Release v2.6.2

TS23.007 17.4.1
19A PFCP based restart procedures

After a PFCP entity has restarted, it shall immediately update all local Recovery Time Stamps and shall clear all remote
Recovery Time Stamps. When peer PFCP entities information is available, i.e. when the PFCP Association is still alive,
the restarted PFCP entity shall send its updated Recovery Time Stamps in a Heartbeat Request message to the peer
PFCP entities before initiating any PFCP session signalling.

.clang-tidy

@@ -0,0 +1,69 @@
+---
+Checks: '*,
+  -altera-id-dependent-backward-branch,
+  -altera-struct-pack-align,
+  -altera-unroll-loops,
+  -android-cloexec-*,
+  -bugprone-branch-clone,
+  -bugprone-easily-swappable-parameters,
+  -bugprone-macro-parentheses,
+  -bugprone-reserved-identifier,
+  -bugprone-sizeof-expression,
+  -cert-dcl37-c,
+  -cert-dcl51-cpp,
+  -cert-err33-c,
+  -cert-err34-c,
+  -clang-analyzer-optin.performance.Padding,
+  -clang-analyzer-security.insecureAPI.bcmp,
+  -clang-analyzer-security.insecureAPI.bcopy,
+  -clang-analyzer-security.insecureAPI.bzero,
+  -clang-diagnostic-error,
+  -clang-diagnostic-typedef-redefinition,
+  -clang-diagnostic-unknown-warning-option,
+  -concurrency-mt-unsafe,
+  -cppcoreguidelines-avoid-magic-numbers,
+  -cppcoreguidelines-avoid-non-const-global-variables,
+  -cppcoreguidelines-init-variables,
+  -google-readability-braces-around-statements,
+  -google-readability-casting,
+  -google-readability-function-size,
+  -google-readability-todo,
+  -hicpp-braces-around-statements,
+  -hicpp-function-size,
+  -hicpp-multiway-paths-covered,
+  -llvm-else-after-return,
+  -llvm-header-guard,
+  -llvm-include-order,
+  -llvmlibc-restrict-system-libc-headers,
+  -misc-no-recursion,
+  -misc-unused-parameters,
+  -performance-no-int-to-ptr,
+  -readability-avoid-const-params-in-decls,
+  -readability-braces-around-statements,
+  -readability-duplicate-include,
+  -readability-else-after-return,
+  -readability-function-cognitive-complexity,
+  -readability-function-size,
+  -readability-identifier-length,
+  -readability-isolate-declaration,
+  -readability-magic-numbers,
+  -readability-non-const-parameter,
+  -readability-redundant-control-flow,
+  -readability-redundant-declaration,
+  -readability-suspicious-call-argument,
+
+
+  -bugprone-implicit-widening-of-multiplication-result,
+  -bugprone-narrowing-conversions,
+  -cert-exp42-c,
+  -cert-flp37-c,
+  -clang-analyzer-core.NullDereference,
+  -clang-analyzer-deadcode.DeadStores,
+  -clang-analyzer-security.insecureAPI.strcpy,
+  -cppcoreguidelines-interfaces-global-init,
+  -cppcoreguidelines-narrowing-conversions,
+  -hicpp-signed-bitwise,
+  '
+
+WarningsAsErrors: false
+HeaderFilterRegex: '(.*\.h)'

.dockerignore

@@ -0,0 +1,10 @@
+**/*.md
+**/docker-compose*.yml
+**/docker-compose*.yaml
+**/Dockerfile*
+.git
+.dockerignore
+.cache
+.gitignore
+.github
+build

.github/ISSUE_TEMPLATE/bugreport.yaml

@@ -0,0 +1,58 @@
+name: Bug Report
+description: File a bug report or issue
+title: "[Bug]: "
+labels: ['triage']
+assignees: []
+body:
+  - type: markdown
+    attributes:
+      value: > 
+        **Please note**
+        
+        This form should only be used if _you can reporoduce_ the bug the in the *current* release of
+        Open5GS Stack. For installation, configuration or other help with Open5GS please
+        use our [discussion forum](https://github.com/open5gs/open5gs/discussions).
+        
+        **This form is not for support requests.**
+  - type: input
+    attributes:
+      label: Open5GS Release, Revision, or Tag
+      description: Please check if your issue has been resolved in the latest release.
+      placeholder: v2.6.0
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Steps to reproduce
+      description: >
+        Please describe in detail the steps needed to reproduce this bug. These steps
+        should reproduce the issue on the most current release of Open5GS. Be sure to
+        include configuration and platform details.
+        Please include logs from the relevant daemons as well as any relevant packet captures.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Logs
+      description: Provide any relevant captured logs for the issue
+      render: shell
+  - type: textarea
+    attributes:
+      label: Expected behaviour
+      description: What did you expect to happen?
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Observed Behaviour
+      description: What's the observed behaviour?
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: eNodeB/gNodeB
+      description: If using an eNB or gNB, please identify which vendor/version
+  - type: input
+    attributes:
+      label: UE Models and versions
+      description: Which UE hardware model and version or simulator version are you using?

.github/ISSUE_TEMPLATE/config.yaml

@@ -0,0 +1,9 @@
+blank_issues_enabled: false
+contact_links:
+        - name: Open5GS Contribution Guide
+          url: https://github.com/open5gs/open5gs/wiki/Contribution-guide
+          about: Contribution guide detailing how you can help the project
+        - name: Project Sponsorship
+          url: https://github.com/sponsors/acetcom
+          name: Support the Open5GS developer using GitHub sponsorship
+

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -0,0 +1,48 @@
+name: Feature request
+description: Propose an enhancement to Open5GS
+labels: ['Enhancement', 'triage']
+body:
+  - type: markdown
+    attributes:
+      value: >
+        ## Feature request
+        Please submit your feature request using the form. If your proposal is not sufficiently
+        well formed, we may request further clarification and expansion. If you're unsure about
+        how to formulate your request, please start a [discussion instead](https://github.com/open5gs/open5gs/dicsussions/).
+
+  - type: input
+    attributes:
+      label: Open5GS Release, Revision, or Tag
+      placeholder: v2.6.0
+    validations:
+      required: true
+
+  - type: input
+    attributes:
+      label: Components and subsystems
+      description: Which subsystems and components would this feature be relevant to?
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Proposed functionality
+      description: >
+        Provide a detailed description of the feature or behaviour you are proposing. Please include any
+        Please include any relevant 3GPP standards and references and include any specific changes to
+        current protocols, processing pipelines, DIAMETER requests/responses, and interfaces. The more detail
+        you provide, the greater the chance your proposal has of being discussed.
+
+        If your feature request does not include anything actionable or sufficient details, you may be asked
+        to provide further clarification or your request may be rejected.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: External dependencies
+      description: >
+        Please detail any new dependencies or implementations that this feature might introduce. e.g. Does the 
+        proposal require the installation of additional packages? Are there further external nodes which may be
+        required for integration testing? (Not all feature requests will introduce new dependencies)
+

.github/workflows/meson-ci.yml

@@ -0,0 +1,78 @@
+name: Meson Continuous Integration
+on: [push, pull_request]
+
+jobs:
+  macos-latest:
+    name: Build and Test on MacOS Latest
+    runs-on: macos-latest
+    steps:
+#    - name: Install MongoDB with Package Manager
+#      run: |
+#          brew tap mongodb/brew
+#          brew install mongodb-community
+#          brew services start mongodb-community
+    - name: Create the TUN device with the interface name `ogstun`.
+      run: |
+          sudo ifconfig lo0 alias 127.0.0.2 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.3 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.4 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.5 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.5 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.6 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.7 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.8 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.9 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.10 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.11 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.12 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.13 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.14 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.15 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.16 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.17 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.18 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.19 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.0.20 netmask 255.255.255.255
+          sudo ifconfig lo0 alias 127.0.1.10 netmask 255.255.255.255
+    - name: Install the dependencies for building the source code.
+      run: brew install mongo-c-driver libidn libmicrohttpd nghttp2 bison libusrsctp libtins talloc meson
+    - name: Check out repository code
+      uses: actions/checkout@main
+    - name: Setup Meson Build
+      run: PATH="/usr/local/opt/bison/bin:$PATH" PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig:$PKG_CONFIG_PATH" meson setup build
+      env:
+        CC: gcc
+    - name : Build Open5GS
+      run: ninja -C build
+    - name: Test Open5GS
+      run: sudo meson test -C build -v crypt unit
+
+  ubuntu-latest:
+    name: Build and Test on Ubuntu Latest
+    runs-on: ubuntu-latest
+    services:
+      mongodb:
+        image: mongo
+        ports:
+          - 27017:27017
+    steps:
+    - name: Create the TUN device with the interface name `ogstun`.
+      run: |
+          sudo ip tuntap add name ogstun mode tun
+          sudo ip addr add 10.45.0.1/16 dev ogstun
+          sudo ip addr add 2001:db8:cafe::1/48 dev ogstun
+          sudo ip link set ogstun up
+    - name: Install the dependencies for building the source code.
+      run: |
+          sudo apt update
+          sudo apt install python3-pip python3-setuptools python3-wheel ninja-build build-essential flex bison git libsctp-dev libgnutls28-dev libgcrypt-dev libssl-dev libidn11-dev libmongoc-dev libbson-dev libyaml-dev libnghttp2-dev libmicrohttpd-dev libcurl4-gnutls-dev libnghttp2-dev libtins-dev libtalloc-dev meson
+    - name: Check out repository code
+      uses: actions/checkout@main
+    - name: Setup Meson Build
+      run: meson setup build
+      env:
+        CC: gcc
+    - name : Build Open5GS
+      run: ninja -C build
+    - name: Test Open5GS
+      run: meson test -C build -v

.github/workflows/stale.yml

@@ -0,0 +1,45 @@
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: '30 22 * * *'
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+    - uses: actions/stale@v5
+      with:
+        debug-only: false
+        operations-per-run: 500
+        enable-statistics: true
+        remove-stale-when-updated: true
+        exempt-issue-labels: 'status:accepted,status:blocked,status:more-info-needed,status:milestone-required,Help Wanted'
+        exempt-all-milestones: true
+        stale-issue-label: 'Housekeeping:ToClose'
+        
+        days-before-stale: 60
+        stale-issue-message: >
+          This issue has been marked as stale because there has been no recent activity on it. If there is
+          no further activity, it will be closed. The Open5GS team is a small but dedicated team with limited 
+          resources and may not be able to address every issue directly. **Do not** attempt to circumvent this 
+          by 'bumping' the issue; doing so will result in it's immediate closure and possibly your exclusion 
+          from participating in any future discussions.      
+        stale-pr-message: >
+          As there has been no recent activity on this PR, it has been marked as stale. It will be automatically
+          closed if no further action is taken.
+        
+        
+        days-before-close: 30
+        days-before-pr-close: -1
+        close-issue-message: >
+          This issue has been closed automatically due to lack of activity. This has been done to try
+          and reduce the amount of noise. Please do not comment any further. The Open5GS Team may choose to
+          re-open this issue if necessary.
+        close-pr-message: >
+          This PR has been closed due to an absence of activity.

.gitignore

@@ -1,6 +1,7 @@
 # This directory is fetched during first build and is present in this directory
 subprojects/freeDiameter
 subprojects/libtins
+subprojects/prometheus-client-c
 subprojects/usrsctp
 
 webui/.next

README.md

@@ -1,80 +1,18 @@
-<h1 align="center">Open5GS</h1>
+<p align="center"><a href="https://open5gs.org" target="_blank" rel="noopener noreferrer"><img width="100" src="https://open5gs.org/assets/img/open5gs-logo-only.png" alt="Open5GS logo"></a></p>
+
+## Getting Started
+
+Please follow the [documentation](https://open5gs.org/open5gs/docs/) at [open5gs.org](https://open5gs.org/)!
+
+## Sponsors
 
 If you find Open5GS useful for work, please consider supporting this Open Source project by [Becoming a sponsor](https://github.com/sponsors/acetcom). To manage the funding transactions transparently, you can donate through [OpenCollective](https://opencollective.com/open5gs).
 
-<h3 align="center">Gold Sponsors</h3>
-<table>
-  <tbody>
-    <tr>
-      <td align="center" valign="middle">
-  <a href="http://wavemobile.com/" target="_blank">
-    <img width="260px" src="https://open5gs.org/assets/img/Wavemobile-Logo-Mark-RGB.png">
+<p align="center">
+  <a target="_blank" href="https://open5gs.org/#sponsors">
+      <img alt="sponsors" src="https://open5gs.org/assets/img/sponsors.svg">
   </a>
-      </td>
-    </tr>
-  </tbody>
-</table>
-
-<h3 align="center">Silver Sponsors</h3>
-<table>
-  <tbody>
-    <tr>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://www.auctionsoftware.com/" target="_blank">
-          <img src="https://open5gs.org/assets/img/asLogonew.png">
-        </a>
-      </td>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://nextepc.com/" target="_blank">
-          <img src="https://open5gs.org/assets/img/nextepc_logo.jpg">
-        </a>
-      </td>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://www.wearetriple.com/" target="_blank">
-          <img src="https://open5gs.org/assets/img/triple_logo.png">
-        </a>
-      </td>
-    </tr>
-    <tr>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://sdr.eee.strath.ac.uk/" target="_blank">
-          <img src="https://open5gs.org/assets/img/strath.png">
-        </a>
-      </td>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://skylarkwireless.com/" target="_blank">
-          <img src="https://open5gs.org/assets/img/SkylarkWireless-420x78-Web2-R.png">
-        </a>
-      </td>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://sysmocom.de/" target="_blank">
-          <img src="https://open5gs.org/assets/img/sysmocom-logo-only.png">
-        </a>
-      </td>
-    </tr>
-    <tr>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://www.p1sec.com/" target="_blank">
-          <img src="https://open5gs.org/assets/img/2021-logo-P1.svg">
-        </a>
-      </td>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://www.ng-voice.com/" target="_blank">
-          <img src="https://open5gs.org/assets/img/ng-voice-logo_color.png">
-        </a>
-      </td>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://www.peratonlabs.com/" target="_blank">
-          <img src="https://open5gs.org/assets/img/peraton-labs-logo-full-color.png">
-        </a>
-      </td>
-    </tr>
-  </tbody>
-</table>
-
-## Documentation
-
-If you don't understand something about Open5GS, the [https://open5gs.org/open5gs/docs/](https://open5gs.org/open5gs/docs/) is a great place to look for answers.
+</p>
 
