7GJ12l1X8nI/EN032kRPQD/0knq1rt2gyxs45pzA1XGJNiFMFEnJ7Oh
+jIeFnbnGxBvx6hu8tOky41OubB1erMok0UV9XpT987tPA/Y=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/hss.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5Y1v7ChFlnPTZ
+jM/DaZLJG417ZYZHbkVg2qSCi03VFI5fsT9kW73tJWoOxscP219yJEikHB8Ik9fk
+DA/goAnDDHfbcSOJ1ZAj/+/mEFRnxHvtonJadQqzPD+2tqGhty880vF8/ok1hVvn
+ixNtAeEB8oAskMDdeCDxmC5M0LxgHvDH4gXzgiCZ5reDShslxrN9U725efls6Zuo
+SF75aj1BIIx1zbQuruhUHQjz8XFsLdjvM0/WgeQeBp//deKlpc7q1E5Z4WIPB1fS
+/osonQ+ur/CTIikPcbjzVjCnaMWsNN+Kh9w4PYp/YyanZNwCXb7qo3ZkLzwaDhQU
+Cg3GFtOpAgMBAAECggEAO2h5PdnMmGTzW9HRdHwc80BWlvACV1qhdfeq10Cf2QQk
+2cp5l4YEt32RXpnZiZ3RmMjC1IBEe6GxAd3RqrhuWGhi8lnvuwhKkBbAwFeETNp8
+ojq37X/rRWOtwTYGVsXWp+WrSFRjENkjCfCZ8Yk0G0UkSOO8QlxwJiuPzsLnUt+b
+wO/bahViAu7c+CyPouw0+MJmysZba1DSRoYSAYF6yzOolOOfk9HIEcfFyY+wCO6d
+hRVcGe5FgFS6hsBC2RLDrKc4sp1VoWOSkI8MfsTsnSvIdWHKLqvmdDlhoEgLJQ2C
+BuPX9J50oa9naLb0FszZNjsF1o1xNXvdzzCvWXIYXwKBgQDWCjlJDte/o48jFbvV
+aIa7jkChD6NWlMhGv6wRftblNU2WxzwQNiDxKo2OK3o2OZaOkXD7u/GrUzsOAnRs
+N+4I340UQz9C7tfzUmsFjS4ju+xxeaPQX1Wmnz5HSN5mxU34y3FvLdyeitUbadNL
+CbSeLXI+qzMoecrUp30qHsKarwKBgQDduzhI0xQS3BAWxVz63vMv/Pp7dCjgg/VC
+ULYv2d4z5twS9fRwCzyhtmOPRQzHOvgxPbU/MF9DW/uXzAGPFYZSzfWuJcv4u1mp
+Ha48GZcxA3C3HWpimsn9yZjcdWG7QV2BV6RgMwH0nUIxZHxQ7I6gplJasZN5dwlZ
+glPAAOetJwKBgF8cV+xQ/ioYQgizJa5lLkm1op5vVoOoxX46uflkRZXAo+O2UMhb
+ZTQFVrWwODRUTsS3eF9EWtVovLsy+A0GpW2n+QbiAwB5Jdjn7Mqgu7oBTcX26YY0
+dtj9tizzAnDkiAtgS929oWWKB7yQv+V+QJZxV2zlomwAAtOQQZwv4wXdAoGATReE
+8D0DY7NDnMcuFsNhhjPM2xN+CuGWamIpleWIDj+cELOXM0WU5RzG7M8zLCnilSxB
+UiD9XiwjA5oYiKkRNMULQGs/ydFJ0TTSmW7EVHQ/wkrl7DapOCXZkfz15+dIHWpd
+al0RtvzeQNIRLwmwZUaup33KKpcqlwZrG/y0kE0CgYEAtSp7JuJWnFCRBGYzITFG
+3gILjbzWxKquho7vOjlOZ9Jn0zHAMjMFaa5jO+jDVeFTo2ma6vJNjkrwwSt2ta5j
+RL3+dBFB8uFgihY68j2yP8OeTuMOUevinbKgySMcTP7mlLzya/SAk9bZFqTJEB6w
+CA6ghp5l+Pzf2ziJKd3nc0c=
+-----END PRIVATE KEY-----

configs/open5gs/tls/meson.build

@@ -0,0 +1,63 @@
+# Copyright (C) 2022 by Sukchan Lee <acetcom@gmail.com>
+
+# This file is part of Open5GS.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+tls_sysconfdir = join_paths(open5gs_sysconfdir, 'tls')
+meson.add_install_script(python3_exe, '-c',
+        mkdir_p.format(tls_sysconfdir))
+
+tls_security = '''
+    ca.crt
+    amf.key
+    ausf.key
+    bsf.key
+    hss.key
+    mme.key
+    nrf.key
+    nssf.key
+    pcf.key
+    pcrf.key
+    scp.key
+    smf.key
+    udm.key
+    udr.key
+    amf.crt
+    ausf.crt
+    bsf.crt
+    hss.crt
+    mme.crt
+    nrf.crt
+    nssf.crt
+    pcf.crt
+    pcrf.crt
+    scp.crt
+    smf.crt
+    udm.crt
+    udr.crt
+    testserver.key
+    testserver.crt
+    testclient.key
+    testclient.crt
+'''.split()
+
+foreach file : tls_security
+    gen = configure_file(
+            input : file,
+            output : file,
+            configuration : conf_data)
+    meson.add_install_script(python3_exe, '-c',
+            install_conf.format(gen, tls_sysconfdir))
+endforeach

configs/open5gs/tls/mme.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD21tZS5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOfRYYARkQf16dejrenOv9VbNAInKLH5BByRobC/FXYs/1ZEpE26QQpj
+ElSZfdc9ri6tlGm8JzsWdeospR10abH9wu/80lerrOJFsGAKC55tLbO0N71Odlk0
+UZms/Efets+4Y2N/ubgq1RStl6IhqkmUOgfbvX69h7+po4PILGMixbZiQTW9DwH+
+aZJ9Gb3YScewikE3J6E0RPf43ABX9roI1oU078n2nj7qZlCNd0zJ9vOXQiQOdcW3
+8PKHlrobulMYh5SmG5ASidZzexHy6csKiH/Rr2EC4mZTYBepb3QZy8+ad9b5Cl74
+yuCcKGf95xui1E+YqGBM9Gi5+HNdr3ECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUVhByp4/5SHL0qj7sf6dXxrcO6L8wHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAJTHO3re3/Tc9YeMs3Z+Kog6
+9z3Rb+OJ5nB56Y7nXVpJ70piUpTSVwPxK1r5a6QqHO9tTTgp5kp5i3u1H3cYnn3q
+r9if/lkNotdrOl1uwI9Kb3eb+4iwZe4VUnhDvWbC3oWVHcyZheS95qxuW/HfErxU
+eZakK1J5rynrd0R8fZiJBfpYeBfOczshDlLZ8G40gwmGcHBTJYQ6bYJjjA1jQXzF
+n1fE6WQBu7q79eX9w0U5Sf5Xo9Ale5Y7o6ud2aZT6F83Upt1G83BhEvQ8vrseTD6
+SHme/cpGXmSToBs9hJfrPuDzIkjGG/kjiVsFalHiaUtVbGvMqVa2iaHZ3HBzIro=
+-----END CERTIFICATE-----