 ## Community
 
@@ -89,4 +27,4 @@ If you're contributing through a pull request to Open5GS project on GitHub, plea
 ## License
 
 - Open5GS Open Source files are made available under the terms of the GNU Affero General Public License ([GNU AGPL v3.0](https://www.gnu.org/licenses/agpl-3.0.html)).
-- [Commercial licenses](https://open5gs.org/open5gs/support/) are also available from [NextEPC, Inc.](https://nextepc.com)
+- [Commercial licenses](https://open5gs.org/open5gs/support/) are also available from [NeoPlane](https://neoplane.io/)

configs/310014.yaml.in

@@ -2,8 +2,21 @@ db_uri: mongodb://localhost/open5gs
 
 logger:
 
+sbi:
+    server:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testserver.key
+      cert: @build_configs_dir@/open5gs/tls/testserver.crt
+    client:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testclient.key
+      cert: @build_configs_dir@/open5gs/tls/testclient.crt
+
 parameter:
 #    no_nrf: true
+#    no_scp: true
 #    no_amf: true
 #    no_smf: true
 #    no_upf: true
@@ -18,6 +31,7 @@ parameter:
 #    no_sgwu: true
 #    no_pcrf: true
 #    no_hss: true
+#    use_mongodb_change_stream: true
 
 mme:
     freeDiameter:
@@ -26,14 +40,14 @@ mme:
       listen_on: 127.0.0.2
       no_fwd: true
       load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
           conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
       connect:
         - identity: hss.localdomain
           addr: 127.0.0.8
@@ -93,14 +107,14 @@ smf:
       listen_on: 127.0.0.4
       no_fwd: true
       load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
           conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
       connect:
         - identity: pcrf.localdomain
           addr: 127.0.0.9
@@ -149,6 +163,9 @@ upf:
     subnet:
       - addr: 10.45.0.1/16
       - addr: 2001:db8:cafe::1/48
+    metrics:
+      - addr: 127.0.0.7
+        port: 9090
 
 hss:
     freeDiameter:
@@ -157,14 +174,14 @@ hss:
       listen_on: 127.0.0.8
       no_fwd: true
       load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
           conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
       connect:
         - identity: mme.localdomain
           addr: 127.0.0.2
@@ -175,14 +192,14 @@ pcrf:
       listen_on: 127.0.0.9
       no_fwd: true
       load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
           conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
       connect:
         - identity: smf.localdomain
           addr: 127.0.0.4
@@ -194,6 +211,11 @@ nrf:
         - ::1
         port: 7777
 
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 ausf:
     sbi:
       - addr: 127.0.0.11
@@ -208,13 +230,16 @@ pcf:
     sbi:
       - addr: 127.0.0.13
         port: 7777
+    metrics:
+      - addr: 127.0.0.13
+        port: 9090
 
 nssf:
     sbi:
       - addr: 127.0.0.14
         port: 7777
     nsi:
-      - addr: ::1
+      - addr: 127.0.0.10
         port: 7777
         s_nssai:
           sst: 1
@@ -228,3 +253,7 @@ udr:
     sbi:
       - addr: 127.0.0.20
         port: 7777
+
+time:
+  t3512:
+    value: 540     # 9 mintues * 60 = 540 seconds

configs/csfb.yaml.in

@@ -2,8 +2,21 @@ db_uri: mongodb://localhost/open5gs
 
 logger:
 
+sbi:
+    server:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testserver.key
+      cert: @build_configs_dir@/open5gs/tls/testserver.crt
+    client:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testclient.key
+      cert: @build_configs_dir@/open5gs/tls/testclient.crt
+
 parameter:
 #    no_nrf: true
+#    no_scp: true
 #    no_amf: true
 #    no_smf: true
 #    no_upf: true
@@ -18,6 +31,7 @@ parameter:
 #    no_sgwu: true
 #    no_pcrf: true
 #    no_hss: true
+#    use_mongodb_change_stream: true
 
 mme:
     freeDiameter:
@@ -26,14 +40,14 @@ mme:
       listen_on: 127.0.0.2
       no_fwd: true
       load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
           conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
       connect:
         - identity: hss.localdomain
           addr: 127.0.0.8
@@ -47,12 +61,12 @@ mme:
         map:
           tai:
             plmn_id:
-              mcc: 901
+              mcc: 999
               mnc: 70
             tac: 7
           lai:
             plmn_id:
-              mcc: 901
+              mcc: 999
               mnc: 70
             lac: 2342
         map:
@@ -68,7 +82,7 @@ mme:
             lac: 51544
     gummei:
       - plmn_id:
-          mcc: 901
+          mcc: 999
           mnc: 70
         mme_gid: 2
         mme_code: 1
@@ -79,7 +93,7 @@ mme:
         mme_code: 1
     tai:
       plmn_id:
-        mcc: 901
+        mcc: 999
         mnc: 70
       tac: 7
     tai:
@@ -127,14 +141,14 @@ smf:
       listen_on: 127.0.0.4
       no_fwd: true
       load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
           conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
       connect:
         - identity: pcrf.localdomain
           addr: 127.0.0.9
@@ -146,19 +160,19 @@ amf:
       - addr: 127.0.0.5
     guami:
       - plmn_id:
-          mcc: 901
+          mcc: 999
           mnc: 70
         amf_id:
           region: 2
           set: 1
     tai:
       - plmn_id:
-          mcc: 901
+          mcc: 999
           mnc: 70
         tac: 1
     plmn_support:
       - plmn_id:
-          mcc: 901
+          mcc: 999
           mnc: 70
         s_nssai:
           - sst: 1
@@ -183,6 +197,9 @@ upf:
     subnet:
       - addr: 10.45.0.1/16
       - addr: 2001:db8:cafe::1/48
+    metrics:
+      - addr: 127.0.0.7
+        port: 9090
 
 hss:
     freeDiameter:
@@ -191,14 +208,14 @@ hss:
       listen_on: 127.0.0.8
       no_fwd: true
       load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
           conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
       connect:
         - identity: mme.localdomain
           addr: 127.0.0.2
@@ -209,14 +226,14 @@ pcrf:
       listen_on: 127.0.0.9
       no_fwd: true
       load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
           conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
       connect:
         - identity: smf.localdomain
           addr: 127.0.0.4
@@ -242,13 +259,16 @@ pcf:
     sbi:
       - addr: 127.0.0.13
         port: 7777
+    metrics:
+      - addr: 127.0.0.13
+        port: 9090
 
 nssf:
     sbi:
       - addr: 127.0.0.14
         port: 7777
     nsi:
-      - addr: ::1
+      - addr: 127.0.0.10
         port: 7777
         s_nssai:
           sst: 1
@@ -262,3 +282,7 @@ udr:
     sbi:
       - addr: 127.0.0.20
         port: 7777
+
+time:
+  t3512:
+    value: 540     # 9 mintues * 60 = 540 seconds

configs/freeDiameter/cacert.pem

@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICrDCCAhWgAwIBAgIUX3u0zTLhQTa3lsR92/GelxTGQacwDQYJKoZIhvcNAQEL
-BQAwaDEXMBUGA1UEAwwOY2EubG9jYWxkb21haW4xCzAJBgNVBAYTAktPMQ4wDAYD
-VQQIDAVTZW91bDEOMAwGA1UEBwwFTm93b24xEDAOBgNVBAoMB09wZW41R1MxDjAM
-BgNVBAsMBVRlc3RzMB4XDTIwMDgyMjAwMzkxNloXDTMwMDgyMDAwMzkxNlowaDEX
-MBUGA1UEAwwOY2EubG9jYWxkb21haW4xCzAJBgNVBAYTAktPMQ4wDAYDVQQIDAVT
-ZW91bDEOMAwGA1UEBwwFTm93b24xEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsM
-BVRlc3RzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCuPWKllQ1+hM/wQE08
-xjDBiSx9GQOCEF5dkLK126u4joIhNFig6wfn/Ui0nq88ApUlEREUXB3D33ZEsAkt
-cbwz1UHX2THOeTYX8XdDbkwkbxNOOH902duiQ2UUbf8ve1hsV7+Dr7ue2Fmz4gsR
-lHBv1EsIyPZJQlb4qxET+2++2QIDAQABo1MwUTAdBgNVHQ4EFgQUZPvI16MgF9yo
-OqpLK4XNvT5TSwkwHwYDVR0jBBgwFoAUZPvI16MgF9yoOqpLK4XNvT5TSwkwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAwGvKdevLJNDuSXsFpIkTE
-ZRsNnKrprNgbZC4/HkrzpvR1aDQgcSqF12DzSUmoTqzESuMtKvkaLv2IqYko9g4p
-iKVu2jBDKrJq4q63Cy71fxwbtXLrqGaWgbXkepzqyJYjn4Nf/ya0shK7l2rIIDyL
-crvs5/rXN6enLFUQ3n955w==
------END CERTIFICATE-----

configs/freeDiameter/hss.cert.pem

@@ -1,60 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 2 (0x2)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests
-        Validity
-            Not Before: Aug 22 00:39:17 2020 GMT
-            Not After : Aug 20 00:39:17 2030 GMT
-        Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=hss.localdomain
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
-                Modulus:
-                    00:e8:b3:82:96:bd:4a:f6:30:2c:03:60:aa:82:65:
-                    b0:15:32:5f:d3:90:0d:c0:1d:06:62:52:51:c7:12:
-                    36:d7:5c:34:21:ac:4a:44:4d:9b:a5:22:9c:3e:86:
-                    a8:ba:df:02:64:b6:74:f5:95:c4:71:e8:e0:28:1d:
-                    2b:ea:06:94:fa:3c:f1:07:d3:23:55:b6:84:d4:00:
-                    f4:28:08:18:be:c7:38:e1:b7:d9:b4:bf:d3:e1:d3:
-                    d8:13:60:72:e1:e4:d3:31:37:b1:cf:b9:e1:c9:8d:
-                    5e:e2:1c:54:a3:90:b1:69:6f:07:90:ff:68:86:69:
-                    7d:ef:50:69:0d:9d:47:18:39
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                74:20:F9:E9:BD:E1:37:8A:9C:A9:AD:B4:B2:28:7D:44:22:0B:BD:0B
-            X509v3 Authority Key Identifier: 
-                keyid:64:FB:C8:D7:A3:20:17:DC:A8:3A:AA:4B:2B:85:CD:BD:3E:53:4B:09
-
-    Signature Algorithm: sha256WithRSAEncryption
-         ac:aa:85:5a:57:61:6d:7d:f3:c4:2a:b7:73:3f:e9:bc:b9:6d:
-         0a:8f:35:24:13:66:46:14:5e:60:90:3e:32:95:72:5a:21:55:
-         15:fe:ef:30:44:fb:fe:3e:cb:bf:f3:30:ce:3b:bb:4f:c1:64:
-         41:ea:db:99:f2:ca:db:78:03:95:81:91:3c:fa:1d:9c:8a:55:
-         eb:9d:6a:c1:b6:de:44:38:0f:99:b4:66:d5:4e:dd:e7:d5:ba:
-         ff:f2:4b:f6:9a:94:53:55:36:4e:73:2d:da:d1:bb:0f:8f:fb:
-         1a:22:43:28:6a:b4:5d:a3:40:2c:cf:7e:0d:3e:fb:60:ef:92:
-         f3:0e
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBAjANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s
-b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH
-DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMjAw
-ODIyMDAzOTE3WhcNMzAwODIwMDAzOTE3WjBZMQswCQYDVQQGEwJLTzEOMAwGA1UE
-CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRgwFgYD
-VQQDDA9oc3MubG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AOizgpa9SvYwLANgqoJlsBUyX9OQDcAdBmJSUccSNtdcNCGsSkRNm6UinD6GqLrf
-AmS2dPWVxHHo4CgdK+oGlPo88QfTI1W2hNQA9CgIGL7HOOG32bS/0+HT2BNgcuHk
-0zE3sc+54cmNXuIcVKOQsWlvB5D/aIZpfe9QaQ2dRxg5AgMBAAGjezB5MAkGA1Ud
-EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
-YXRlMB0GA1UdDgQWBBR0IPnpveE3ipyprbSyKH1EIgu9CzAfBgNVHSMEGDAWgBRk
-+8jXoyAX3Kg6qksrhc29PlNLCTANBgkqhkiG9w0BAQsFAAOBgQCsqoVaV2FtffPE
-KrdzP+m8uW0KjzUkE2ZGFF5gkD4ylXJaIVUV/u8wRPv+Psu/8zDOO7tPwWRB6tuZ
-8srbeAOVgZE8+h2cilXrnWrBtt5EOA+ZtGbVTt3n1br/8kv2mpRTVTZOcy3a0bsP
-j/saIkMoarRdo0Asz34NPvtg75LzDg==
------END CERTIFICATE-----

configs/freeDiameter/hss.conf.in

@@ -106,7 +106,7 @@ ListenOn = "127.0.0.8";
 # Default : NO DEFAULT
 #TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
 #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
-TLS_Cred = "@sysconfdir@/freeDiameter/hss.cert.pem", "@sysconfdir@/freeDiameter/hss.key.pem";
+TLS_Cred = "@sysconfdir@/open5gs/tls/hss.crt", "@sysconfdir@/open5gs/tls/hss.key";
 
 # Certificate authority / trust anchors
 # The file containing the list of trusted Certificate Authorities (PEM list)
@@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/hss.cert.pem", "@sysconfdir@/freeDiameter/
 # The directive can appear several times to specify several files.
 # Default : GNUTLS default behavior
 #TLS_CA = "<file.PEM>";
-TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
+TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt";
 
 # Certificate Revocation List file
 # The information about revoked certificates.

configs/freeDiameter/hss.key.pem

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDos4KWvUr2MCwDYKqCZbAVMl/TkA3AHQZiUlHHEjbXXDQhrEpE
-TZulIpw+hqi63wJktnT1lcRx6OAoHSvqBpT6PPEH0yNVtoTUAPQoCBi+xzjht9m0
-v9Ph09gTYHLh5NMxN7HPueHJjV7iHFSjkLFpbweQ/2iGaX3vUGkNnUcYOQIDAQAB
-AoGAdxNkv74dnd0IqLHOjut6L16XqqsMXkJ8AdQeBMBNT+bexlxjpJASFW6ghV5i
-+T0k/GRhdUouPBvumJhU4Gx9zpVYUMzAxZDgWQfoknQ11fs6bi1aH8Fn9NhC3UeB
-ZaSmkAyeTMpJMzVAiVLND3iN/83OcijqSq2MZ4kkdsQngAECQQD/AOBiwlh6AVtZ
-bJMbVSVPLdtQRtGuP29gaC64vROE60qfxUcW7H2rHdMq4AWrlaZ3hXxSLU+TuCDt
-Z7khtHexAkEA6ZxSJfw1SO0qqu/uHBcQTOzoTKPi28fRt2ilEIOhIzuHbJPpjFEp
-snhGfX+XgD4EtXH1ebdmh+rGZ8yRPcjTCQJBAJ170xfq4m1mzR2q+ibVLNd7gIhR
-VEmCj6xAaypYSue50DpfwYmcv/ef0bwW4imXoFkMLT0rEowuGNfFSQZRx+ECQETG
-TrD8JTvJBsy4QiNm7teWz3TwsrL9itIyLpZECkZzGhVvHky/AEWYfzgnPhT1LTG1
-0Qz6X2cYSTz5zrCf1PECQQCPZIkkOUsgq6kGDK5MTzAoTjPxzIDgLX/YdMelwHUA
-pK+nv/gxO9Pjd+wcU4GmaD0KXdLtu+dsKT3bx/7RzGjj
------END RSA PRIVATE KEY-----

configs/freeDiameter/meson.build

@@ -34,24 +34,3 @@ foreach file : freediameter_conf
     meson.add_install_script(python3_exe, '-c',
             install_conf.format(gen, freediameter_sysconfdir))
 endforeach
-
-freediameter_pem = '''
-    cacert.pem
-    mme.cert.pem
-    mme.key.pem
-    hss.cert.pem
-    hss.key.pem
-    smf.cert.pem
-    smf.key.pem
-    pcrf.cert.pem
-    pcrf.key.pem
-'''.split()
-
-foreach file : freediameter_pem
-    gen = configure_file(
-            input : file,
-            output : file,
-            configuration : conf_data)
-    meson.add_install_script(python3_exe, '-c',
-            install_conf.format(gen, freediameter_sysconfdir))
-endforeach

configs/freeDiameter/mme.cert.pem

@@ -1,60 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests
-        Validity
-            Not Before: Aug 22 00:39:17 2020 GMT
-            Not After : Aug 20 00:39:17 2030 GMT
-        Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=mme.localdomain
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
-                Modulus:
-                    00:9c:69:25:fc:ee:7f:11:e0:81:f7:b5:51:8f:01:
-                    b8:9e:01:74:03:3e:a5:25:de:6f:28:66:05:6f:7b:
-                    ab:86:0f:09:fc:94:7b:e8:aa:9f:0b:5f:32:27:46:
-                    f0:ca:e2:12:f3:5d:03:80:e9:9a:1d:f0:20:d6:5c:
-                    1b:4b:65:d4:66:e3:b7:63:19:6e:b1:e8:db:6c:24:
-                    df:24:2c:50:f2:1c:8a:33:c1:f7:27:b8:3c:6e:c6:
-                    90:98:ac:43:67:00:6b:3d:ab:39:49:3d:d5:74:77:
-                    6a:0e:38:4e:41:cd:e4:15:63:27:76:b5:9c:75:f8:
-                    cb:6f:cc:5e:f3:a7:68:ef:a5
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                92:69:1E:3F:9F:E2:40:2F:81:24:05:B4:13:AA:8A:65:5C:7C:71:1D
-            X509v3 Authority Key Identifier: 
-                keyid:64:FB:C8:D7:A3:20:17:DC:A8:3A:AA:4B:2B:85:CD:BD:3E:53:4B:09
-
-    Signature Algorithm: sha256WithRSAEncryption
-         74:fc:32:ee:e6:2b:a5:f5:a4:71:64:49:ff:eb:6f:01:30:32:
-         b7:61:62:97:e1:2c:0f:50:62:a8:71:9a:bd:8b:d8:0d:4b:28:
-         ea:b4:5f:1c:30:3e:4c:23:2f:c5:5b:77:ed:48:c2:bb:b7:0c:
-         d9:50:4d:7f:7f:a3:b9:1e:2c:19:33:1e:41:94:e1:14:1b:45:
-         e8:ae:27:aa:5e:78:8e:67:67:19:69:48:e3:e4:c0:c3:a7:85:
-         fd:fd:d6:62:6e:dd:1f:31:2f:bc:9a:d2:fa:82:eb:4b:3e:35:
-         e0:90:db:ed:de:1a:68:33:6f:e6:90:9f:08:64:60:46:91:09:
-         74:15
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBATANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s
-b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH
-DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMjAw
-ODIyMDAzOTE3WhcNMzAwODIwMDAzOTE3WjBZMQswCQYDVQQGEwJLTzEOMAwGA1UE
-CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRgwFgYD
-VQQDDA9tbWUubG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AJxpJfzufxHggfe1UY8BuJ4BdAM+pSXebyhmBW97q4YPCfyUe+iqnwtfMidG8Mri
-EvNdA4Dpmh3wINZcG0tl1Gbjt2MZbrHo22wk3yQsUPIcijPB9ye4PG7GkJisQ2cA
-az2rOUk91XR3ag44TkHN5BVjJ3a1nHX4y2/MXvOnaO+lAgMBAAGjezB5MAkGA1Ud
-EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
-YXRlMB0GA1UdDgQWBBSSaR4/n+JAL4EkBbQTqoplXHxxHTAfBgNVHSMEGDAWgBRk
-+8jXoyAX3Kg6qksrhc29PlNLCTANBgkqhkiG9w0BAQsFAAOBgQB0/DLu5iul9aRx
-ZEn/628BMDK3YWKX4SwPUGKocZq9i9gNSyjqtF8cMD5MIy/FW3ftSMK7twzZUE1/
-f6O5HiwZMx5BlOEUG0XorieqXniOZ2cZaUjj5MDDp4X9/dZibt0fMS+8mtL6gutL
-PjXgkNvt3hpoM2/mkJ8IZGBGkQl0FQ==
------END CERTIFICATE-----

configs/freeDiameter/mme.conf.in

@@ -106,7 +106,7 @@ ListenOn = "127.0.0.2";
 # Default : NO DEFAULT
 #TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
 #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
-TLS_Cred = "@sysconfdir@/freeDiameter/mme.cert.pem", "@sysconfdir@/freeDiameter/mme.key.pem";
+TLS_Cred = "@sysconfdir@/open5gs/tls/mme.crt", "@sysconfdir@/open5gs/tls/mme.key";
 
 # Certificate authority / trust anchors
 # The file containing the list of trusted Certificate Authorities (PEM list)
@@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/mme.cert.pem", "@sysconfdir@/freeDiameter/
 # The directive can appear several times to specify several files.
 # Default : GNUTLS default behavior
 #TLS_CA = "<file.PEM>";
-TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
+TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt";
 
 # Certificate Revocation List file
 # The information about revoked certificates.

configs/freeDiameter/mme.key.pem

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCcaSX87n8R4IH3tVGPAbieAXQDPqUl3m8oZgVve6uGDwn8lHvo
-qp8LXzInRvDK4hLzXQOA6Zod8CDWXBtLZdRm47djGW6x6NtsJN8kLFDyHIozwfcn
-uDxuxpCYrENnAGs9qzlJPdV0d2oOOE5BzeQVYyd2tZx1+MtvzF7zp2jvpQIDAQAB
-AoGARr3D4a7Yp/Q7tBY86gokPsp3dxQ5S3RcIBBseuybOknJAYUCucuZnWIT4/HQ
-7GHtokY6VG7TNqEpqOoFqkdHFgDZQlJPG+N2B63JEGxAL0RedHsTbnYQ8MFqrixb
-U59yDfwudrlEYAQNML51pEp7D06Add+CPubcFLO8Tnh/z20CQQDQCWRPP0ZdfYk1
-NZFS82fWxWE0jhxEu8nFXCh4uawlSOyyl8RFKyvwFhs+u8DAS+ntSA5nBIkglLW5
-aM+WbJerAkEAwHi5BIojXNmqjrfDDDaD3jM5/Ug2SOuReVz/7JDoPC/w9rob37RM
-pz0bWrtOVCud+mD0WeOjsxfsb6ixpjMF7wJBAI9zmnbG0/eNo/pL6NzBOP4w9rlt
-sPJ4Z0avKL0ukxTWt1jjLBTiExcntzvH7b7r2e+ju0KwLvqHcNPcASDh2qcCQBQ4
-Wo+ch4yInX9y1L3iuEXOsefm/zT38oeCeqx6qLsx+imhca41vdvP8qC8jsUO9ADK
-0MDkxlzZRZCRc2BXeecCQQCl+Ac9n+gtpIUFNmwvgtOnnjDAEDhGgi4lR45frT75
-t57D+YTERbn2pygttzhZ6imWMEUnSQJQSGpDAUnVsIUg
------END RSA PRIVATE KEY-----

configs/freeDiameter/pcrf.cert.pem

@@ -1,60 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 4 (0x4)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests
-        Validity
-            Not Before: Aug 22 00:39:17 2020 GMT
-            Not After : Aug 20 00:39:17 2030 GMT
-        Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=pcrf.localdomain
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
-                Modulus:
-                    00:b9:1f:b3:a5:74:de:31:97:ac:fa:86:1d:65:86:
-                    c7:be:b1:25:07:01:f3:69:21:7a:6d:ec:d7:c8:ec:
-                    e2:c9:e8:71:a1:07:ce:0e:68:e5:0f:a9:ec:f3:5e:
-                    5e:3e:a4:ea:27:f3:fa:65:36:2d:7c:ce:a8:70:cc:
-                    34:db:51:b2:28:7b:03:bf:78:06:61:7c:44:81:17:
-                    88:f9:c9:16:cb:2e:9f:21:4a:24:28:0a:0f:76:ef:
-                    63:0f:05:a4:ee:52:64:1f:4f:0b:ec:4e:6c:1b:12:
-                    40:43:75:ed:62:16:ec:6a:ba:15:dd:c4:b9:fa:a9:
-                    de:2c:80:f5:84:c5:97:ec:7b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                CD:C4:C9:C1:7F:D9:34:1F:DB:08:61:27:FC:59:A2:C2:CC:19:9A:7B
-            X509v3 Authority Key Identifier: 
-                keyid:64:FB:C8:D7:A3:20:17:DC:A8:3A:AA:4B:2B:85:CD:BD:3E:53:4B:09
-
-    Signature Algorithm: sha256WithRSAEncryption
-         24:3a:da:a7:50:b3:42:ab:e9:87:21:b2:d9:2b:a1:44:0b:5f:
-         bd:ad:c9:8b:b1:ca:d5:2e:65:46:55:80:11:00:33:03:f9:04:
-         b1:31:a2:c9:d2:41:e0:ec:73:bc:9a:3c:31:06:cc:d0:2d:73:
-         1f:b4:93:1c:b0:99:dd:14:27:64:39:7e:c5:ab:53:48:c5:25:
-         e8:88:fd:4e:b8:dd:64:88:b5:b4:89:8b:15:97:8b:e7:c9:fb:
-         23:6c:ed:60:9b:2f:f0:99:7a:75:6c:8e:ea:09:c6:ba:ff:e9:
-         81:3f:97:96:8b:00:58:5b:88:13:e8:8a:39:4c:f6:c9:06:d3:
-         24:66
------BEGIN CERTIFICATE-----
-MIICszCCAhygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s
-b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH
-DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMjAw
-ODIyMDAzOTE3WhcNMzAwODIwMDAzOTE3WjBaMQswCQYDVQQGEwJLTzEOMAwGA1UE
-CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRkwFwYD
-VQQDDBBwY3JmLmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQC5H7OldN4xl6z6hh1lhse+sSUHAfNpIXpt7NfI7OLJ6HGhB84OaOUPqezzXl4+
-pOon8/plNi18zqhwzDTbUbIoewO/eAZhfESBF4j5yRbLLp8hSiQoCg9272MPBaTu
-UmQfTwvsTmwbEkBDde1iFuxquhXdxLn6qd4sgPWExZfsewIDAQABo3sweTAJBgNV
-HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
-Y2F0ZTAdBgNVHQ4EFgQUzcTJwX/ZNB/bCGEn/FmiwswZmnswHwYDVR0jBBgwFoAU
-ZPvI16MgF9yoOqpLK4XNvT5TSwkwDQYJKoZIhvcNAQELBQADgYEAJDrap1CzQqvp
-hyGy2SuhRAtfva3Ji7HK1S5lRlWAEQAzA/kEsTGiydJB4OxzvJo8MQbM0C1zH7ST
-HLCZ3RQnZDl+xatTSMUl6Ij9TrjdZIi1tImLFZeL58n7I2ztYJsv8Jl6dWyO6gnG
-uv/pgT+XlosAWFuIE+iKOUz2yQbTJGY=
------END CERTIFICATE-----

configs/freeDiameter/pcrf.conf.in

@@ -106,7 +106,7 @@ ListenOn = "127.0.0.9";
 # Default : NO DEFAULT
 #TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
 #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
-TLS_Cred = "@sysconfdir@/freeDiameter/pcrf.cert.pem", "@sysconfdir@/freeDiameter/pcrf.key.pem";
+TLS_Cred = "@sysconfdir@/open5gs/tls/pcrf.crt", "@sysconfdir@/open5gs/tls/pcrf.key";
 
 # Certificate authority / trust anchors
 # The file containing the list of trusted Certificate Authorities (PEM list)
@@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/pcrf.cert.pem", "@sysconfdir@/freeDiameter
 # The directive can appear several times to specify several files.
 # Default : GNUTLS default behavior
 #TLS_CA = "<file.PEM>";
-TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
+TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt";
 