configs/open5gs/tls/mme.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPbW1lLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA59FhgBGRB/Xp16Ot6c6/1Vs0AicosfkE
+HJGhsL8Vdiz/VkSkTbpBCmMSVJl91z2uLq2UabwnOxZ16iylHXRpsf3C7/zSV6us
+4kWwYAoLnm0ts7Q3vU52WTRRmaz8R962z7hjY3+5uCrVFK2XoiGqSZQ6B9u9fr2H
+v6mjg8gsYyLFtmJBNb0PAf5pkn0ZvdhJx7CKQTcnoTRE9/jcAFf2ugjWhTTvyfae
+PupmUI13TMn285dCJA51xbfw8oeWuhu6UxiHlKYbkBKJ1nN7EfLpywqIf9GvYQLi
+ZlNgF6lvdBnLz5p31vkKXvjK4JwoZ/3nG6LUT5ioYEz0aLn4c12vcQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBACCmqKiZ7lalTo2IacCqfhzE9XCzwltNoygocky7
+aEed7vSX/3pxf4x7ASphZd1gytnePc3bVvqChxFKkgTOUCLd6KTcKsPuXhVPcr6C
+0/f3APspWyvZX/sYMLHpS+b1BkO6Uego3ZM9FauEP1kynNHy6Bf0h5BL3YB7yYBJ
+nj9UaGWpEAs4LivGWD+4iici2a1GfhS++PBD8dSd6ipELCEOkTuTZoFquZF66cfC
+3q+Isd29jbIiO40LnQg3Qi75ECXw7Rgzn5rr0eclIEv50fayyd1vWAG5yXbSOyxT
+L/ZBnNDXSLtZV1DMHEvB7rlhXvLEK0874QDtYcQEOltgVOY=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/mme.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDn0WGAEZEH9enX
+o63pzr/VWzQCJyix+QQckaGwvxV2LP9WRKRNukEKYxJUmX3XPa4urZRpvCc7FnXq
+LKUddGmx/cLv/NJXq6ziRbBgCguebS2ztDe9TnZZNFGZrPxH3rbPuGNjf7m4KtUU
+rZeiIapJlDoH271+vYe/qaODyCxjIsW2YkE1vQ8B/mmSfRm92EnHsIpBNyehNET3
++NwAV/a6CNaFNO/J9p4+6mZQjXdMyfbzl0IkDnXFt/Dyh5a6G7pTGIeUphuQEonW
+c3sR8unLCoh/0a9hAuJmU2AXqW90GcvPmnfW+Qpe+MrgnChn/ecbotRPmKhgTPRo
+ufhzXa9xAgMBAAECggEAHPsdqSueXzQ8pZ32XjkKiCtXP1T9mZur38B1yjQRWaKl
+fKJR4iUWACzuO+UBM6P9PyOp3rrMMsRg6G49aYcbYZ+mZmdL3/RRRZZ4cYE//kXg
+RUuTU6zX+dijF5xl4RGe9tgH64aqcAjsIPd/cfWrJXi3n9zg/f5xgUy9aaUK+4zp
+K77vv6ir3PjtHdQOqDTHblLdXJBDtNprF6Q3kvzWLdVptM2jhtsfhoZ5J4RnrkGm
+e9VwUksWnWK6NU3ezYndN2zDe8fkwRKWmLD/DLMrWxOd/E+1T2sUsiTYytxhCMpR
++x9hQZ8P1ogWivYZe0aEwzEcr9SR7sOafdnF+pFnswKBgQD/4fFSHI+c/nL0d0TR
+72BfNieuelnaxWzbsPDC8/7YzRd4g25uWCwoyMxzVntVSAdADmI2aD6REfIejLro
+m27AvEkMvXCBJIn6ZD6a/GVvLGAiJt060Y3znyRm2xCsynnfw+4RAK3Rs3Vqu4EC
+igHytUCKRsU1F3PeFYBABSKdswKBgQDn7JyG4uFl8YB3dm47SiaVxSNHVNnIKQJD
+kULqgxLV0jWbMyXx/brS+tp0ABwavRFYxhl3f1wm/ZBk7YnFCTxrpwG3E1MPu4bn
+fMJqVEbGFfJEkBePpB+3o2VFGYCrC8wsQx9+RsM98+f+jETqIn7J/j8W9Ht4Y1J/
+2mlWubqUSwKBgQDFugBSJQPMmsqVobwqRUFBEYXkS2M3rCsMMFQ7MXQSb5jdZSJm
+XffxpAhob8FqCvifRP4bcL44N5fSh4i+yazxfg0srQ5MnMGKHQBLnxF6sN2wRjvZ
+gaihQq5MVKcz/lni0XIa7V1jl7r5uN5d6erLc8flkf49olvElvS9g7pWBQKBgBNX
+3q45WgdAnzBXhlYXlyRCrvCSGR/im7e689PPXtDKmYH6QB3wxZY3KeUm5TEtt7ap
+vxICY1M1LsfcL/NpE8r+wNveFr1nLJc+BpELumNnDS++vNhUHfkY/adHuz2I3FyM
+tKG5kSsnnp/SXyUP/3clZ2motmuSDR1wv/xlvTQFAoGBAKDDpj2v3u6R5qWWWb4C
++kO41YOGAlx52pcukmPV682CQZyJHdWFG3YHNeJaSBMVayHN+roIbnZQHJGTbS0B
+jOMxgRyt6a86uGBHQ9PUDRrtOH8hcM4Wg5RnKip5GGHWnZYXH421p2ErpDE3ZAO2
+nt+0/3cXT4rENRXogOlzP3aG
+-----END PRIVATE KEY-----

configs/open5gs/tls/nrf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD25yZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAJYwtO+kISwKZjSQlQ9eQNtF1/DpUFi8qrupceRuPtlAwsEFaly8BRiH
+bCuBcRdGjrIgHtoyFJDW3wi3veKn+xkUoSTcIdHahGwon6nryW049ef5tV2CtNqf
+RovgVACdKh7QIruIyqUhJUED+lm4s18aJjKb8QYne4jl18unM5xQkdHfL2bRh7Ce
+BZV9/GxjYyNGcLQUWf1Qme3dqLvq539XACxBr8NqmYSDJGlrSRG0i4z0Faa2Znnn
+epOTyRuttBrRgsebzszh1evg/zWgc5hsMDr4DoPVOfWfAihNkXmq2LF5kZsBqXdr
+kQS6rZsxV4KRF1ynafMNxp0E2I768ZECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUofXRxrSK7mNyrNQCStGT0rE5vJAwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAHAaED78OABG0UPbkWUG1Bqd
+kWPiZVKySEj1zc8dOqCcgn79VGH8TruxK+/dHwQY/YClq/8o9tZzfFOwc/OdtdfO
+dk4AxHwyA+5zJMBWOaGOAIFzPkrRY7RIQnUlkL9FgRg/3hel70TyjBsRm5QEUCPF
+p100S0TS5AACJm5gcC7QPfx0Pz1EPsK0q8nm0V1zAus/mDY67jJcbkCGwH839J3s
+rVzMrnXEVeoubEr0u4fPB4ulsT1uufnmRPjO+Gw4ToqW+QB8aUX1y0PdxaV2K17g
+HD7N6TaLZzXLZDhXB183tMKgOMTzAN/+sDofLUgAT/npO35bAbMmbisCk8Alha0=
+-----END CERTIFICATE-----

configs/open5gs/tls/nrf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPbnJmLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljC076QhLApmNJCVD15A20XX8OlQWLyq
+u6lx5G4+2UDCwQVqXLwFGIdsK4FxF0aOsiAe2jIUkNbfCLe94qf7GRShJNwh0dqE
+bCifqevJbTj15/m1XYK02p9Gi+BUAJ0qHtAiu4jKpSElQQP6WbizXxomMpvxBid7
+iOXXy6cznFCR0d8vZtGHsJ4FlX38bGNjI0ZwtBRZ/VCZ7d2ou+rnf1cALEGvw2qZ
+hIMkaWtJEbSLjPQVprZmeed6k5PJG620GtGCx5vOzOHV6+D/NaBzmGwwOvgOg9U5
+9Z8CKE2RearYsXmRmwGpd2uRBLqtmzFXgpEXXKdp8w3GnQTYjvrxkQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAD7FDen5uEbzgzjW6w3vbyKw/irx+s59YS9zLnrc
+K1l4C/eGUxOjXzL1i5th6TJ6y+860OalWfui1JMfdKFXAz4a/wGhZGbGsQelau7r
+lQTH1nlm+b5BGShGg0R053FuX3PK8vKBpZzPRuyn9n6unc/PKzoRjub5FXKZnrVJ
+8rDz2HXi7ZdxBrU3FUU8dbiTuROgsrCEldyndxhD7vH4mJIPM/0+j8aAU0t9GbRK
+pX2Jo1z0Z83NxKegAtMXho0IoEpESEMZmYStBreOY2mp38Zw3+hEJV7SP3nLxr68
+J/c1HVddfoLt7N6mKvIuVbWK7OxkeFLVGGq2o1/Gs+PkVjw=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/nrf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCWMLTvpCEsCmY0
+kJUPXkDbRdfw6VBYvKq7qXHkbj7ZQMLBBWpcvAUYh2wrgXEXRo6yIB7aMhSQ1t8I
+t73ip/sZFKEk3CHR2oRsKJ+p68ltOPXn+bVdgrTan0aL4FQAnSoe0CK7iMqlISVB
+A/pZuLNfGiYym/EGJ3uI5dfLpzOcUJHR3y9m0YewngWVffxsY2MjRnC0FFn9UJnt
+3ai76ud/VwAsQa/DapmEgyRpa0kRtIuM9BWmtmZ553qTk8kbrbQa0YLHm87M4dXr
+4P81oHOYbDA6+A6D1Tn1nwIoTZF5qtixeZGbAal3a5EEuq2bMVeCkRdcp2nzDcad
+BNiO+vGRAgMBAAECggEADL0D06F5mMknAwVSRzPoz1A8sPew813JI1KLUOMS3I1U
+F1f0vfnKetqdj5ESfPVki/ISe9IskV5QG2auKceykd2Aj2ZGTgy5F41YgWp4spVW
+sf6pZc18tmA09Q8pQMYTuPpRP9Op0Fif1sRWGv8B46qNm9RDHJEDtsg7xc+gHn1L
+oeMNin1jZvypm/ZHv0gv2s+/ziOP9ZLcEsI/Zp8ljlGMJJ4Gv5bpZyZB6MCrC1xI
+2EOBIeQbO/DnvKw5tiflIiiE+UoTcLvRiX0yxS9IpcYTpV65uwsBsmj+yeg9eunh
+ZhoQNnEYeTwHpdzCX0ZO0IwTacb/gElutJ1n/FlMUwKBgQDKHh9UZYx1ejPrCzKT
+jyoiXClNEt14Ze3bh3hIgDLaENq24jadNYOfTyCwPd1CGYYkgnNlY8VWBtisafRW
+g7e28VGrzaEoYZ0S8p1vNsMabM1oWnq/P/oy0vY9YFvth7lZdlegDj8om+7tA0L/
+q0bDpcU0rQhLzxGExJaLJUjlIwKBgQC+OrTxkfrPvK/CIXole2Gu/Se/5smWNxGc
+LNuX39vgIzPvSf1I9rHCr4omqHoeFooujTckfNKR1yc6x/a0jPjDD35ztmPmSKs+
+8PCmhaq3yfjYnt2+0oZd3KVZ9acayNJ205/YVYxG27Gn8s2V2TnEHMXO18NZxPnL
+KHKDCGm7uwKBgDf7L+JIXicLueWYLGICfUEXFblrSDxYvxDW7NHn8C3GDU4qScYx
+VEuDtyIZgHcWarkiCKREhhvVuZ3Hmw17Xh8lp+FWCxUMNF1TJZfwKwneqOYGaYkf
+R0VceSd20P9xYD0PMiX6zDOLPRoYlS4LWoZGG+EDLBETQV7stGXF5fLRAoGAa4xN
+WHYr0t7ej2bV4/MJmyFNI9WbCu4/aoiB7i+F5AaDCjpOlL3EaklMVebSg8hCf2cf
+UeWwNvvpFfaPqCw7SCyuVUU83akgCAm4RK01g4sQwYev3n6vsMlaQq37t8zqEHw8
+1tYm5Li4jDddu+aAHjwWKYcaztnqT82iUCqlfJkCgYEAyK8xQfiWNPWADHILRDy0
+xtI415k+skYDx77dSmancF/10PGaZRO+UWI/EfweV8lR6ChSf9MuJxKZXOGupv/N
+2MY5qTAJ0WluunA/bGRS7VSzetq0ZC2LOLlARqvZQQSVINq406eUjhLzdwJZaR8z
+dtlKQ+91L56ELsd1XZ5DZfQ=
+-----END PRIVATE KEY-----

configs/open5gs/tls/nssf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAkSgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEsxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGTAX
+BgNVBAMMEG5zc2YubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDIrtclpBRox3SHlIWyxwKH/u77/UP+ML6C6AQOfsI6j7+G3o73cqIb
+zVlpFCfuy7Xh6+Y6uLqLQccNFlj0ckX/k+T3wR3Xpj6YAJ3W9ynPcgDWDK75Mlta
+YDR1r69mkZ+SvDAE2gjHgv9zb5Jujyd3s419wHv5qzJQmgEMmIfRhP3sBJNw5+GB
+D226dIR4QWmySrNku3BpTXrmKT8piStnnpWvEaoIBrYcAhUvFkETpWv2FIJyQJGH
+Ku5894DuK2kEdxhA2MTAeEOxRnq9Xfv4Qq9JpyYNRLSfpUeSeJW3ZjCYan+mpciA
+y7QPY2dG/RraGPvkGtTmlBEUMV2kThYjAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYD
+VR0OBBYEFKDi3dKxojvcTkXTSa6mQwULPtKBMB8GA1UdIwQYMBaAFLFq+pyZvAQq
+Qohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQBJ5p0AF6bwFB2IaCdcpPix
+Ai8kh73og4G1fi6+5m0Es0Sj9atAS2jFerPw4w8qLlWQCQUu5c9TFRmC29PmYMKd
+1uPFfxOoaw6ohnfqbrmZyNOFpKLSYAi7VAcmVTt2ErolVAkWxknVTNFbC4QtgqOl
+vH7WF6UjRXpkGdEcDewBcNjo/GpMacTsMGpQrb09JH8Sfvi+O+RDJY3kYI8e8glx
+ejonu+gKXxCEZf0ALI/dIGyDIDTG30nShCMSBjOy+VjVFt2W9PFYykEc0yOpa+jX
+C0nbS8zvC0KnCFeIomYUTbkOj3mgEWKa+gewXkFA3+i8XxOPBbmsXU4cWyVJ3sBp
+-----END CERTIFICATE-----

configs/open5gs/tls/nssf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICkDCCAXgCAQAwSzEZMBcGA1UEAwwQbnNzZi5sb2NhbGRvbWFpbjELMAkGA1UE
+BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMiu1yWkFGjHdIeUhbLHAof+7vv9Q/4w
+voLoBA5+wjqPv4bejvdyohvNWWkUJ+7LteHr5jq4uotBxw0WWPRyRf+T5PfBHdem
+PpgAndb3Kc9yANYMrvkyW1pgNHWvr2aRn5K8MATaCMeC/3Nvkm6PJ3ezjX3Ae/mr
+MlCaAQyYh9GE/ewEk3Dn4YEPbbp0hHhBabJKs2S7cGlNeuYpPymJK2eela8RqggG
+thwCFS8WQROla/YUgnJAkYcq7nz3gO4raQR3GEDYxMB4Q7FGer1d+/hCr0mnJg1E
+tJ+lR5J4lbdmMJhqf6alyIDLtA9jZ0b9GtoY++Qa1OaUERQxXaROFiMCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQCFIub4/cIs9fJihlSgOfkqR5BVjv+UZgKocmPz
+wACPxgLeXGzH+8aQvCnsmb9p8A7r4CamKkpzeJHuYyzLj2wqTaif0gsAvVnjkksi
+uyxZtkWV9HDKgWYIaJnCYtKvAl7qKiY6DDk7McqPcGnI5zjYakxi6pLE2ZC0TUH2
+M0Zy54Tzj7rC889TfwGjbPIPm4mqliy7isxDJed1yiFizG0RT3CFB2qnjxqoU3sa
+x0fYGWP7mcNuioBU2VyPHkc8/8lNM9sR7+K5Ne8Orq8ooeb/kTdvGZJ5MX67W2Bz
+g+TwAs7ZPD4+ZGNIihlIMl2w8aOibYKmdIR6sc/01GHDhmV+
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/nssf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIrtclpBRox3SH
+lIWyxwKH/u77/UP+ML6C6AQOfsI6j7+G3o73cqIbzVlpFCfuy7Xh6+Y6uLqLQccN
+Flj0ckX/k+T3wR3Xpj6YAJ3W9ynPcgDWDK75MltaYDR1r69mkZ+SvDAE2gjHgv9z
+b5Jujyd3s419wHv5qzJQmgEMmIfRhP3sBJNw5+GBD226dIR4QWmySrNku3BpTXrm
+KT8piStnnpWvEaoIBrYcAhUvFkETpWv2FIJyQJGHKu5894DuK2kEdxhA2MTAeEOx
+Rnq9Xfv4Qq9JpyYNRLSfpUeSeJW3ZjCYan+mpciAy7QPY2dG/RraGPvkGtTmlBEU
+MV2kThYjAgMBAAECggEAHfOlE250cq781WogCkQUPKKanewkRGvsrd0IaKFtRmWY
+pah8mLH4lUMGH94Xl6xlGQhRnwdd0Cr2anL2E9slAgrbbEmGYAk6jl/ehEGfcTay
+qT/QsvYGbGwEvbaFlz66HPcOs6qsZMVIcGeBPhRfmkindX1Prj5pjrNtif5knFXZ
+YezQyv32wsXn0blE6Nfz7s6udA2JOhEj9hbl7VpK5Diq9X7zXD9eLlEB2vcF06xW
+u3mMZHCN0Bl9Ftq0KM3Mn56GjqIKMXZpQOZGL6hwKbQQRgLAwWqGGkQASsd+zpIJ
+i4NTibBDQarf6Wiob6SluEkpeaCim3cvf+lpHYCnAQKBgQDc/1StN7SB5Hpw6ApF
+RkWQb996UnmM7DUQp4G13iGww4iC9+pC/F6vb3WwcjITmxdLbSWPrMByTPzUIk+y
+kkBRD/TaAfPqSRsect9DjMhNyjxjSYL46jH7sR9VhebmuL4LhD2OpSPNGsnJwZ7O
+GcWWGRcEgQdMiXZTLpZhgJ+tXwKBgQDod9TRgADMMKFF55qCa5M+a/Jp2s6pgFBN
+BY8S0JApcOec0EyUZZ4fKX+vzP2PvQj4ITbEwsnnYDxGUIp76Wgo6ZvD50nSaxCC
+/liDY0pPEOFTIootByPVj56nrpBQ5Rcuon7DcIS2z7kCnoDZ3d52UTqXjuu1sQet
+8B7L8OVJvQKBgQDICwvgG+t2JJY8u54IZPq1Kr8035ENYgcKw0WjlaYTdnuMadMQ
+vZcL4K28gTIZEys76Fm2ux4cmNnHQCO6Na6ocfQmntvmuDQnFL5KTBZIbAbLrRA0
+NvH1rbf6V1HSiWnlzNdX1t4YW+ZKjcwtLaDwJFf0iMNNoaSM2T/glGh1qwKBgEB5
+5AQLTa1Um5Zo61ja/2bjx8OGVaV7mkoSjaE5SZLE5uh+eY77NEUOXITlBTrVwmQX
+yjn+kMNk1LLn6dD+Zs5aJMLMJpR+74B1jRU798NAOk61mL9uaIj2IZn+d7aII8ri
+dOg+EAEoUfchATnsKKSGWQrqMAQfyrJ6lAAam229AoGALHAQxLc2fXztnZ7g2ftw
+YsjutOSPPf+xBWZBVILYQMdY7Y3bEMIuz0oJqWSnvJ5ZMz09JQwoz9EzM1PL7GJ6
+PVlNNqqWdHtDlFamXS4rUXdsJLbKdoHy51bG1qIc5euYutpSUpKuc4n/g6erz7RD
+iJue+kVzeFjZeLSMFeoN5dQ=
+-----END PRIVATE KEY-----