 # Certificate Revocation List file
 # The information about revoked certificates.

configs/freeDiameter/pcrf.key.pem

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICWgIBAAKBgQC5H7OldN4xl6z6hh1lhse+sSUHAfNpIXpt7NfI7OLJ6HGhB84O
-aOUPqezzXl4+pOon8/plNi18zqhwzDTbUbIoewO/eAZhfESBF4j5yRbLLp8hSiQo
-Cg9272MPBaTuUmQfTwvsTmwbEkBDde1iFuxquhXdxLn6qd4sgPWExZfsewIDAQAB
-An8UP2NmtWGYCv7gZ8rPT+6I7Ncf7RayaPb7DuyLDV3At6u18SSYbuCe1fcUpz2n
-nGH//K9mYoaXIANMUwl083qIwxT0VbarpTCgiHT8afdISe6Bm8B8Xs0ITEikRHiG
-vmI/oCbCA1DkXZlf4jpQbGdet2DyxnJTXv+W9vDkqHOhAkEA74Y+MQgf3eaz/on9
-2I5S0kvFJxBYjkAcbkzHmytA5cT45KoCIF+6oPAnBoDkLq3fUotOgWzX2pnWHzMu
-+VLtrwJBAMXbhpxQflZ/4eqDYbD49ggVO8VJzl3Ch1B7ZvKW/b+6plRwsdHx0RFk
-xbwz02GuJbwf6UjVW1VyaQF6fgkdzPUCQQCYhK+nQxgfkV69zxpvwbilJhBFHph1
-BAfWiFd1y+YIKROfb03pVWuePS1sa7hgrOCOTBxSN39/OAPrXAkmQ5MLAkBbNSZp
-eoWy1ELNe4EWNr4b3cXu3WYfPKRqCmjbnZUdxCoWtNiUAlgxH3YzmuRvm/rTLRa6
-N3hh/FrBjrj49N7dAkA5SaCw2WFulgLRPA6QwfObrQEYkHgtF2++r9jhane5nfq3
-/kcrlFnfDfT7ITc32Hmvgj7wJud7w8ANukPXG7DU
------END RSA PRIVATE KEY-----

configs/freeDiameter/smf.cert.pem

@@ -1,60 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 3 (0x3)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests
-        Validity
-            Not Before: Aug 22 00:39:17 2020 GMT
-            Not After : Aug 20 00:39:17 2030 GMT
-        Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=smf.localdomain
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
-                Modulus:
-                    00:ad:d6:cb:88:33:51:23:72:f1:16:29:2a:df:b7:
-                    75:d7:38:9e:da:18:b6:27:73:a8:60:ec:04:8f:d0:
-                    cd:c6:2e:10:ff:bd:c3:c2:a3:d7:53:e7:9e:73:07:
-                    07:a9:59:16:b1:7f:92:79:4d:d8:ee:5a:c7:ed:ef:
-                    37:83:8a:7d:94:08:41:0b:34:68:27:a5:4b:7d:cb:
-                    29:fb:85:c0:21:6e:17:72:32:29:7a:28:be:94:31:
-                    56:d2:85:9f:4b:b1:33:6f:f9:eb:01:9c:e7:2f:68:
-                    94:6b:91:58:a7:80:04:94:3c:b3:19:96:91:31:f7:
-                    c4:81:98:2b:85:8f:5c:f0:fd
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                91:4B:EF:65:02:0D:C8:85:FA:4A:3F:29:C0:10:3C:1B:AE:E4:AD:A4
-            X509v3 Authority Key Identifier: 
-                keyid:64:FB:C8:D7:A3:20:17:DC:A8:3A:AA:4B:2B:85:CD:BD:3E:53:4B:09
-
-    Signature Algorithm: sha256WithRSAEncryption
-         a3:6e:4f:00:bd:1a:62:b9:86:0f:35:f6:18:8d:15:61:a2:bc:
-         05:07:f1:73:8d:70:6f:e1:34:f1:ae:87:26:87:13:0b:c8:d8:
-         29:16:70:02:12:73:36:f9:de:43:26:12:7d:9f:d2:20:7c:e2:
-         76:47:0b:14:ba:67:e5:5a:0d:22:3b:00:c8:35:ab:dd:b1:9a:
-         e5:75:b0:86:89:02:15:32:b3:e9:48:c3:e0:38:e1:56:4c:fd:
-         aa:12:96:00:6d:a6:c3:ab:b0:8c:4b:ab:b2:4c:c2:08:26:ab:
-         d6:3f:26:95:4a:da:b8:dd:9a:f8:fe:b9:c2:e3:7a:a3:2f:2c:
-         7f:df
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBAzANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s
-b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH
-DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMjAw
-ODIyMDAzOTE3WhcNMzAwODIwMDAzOTE3WjBZMQswCQYDVQQGEwJLTzEOMAwGA1UE
-CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRgwFgYD
-VQQDDA9zbWYubG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AK3Wy4gzUSNy8RYpKt+3ddc4ntoYtidzqGDsBI/QzcYuEP+9w8Kj11PnnnMHB6lZ
-FrF/knlN2O5ax+3vN4OKfZQIQQs0aCelS33LKfuFwCFuF3IyKXoovpQxVtKFn0ux
-M2/56wGc5y9olGuRWKeABJQ8sxmWkTH3xIGYK4WPXPD9AgMBAAGjezB5MAkGA1Ud
-EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
-YXRlMB0GA1UdDgQWBBSRS+9lAg3IhfpKPynAEDwbruStpDAfBgNVHSMEGDAWgBRk
-+8jXoyAX3Kg6qksrhc29PlNLCTANBgkqhkiG9w0BAQsFAAOBgQCjbk8AvRpiuYYP
-NfYYjRVhorwFB/FzjXBv4TTxrocmhxMLyNgpFnACEnM2+d5DJhJ9n9IgfOJ2RwsU
-umflWg0iOwDINavdsZrldbCGiQIVMrPpSMPgOOFWTP2qEpYAbabDq7CMS6uyTMII
-JqvWPyaVStq43Zr4/rnC43qjLyx/3w==
------END CERTIFICATE-----

configs/freeDiameter/smf.conf.in

@@ -106,7 +106,7 @@ ListenOn = "127.0.0.4";
 # Default : NO DEFAULT
 #TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
 #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
-TLS_Cred = "@sysconfdir@/freeDiameter/smf.cert.pem", "@sysconfdir@/freeDiameter/smf.key.pem";
+TLS_Cred = "@sysconfdir@/open5gs/tls/smf.crt", "@sysconfdir@/open5gs/tls/smf.key";
 
 # Certificate authority / trust anchors
 # The file containing the list of trusted Certificate Authorities (PEM list)
@@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/smf.cert.pem", "@sysconfdir@/freeDiameter/
 # The directive can appear several times to specify several files.
 # Default : GNUTLS default behavior
 #TLS_CA = "<file.PEM>";
-TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
+TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt";
 
 # Certificate Revocation List file
 # The information about revoked certificates.

configs/freeDiameter/smf.key.pem

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCt1suIM1EjcvEWKSrft3XXOJ7aGLYnc6hg7ASP0M3GLhD/vcPC
-o9dT555zBwepWRaxf5J5TdjuWsft7zeDin2UCEELNGgnpUt9yyn7hcAhbhdyMil6
-KL6UMVbShZ9LsTNv+esBnOcvaJRrkVingASUPLMZlpEx98SBmCuFj1zw/QIDAQAB
-AoGAV1x1hmn7oav22mMv56PD9be/pOz8RZFLEgIqPLf7YVfvNQaBpYQ/ByyEJVxo
-DkP2Mpdg3dMwbIB0ru8j39guSO0evsCG95u5L3lUMLFh/+WTt4W0g4+9y0qD1dUy
-y7kk+gKLlbPvyRNr+CiEnpz/rxdWC3J+tVBsWJGNjBGtZWECQQDdn5q7FUrF6HHQ
-O5iJYCbeL+Xn4Ajwrr4M9OeGhMz4pTTtE45jjGi2ykFa9TJFMqjLuClBXw5FkIOe
-S4unTO7JAkEAyM268Z558xHHnRl6uEN1NrqqpdXtZYnK9lm4/kZRs2mKm/98fjf0
-GiHwiKqONP7si4ARE2Ws1wKmXmCe0nNGlQJBAMw8KFCd95FYe4IlWZXHySnaxCki
-WbrLnhK8opxhx66gOJz996sfmuRQkVfsPE5uuAU9Cq/WlIVg/xoijmk3yZkCQEFu
-YCsZM62TrpKvWcCvIoOZ4b817Sw38S3C4LfiW/71NhhM8NkEDINzabhusvXr11JB
-gc7rQ52wHFwGadoze90CQF9qOBatpIFlEDkhzKofRILCWIzSrfhFdcCZqe6K8G10
-ngbk3Xg3I0I+qWViDivOm689SC9xniF7wJ1XH0BRBKE=
------END RSA PRIVATE KEY-----

configs/logrotate/open5gs.in

@@ -7,7 +7,7 @@
     create 640 open5gs open5gs
 
     postrotate
-        for i in nrfd pcrfd hssd ausfd udmd udrd upfd sgwcd sgwud smfd mmed amfd; do
+        for i in nrfd scpd pcrfd hssd ausfd udmd udrd upfd sgwcd sgwud smfd mmed amfd; do
             systemctl reload open5gs-$i
         done
     endscript

configs/meson.build

@@ -22,10 +22,13 @@ conf_data.set('sysconfdir', sysconfdir)
 conf_data.set('libdir', libdir)
 conf_data.set('localstatedir', localstatedir)
 
-freediameter_extensions_builddir = join_paths(
-        meson.build_root(), 'subprojects', 'freeDiameter', 'extensions')
-conf_data.set('freediameter_extensions_builddir',
-        freediameter_extensions_builddir)
+build_configs_dir = join_paths(open5gs_build_dir, 'configs')
+conf_data.set('build_configs_dir', build_configs_dir)
+
+build_subprojects_freeDiameter_extensions_dir = join_paths(
+        open5gs_build_dir, 'subprojects', 'freeDiameter', 'extensions')
+conf_data.set('build_subprojects_freeDiameter_extensions_dir',
+        build_subprojects_freeDiameter_extensions_dir)
 
 example_conf = '''
     sample.yaml
@@ -34,7 +37,7 @@ example_conf = '''
     volte.yaml
     vonr.yaml
     slice.yaml
-    srslte.yaml
+    srsenb.yaml
     non3gpp.yaml
 '''.split()
 

configs/newsyslog/open5gs.conf.in

@@ -2,6 +2,7 @@
 #
 # logfilename                         [owner:group] mode count size  when  flags [/pid_file]        [sig_num]
 @localstatedir@/log/open5gs/nrf.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-nrfd/pid`
+@localstatedir@/log/open5gs/scp.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-scpd/pid`
 @localstatedir@/log/open5gs/pcrf.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-pcrfd/pid`
 @localstatedir@/log/open5gs/hss.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-hssd/pid`
 @localstatedir@/log/open5gs/ausf.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-ausfd/pid`

configs/non3gpp.yaml.in

@@ -2,8 +2,21 @@ db_uri: mongodb://localhost/open5gs
 
 logger:
 
+sbi:
+    server:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testserver.key
+      cert: @build_configs_dir@/open5gs/tls/testserver.crt
+    client:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testclient.key
+      cert: @build_configs_dir@/open5gs/tls/testclient.crt
+
 parameter:
 #    no_nrf: true
+#    no_scp: true
 #    no_amf: true
 #    no_smf: true
 #    no_upf: true
@@ -18,6 +31,7 @@ parameter:
 #    no_sgwu: true
 #    no_pcrf: true
 #    no_hss: true
+#    use_mongodb_change_stream: true
 
 mme:
     freeDiameter:
@@ -26,14 +40,14 @@ mme:
       listen_on: 127.0.0.2
       no_fwd: true
       load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
           conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
       connect:
         - identity: hss.localdomain
           addr: 127.0.0.8
@@ -44,13 +58,13 @@ mme:
       - addr: 127.0.0.2
     gummei:
       plmn_id:
-        mcc: 901
+        mcc: 999
         mnc: 70
       mme_gid: 2
       mme_code: 1
     tai:
       plmn_id:
-        mcc: 901
+        mcc: 999
         mnc: 70
       tac: 1
     security:
@@ -93,14 +107,14 @@ smf:
       listen_on: 127.0.0.4
       no_fwd: true
       load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
           conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
       connect:
         - identity: pcrf.localdomain
           addr: 127.0.0.9
@@ -114,19 +128,19 @@ amf:
       - addr: 127.0.0.5
     guami:
       - plmn_id:
-          mcc: 901
+          mcc: 999
           mnc: 70
         amf_id:
           region: 2
           set: 1
     tai:
       - plmn_id:
-          mcc: 901
+          mcc: 999
           mnc: 70
         tac: 1
     plmn_support:
       - plmn_id:
-          mcc: 901
+          mcc: 999
           mnc: 70
         s_nssai:
           - sst: 1
@@ -151,6 +165,9 @@ upf:
     subnet:
       - addr: 10.45.0.1/16
       - addr: 2001:db8:cafe::1/48
+    metrics:
+      - addr: 127.0.0.7
+        port: 9090
 
 hss:
     freeDiameter:
@@ -159,14 +176,14 @@ hss:
       listen_on: 127.0.0.8
       no_fwd: true
       load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
           conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
       connect:
         - identity: mme.localdomain
           addr: 127.0.0.2
@@ -179,14 +196,14 @@ pcrf:
       listen_on: 127.0.0.9
       no_fwd: true
       load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
           conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
       connect:
         - identity: smf.localdomain
           addr: 127.0.0.4
@@ -212,13 +229,16 @@ pcf:
     sbi:
       - addr: 127.0.0.13
         port: 7777
+    metrics:
+      - addr: 127.0.0.13
+        port: 9090
 
 nssf:
     sbi:
       - addr: 127.0.0.14
         port: 7777
     nsi:
-      - addr: ::1
+      - addr: 127.0.0.10
         port: 7777
         s_nssai:
           sst: 1
@@ -231,3 +251,7 @@ udr:
     sbi:
       - addr: 127.0.0.20
         port: 7777
+
+time:
+  t3512:
+    value: 540     # 9 mintues * 60 = 540 seconds