configs/open5gs/tls/pcf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD3BjZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANJDzsbZ910GqsJTS2Z+FKu3KnNHtPUvtJ4/pXdz6b2s9ECm0bPpTofQ
+7N17yvv1GmEoBiCEpoz13q6ZZ/CCW4PLXUTXQzKsB3HVbm7luJA9JziKbXnSrGnp
+SQk97HWN1RYdTKQKi46JaEg8MfyImeopyHQUmYbyg6oJSm/8JyXT9LAil8BJeLgS
+JpOGvhE+Pus1+7XS9hswr/zz/6jiy2i6Cc5AKxF1Qp1qp69/8EMBFPRtxiHkwnQR
+jMS3A7sk8N4z2P6JlRx3uBHvrActS7Q2IAUZHCqGPO+atdWjPpZmDJTTkiBcPBid
+xNBM1efy4xtCbJm3bXQStVgELdXxZwkCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUAPQBjYhnG8101VwEMOb7qk7Lix4wHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBADjP6PVyrc5X0Av/FvkODQ0f
+9FcVH36olgqHMXH8HMtSaLhWB/NdOoeMfNnrZKlJJe12t05vd1b6c495Xg5bCpCn
+14wjUg/TM4FijXECGl0KT/VvPd+DI6sJiDgJB6wwVQoujY8c8k3inPoRBmPY56C6
+6UeD+NA3rUKnCas2yKq+eR2l+U48nfN9Sxdj5/LAQeY6CEaKKAdLZoN5YyxzZfTZ
+esG7mPpj5c7+oF2SBk7NEf+3yT8aZ2Uy20GXwLnQYk9d92AWUtBywe1LXgJxY3Yi
+snDuwEymRteXODzjMp6JXsCUwZ7e2e2QvTdDASx1QREidr9z/ddcpnXQWwQncHA=
+-----END CERTIFICATE-----

configs/open5gs/tls/pcf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPcGNmLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kPOxtn3XQaqwlNLZn4Uq7cqc0e09S+0
+nj+ld3Ppvaz0QKbRs+lOh9Ds3XvK+/UaYSgGIISmjPXerpln8IJbg8tdRNdDMqwH
+cdVubuW4kD0nOIptedKsaelJCT3sdY3VFh1MpAqLjoloSDwx/IiZ6inIdBSZhvKD
+qglKb/wnJdP0sCKXwEl4uBImk4a+ET4+6zX7tdL2GzCv/PP/qOLLaLoJzkArEXVC
+nWqnr3/wQwEU9G3GIeTCdBGMxLcDuyTw3jPY/omVHHe4Ee+sBy1LtDYgBRkcKoY8
+75q11aM+lmYMlNOSIFw8GJ3E0EzV5/LjG0JsmbdtdBK1WAQt1fFnCQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBACom4xjdCg4uDodIeninSNXwaOFK4g3zI6aIDyi2
+FhBxDcutDAAJHnXTOxVNWHan09UiYUeCRlh22NXfOXTAkR2cWDDizIGlcw7IUPal
+5+AqgyoBqZ1sD51+oDkZArZad07HbaBgkHoCDBDnGcWC7E6tpd1MniVuv5xPGp+g
+TIEKR9wEiHsUEePON9rrIqntgvpq8LpHVv9+BDdn6AEbkAim0U/IvHcmCjIzwp+8
+N2iFBuqngt/P/v/A0/eL06qqWIpVuVpBIYDdd6JrMMM3QWcATiFTVX19Dpov0dRN
+2iR9zsWC2Z/NYPQzGoJyKees7prTXpOyS/s8LLMTAKGnxdY=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/pcf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDSQ87G2fddBqrC
+U0tmfhSrtypzR7T1L7SeP6V3c+m9rPRAptGz6U6H0Ozde8r79RphKAYghKaM9d6u
+mWfwgluDy11E10MyrAdx1W5u5biQPSc4im150qxp6UkJPex1jdUWHUykCouOiWhI
+PDH8iJnqKch0FJmG8oOqCUpv/Ccl0/SwIpfASXi4EiaThr4RPj7rNfu10vYbMK/8
+8/+o4stougnOQCsRdUKdaqevf/BDART0bcYh5MJ0EYzEtwO7JPDeM9j+iZUcd7gR
+76wHLUu0NiAFGRwqhjzvmrXVoz6WZgyU05IgXDwYncTQTNXn8uMbQmyZt210ErVY
+BC3V8WcJAgMBAAECggEAEobL/ORuscEpIZcyQRUh4CFy+ZZbYPEzom/sNfK+KSrI
+mLu6JXaMp1Xm0Psb3whxKxdaNtpJTIlLdinpKR1rT9kG3k5zSs8ylrqeEOJn2Tmy
+L36u97ly3KAkAc71e0Qkft7VBm0xb702tYqsQtqMaUAGPAgmoOfUZxKLfwOCNYhn
+FvD76Qvv2jOwO0UvDzrlOdDsLiDPqYGR+4VhJOGEBVzZnQeQswbhTEj9JTBNc6Dn
+Gvh5ZxhaV82yxpB8J0JVWESb3w6KDnDpCskW8IVznjr4D2hxjQRjDXx4IMcWtCVg
+BnEknKR74uSaKZza5jwGf6XwoA1YlkCNbEmGeZn8yQKBgQDlFGx/KkSNIeDOUuFQ
+9la4jBjBf0RQkost9h10SVgk7UhnUOdhAzd8gygAdL8opesoVyY2lbIhv62iH+94
+5Eoh0mLT9siKjR/d56wyQRccrjoHLt91GnD6qKeGO0hbI5QeeKbdDrbCgzEpm385
+u0HYLhlkM+bpPnMDaai5wgnPpQKBgQDq+Vx2K9lNHN/Gdz7vq0xn/oGeiT0EWQAl
+nGD9E03f1QYsSA0DqX3MWJ+7rmXHxZcT4HC1DNcgpG27mEnIVxw3n3JoPWaY5DKd
+BXvQEA+SaNfXj+nEQft/mFgVGmadhnS8IgTk3obAQXVWXrgV/0xO4YaQH4D/08Zp
+eeWr7neclQKBgBceZoy24VA0+REZgC/BjKL3UJBGnchb4bvzuKlBtamUYNg8a/14
+a6MfQWw6XAhoJkFd+jdMCDwrsgRIoMxcjba4Gs01fKuu7mZguRohQ4nbc3PCIT8a
+Ogix+KYtWXIJNyuUFZL9pygeQVnnnYFgCpccn+di7Yzgho7znNmSYZcZAoGASOpi
+r+UBhLVuF5dPd24vwqGutXSe86durT0ut7ny03+2b61YJIfHGs9xmfsPaIO/UxK1
+xukaJO4Bg1JJqxqlDfmztfc/zDgcIK/f8Pva6TMRr7nf7+AN3FV5F+teZomf1fW0
+kRUgua5WbBvughz8IApKCJVOIZUlH/wMsmLIyVUCgYBL9vzRI1RliwBWZRRHGuuX
+Eg2x3GUvIAMbA7Yfpd08VCkxPGrNtPjb+nPbV5zHf0lSrKsBzCtgy6WAulhUGTBw
+tfcU//wg+1MDb7OY3ZBy0+8e0FDfS674DnD4YT7E+RoEqSrNPJ7v+Z1+LjkQPU/k
+58Nf0K4LaLiLah5T6dNIeA==
+-----END PRIVATE KEY-----

configs/open5gs/tls/pcrf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAkSgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEsxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGTAX
+BgNVBAMMEHBjcmYubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDMiA6Y/1qYyV3CMfVer498oPZNlnjciFECal71JbgigzvUUAIXT5tx
+KQUWKTjeyhbCGHMekwuyyUoljo6jMIoYFL5m1DKS6GV9mQgOhj2QpDEN44FFWm4B
+BRM+pHxXr71h51lXffH6l+wt1O7Y76ok2ZIxB8vzUUfKzmeg6wUQntS4oWuzZCHl
+5Ca/5FaDcty6H4ixE1O3+dRHPmbT+aWrZwekZyrOXYnOd4jNlJ9mz8STXLP+mEEH
+X3VbPkBOwFOHNq44WHYzZNj0CEjVghWWtse0T5V3QWluYxiBmJF3q9sWNe6bn9FI
+qOeJue5TzhqsldDZ75qhmvpRn7Kn+hz5AgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYD
+VR0OBBYEFGyP1+kC3lw5HoXa6O9i41J/tZZqMB8GA1UdIwQYMBaAFLFq+pyZvAQq
+Qohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQBkZI1BdcoRFyQGCb5AhiXc
+Su7MlrdPBACUvXqF4R1OeNUAa6dwlFVINxZmrFYrJ2MCo+4KBURXEBjugLloWGTP
+ChsM7eRoFniCQChWkEjoaTe8wDIWYSyZ6tBfiDgdM87uP4rbK9HO7C5lByj9QtAz
+OHYbkv5NEi5j+S0i9et9jjXoHjtqBRnlzF3lSWc461CkJA1Dgv6jldY+ozhxJlPq
+ZWvLc+8B44pgsQYkwpsg3CFESNAUa02h7qynswdmaB4AtPON13qjPzZxuawVco6K
+Fuy68CkHwwUTk3Qq2Nd5DLE5yOstiUOpJJ5qlQy0Fkp2SG+FEC9Rlfbl9Eh/Yxua
+-----END CERTIFICATE-----

configs/open5gs/tls/pcrf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICkDCCAXgCAQAwSzEZMBcGA1UEAwwQcGNyZi5sb2NhbGRvbWFpbjELMAkGA1UE
+BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyIDpj/WpjJXcIx9V6vj3yg9k2WeNyI
+UQJqXvUluCKDO9RQAhdPm3EpBRYpON7KFsIYcx6TC7LJSiWOjqMwihgUvmbUMpLo
+ZX2ZCA6GPZCkMQ3jgUVabgEFEz6kfFevvWHnWVd98fqX7C3U7tjvqiTZkjEHy/NR
+R8rOZ6DrBRCe1Liha7NkIeXkJr/kVoNy3LofiLETU7f51Ec+ZtP5patnB6RnKs5d
+ic53iM2Un2bPxJNcs/6YQQdfdVs+QE7AU4c2rjhYdjNk2PQISNWCFZa2x7RPlXdB
+aW5jGIGYkXer2xY17puf0Uio54m57lPOGqyV0NnvmqGa+lGfsqf6HPkCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQAmSA4jedvdB8xQrrEr5eJwAiBv72vu6t0okW/v
+80cLid140/stZSNHdJ7dXlXWhyWfCxS6dMVuXhYBgRCucwVpMjU2CX/ukhzT0JQW
+kTrdWCsrqzHnD/ukGQXA1fvaMHTLUzcBe/CznS/H3pVkSjdtiENZhxZwghigI0dP
+hePe2O2GmhKXCl+mtD08Wo9cD5NuDj937Wa0x9JHsjsoKxBRVvdmOXBrAZ+8p2k1
+nwwadBpUpGLbMDS19CMGOXjRpITE1lhXFDn1xtQRAM0eYE93jLzUE+i+o90CR24Q
+g21BL9lz3emPLDHgKB1PXdp2azdfd+cyVzDVGrzEFdFoqxNT
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/pcrf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMiA6Y/1qYyV3C
+MfVer498oPZNlnjciFECal71JbgigzvUUAIXT5txKQUWKTjeyhbCGHMekwuyyUol
+jo6jMIoYFL5m1DKS6GV9mQgOhj2QpDEN44FFWm4BBRM+pHxXr71h51lXffH6l+wt
+1O7Y76ok2ZIxB8vzUUfKzmeg6wUQntS4oWuzZCHl5Ca/5FaDcty6H4ixE1O3+dRH
+PmbT+aWrZwekZyrOXYnOd4jNlJ9mz8STXLP+mEEHX3VbPkBOwFOHNq44WHYzZNj0
+CEjVghWWtse0T5V3QWluYxiBmJF3q9sWNe6bn9FIqOeJue5TzhqsldDZ75qhmvpR
+n7Kn+hz5AgMBAAECggEAAyK73I8fp7OAnztOWHkHEWFTXV2m9TSWz1troMUHBWpv
+JqJiYdKb3riDBjO0FkBRaIDg9PFKrt9Epn5AxBI4r8VTpPZwXw22jp4jwDtBIuBN
+izm3b+WCxbu6740shdihJeja1wtMhCvDmHFJByTnfiCiy+MjdpPCrsKK1q37uiU6
+NwQM96hwi6TYTX/i2FcTgB8TtPmy0hKiN5pUdWYGNq8xjNAKarNptELveOkTDmCc
+dlpqS+4ii5BrADrNDjuP7FS4KnBn45vEB+y13OAPrY2TvbfQDBI4i5HdCVw3zo0c
+NOf+TpJykg+Cxa/WqutX8im/3X8K8WymkcfdZ1I0QQKBgQDdadXvCrJNz8j5o2OU
+ClCvkFnPoCiySCT19/RN6C45C/LiWi67OxcD1kr3uWMjblPwXoyrfZnxjraOpeaM
+fVXnzNbqD+Rnre5/YskvU5hcgoKrAMSgcwa2wc/DKPrgj83PWaxrxLKCguPIh6zk
+DTvAFsx13SBQuRQwiAVyJY6KIQKBgQDsex/TndN4+kxdPhZMENExoqZ9wBvLFuvq
+q6ODTSDw/yahPlmAAuqyIYq3NY8Qdi4IEKnna6wVVBtZU313TADVntIKT+1xsdHp
+SLKChdFggqdUXIS1/FOCosoWCaFHe0jM/YVxn+QpooZLWtEjTofxGbfEiQf+sKPV
++KDED5wn2QKBgQCM/wazMLaXAojTIA8biO4UvvHSXAVOcs7Gq92xdvdocIl9RzyX
+Emv3j5Ex66aMO4fMfAlMc7GCuATdFhyYvn/kGveJGhGzTHmiOUAwmSVfU+TuDJEq
+M9XEr+skNoZ8VlcTgeFgx2N95Og1HOEmYJ76Fgqhy+z2OsX2mcgOBoicwQKBgEah
+R5I201CQwXof7xzs8O44PC3W0PZJdFD0zrOKt8oDCxChxK19MYfeiMXLk11BTuJN
+x9E80XrVUg3N5+1Xn/AtrWIzGSIaEC3y7o4ZVb3TiBKkR2brZC3iXSVT3v2wjr/b
+AJ49OTJOPnoHN+upquSR39ctblvdejGQPsQQPX2RAoGBAMPEbxnbW+4ueDqDLjZa
+Sycio+MO8wPtsBL6g0sg80zduoBLPb0djCSiqYCTEgwtkYG9oQtKYvEycvb8h1qB
+9TrLpwWTl/k1ERmjME94Kf0IJZU9KInq5zmIKAn0iIdoHjSWK78JiOMb9pw2A44V
+RmU/iXW95u9YMWPrtijdc/9y
+-----END PRIVATE KEY-----

configs/open5gs/tls/scp.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD3NjcC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAJ34VbJi6C7XISkQdq0pKXcTITsG8w41IxlFm4nuglYyDWsdQJf4+sGO
+I+E6E8b0LVDkUljh4cRD3ZTZy/MlBC2EHIi1zP0ZRDzl6Av9qVUhCkQ5bviPmvUe
+fQp63Suo4MzdzhbAipzsEC/zFDdjtjHKziV16zxjzpWoR9Qhr8YzLWT4t2wxJVP8
+lOlgAdkWYPDW6/PAz9PNmJ0xuhtMC04Ia+RHxFi4xeH4umBcp2cHbdup8fW+sI4Q
+RSg6449FiL4XlElggMpNlixcvNE6umzCAS5rJj2FIODd1i4J7JJjbs2nxZWJQTj5
+B5mpvFr5UlkKAxNVDfEC1jNzkS7ttscCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUGcbPg++D5U187URxcjqTsqmmAogwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAD3hPDcxv6j4n92UC/+XSsLQ
+cR0gZH454Y52Tocee1MgbQeDQauJAVtu4A79reBDmL8pVF14auBzLqLdyBTxAfOn
+4hcbw9OjxF/eKeNvYXL4tNu4KzZOoZuUiM78wnvJQObRp+30/dIUHt5B2nuKdStI
+kHgQrUXMuvJBCzmDKqiyDkkY8gN6/no6LzHQcpC7KiAhhQZ9s6IIgg8ulVqgeLXd
+Ia7Jit1Abm68+JDifwof3IGF6fzjxmWNzifxlVSgbMWMOnmgIVXojZrS2ofiJ2es
+VvLkGvyeCQtUV0NuGNS5QHyKN68mfDNRbk7A5gcr4ga9YzXHc9aQ5VJZyDvax3I=
+-----END CERTIFICATE-----