configs/open5gs/amf.yaml.in

@@ -1,107 +1,338 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,ngap,nas,gmm,sbi,amf,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
     file: @localstatedir@/log/open5gs/amf.log
+
 #
-# amf:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/amf.key
+      cert: @sysconfdir@/open5gs/tls/amf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/amf.key
+      cert: @sysconfdir@/open5gs/tls/amf.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
 #          - ::0
 #        port: 7777
 #
-#  o SBI Server(https://<all address avaiable>:443)
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  amf:
 #    sbi:
-#      - tls:
-#          key: amf.key
-#          pem: amf.pem
 #
-#  o SBI Server(https://127.0.0.5:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.5:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  amf:
 #    sbi:
 #      - addr: 127.0.0.5
-#        tls:
-#          key: amf.key
-#          pem: amf.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://amf.open5gs.org:80)
+#  o SBI Server(https://amf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  amf:
 #    sbi:
 #      - name: amf.open5gs.org
 #
 #  o SBI Server(http://127.0.0.5:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #      - addr: 127.0.0.5
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-amf.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #      - addr: localhost
 #        advertise:
 #          - 127.0.0.99
 #          - ::1
 #
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      addr: 127.0.0.5
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  amf:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  amf:
+#    service_name:
+#      - namf-comm
+#
+#  <NF Discovery Query Parameter>
+#
+#  o (Default) If you do not set Query Parameter as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - addr: 127.0.0.5
+#        port: 7777
+#
+#    - 'service-names' is included.
+#
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - addr: 127.0.0.5
+#        port: 7777
+#    discovery:
+#      option:
+#        no_service_names: false
+#
+#  o To remove 'service-names' from URI query parameters in NS Discovery
+#         no_service_names: true
+#
+#    * For Indirect Communication with Delegated Discovery,
+#      'service-names' is always included in the URI query parameter.
+#    * That is, 'no_service_names' has no effect.
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - addr: 127.0.0.5
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - addr: 127.0.0.5
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
 #  <NGAP Server>>
 #
-#  o NGAP Server(all address avaiable)
+#  o NGAP Server(all address available)
+#  amf:
 #    ngap:
 #
 #  o NGAP Server(0.0.0.0:38412)
+#  amf:
 #    ngap:
 #      addr: 0.0.0.0
 #
 #  o NGAP Server(127.0.0.5:38412, [::1]:38412)
+#  amf:
 #    ngap:
 #      - addr: 127.0.0.5
 #      - addr: ::1
 #
 #  o NGAP Server(different port)
+#  amf:
 #    ngap:
 #      - addr: 127.0.0.5
 #        port: 38413
 #
-#  o NGAP Server(address avaiable in `eth0` interface)
+#  o NGAP Server(address available in `eth0` interface)
+#  amf:
 #    ngap:
 #      dev: eth0
 #
+#  o NGAP Option (Default)
+#    - sctp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  amf:
+#    ngap:
+#      addr: 127.0.0.5
+#      option:
+#        stcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  o NGAP SCTP Option (Default)
+#    - spp_hbinterval : 5000 (5secs)
+#    - spp_sackdelay : 200 (200ms)
+#    - srto_initial : 3000 (3secs)
+#    - srto_min : 1000 (1sec)
+#    - srto_max : 5000 (5secs)
+#    - sinit_num_ostreams : 30
+#    - sinit_max_instreams : 65535
+#    - sinit_max_attempts : 4
+#    - sinit_max_init_timeo : 8000(8secs)
+#
+#  amf:
+#    ngap:
+#      addr: 127.0.0.5
+#      option:
+#        sctp:
+#          spp_hbinterval : 5000
+#          spp_sackdelay : 200
+#          srto_initial : 3000
+#          srto_min : 1000
+#          srto_max : 5000
+#          sinit_num_ostreams : 30
+#          sinit_max_instreams : 65535
+#          sinit_max_attempts : 4
+#          sinit_max_init_timeo : 8000
+#
+#  <Metrics Server>
+#
+#  o Metrics Server(http://<any address>:9090)
+#  amf:
+#    metrics:
+#      - addr: 0.0.0.0
+#        port: 9090
+#
 #  <GUAMI>
 #
 #  o Multiple GUAMI
+#  amf:
 #    guami:
 #      - plmn_id:
-#          mcc: 901
+#          mcc: 999
 #          mnc: 70
 #        amf_id:
 #          region: 2
@@ -117,62 +348,125 @@ logger:
 #  <TAI>
 #
 #  o Multiple TAI
+#
+#  When multiple TAIs are configured as shown below,
+#  the Served TAI is determined by comparing UserLocationInformation
+#  of UplinkNASTransport sent from gNB.
+#
+#  For example, if the gNB sends TAC with 30 to the AMF,
+#  the fourth TAI (TAC: 20, 28, 29-32, 36-38, 40-42, 50, 60, 70, 70)
+#  is determined as the Served TAI. The result is transmitted to the gNB
+#  as a Tracking Area identity List in Registration Accept.
+#
+#  amf:
 #    tai:
 #      - plmn_id:
 #          mcc: 001
 #          mnc: 01
-#        tac: [1, 2, 3]
+#        tac: [1, 3, 5]
 #    tai:
 #      - plmn_id:
 #          mcc: 002
 #          mnc: 02
-#        tac: 4
+#        tac: [6-10, 15-18]
+#    tai:
 #      - plmn_id:
 #          mcc: 003
 #          mnc: 03
-#        tac: 5
-#    tai:
+#        tac: 20
 #      - plmn_id:
 #          mcc: 004
 #          mnc: 04
-#        tac: [6, 7]
+#        tac: 21
+#    tai:
 #      - plmn_id:
 #          mcc: 005
 #          mnc: 05
-#        tac: 8
+#        tac: [22, 28]
 #      - plmn_id:
 #          mcc: 006
 #          mnc: 06
-#        tac: [9, 10]
+#        tac: [30-32, 34, 36-38, 40-42, 44, 46, 48]
+#      - plmn_id:
+#          mcc: 007
+#          mnc: 07
+#        tac: 50
+#      - plmn_id:
+#          mcc: 008
+#          mnc: 08
+#        tac: 60
+#      - plmn_id:
+#          mcc: 009
+#          mnc: 09
+#        tac: [70, 80]
 #
 #  <PLMN Support>
 #
 #  o Multiple PLMN Support
+#  amf:
 #    plmn_support:
 #      - plmn_id:
-#          mcc: 901
+#          mcc: 999
 #          mnc: 70
 #        s_nssai:
 #          - sst: 1
 #            sd: 010000
 #      - plmn_id:
-#          mcc: 901
+#          mcc: 999
 #          mnc: 70
 #        s_nssai:
 #          - sst: 1
 #
+#
+#  <Access Control>
+#
+#  If access_control is not specified, then all networks are allowed
+#  If access_control is defined,
+#  no other networks are allowed  other than matching plmn_id.
+#
+#  default_reject_cause may be used to overwrite the default error cause #11
+#  for non matching plmn_id
+#
+#  for matching plmn_id with reject_cause defined,
+#  the AMF rejects access with the reject_cause error cause
+#
+#  for matching plmn_id without reject_cause defined,
+#  the AMF accepts the PLMN traffic
+#
+#  o The example below only accepts 002/02 and 999/70 PLMNs.
+#    001/01 is rejected with cause 15,
+#    and the rest of the PLMNs are rejected with default cause 13.
+#
+#  amf:
+#    access_control:
+#      - default_reject_cause: 13
+#      - plmn_id:
+#          reject_cause: 15
+#          mcc: 001
+#          mnc: 01
+#      - plmn_id:
+#          mcc: 002
+#          mnc: 02
+#      - plmn_id:
+#          mcc: 999
+#          mnc: 70
+#
+#
 #  <Network Name>
 #
+#  amf:
 #    network_name:
 #        full: Open5GS
 #        short: Next
 #
 #  <AMF Name>
 #
-#    amf_name: amf1.open5gs.amf.5gc.mnc70.mcc901.3gppnetwork.org
+#  amf:
+#    amf_name: amf1.open5gs.amf.5gc.mnc70.mcc999.3gppnetwork.org
 #
 #  <Relative Capacity> - Default(255)
 #
+#  amf:
 #    relative_capacity: 100
 #
 amf:
@@ -181,21 +475,24 @@ amf:
         port: 7777
     ngap:
       - addr: 127.0.0.5
+    metrics:
+      - addr: 127.0.0.5
+        port: 9090
     guami:
       - plmn_id:
-          mcc: 901
+          mcc: 999
           mnc: 70
         amf_id:
           region: 2
           set: 1
     tai:
       - plmn_id:
-          mcc: 901
+          mcc: 999
           mnc: 70
         tac: 1
     plmn_support:
       - plmn_id:
-          mcc: 901
+          mcc: 999
           mnc: 70
         s_nssai:
           - sst: 1
@@ -207,21 +504,107 @@ amf:
     amf_name: open5gs-amf0
 
 #
-# nrf:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 #
 #  <SBI Client>>
 #
 #  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@@ -232,107 +615,100 @@ amf:
 #        - 127.0.0.10
 #        - fd69:f21d:873c:fa::1
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777
 
-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:
 
 #
-# max:
-#
-# o Maximum Number of UE per AMF/MME
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-#    gnb: 64
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
 #
 max:
 
 #
-# pool:
+# usrsctp:
+#    udp_port : 9899
 #
-# o The default memory pool size was set assuming 1024 UEs.
-#   To connect more UEs, you need to increase the size further.
-#
-#   - Pool-size 128         => 65536 Number
-#   - Pool-size 256         => 16384 Number
-#   - Pool-size 512         => 4096 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  65536
-#    256:  16384
-#    512:  4096
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-pool:
+usrsctp:
 
-#
-# sockopt:
-#    no_delay : true
-#
-sockopt:
-
-#
-# sctp:
-#    heartbit_interval : 5000 (5secs)
-#    sack_delay : 200 (200ms)
-#    rto_initial : 3000 (3secs)
-#    rto_min : 1000 (1sec)
-#    rto_max : 5000 (5secs)
-#    max_num_of_ostreams : 30
-#    max_num_of_istreams : 65535
-#    max_attempts : 4
-#    max_initial_timeout : 8000(8secs)
-#    usrsctp_udp_port : 9899
-#
-sctp:
-
-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 #
 #  o Handover Wait Duration (Default : 300 ms)
 #    Time to wait for AMF to send UEContextReleaseCommand
 #    to the source gNB after receiving HandoverNotify
+#    (Default values are used, so no configuration is required)
 #
 #  o Handover Wait Duration (500ms)
+#  time:
 #    handover:
 #        duration: 500
+#
+#  o Timers of 5GS mobility/session management
+#  time:
+#    t3502:
+#      value: 720  # 12 minutes * 60 = 720 seconds
+#    t3512:
+#      value: 3240 # 54 minutes * 60 = 3240 seconds
+#
 time:
+  t3512:
+    value: 540     # 9 mintues * 60 = 540 seconds

configs/open5gs/ausf.yaml.in

@@ -1,99 +1,363 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
 #    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
     file: @localstatedir@/log/open5gs/ausf.log
+
 #
-# ausf:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/ausf.key
+      cert: @sysconfdir@/open5gs/tls/ausf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/ausf.key
+      cert: @sysconfdir@/open5gs/tls/ausf.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
 #          - ::0
 #        port: 7777
 #
-#  o SBI Server(https://<all address avaiable>:443)
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/ausf.key
+#      cert: /etc/open5gs/tls/ausf.crt
+#  ausf:
 #    sbi:
-#      - tls:
-#          key: ausf.key
-#          pem: ausf.pem
 #
-#  o SBI Server(https://127.0.0.11:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.11:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/ausf.key
+#      cert: /etc/open5gs/tls/ausf.crt
+#  ausf:
 #    sbi:
 #      - addr: 127.0.0.11
-#        tls:
-#          key: ausf.key
-#          pem: ausf.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://ausf.open5gs.org:80)
+#  o SBI Server(https://ausf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/ausf.key
+#      cert: /etc/open5gs/tls/ausf.crt
+#  ausf:
 #    sbi:
 #      - name: ausf.open5gs.org
 #
 #  o SBI Server(http://127.0.0.11:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #      - addr: 127.0.0.11
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-ausf.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #      - addr: localhost
 #        advertise:
 #          - 127.0.0.99
 #          - ::1
 #
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      addr: 127.0.0.11
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  ausf:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  ausf:
+#    service_name:
+#      - nausf-auth
+#
+#  <NF Discovery Query Parameter>
+#
+#  o (Default) If you do not set Query Parameter as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - addr: 127.0.0.11
+#        port: 7777
+#
+#    - 'service-names' is included.
+#
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - addr: 127.0.0.11
+#        port: 7777
+#    discovery:
+#      option:
+#        no_service_names: false
+#
+#  o To remove 'service-names' from URI query parameters in NS Discovery
+#         no_service_names: true
+#
+#    * For Indirect Communication with Delegated Discovery,
+#      'service-names' is always included in the URI query parameter.
+#    * That is, 'no_service_names' has no effect.
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - addr: 127.0.0.11
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - addr: 127.0.0.11
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
 ausf:
     sbi:
       - addr: 127.0.0.11
         port: 7777
 
 #
-# nrf:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 #
 #  <SBI Client>>
 #
 #  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@@ -104,81 +368,74 @@ ausf:
 #        - 127.0.0.10
 #        - fd69:f21d:873c:fa::1
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777
 
-#
-# parameter:
-#
-#  o Number of output streams per SCTP associations.
-#      sctp_streams: 30
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:
 
 #
-# max:
-#
-# o Maximum Number of UE per AMF/MME
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-#    gnb: 64
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
 #
 max:
 