configs/open5gs/tls/scp.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPc2NwLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfhVsmLoLtchKRB2rSkpdxMhOwbzDjUj
+GUWbie6CVjINax1Al/j6wY4j4ToTxvQtUORSWOHhxEPdlNnL8yUELYQciLXM/RlE
+POXoC/2pVSEKRDlu+I+a9R59CnrdK6jgzN3OFsCKnOwQL/MUN2O2McrOJXXrPGPO
+lahH1CGvxjMtZPi3bDElU/yU6WAB2RZg8Nbr88DP082YnTG6G0wLTghr5EfEWLjF
+4fi6YFynZwdt26nx9b6wjhBFKDrjj0WIvheUSWCAyk2WLFy80Tq6bMIBLmsmPYUg
+4N3WLgnskmNuzafFlYlBOPkHmam8WvlSWQoDE1UN8QLWM3ORLu22xwIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAFRCjdAFXqzb4Hb9ssaABrW9nDwO+ZTGiMeQg122
+RJ8TiH0jq3qurRdq6owPDJiqVVNklCdba93fB9TRqXf3E8RKswp9JfM3OfVdpgT6
+gYoQcJOVsY1iyDbC/RQZvDGprAF/zUI/7+Lgb41CHU3rd2XOVgZtJf3NeBHV2ZmH
+VMnPW8t2KSxtDiCNuAePfFnmUfSYZfTqpyswO5nO+qyfazyH1teLKcnjrHi5yCXD
+r32l1W7sP46pQukJjLgEKQA+ekA7pTmqENJLY9a01yY42N/ZB35fXNuxeJNS0I8Q
+Zo4AoFwBWINSTiOF4/n1OSIctmkxc/51dKNLWu3kZSOholA=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/scp.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCd+FWyYugu1yEp
+EHatKSl3EyE7BvMONSMZRZuJ7oJWMg1rHUCX+PrBjiPhOhPG9C1Q5FJY4eHEQ92U
+2cvzJQQthByItcz9GUQ85egL/alVIQpEOW74j5r1Hn0Ket0rqODM3c4WwIqc7BAv
+8xQ3Y7Yxys4ldes8Y86VqEfUIa/GMy1k+LdsMSVT/JTpYAHZFmDw1uvzwM/TzZid
+MbobTAtOCGvkR8RYuMXh+LpgXKdnB23bqfH1vrCOEEUoOuOPRYi+F5RJYIDKTZYs
+XLzROrpswgEuayY9hSDg3dYuCeySY27Np8WViUE4+QeZqbxa+VJZCgMTVQ3xAtYz
+c5Eu7bbHAgMBAAECggEAFJLs2lxeYAddxsLhqgDT6THBILZxfna2OQrjTI4XRJGl
+RL+dE432XrIcAy/0tnND2aa7AN9+b3jlSYcqNGMsTZ9IthdzeL1LMWFCHRmu7art
+cuBGDzJo3KbZYz2IQ7DtglEbD8SI6RIns48FoYcnigmfWqqmdgmLtNsja8HtajM4
+nF9CZQvGkpM5DxXm5K6OigkZ9JKHkvw3a3uglH5uNTmf5UqMSktQQUks996lNlcF
+ncjJeagOazWk5suG/fR8y7jrf2JrhcKwuYSg8jEFwf/ykAKuy0SNHU1TfF0ply9w
+84HvMScv2nRsdB3cT0J2yfGhV1+y6S1tCkA1EhOWCQKBgQDY7V65kKaFJhyZDIrT
+vZoJMCWfYAYe9It64LLuGl+K2b7HQWMa8AONy8PV1NPIoMzX+AKmfvo7Yt6WL4tW
+lNdmQIcVPYnoPfGW+9si6ajByQuaLMYzFKXYsMmazNuIxgx/+4x7U4NJmtHxKhyW
+izy8M0D2GY5wPQqKDYD5Ew2MDwKBgQC6bGsTVoUp3RyQfuH8zCCavOjJCk36pyYX
+U7NToCNaDzA4j69NiDY3AQi4qjLN+qIuNh7WLi9VUubwaqiwVvzBiKe4AfVPlh2R
+cOtXJZxCmZ0pcsSsMvv5JbQVLbmOTU5OVUBx1IosakXFyPbX0+HlRTCXQWV9/WGU
+Rk1PvmZRyQKBgBApp3wmBfI3w7u3joR2RQrYNoVobyxRRi8ynMJW3rWGwcsw2QSB
+y5H+E6pUAC+bo4eX6AKlxVk1ZaZFBpm930q0FhyECElwjBaWz14LkNJXe3DSUzYt
+HKpHic3p45WORBIpGO97anXKfkf8vkKNP0o6e2Waw90i/y0IEor8W28LAoGBALQZ
+nfBWu9tP5BKsogKp6i3Tp0jiDafD54bNtAdsQ/rzhXB/T6qll0rYUuakduSL6Dag
+znW4tL3Hk5hcUo/Z2eHW9cFNEwNKUVJ7NsFAco/c+/pZCCwcLVXr2OhE/mi9wpLm
+xZWy8bIrETEdD2w/JJNsnp7h7P0k1yp6KKKLnSoRAoGAEZOB+A1EGllcsEMX23jZ
+SfECJntHZomP1GvstLvaQNlSC5lDmT6KO7Rw2RNEDJPyfelO/A17CICpDGU2NndC
+hI4zzywqqsLfCaYpPz1CD/BzP4ugyXM8W/kP4w8hSlHdqgyNi+iWqeBzsrZXtHLT
+4XJt75eQQ48u+NWkaQ4kLY4=
+-----END PRIVATE KEY-----

configs/open5gs/tls/smf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBCzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD3NtZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMrZsOPjIlGG8FptBo7fdxaEKusuBoQEfSV/8KoQovMca1yn3SEiFNdv
+dDG2RusBCzZ6K/bjTieYpkUuTH5nTPQiz0MRM0ErlxUXKrosZ8aalRNajveq3fgR
+K7pa1tnS4iEArMwtr1Fgj4jA5B48pOQrS5vmx8w5JCaPXJ9HPjTwdFubXSfMT9fT
+qcP/E9Z13zfhDZ1TStz0hYIanQZlp2BTJJgZQJ5kJsdEsp5Ect+t3ZVwDxT90iFo
+1X96dR/xf0DEKHxmybrahhmePvzEETgz03McVEUVBdQMMvDnqyXicLNzLJICY0Yw
+KzGeAg9Lh3PVjUnx/ctGdp8BCJRRkS0CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQU6p4PokOU3iROPZzUmvS88xnI/QcwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBACpTSu1iB2ZWmTrR6zvnn57p
+xuE7udN7M52yG58N5k+f9cwXwmvvo//VK5AkJLqc/qBERwOC1yUQPTotBq8K0dF7
+Gx+zyG7o24GjZYgJvqIADEE0pWLTN6GkkYTzYXQwfv9kPDpAWbXl2bsYoY8610ce
+rRCQE7FkGuITR5mqKbJbvMSAwiH7gZ5yjjWXaUB1b6zzXiPOvME23IewgnddB3Ab
+zkGqgYO2qCcelkE5ciFl75d+DovfMXQDU1qGV6s0NTEqIWy5BnYj2jKoJJp2zKfE
+nOhyty5eh08CrH3PbYjmU5pNP7/ibG0oVJR5xLx5SWlPCbkEImcOwUH1cCoxEbU=
+-----END CERTIFICATE-----

configs/open5gs/tls/smf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPc21mLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytmw4+MiUYbwWm0Gjt93FoQq6y4GhAR9
+JX/wqhCi8xxrXKfdISIU1290MbZG6wELNnor9uNOJ5imRS5MfmdM9CLPQxEzQSuX
+FRcquixnxpqVE1qO96rd+BErulrW2dLiIQCszC2vUWCPiMDkHjyk5CtLm+bHzDkk
+Jo9cn0c+NPB0W5tdJ8xP19Opw/8T1nXfN+ENnVNK3PSFghqdBmWnYFMkmBlAnmQm
+x0SynkRy363dlXAPFP3SIWjVf3p1H/F/QMQofGbJutqGGZ4+/MQRODPTcxxURRUF
+1Awy8OerJeJws3MskgJjRjArMZ4CD0uHc9WNSfH9y0Z2nwEIlFGRLQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAL883rfAD6ZTH1sxq7vdKax9V7R01o8b7IdQcV7M
+nwZx0wIH4ZGef6LwUXfWa07X8DxlySPxiMwRitkKWtJ1D63AgsfUhi9UOHj6IWjW
+skMVn/uczTq7eIZIjICftHVVvYd7HteMYxDLrLwWCSCE8P+UIE23eHrY391QOXjY
+J3OUXb2kvNK2snEvAL3h+tULePFsUqZix08c+L2DtjFmb2xAia/jte3Qii8nj3et
+9fw6Xl2yjM/fJ+pTwPXlmALvfzSxCFyBLdMAkuB/DeXeMsAEB6Z8S25lFEA3H6CD
+F27mGEVKeSrH2c9O24N34vToOZ1PM5rU9dEVD71Zj107sG4=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/smf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDK2bDj4yJRhvBa
+bQaO33cWhCrrLgaEBH0lf/CqEKLzHGtcp90hIhTXb3QxtkbrAQs2eiv2404nmKZF
+Lkx+Z0z0Is9DETNBK5cVFyq6LGfGmpUTWo73qt34ESu6WtbZ0uIhAKzMLa9RYI+I
+wOQePKTkK0ub5sfMOSQmj1yfRz408HRbm10nzE/X06nD/xPWdd834Q2dU0rc9IWC
+Gp0GZadgUySYGUCeZCbHRLKeRHLfrd2VcA8U/dIhaNV/enUf8X9AxCh8Zsm62oYZ
+nj78xBE4M9NzHFRFFQXUDDLw56sl4nCzcyySAmNGMCsxngIPS4dz1Y1J8f3LRnaf
+AQiUUZEtAgMBAAECggEADlqgK0gPziAT0vpDDAohFa1Nki3EFURyDJzEjWw286gP
+qtNQEP+l5ObEnJ3u38NHpVe407Qa/C9PmLahgBJUPjRWYUMO0u5ANyRYCCuLPmEC
+6ocudbUYFu00IHA8ItbK3JX9JEeZT9Na5Mztd3xIGMM9iu8mNTvX5Iihf73dV4aK
+AtD1L5fCGckEJ0Va/xLta0sjdxLSYMIzacIpn9gdK7DXf9DL/eTACrf1U2ZAMQRr
+plKeri4OFBjMBy68kdpPF5ZyQwj1Plx6E2Dm0eNzsdF1zSkP75BYbi3OaIJR77Xk
+jp9lQvkP74e2ItzYJn9sGWhwAW2AiQt1zn+7v5eGEQKBgQDSajh8jMvFt93GgCqR
+OTGR2s4k4jp2XvcEWnJJax3ksqiGHMhlvCQDV/39saTcLUvc+bymtMc5Tws2ewaS
+LstUeBh/GrEMn8tQH7TXns+rq62I+CwSYzYqu2/uHBHkk1nXrTBxQ4LE/l4a6ZyT
+eVHr/x4iy9KMF3WhTBJytQJfFQKBgQD2y+7s1Hh7r+THSgo1CBZRtlw0CuA5EOgM
+iuglkU2cbx8q/XdXb9u6sLfldHGu3E18TYUJqPTrc3PVSEEA948qJ527PZh3VxRg
+L64M7gt+g1MqyZvuRYzTZOMBcJNJpfJSnP4mPY+o2L7mNpAS2Twe2K9/zuIWyChy
+g6xbVw4vuQKBgQCOGWQKYP9giHqCip20s35RdQYQjKNUu29whjB2epuWjj0XTSrc
+4cEkbPE/ug+PDhwUoKeRobaFcmctJMpcQLPaWLyaYgk9cFDazH7RuxOeaPNp88e3
+pz62fxzpHhXLWuOqrvBvHVub8/jTjf7K7XywtvrAHwwSxekPxBMVWj6+vQKBgHWS
+H4d5jNA3skByeDxdVuykeHZefAUTlchr4D4NY7DTi0CasWDZLA9bIrBP8dyAnPVL
+pMY+VDdar+L6YeVJCk3lw5GwvVKVDGLqM/t658TkYRlwJDW1smn+lNpZvAEI6lEK
+81RaXXbtkrvvYGFqVebICYtUjoaV4hbzvYdiCKMZAoGBAIFv6AMnXaWHoO4Qpnch
+FCSBNckhzajPmmZ1fskWR95d9ArmrJUaA0KKMqno767zVkrDzm2fw4+q12Ba1xRe
+J2KW1M12IPfZtNwSfQPYs4wej0VGScbOWve9qpA3WrLv08W63MXz7XRpeg5ZnzG/
+3bZZLfqZIBdQR9/f9ibP1h98
+-----END PRIVATE KEY-----

configs/open5gs/tls/testclient.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAkqgAwIBAgIBDzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjhaFw0zMjExMDgyMzM3MjhaMFExCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxHzAd
+BgNVBAMMFnRlc3RjbGllbnQubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/2SPBDa9KE9rRuKHp2ZNNm8X+Jgl34tocbcYiWm3I7+je
+NPOiUIB6TpuP0gkwbzfhqbRdO59EmAsGjtjonwC2mTxDLWflfAUVUEGUml3b9ESf
+ZUtMWh1qBBme99DL9kqqNWaXVL9xAX/yLWbdXxfc/+Zuc3j/uRVOzqGLROqfw/k7
+iKmfZvBjVrtxR/xyRa3LfjuTPnM30UA7sk0jrZH9feOCEbNeYGa12TloDh05RzU9
+RgkBL1AH7Zvha3iNlXwQLkgEpnJEeegQ/iS9pPEwgqsquBRoQTClzVGzbs5Ttpzi
+ZL5q/Hf7sGE2x00v3XKNDvUPg9k7RvVZoG/fUy+VAgMBAAGjTTBLMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFEegxvp7oDrpJfd4LDD4LSGouPVnMB8GA1UdIwQYMBaAFLFq
++pyZvAQqQohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQAPDVSwdX8u25Pd
+a7UNANFAf87AurQKsaeLpKu1AfZZakgu+XQ9W/5fJXCSvuVc3g+JAwxVKZfO3yae
+C7vcLSughlUGbjJyVV4wn9xzbKISWwAXmBEt+pP+vJAcyCyRD2uXZjO89sCFxHmD
+/Oh84m/ygiUAx+u2to55HPjNTZs9wphdyDws1lPUwxj01B84r6QPgTKBpnhOAr96
+xUYNZKAt1ycRXcoi7RNieEZP/r0j92RVA57twMGSDHpCgb7YnCXAS9ptlpHySbOK
+akfqFx04eVilqKGee4NeM4rt7363Fr61H+bjkYjvS//ZS/L5ZrbNAMWmkr94Xkcj
+m1BG0Bwg
+-----END CERTIFICATE-----

configs/open5gs/tls/testclient.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICljCCAX4CAQAwUTEfMB0GA1UEAwwWdGVzdGNsaWVudC5sb2NhbGRvbWFpbjEL
+MAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/ZI8ENr0oT2tG4oenZk02b
+xf4mCXfi2hxtxiJabcjv6N4086JQgHpOm4/SCTBvN+GptF07n0SYCwaO2OifALaZ
+PEMtZ+V8BRVQQZSaXdv0RJ9lS0xaHWoEGZ730Mv2Sqo1ZpdUv3EBf/ItZt1fF9z/
+5m5zeP+5FU7OoYtE6p/D+TuIqZ9m8GNWu3FH/HJFrct+O5M+czfRQDuyTSOtkf19
+44IRs15gZrXZOWgOHTlHNT1GCQEvUAftm+FreI2VfBAuSASmckR56BD+JL2k8TCC
+qyq4FGhBMKXNUbNuzlO2nOJkvmr8d/uwYTbHTS/dco0O9Q+D2TtG9Vmgb99TL5UC
+AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAdqoupSBRB+iFdX3ULgt1sTfqxio9d
+X2avV8mhQt8Ivrgw3/+iggz0y54JS+yL+tfzFu2upxmeemnImkKremt/zwQDhKJC
+2yLtDBDCWIwrdQyoC8V5irUEZNwFjZn/VrZty7lFsAA46HOXPysPJuYEXMQ1JYoV
+VB7N7JdfaFDGDLe7lKsOA/zK3QF1yRvFqdaNyeVP7SZ68K6JzzuP1eakp6BO0pBF
+X8xQc3LlMcMSP+G+IjN5LFp+gRMpxv6BkLHFn3ahN9aUPOJb4np/uEg5Mo6fT+gc
+qNW1NZ9ZkYPWfTV7SmgWfar+tKXjG7TQyLQfTDqMD+VbSZtWQFGLp5T5
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/testclient.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC/2SPBDa9KE9rR
+uKHp2ZNNm8X+Jgl34tocbcYiWm3I7+jeNPOiUIB6TpuP0gkwbzfhqbRdO59EmAsG
+jtjonwC2mTxDLWflfAUVUEGUml3b9ESfZUtMWh1qBBme99DL9kqqNWaXVL9xAX/y
+LWbdXxfc/+Zuc3j/uRVOzqGLROqfw/k7iKmfZvBjVrtxR/xyRa3LfjuTPnM30UA7
+sk0jrZH9feOCEbNeYGa12TloDh05RzU9RgkBL1AH7Zvha3iNlXwQLkgEpnJEeegQ
+/iS9pPEwgqsquBRoQTClzVGzbs5TtpziZL5q/Hf7sGE2x00v3XKNDvUPg9k7RvVZ
+oG/fUy+VAgMBAAECggEABEzMuJsYKp/4d7AR+aYYX1+xB8yDSfuHbyYwZUeOGOLJ
+tHtO2lHqw0hc7mkN2YGl/hSZ7Ty0yeqM1WGLxTuqc4Kf6hM2i4X6A4Yy5hlcpl1a
+prue56/zDf6CstWz9B0J2OKisUcjawLBLaTXXqRZlP5BBF4/CspI9Y/Q6Uh1ks2d
+dkGob3+leeDCLtggVbIE7FqdjmLI4gD9cVYvH39cTvFd3uXYRyjDtGUdbAH5MYsy
+/ji8Y7ZkR+Phas0xYiJBRSKIxsdZzDDRbVDaQJM8DgUOQawtE7aQs+s8+rddR0xH
+WFdQIM51vTNYENVA0BzNY3Es7roBDaeaZbD53y30kQKBgQDLDq2c5OuxS66NaHGH
+UShytecC9ugeKYVALzDen/CM7Wvf/3hJw/bXrzEm+FO0h/Xz7rHBtSfOzwHbQmM/
+FZ4TxGohDhPgqR0bP0vqR9sKE9Kc4K2eRjjncd7wiVBstHMKZysyD3IQtNDJqzqw
+umVFyVy1lWBGLXM+l0IuTjNwRQKBgQDx3kse4lkIxYCFW+ZjJtUs2DzyOy0Ga7BD
+UkRw/tbyzD7kzj3xp9MJAeUz8vaZ+zcqQgjsfhmLMbflCuuNdREWLA17Cpejekmf
+nTu8hxpEEvtESkj0aq55iessUpfLxdPZepKfz/UkDNa+mJus4QILDp/tUnGSvGIA
+v0DV8AT/EQKBgCSR6SyXgec1ZSNsiv2+3RUDs64x/43nFmt/1EJT9cO7wrDd1rEa
+TOt9TtHg6VpbHi2ncHYdhSTW3VO6uhsTbpvKxP5dBbFxY5+Tn7164XUIKuc8A6i8
+puTv+iHB6S0atplKCVqDs5xUpEGdx/0qJLET2dGOLH+XEelU3oNubA8tAoGAbqs7
+Diede5D7LIoPUcD7+6f5wxBmmrB9l2A2JsnESpZAFOt1lnQm8NEoMevzACPdav2K
+HcPZJkKalTe47iHpro57oJgJKGkU9O653Zqn3wwcYnPnC8cgjEYaEE6+XCPpunIG
+Uw+RaGxjehRT7veJust3S9zUUMLXyOW54eoQLzECgYBBTcFVoDIqJY5MSOuQTYri
+lro7YcXk0kvahCSgXzdecU+ajG6+ppHvIje/h7nBZizFfsGsZQj3j9hrmxXxJn4H
+4gSLHSycFGY65G6tBC4eNKi6umBi8rgw+kQ0PtY23ZDoRTdePXYT4OzQaGiGzZhO
+4su2WwkXmgev/Rcan3hj1w==
+-----END PRIVATE KEY-----