-#
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-#   To connect more UEs, you need to increase the size further.
-#
-#   - Pool-size 128         => 65536 Number
-#   - Pool-size 256         => 16384 Number
-#   - Pool-size 512         => 4096 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  65536
-#    256:  16384
-#    512:  4096
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-pool:
-
-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:

configs/open5gs/bsf.yaml.in

@@ -1,101 +1,363 @@
-db_uri: mongodb://localhost/open5gs
-
-#
-# logger:
 #
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,sbi,bsf,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
     file: @localstatedir@/log/open5gs/bsf.log
+
 #
-# bsf:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/bsf.key
+      cert: @sysconfdir@/open5gs/tls/bsf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/bsf.key
+      cert: @sysconfdir@/open5gs/tls/bsf.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
 #          - ::0
 #        port: 7777
 #
-#  o SBI Server(https://<all address avaiable>:443)
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
 #    sbi:
-#      - tls:
-#          key: bsf.key
-#          pem: bsf.pem
 #
-#  o SBI Server(https://127.0.0.15:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.15:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
 #    sbi:
 #      - addr: 127.0.0.15
-#        tls:
-#          key: bsf.key
-#          pem: bsf.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://bsf.open5gs.org:80)
+#  o SBI Server(https://bsf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
 #    sbi:
 #      - name: bsf.open5gs.org
 #
 #  o SBI Server(http://127.0.0.15:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - addr: 127.0.0.15
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-bsf.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - addr: localhost
 #        advertise:
 #          - 127.0.0.99
 #          - ::1
 #
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      addr: 127.0.0.15
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  bsf:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  bsf:
+#    service_name:
+#      - nbsf-management
+#
+#  <NF Discovery Query Parameter>
+#
+#  o (Default) If you do not set Query Parameter as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr: 127.0.0.15
+#        port: 7777
+#
+#    - 'service-names' is included.
+#
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr: 127.0.0.15
+#        port: 7777
+#    discovery:
+#      option:
+#        no_service_names: false
+#
+#  o To remove 'service-names' from URI query parameters in NS Discovery
+#         no_service_names: true
+#
+#    * For Indirect Communication with Delegated Discovery,
+#      'service-names' is always included in the URI query parameter.
+#    * That is, 'no_service_names' has no effect.
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr: 127.0.0.15
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr: 127.0.0.15
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
 bsf:
     sbi:
       - addr: 127.0.0.15
         port: 7777
 
 #
-# nrf:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 #
 #  <SBI Client>>
 #
 #  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@@ -106,81 +368,74 @@ bsf:
 #        - 127.0.0.10
 #        - fd69:f21d:873c:fa::1
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777
 
-#
-# parameter:
-#
-#  o Number of output streams per SCTP associations.
-#      sctp_streams: 30
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:
 
 #
-# max:
-#
-# o Maximum Number of UE per AMF/MME
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-#    gnb: 64
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
 #
 max:
 
-#
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-#   To connect more UEs, you need to increase the size further.
-#
-#   - Pool-size 128         => 65536 Number
-#   - Pool-size 256         => 16384 Number
-#   - Pool-size 512         => 4096 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  65536
-#    256:  16384
-#    512:  4096
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-pool:
-
-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:

configs/open5gs/hnet/curve25519-1.key

@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VuBCIEIBDJxn6GGlYloduPaEEjiW2bNQYZnT3xlo4HtshEi7FH
+-----END PRIVATE KEY-----

configs/open5gs/hnet/curve25519-3.key

@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VuBCIEIFAK2WjCQjB8TU7COXwdIKVhKGjPa+SJuyOVObjfW9hM
+-----END PRIVATE KEY-----

configs/open5gs/hnet/curve25519-5.key

@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VuBCIEIHh8rsYF8otbnyb8bcrhD1AAV5C9iBtjTlYJY3k5k0dt
+-----END PRIVATE KEY-----

configs/open5gs/hnet/meson.build

@@ -0,0 +1,38 @@
+# Copyright (C) 2022 by Sukchan Lee <acetcom@gmail.com>
+
+# This file is part of Open5GS.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+hnet_sysconfdir = join_paths(open5gs_sysconfdir, 'hnet')
+meson.add_install_script(python3_exe, '-c',
+        mkdir_p.format(hnet_sysconfdir))
+
+hnet_security = '''
+  curve25519-1.key
+  secp256r1-2.key
+  curve25519-3.key
+  secp256r1-4.key
+  curve25519-5.key
+  secp256r1-6.key
+'''.split()
+
+foreach file : hnet_security
+    gen = configure_file(
+            input : file,
+            output : file,
+            configuration : conf_data)
+    meson.add_install_script(python3_exe, '-c',
+            install_conf.format(gen, hnet_sysconfdir))
+endforeach

configs/open5gs/hnet/secp256r1-2.key

@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIHSp+RhHH1bzvv2lxR1zij+U9aUtS8nbl5n1Il+8zd5BoAoGCCqGSM49
+AwEHoUQDQgAEre/NExfRzoVi7CW5G0gAEg4SNtbiZh6kI1qE48hdokS8QqWUz1YS
+9J6PvihX2OSZ+RMixzf8zxu9tuTUJKgKlQ==
+-----END EC PRIVATE KEY-----

configs/open5gs/hnet/secp256r1-4.key

@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIAGZvsOAU0YMHhBK33hRkGMPkA3Xefq5b5hPQD6qnf5goAoGCCqGSM49
+AwEHoUQDQgAEdXfTAGY+0ibQoO9bfmk7+M/l//BiMzO6lNIUEMSj1k3k9SQPygGY
+jAuUHpVM4Uo6cWxuyurEn8pWn1vF3tVhbg==
+-----END EC PRIVATE KEY-----

configs/open5gs/hnet/secp256r1-6.key

@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIG3VKSXh/3WK0HzCkN1DgeUjF7TSLgAUyMn/WGHsxrZ3oAoGCCqGSM49
+AwEHoUQDQgAENU1ibHe7oWu4m6M8P0XoA78ZNKtdIsJgVU0nCk/c5sC3V+/4GuxU
+owtbASEXQZg4SGvts+1Yqz0p4WwCAAcwpQ==
+-----END EC PRIVATE KEY-----

configs/open5gs/hss.yaml.in

@@ -1,24 +1,25 @@
 db_uri: mongodb://localhost/open5gs
 
-#
-# logger:
 #
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,fd,hss,event,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
     file: @localstatedir@/log/open5gs/hss.log
@@ -27,52 +28,36 @@ hss:
     freeDiameter: @sysconfdir@/freeDiameter/hss.conf
 
 #
-# parameter:
+#  hss:
+#    sms_over_ims: "sip:smsc.mnc001.mcc001.3gppnetwork.org:7060;transport=tcp"
 #
-#  o Number of output streams per SCTP associations.
-#      sctp_streams: 30
+
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
+#
+#  o Use MongoDB Change Stream
+#  parameter:
+#    use_mongodb_change_stream: true
 #
 parameter:
 
 #
-# max:
-#
-# o Maximum Number of UE per AMF/MME
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-#    gnb: 64
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
 #
 max:
-
-#
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-#   To connect more UEs, you need to increase the size further.
-#
-#   - Pool-size 128         => 65536 Number
-#   - Pool-size 256         => 16384 Number
-#   - Pool-size 512         => 4096 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  65536
-#    256:  16384
-#    512:  4096
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-pool:

configs/open5gs/meson.build

@@ -29,6 +29,7 @@ open5gs_conf = '''
     hss.yaml
     pcrf.yaml
     nrf.yaml
+    scp.yaml
     ausf.yaml
     udm.yaml
     udr.yaml
@@ -45,3 +46,6 @@ foreach file : open5gs_conf
     meson.add_install_script(python3_exe, '-c',
             install_conf.format(gen, open5gs_sysconfdir))
 endforeach
+
+subdir('tls')
+subdir('hnet')

configs/open5gs/mme.yaml.in

@@ -1,58 +1,103 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,s1ap,nas,fd,gtp,mme,emm,esm,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
     file: @localstatedir@/log/open5gs/mme.log
 
-#
-# mme:
 #
 #  <S1AP Server>>
 #
-#  o S1AP Server(all address avaiable)
+#  o S1AP Server(all address available)
+#  mme:
 #    s1ap:
 #
 #  o S1AP Server(0.0.0.0:36412)
+#  mme:
 #    s1ap:
 #      addr: 0.0.0.0
 #
 #  o S1AP Server(127.0.0.2:36412, [::1]:36412)
+#  mme:
 #    s1ap:
 #      - addr: 127.0.0.2
 #      - addr: ::1
 #
 #  o S1AP Server(different port)
+#  mme:
 #    s1ap:
 #      - addr: 127.0.0.2
 #        port: 36413
 #
-#  o S1AP Server(address avaiable in `eth0` interface)
+#  o S1AP Server(address available in `eth0` interface)
+#  mme:
 #    s1ap:
 #      dev: eth0
 #
+#  o S1AP Option (Default)
+#    - sctp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  mme:
+#    s1ap:
+#      addr: 127.0.0.2
+#      option:
+#        stcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  o S1AP SCTP Option (Default)
+#    - spp_hbinterval : 5000 (5secs)
+#    - spp_sackdelay : 200 (200ms)
+#    - srto_initial : 3000 (3secs)
+#    - srto_min : 1000 (1sec)
+#    - srto_max : 5000 (5secs)
+#    - sinit_num_ostreams : 30
+#    - sinit_max_instreams : 65535
+#    - sinit_max_attempts : 4
+#    - sinit_max_init_timeo : 8000(8secs)
+#
+#  mme:
+#    s1ap:
+#      addr: 127.0.0.2
+#      option:
+#        sctp:
+#          spp_hbinterval : 5000
+#          spp_sackdelay : 200
+#          srto_initial : 3000
+#          srto_min : 1000
+#          srto_max : 5000
+#          sinit_num_ostreams : 30
+#          sinit_max_instreams : 65535
+#          sinit_max_attempts : 4
+#          sinit_max_init_timeo : 8000
+#
 #  <GTP-C Server>>
 #
-#  o GTP-C Server(all address avaiable)
+#  o GTP-C Server(all address available)
+#  mme:
 #    gtpc:
 #
 #  o GTP-C Server(127.0.0.2:2123, [::1]:2123)
+#  mme:
 #    gtpc:
 #      - addr: 127.0.0.2
 #      - addr: ::1
@@ -60,6 +105,7 @@ logger:
 #  <SGsAP>
 #
 #  o Single MSC/VLR(127.0.0.2)
+#  mme:
 #    sgsap:
 #      addr: 127.0.0.2
 #      map:
@@ -86,6 +132,7 @@ logger:
 #          lac: 43692
 #
 #  o Multiple MSC/VLR
+#  mme:
 #    sgsap:
 #      - addr: 127.0.0.2
 #        port: 29119
@@ -138,10 +185,18 @@ logger:
 #              mnc: 02
 #            lac: 43693
 #
+#  <Metrics Server>
+#
+#  o Metrics Server(http://<any address>:9090)
+#  mme:
+#    metrics:
+#      - addr: 0.0.0.0
+#        port: 9090
 #
 #  <GUMMEI>
 #
 #  o Multiple GUMMEI
+#  mme:
 #    gummei:
 #      - plmn_id:
 #          mcc: 001
@@ -162,47 +217,105 @@ logger:
 #  <TAI>
 #
 #  o Multiple TAI
+#
+#  When multiple TAIs are configured as shown below,
+#  the Served TAI is determined by comparing UserLocationInformation
+#  of UplinkNASTransport sent from eNB.
+#
+#  For example, if the eNB sends TAC with 30 to the MME,
+#  the fourth TAI (TAC: 20, 28, 29-32, 36-38, 40-42, 50, 60, 70, 70)
+#  is determined as the Served TAI. The result is transmitted to the eNB
+#  as a Tracking Area identity List in Registration Accept.
+#
+#  mme:
 #    tai:
 #      - plmn_id:
 #          mcc: 001
 #          mnc: 01
-#        tac: [1, 2, 3]
+#        tac: [1, 3, 5]
 #    tai:
 #      - plmn_id:
 #          mcc: 002
 #          mnc: 02
-#        tac: 4
+#        tac: [6-10, 15-18]
+#    tai:
 #      - plmn_id:
 #          mcc: 003
 #          mnc: 03
-#        tac: 5
-#    tai:
+#        tac: 20
 #      - plmn_id:
 #          mcc: 004
 #          mnc: 04
-#        tac: [6, 7]
+#        tac: 21
+#    tai:
 #      - plmn_id:
 #          mcc: 005
 #          mnc: 05
-#        tac: 8
+#        tac: [22, 28]
 #      - plmn_id:
 #          mcc: 006
 #          mnc: 06
-#        tac: [9, 10]
+#        tac: [30-32, 34, 36-38, 40-42, 44, 46, 48]
+#      - plmn_id:
+#          mcc: 007
+#          mnc: 07
+#        tac: 50
+#      - plmn_id:
+#          mcc: 008
+#          mnc: 08
+#        tac: 60
+#      - plmn_id:
+#          mcc: 009
+#          mnc: 09
+#        tac: [70, 80]
+#
+#
+#  <Access Control>
+#
+#  If access_control is not specified, then all networks are allowed
+#  If access_control is defined,
+#  no other networks are allowed  other than matching plmn_id.
+#
+#  default_reject_cause may be used to overwrite the default error cause #11
+#  for non matching plmn_id
+#
+#  for matching plmn_id with reject_cause defined,
+#  the MME rejects access with the reject_cause error cause
+#
+#  for matching plmn_id without reject_cause defined,
+#  the MME accepts the PLMN traffic
+#
+#  o The example below only accepts 002/02 and 999/70 PLMNs.
+#    001/01 is rejected with cause 15,
+#    and the rest of the PLMNs are rejected with default cause 13.
+#
+#  mme:
+#    access_control:
+#      - default_reject_cause: 13
+#      - plmn_id:
+#          reject_cause: 15
+#          mcc: 001
+#          mnc: 01
+#      - plmn_id:
+#          mcc: 002
+#          mnc: 02
+#      - plmn_id:
+#          mcc: 999
+#          mnc: 70
 #
 #
 #  <Network Name>
-#
+#  mme:
 #    network_name:
 #        full: Open5GS
 #        short: Next
 #
 #  <MME Name>
-#
+#  mme:
 #    mme_name: open5gs-mme0
 #
 #  <Relative Capacity> - Default(255)
-#
+#  mme:
 #    relative_capacity: 100
 #
 mme:
@@ -211,15 +324,18 @@ mme:
       - addr: 127.0.0.2
     gtpc:
       - addr: 127.0.0.2
-    gummei: 
+    metrics:
+      - addr: 127.0.0.2
+        port: 9090
+    gummei:
       plmn_id:
-        mcc: 901
+        mcc: 999
         mnc: 70
       mme_gid: 2
       mme_code: 1
     tai:
       plmn_id:
-        mcc: 901
+        mcc: 999
         mnc: 70
       tac: 1
     security:
@@ -229,8 +345,6 @@ mme:
         full: Open5GS
     mme_name: open5gs-mme0
 
-#
-# sgwc:
 #
 # <GTP-C Client>
 #
@@ -238,17 +352,20 @@ mme:
 #
 #  o One SGW is defined.
 #    If prefer_ipv4 is not true, [fd69:f21d:873c:fa::2] is selected.
+#  sgwc:
 #    gtpc:
 #      addr:
 #        - 127.0.0.3
 #        - fd69:f21d:873c:fa::2
 #
 #  o Two SGW are defined. MME selects SGW with round-robin manner per UE
+#  sgwc:
 #    gtpc:
 #      - addr: 127.0.0.3
 #      - addr: fd69:f21d:873c:fa::2
 #
 #  o Three SGW are defined. MME selects SGW with round-robin manner per UE
+#  sgwc:
 #    gtpc:
 #      - addr
 #        - 127.0.0.3
@@ -260,30 +377,32 @@ mme:
 #
 # <SGW Selection Mode>
 #
-# o Round-Robin
+#  o Round-Robin
+#  sgwc:
+#    gtpc:
+#      addr: 127.0.0.3
+#      addr: 127.0.2.2
+#      addr: 127.0.4.2
 #
-#   gtpc:
-#     addr: 127.0.0.3
-#     addr: 127.0.2.2
-#     addr: 127.0.4.2
-#
-# o SGW selection by eNodeB TAC
+#  o SGW selection by eNodeB TAC
 #   (either single TAC or multiple TACs, DECIMAL representation)
 #
-#   gtpc:
-#     - addr: 127.0.0.3
-#       tac: 26000
-#     - addr: 127.0.2.2
-#       tac: [25000, 27000, 28000]
+#  sgwc:
+#    gtpc:
+#      - addr: 127.0.0.3
+#        tac: 26000
+#      - addr: 127.0.2.2
+#        tac: [25000, 27000, 28000]
 #
 # o SGW selection by e_cell_id(28bit)
 #   (either single or multiple e_cell_id, HEX representation)
 #
-#   gtpc:
-#     - addr: 127.0.0.3
-#       e_cell_id: abcde01
-#     - addr: 127.0.2.2
-#       e_cell_id: [12345, a9413, 98765]
+#  sgwc:
+#    gtpc:
+#      - addr: 127.0.0.3
+#        e_cell_id: abcde01
+#      - addr: 127.0.2.2
+#        e_cell_id: [12345, a9413, 98765]
 #
 sgwc:
     gtpc:
@@ -298,15 +417,18 @@ sgwc:
 #    - To use a different APN for each SMF, specify gtpc.apn as the APN name.
 #    - If the HSS uses WebUI to set the SMF IP for each UE,
 #      you can use a specific SMF node for each UE.
+#    (Default values are used, so no configuration is required)
 #
 #  o Two SMF are defined. 127.0.0.4:2123 is used.
 #    [fd69:f21d:873c:fa::3]:2123 is ignored.
+#  smf:
 #    gtpc:
 #      - addr: 127.0.0.4
 #      - addr: fd69:f21d:873c:fa::3
 #
 #  o One SMF is defined. if prefer_ipv4 is not true,
 #    [fd69:f21d:873c:fa::3] is selected.
+#  smf:
 #    gtpc:
 #      - addr:
 #        - 127.0.0.4
@@ -315,6 +437,7 @@ sgwc:
 #  o Two SMF are defined with a different APN.
 #    - Note that if SMF IP for UE is configured in HSS,
 #      the following configurion for this UE is ignored.
+#  smf:
 #    gtpc:
 #      - addr: 127.0.0.4
 #        apn: internet
@@ -322,6 +445,7 @@ sgwc:
 #        apn: volte
 #
 #  o If APN is omitted, the default APN uses the first SMF node.
+#  smf:
 #    gtpc:
 #      - addr: 127.0.0.4
 #      - addr: 127.0.0.5
@@ -332,94 +456,63 @@ smf:
         - 127.0.0.4
         - ::1
 
-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
-#
-#  o Use OAI UE
-#    - Remove HashMME in Security-mode command message
-#    - Use the length 1 of EPS network feature support in Attach accept message
-#      use_openair: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:
 
 #
-# max:
-#
-# o Maximum Number of UE per AMF/MME
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-#    gnb: 64
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
 #
 max:
 
 #
-# pool:
+# usrsctp:
+#    udp_port : 9899
 #
-# o The default memory pool size was set assuming 1024 UEs.
-#   To connect more UEs, you need to increase the size further.
-#
-#   - Pool-size 128         => 65536 Number
-#   - Pool-size 256         => 16384 Number
-#   - Pool-size 512         => 4096 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  65536
-#    256:  16384
-#    512:  4096
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-pool:
+usrsctp:
 
-#
-# sockopt:
-#    no_delay : true
-#
-sockopt:
-
-#
-# sctp:
-#    heartbit_interval : 5000 (5secs)
-#    sack_delay : 200 (200ms)
-#    rto_initial : 3000 (3secs)
-#    rto_min : 1000 (1sec)
-#    rto_max : 5000 (5secs)
-#    max_num_of_ostreams : 30
-#    max_num_of_istreams : 65535
-#    max_attempts : 4
-#    max_initial_timeout : 8000(8secs)
-#    usrsctp_udp_port : 9899
-#
-sctp:
-
-#
-# time:
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 #
 #  o Handover Wait Duration (Default : 300 ms)
 #    Time to wait for MME to send UEContextReleaseCommand
 #    to the source eNB after receiving HandoverNotify
+#    (Default values are used, so no configuration is required)
 #
 #  o Handover Wait Duration (500ms)
+#  time:
 #    handover:
 #        duration: 500
+#
+#  o Timers of EPS mobility/session management
+#  time:
+#    t3402:
+#      value: 720  # 12 minutes * 60 = 720 seconds
+#    t3412:
+#      value: 3240 # 54 minutes * 60 = 3240 seconds
+#    t3423:
+#      value: 720  # 12 minutes * 60 = 720 seconds
 time:

configs/open5gs/nrf.yaml.in

@@ -1,160 +1,337 @@
-db_uri: mongodb://localhost/open5gs
-
-#
-# logger:
 #
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,sbi,nrf,event,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
     file: @localstatedir@/log/open5gs/nrf.log
 
 #
-# nrf:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/nrf.key
+      cert: @sysconfdir@/open5gs/tls/nrf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/nrf.key
+      cert: @sysconfdir@/open5gs/tls/nrf.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #
 #  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
 #          - ::0
 #        port: 7777
 #
-#  o SBI Server(https://<all address avaiable>:443)
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/nrf.key
+#      cert: /etc/open5gs/tls/nrf.crt
+#  nrf:
 #    sbi:
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
 #
-#  o SBI Server(https://127.0.0.10:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/nrf.key
+#      cert: /etc/open5gs/tls/nrf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://nrf.open5gs.org:80)
+#  o SBI Server(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/nrf.key
+#      cert: /etc/open5gs/tls/nrf.crt
+#  nrf:
 #    sbi:
-#      name: nrf.open5gs.org
+#      - name: nrf.open5gs.org
 #
 #  o SBI Server(http://127.0.0.10:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
 #    sbi:
-#      dev: eth0
+#      - dev: eth0
+#
+#  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      - dev: eth0
+#        advertise: open5gs-nrf.svc.local
+#
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      - addr: localhost
+#        advertise:
+#          - 127.0.0.99
+#          - ::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  nrf:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  nrf:
+#    service_name:
+#      - nnrf-nfm
+#      - nnrf-disc
 #
 nrf:
     sbi:
-      addr:
+      - addr:
         - 127.0.0.10
         - ::1
-      port: 7777
+        port: 7777
 
 #
-# parameter:
+#  <SBI Client>>
 #
-#  o Number of output streams per SCTP associations.
-#      sctp_streams: 30
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
+
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:
 
 #
-# max:
-#
-# o Maximum Number of UE per AMF/MME
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-#    gnb: 64
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
 #
 max:
 
 #
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-#   To connect more UEs, you need to increase the size further.
-#
-#   - Pool-size 128         => 65536 Number
-#   - Pool-size 256         => 16384 Number
-#   - Pool-size 512         => 4096 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  65536
-#    256:  16384
-#    512:  4096
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-pool:
-
-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (Disabled)
+#  time:
 #    nf_instance:
 #      heartbeat: 0
 #
 #  o NF Instance Heartbeat (5 seconds)
+#  time:
 #    nf_instance:
 #      heartbeat: 5
 #
 #  o NF Instance Validity (Default : 3600 seconds = 1 hour)
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Validity (10 seconds)
+#  time:
 #    nf_instance:
 #      validity: 10
 #
 #  o Subscription Validity (Default : 86400 seconds = 1 day)
+#    (Default values are used, so no configuration is required)
 #
 #  o Subscription Validity (Disabled)
+#  time:
 #    subscription:
 #      validity: 0
 #
 #  o Subscription Validity (3600 seconds = 1 hour)
+#  time:
 #    subscription:
 #      validity: 3600
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:

configs/open5gs/nssf.yaml.in

@@ -1,84 +1,188 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,sbi,nssf,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
     file: @localstatedir@/log/open5gs/nssf.log
+
 #
-# nssf:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/nssf.key
+      cert: @sysconfdir@/open5gs/tls/nssf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/nssf.key
+      cert: @sysconfdir@/open5gs/tls/nssf.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
 #          - ::0
 #        port: 7777
 #
-#  o SBI Server(https://<all address avaiable>:443)
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/nssf.key
+#      cert: /etc/open5gs/tls/nssf.crt
+#  nssf:
 #    sbi:
-#      - tls:
-#          key: nssf.key
-#          pem: nssf.pem
 #
-#  o SBI Server(https://127.0.0.14:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.14:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/nssf.key
+#      cert: /etc/open5gs/tls/nssf.crt
+#  nssf:
 #    sbi:
 #      - addr: 127.0.0.14
-#        tls:
-#          key: nssf.key
-#          pem: nssf.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://nssf.open5gs.org:80)
+#  o SBI Server(https://nssf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/nssf.key
+#      cert: /etc/open5gs/tls/nssf.crt
+#  nssf:
 #    sbi:
 #      - name: nssf.open5gs.org
 #
 #  o SBI Server(http://127.0.0.14:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #      - addr: 127.0.0.14
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-nssf.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #      - addr: localhost
 #        advertise:
 #          - 127.0.0.99
 #          - ::1
 #
-#  <List of avaiable Network Slice Instance(NSI)>
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      addr: 127.0.0.14
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <List of available Network Slice Instance(NSI)>
 #
 #  o One NSI
 #   - NRF[http://::1:7777/nnrf-nfm/v1/nf-instances]
 #     NSSAI[SST:1]
 #
+#  nssf:
 #    nsi:
 #      - addr: ::1
 #        port: 7777
@@ -95,6 +199,7 @@ logger:
 #   2. NRF[http://127.0.0.10:7777/nnrf-nfm/v1/nf-instances]
 #      NSSAI[SST:1, SD:009000]
 #
+#  nssf:
 #    nsi:
 #      - addr: ::1
 #        port: 7777
@@ -110,32 +215,207 @@ logger:
 #        s_nssai:
 #          sst: 1
 #          sd: 009000
+#
+#  o NSI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  nssf:
+#    nsi:
+#      addr: ::1
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  nssf:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  nssf:
+#    service_name:
+#      - nnssf-nsselection
+#
+#  <NF Discovery Query Parameter>
+#
+#  o (Default) If you do not set Query Parameter as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - addr: 127.0.0.14
+#        port: 7777
+#
+#    - 'service-names' is included.
+#
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - addr: 127.0.0.14
+#        port: 7777
+#    discovery:
+#      option:
+#        no_service_names: false
+#
+#  o To remove 'service-names' from URI query parameters in NS Discovery
+#         no_service_names: true
+#
+#    * For Indirect Communication with Delegated Discovery,
+#      'service-names' is always included in the URI query parameter.
+#    * That is, 'no_service_names' has no effect.
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - addr: 127.0.0.14
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - addr: 127.0.0.14
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
 nssf:
     sbi:
       - addr: 127.0.0.14
         port: 7777
     nsi:
-      - addr: ::1
+      - addr: 127.0.0.10
         port: 7777
         s_nssai:
           sst: 1
 
 #
-# nrf:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 #
 #  <SBI Client>>
 #
 #  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@@ -146,89 +426,74 @@ nssf:
 #        - 127.0.0.10
 #        - fd69:f21d:873c:fa::1
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777
 
-#
-# parameter:
-#
-#  o Number of output streams per SCTP associations.
-#      sctp_streams: 30
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:
 
 #
-# max:
-#
-# o Maximum Number of UE per AMF/MME
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-#    gnb: 64
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
 #
 max:
 