configs/open5gs/tls/testserver.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAkqgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjhaFw0zMjExMDgyMzM3MjhaMFExCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxHzAd
+BgNVBAMMFnRlc3RzZXJ2ZXIubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDK/mRxA7vFDetSR7J58pT+deCpXdjH6rFyebKsPRklq6aq
+P8eLMj3CYG641BHNFoMygnK1SEuPXxoLqVYFOf1aZh+9OdvLPjKB37ZfikzXR5az
+PRvGKOO9bM+lgviZvmgnE2sEVYtoBJAeK+ZXQkPUQ+Q3QBsdyZXFKu4uQZukW7UO
+sp+IGQ5guCi+MAkppB/T6WbuTl7Hr7wjLd/eFK5rHik57D0N1f1fX7G5+K1jfFu9
+OsVYDsp3f7LB1QjZntAfE7dnddmAXdDz3FCPm7keLSrdsYSY9Q5tVqBl5yRzMcq2
+C4DQX7JcqWCfpGjm8Gnc4gmDyKV4zZPaQXiXr6TzAgMBAAGjTTBLMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFNNWx1Ixb8nBttAAziCdNf5iUfGCMB8GA1UdIwQYMBaAFLFq
++pyZvAQqQohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQDeFTLtNW8hPvUB
+QOBVZU4kyzOw3v7Y74lug88I92XMagWVV71lLGCzHcQodI7p0ih/3uK9CO+yuhU9
+Wkmimb3oh44wao6+R9qtYF/OdbKLvRZ9y3Fd5y5RiYJNFCuBPLGf/0UwIifP0tcI
+bivpNkB5WByebbhzo7zZXz+pgMMDkLtBfvwNF9JYM6WAdEw/3cYaN6jwtwvA9/2O
+wQ08z1BtuA0Cxjy+7DgFl9b7EQE4q85+TNCyl59x0vO2M9lo01C/APQ8HmCRc8Ax
+YCY7zYz5AqnO3HPnQ6plYbIw1xaLEwNYDZ6sxIpCRP+g+ZDG6A3YW76n019lEm75
+02901MR9
+-----END CERTIFICATE-----

configs/open5gs/tls/testserver.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICljCCAX4CAQAwUTEfMB0GA1UEAwwWdGVzdHNlcnZlci5sb2NhbGRvbWFpbjEL
+MAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMr+ZHEDu8UN61JHsnnylP51
+4Kld2MfqsXJ5sqw9GSWrpqo/x4syPcJgbrjUEc0WgzKCcrVIS49fGgupVgU5/Vpm
+H70528s+MoHftl+KTNdHlrM9G8Yo471sz6WC+Jm+aCcTawRVi2gEkB4r5ldCQ9RD
+5DdAGx3JlcUq7i5Bm6RbtQ6yn4gZDmC4KL4wCSmkH9PpZu5OXsevvCMt394Urmse
+KTnsPQ3V/V9fsbn4rWN8W706xVgOynd/ssHVCNme0B8Tt2d12YBd0PPcUI+buR4t
+Kt2xhJj1Dm1WoGXnJHMxyrYLgNBfslypYJ+kaObwadziCYPIpXjNk9pBeJevpPMC
+AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQACkHItCrvQWANviVk27ntZE/Ze1/NF
+W8jPeJG3V9Zemwp2QWE530gdhNy717kGJzW0Udvx57By4tS1bORlKDL7ikpPaIm3
+q2YLXzusJ3JXyD2aYoaY+uP6+gt1541aLep8eSQPgG0jJlo8VbbsrPrXj9T15Nsb
+MhDlKDLZhW+JCwp53/IB8Az3s6oCUelwENOTDkmuaksTbo9NX9TJ68ByAtSqroT3
+/jHqvSpD+VVnQcWn6XE6lLNyXcFcQ/jQLKLVbdV+CLPrUORNCyB5Vy7Qxm49g4lB
+H9Cx2fPDBpYw7BlFIrNU9bxLAem2lE2x+H5NbbFoMfi8Bq3q+2MWZg+a
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/testserver.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDK/mRxA7vFDetS
+R7J58pT+deCpXdjH6rFyebKsPRklq6aqP8eLMj3CYG641BHNFoMygnK1SEuPXxoL
+qVYFOf1aZh+9OdvLPjKB37ZfikzXR5azPRvGKOO9bM+lgviZvmgnE2sEVYtoBJAe
+K+ZXQkPUQ+Q3QBsdyZXFKu4uQZukW7UOsp+IGQ5guCi+MAkppB/T6WbuTl7Hr7wj
+Ld/eFK5rHik57D0N1f1fX7G5+K1jfFu9OsVYDsp3f7LB1QjZntAfE7dnddmAXdDz
+3FCPm7keLSrdsYSY9Q5tVqBl5yRzMcq2C4DQX7JcqWCfpGjm8Gnc4gmDyKV4zZPa
+QXiXr6TzAgMBAAECggEAGwG1EkDJaAJIkcCpMvE+YmEDcUpjj4F0Ie36rVCkT683
+yW8ag189TpGELuyZVlxNkILrc56OiEts9yqMdRM4gkuToxoXWcHIzXTv2g6Cgk0W
+HyWc/tms0aRa4e3RWP8MnfpG4s47cazTEbiMeNp/lLYtntjVYrqm8D2cb6SvP4fu
+kvi7bKLhcd4l9v42oZKF5wZjynUEh+424TNxqI8OTcnT15xoOjauM9aQnbFYB0ON
+tOJ5cO8Pmjbo1wfFsSntC7NrIspaTrlseOl/bK3LadLlb9UHW3GRVwIcIzEYPabU
+PZcTKjzk1nAu1fpHgoCuMequxDaXSSWyDLMqwLfqoQKBgQDtcOHFJHO63SIOrwlG
+OjZiMxKekjVqtbdiN+7h3FBR0+M7EZnyFO7zsfmDaN3k4m3a6idlnn9HvsEilf+K
+Cc+8I0dCeBbZOs/TqVN8ZHB6MqUmtMdGIc1Fau1HYis+d4g1pbQ9tpG0OVa806rR
+AkBwD+/Vm6+8uZKilq+oijSpEwKBgQDa3Dt9LFYOG6gnWHlq7uLIWnA4wHKmgEGL
+AykaZgW2bxIhQa1C+460OQaCwBbBG2NlN7Lt8MXsr48epnSKROfCYIBuqlH3i2CN
+ka+W7pEtnkeEnZSUMb/IF5T868xbYkzXFqJkr17o2MBMbLiM2G79dT/j83MJVc1A
+FecQByNwoQKBgArrdBai9IeVf+l49045gyLFAog0ZSyBKuvjcqMEhNUej4a56oCN
+oeenObhnbD0IhNDaj/FGdsgP58X1bAknJlyaqr5N048t+zzavrIr1FhqV9oN2lRJ
+Xa1hm4P66c43pRYChuWHre/B61FH0sVF+zysHvWN8WkWh73efDmeEYntAoGAMcq1
+Bg9WLLOCGCF6zic3FRnuOhseel7ninbXnRfk6NJwL3y/rGOK3dmzb3/ALYLLpDV9
+0cBbZzOxvelkzihLCd/mmEbLiyP8fXjNl+sCwHwoDTXEncqLtTwYO0pyHcBJdw3B
+OGLlltfpN/nsKq764VMRjAzQ+Si6H4BcJztYhsECgYEAnql7JlJlg/jUOS3hU/sM
+iZ1EY7K8DFjaIOitcPcjbZqH4Ha9922MSGW4hCKMo3ncDdaDKDvrfYd9pgtrSvHd
+vH1vXcVrdzuLPVzvCxlRxQbSZpK6RZT+OF1OTvg9zMu2hemMwyKNxrRmjADwuU/E
+f7etkEMnboFO//fGoMXU5cc=
+-----END PRIVATE KEY-----

configs/open5gs/tls/udm.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBDDANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD3VkbS5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMnNHwgMDlTfi2x5QMvhdhGzOxCZvboqcrkHrTGkRJtUrxNjddjhSkm3
+KeRKEdcDq/t126t2CAxiYiRprKr9II1o6rq2JUZz7VU0aC9wWnZyWhIf4VIzyhz5
+G5s5cWT7IoJZ/cjmoS89e5cPv34G0jLaqz2m/Kl2zqmVozQRdDuO7Hreh9KgPs92
+kqA6XYy1z+hxUILAjpdVoTwgJm0UchF9Ibgc5+ab1XuaaYzxlYAzwcWcCibFzgGO
+I6+MdTpJISJBHRzkLOsmFyJ2XpH53aRPN51yQDRnPTDfJj4og6FyFWjtIfCeBHBf
+3taz6SPFPHIZhR8OIMt25T4r2bXmS68CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUfzKzBycjEgN97TEqC+0iKaWBdVIwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBACQXPgeUMGyWGbGPwr/cg0lC
+SPiIL1s7oZQoNisbTtTqnBHo36xLTGb051o9ZTwd2xTRNJ4ue9/rDnMTK//9+6V5
+FKDOYFqikSmCtzuJFB5Q24KxdUM679feAy7v7BWTGd7LoN0dOgPCHqPT7/daxgYW
+Xaip1lslx5TYNTnhrJAoVfj0VGrSrTqQqCNf3ifQDI0HRuheKC2WM6Ep7E8MyjiT
+kzfsznaWul06geQn7vT4MMTHUNUI49Y2uCCgosD8Xi23Oi8qSiguCeSLcg2ns0p6
+eELtPm1xcTWoJHomDNf150ZW5swFDfE9asAWGeYqONShUp5Zim1agcuGTpp9uaQ=
+-----END CERTIFICATE-----