-#
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-#   To connect more UEs, you need to increase the size further.
-#
-#   - Pool-size 128         => 65536 Number
-#   - Pool-size 256         => 16384 Number
-#   - Pool-size 512         => 4096 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  65536
-#    256:  16384
-#    512:  4096
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-pool:
-
-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
-#  o NF Instance Heartbeat (Disabled)
-#    nf_instance:
-#      heartbeat: 0
-#
-#  o NF Instance Heartbeat (10 seconds)
-#    nf_instance:
-#      heartbeat: 10
-#
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:

configs/open5gs/pcf.yaml.in

@@ -1,84 +1,324 @@
 db_uri: mongodb://localhost/open5gs
 
-#
-# logger:
 #
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,sbi,pcf,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
     file: @localstatedir@/log/open5gs/pcf.log
+
 #
-# pcf:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/pcf.key
+      cert: @sysconfdir@/open5gs/tls/pcf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/pcf.key
+      cert: @sysconfdir@/open5gs/tls/pcf.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
 #          - ::0
 #        port: 7777
 #
-#  o SBI Server(https://<all address avaiable>:443)
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/pcf.key
+#      cert: /etc/open5gs/tls/pcf.crt
+#  pcf:
 #    sbi:
-#      - tls:
-#          key: pcf.key
-#          pem: pcf.pem
 #
-#  o SBI Server(https://127.0.0.13:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.13:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/pcf.key
+#      cert: /etc/open5gs/tls/pcf.crt
+#  pcf:
 #    sbi:
 #      - addr: 127.0.0.13
-#        tls:
-#          key: pcf.key
-#          pem: pcf.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://pcf.open5gs.org:80)
+#  o SBI Server(https://pcf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/pcf.key
+#      cert: /etc/open5gs/tls/pcf.crt
+#  pcf:
 #    sbi:
 #      - name: pcf.open5gs.org
 #
 #  o SBI Server(http://127.0.0.13:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
 #    sbi:
 #      - addr: 127.0.0.13
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-pcf.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
 #    sbi:
 #      - addr: localhost
 #        advertise:
 #          - 127.0.0.99
 #          - ::1
 #
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
+#    sbi:
+#      addr: 127.0.0.13
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  pcf:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  pcf:
+#    service_name:
+#      - npcf-am-policy-control
+#      - npcf-smpolicycontrol
+#      - npcf-policyauthorization
+#
+#  == NOTE ==
+#  Placing npcf-smpolicycontrol and pcf-policyauthorization
+#  in different NFs is not supported. Both npcf-smpolicycontrol
+#  and pcf-policyauthorization should be placed in the same NF.
+#
+#  <NF Discovery Query Parameter>
+#
+#  o (Default) If you do not set Query Parameter as shown below,
+#
+#    sbi:
+#      - addr: 127.0.0.13
+#        port: 7777
+#
+#    - 'service-names' is included.
+#
+#    sbi:
+#      - addr: 127.0.0.13
+#        port: 7777
+#    discovery:
+#      option:
+#        no_service_names: false
+#
+#  o To remove 'service-names' from URI query parameters in NS Discovery
+#         no_service_names: true
+#
+#    * For Indirect Communication with Delegated Discovery,
+#      'service-names' is always included in the URI query parameter.
+#    * That is, 'no_service_names' has no effect.
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
+#    sbi:
+#      - addr: 127.0.0.13
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
+#    sbi:
+#      - addr: 127.0.0.13
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
+#
+#  <Metrics Server>
+#
+#  o Metrics Server(http://<any address>:9090)
+#  pcf:
+#    metrics:
+#    - addr: 0.0.0.0
+#      port: 9090
+#
 pcf:
     sbi:
       - addr: 127.0.0.13
         port: 7777
+    metrics:
+      - addr: 127.0.0.13
+        port: 9090
+
+#
+# scp:
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80)
+#    sbi:
+#      - addr: 127.0.1.10
+#        tls:
+#          key: /etc/open5gs/tls/pcf.key
+#          cert: /etc/open5gs/tls/pcf.crt
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate to verify peer
+#
+#    sbi:
+#      - name: scp.open5gs.org
+#        tls:
+#          cacert: /etc/open5gs/tls/ca.crt
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
 
 #
 # nrf:
@@ -90,12 +330,24 @@ pcf:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443)
+#  tls:
+#    client:
+#      key: /etc/open5gs/tls/pcf.key
+#      cert: /etc/open5gs/tls/pcf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate to verify server
+#
+#  tls:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@@ -106,81 +358,70 @@ pcf:
 #        - 127.0.0.10
 #        - fd69:f21d:873c:fa::1
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777
 
-#
-# parameter:
-#
-#  o Number of output streams per SCTP associations.
-#      sctp_streams: 30
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:
 
 #
-# max:
-#
-# o Maximum Number of UE per AMF/MME
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-#    gnb: 64
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
 #
 max:
 
-#
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-#   To connect more UEs, you need to increase the size further.
-#
-#   - Pool-size 128         => 65536 Number
-#   - Pool-size 256         => 16384 Number
-#   - Pool-size 512         => 4096 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  65536
-#    256:  16384
-#    512:  4096
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-pool:
-
-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:

configs/open5gs/pcrf.yaml.in

@@ -1,82 +1,54 @@
 db_uri: mongodb://localhost/open5gs
 
-#
-# logger:
 #
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,fd,pcrf,event,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
 logger:
     file: @localstatedir@/log/open5gs/pcrf.log
 
 pcrf:
     freeDiameter: @sysconfdir@/freeDiameter/pcrf.conf
 
-#
-# parameter:
-#
-#  o Number of output streams per SCTP associations.
-#      sctp_streams: 30
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
-#
-#  o Legacy support for pre-release LTE 11 devices to do calling
-#    - Replace IPv4/v6 local addr field in AAR Media-Subcomponent AVP
-#      by 'any local port'
-#      no_ipv4v6_local_addr_in_packet_filter: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:
 
 #
-# max:
-#
-# o Maximum Number of UE per AMF/MME
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-#    gnb: 64
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
 #
 max:
-
-#
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-#   To connect more UEs, you need to increase the size further.
-#
-#   - Pool-size 128         => 65536 Number
-#   - Pool-size 256         => 16384 Number
-#   - Pool-size 512         => 4096 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  65536
-#    256:  16384
-#    512:  4096
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-pool:

configs/open5gs/scp.yaml.in

@@ -0,0 +1,394 @@
+db_uri: mongodb://localhost/open5gs
+
+#
+#  o Set OGS_LOG_INFO to all domain level
+#   - If `level` is omitted, the default level is OGS_LOG_INFO)
+#   - If `domain` is omitted, the all domain level is set from 'level'
+#    (Default values are used, so no configuration is required)
+#
+#  o Set OGS_LOG_ERROR to all domain level
+#   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
+#    level: error
+#
+#  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
+#    level: debug
+#    domain: mme,emm
+#
+#  o Set OGS_LOG_TRACE to all domain level
+#  logger:
+#    level: trace
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
+logger:
+    file: @localstatedir@/log/open5gs/scp.log
+
+#
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/scp.key
+      cert: @sysconfdir@/open5gs/tls/scp.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/scp.key
+      cert: @sysconfdir@/open5gs/tls/scp.crt
+
+#
+#  <SBI Server>
+#
+#  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      - addr:
+#          - 0.0.0.0
+#          - ::0
+#        port: 7777
+#
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/scp.key
+#      cert: /etc/open5gs/tls/scp.crt
+#  scp:
+#    sbi:
+#
+#  o SBI Server(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/scp.key
+#      cert: /etc/open5gs/tls/scp.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Server(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/scp.key
+#      cert: /etc/open5gs/tls/scp.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Server(http://127.0.1.10:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#        port: 7777
+#
+#  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      - dev: eth0
+#
+#  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      - dev: eth0
+#        advertise: open5gs-scp.svc.local
+#
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      - addr: localhost
+#        advertise:
+#          - 127.0.0.99
+#          - ::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
+#  <Next hop SCP>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  next_scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  next_scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  next_scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  next_scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  next_scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
+#      - addr: 127.0.0.10
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
+#      - name: nrf.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
+#    If prefer_ipv4 is true, http://127.0.0.10:80 is selected.
+#
+#    sbi:
+#      addr:
+#        - 127.0.0.10
+#        - fd69:f21d:873c:fa::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+nrf:
+    sbi:
+      - addr:
+          - 127.0.0.10
+          - ::1
+        port: 7777
+
+#
+#  o Disable use of IPv4 addresses (only IPv6)
+#  parameter:
+#    no_ipv4: true
+#
+#  o Disable use of IPv6 addresses (only IPv4)
+#  parameter:
+#    no_ipv6: true
+#
+#  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
+#  parameter:
+#    prefer_ipv4: true
+#
+parameter:
+
+#
+#  o Maximum Number of UE
+#  max:
+#    ue: 1024
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
+#
+max:
+
+#
+#  o NF Instance Heartbeat (Default : 0)
+#    NFs will not send heart-beat timer in NFProfile
+#    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
+#
+#  o NF Instance Heartbeat (20 seconds)
+#    NFs will send heart-beat timer (20 seconds) in NFProfile
+#    NRF can change heart-beat timer in NFProfile
+#
+#  time:
+#    nf_instance:
+#      heartbeat: 20
+#
+#  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
+#
+#  o Message Wait Duration (3000 ms)
+#  time:
+#    message:
+#        duration: 3000
+time:

configs/open5gs/sgwc.yaml.in

@@ -1,32 +1,32 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,pfcp,gtp,sgwc,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
     file: @localstatedir@/log/open5gs/sgwc.log
 
-#
-# sgwc:
 #
 #  <GTP-C Server>
 #
 #  o GTP-C Server(127.0.0.3:2123, [fd69:f21d:873c:fa::2]:2123)
+#  sgwc:
 #    gtpc:
 #      addr:
 #        - 127.0.0.3
@@ -34,34 +34,60 @@ logger:
 #
 #  o On SGW, Same Configuration(127.0.0.3:2123,
 #  [fd69:f21d:873c:fa::2]:2123) as below.
+#  sgwc:
 #    gtpc:
 #      - addr: 127.0.0.3
 #      - addr: fd69:f21d:873c:fa::2
 #
+#  o GTP-C Option (Default)
+#    - so_bindtodevice : NULL
+#
+#  sgwc:
+#    gtpc:
+#      addr: 127.0.0.3
+#      option:
+#        so_bindtodevice: vrf-blue
+#
 #  <PFCP Server>
 #
 #  o PFCP Server(127.0.0.3:8805, ::1:8805)
+#  sgwc:
 #    pfcp:
 #      - addr: 127.0.0.3
 #      - addr: ::1
 #
 #  o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
+#  sgwc:
 #    pfcp:
 #      name: localhost
 #
+#  o PFCP Option (Default)
+#    - so_bindtodevice : NULL
+#
+#  sgwc:
+#    pfcp:
+#      addr: 127.0.0.3
+#      option:
+#        so_bindtodevice: vrf-blue
+#
+#  o Provide custom PFCP address to be advertised in PFCP association
+#      request/respond
+#  sgwc:
+#    pfcp:
+#      - addr: 0.0.0.0
+#        advertise: open5gs-smf.svc.local
+#
 sgwc:
     gtpc:
       - addr: 127.0.0.3
     pfcp:
       - addr: 127.0.0.3
 
-#
-# sgwu:
 #
 #  <PFCP Client>>
 #
 #  o PFCP Client(127.0.0.6:8805)
-#
+#  sgwu:
 #    pfcp:
 #      addr: 127.0.0.6
 #
@@ -106,66 +132,46 @@ sgwu:
     pfcp:
       - addr: 127.0.0.6
 
-#
-# parameter:
-#
-#  o Number of output streams per SCTP associations.
-#      sctp_streams: 30
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 #  o Disable selection of SGW-U PFCP in Round-Robin manner
-#      no_pfcp_rr_select: true
+#  parameter:
+#    no_pfcp_rr_select: true
 #
 parameter:
 
 #
+# o Maximum Number of UE
 # max:
+#   ue: 1024
 #
-# o Maximum Number of UE per AMF/MME
-#    ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-#    gnb: 64
+# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+# max:
+#   peer: 64
+#
+# o Maximum Number of GTP peer nodes per SGWC/SMF
+# max:
+#   gtp_peer: 64
 #
 max:
 
-#
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-#   To connect more UEs, you need to increase the size further.
-#
-#   - Pool-size 128         => 65536 Number
-#   - Pool-size 256         => 16384 Number
-#   - Pool-size 512         => 4096 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  65536
-#    256:  16384
-#    512:  4096
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-pool:
-
-#
-# time:
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:

configs/open5gs/sgwu.yaml.in

@@ -1,40 +1,57 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,pfcp,gtp,sgwu,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
     file: @localstatedir@/log/open5gs/sgwu.log
 
-#
-# sgwu:
 #
 #  <PFCP Server>
 #
 #  o PFCP Server(127.0.0.6:8805, ::1:8805)
+#  sgwu:
 #    pfcp:
 #      - addr: 127.0.0.6
 #      - addr: ::1
 #
 #  o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
+#  sgwu:
 #    pfcp:
 #      - name: localhost
 #
+#  o PFCP Option (Default)
+#    - so_bindtodevice : NULL
+#
+#  sgwu:
+#    pfcp:
+#      addr: 127.0.0.6
+#      option:
+#        so_bindtodevice: vrf-blue
+#
+#  o Provide custom PFCP address to be advertised in PFCP association
+#      request/respond
+#  sgwc:
+#    pfcp:
+#      - addr: 0.0.0.0
+#        advertise: open5gs-smf.svc.local
+#
 #  <GTP-U Server>
 #
 #  o GTP-U Server(127.0.0.6:2152, [::1]:2152)
@@ -43,10 +60,12 @@ logger:
 #      - addr: ::1
 #
 #  o GTP-U Server(127.0.0.1:2152, [::1]:2152)
+#  sgwu:
 #    gtpu:
 #      - name: localhost
 #
 #  o User Plane IP Resource information
+#  sgwu:
 #    gtpu:
 #      - addr:
 #        - 127.0.0.6
@@ -62,99 +81,86 @@ logger:
 #        source_interface: 1
 #
 #  o Provide custom SGW-U GTP-U address to be advertised inside S1AP messages
+#  sgwu:
 #    gtpu:
 #      - addr: 10.4.128.21
 #        advertise: 172.24.15.30
 #
+#  sgwu:
 #    gtpu:
 #      - addr: 10.4.128.21
 #        advertise:
 #        - 127.0.0.1
 #        - ::1
 #
+#  sgwu:
 #    gtpu:
 #      - addr: 10.4.128.21
 #        advertise: sgw1.epc.mnc001.mcc001.3gppnetwork.org
 #
+#  sgwu:
 #    gtpu:
 #      - dev: ens3
 #        advertise: sgw1.epc.mnc001.mcc001.3gppnetwork.org
 #
+#  o GTP-U Option (Default)
+#    - so_bindtodevice : NULL
+#
+#  sgwu:
+#    gtpu:
+#      addr: 127.0.0.6
+#      option:
+#        so_bindtodevice: vrf-blue
+#
 sgwu:
     pfcp:
       - addr: 127.0.0.6
     gtpu:
       - addr: 127.0.0.6
 
-#
-# sgwc:
 #
 #  <PFCP Client>>
 #
 #  o PFCP Client(127.0.0.3:8805)
-#
+#  sgwc:
 #    pfcp:
 #      addr: 127.0.0.3
 #
 sgwc:
 
-#
-# parameter:
-#
-#  o Number of output streams per SCTP associations.
-#      sctp_streams: 30
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:
 
 #
+# o Maximum Number of UE
 # max:
+#   ue: 1024
 #
-# o Maximum Number of UE per AMF/MME
-#    ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-#    gnb: 64
+# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+# max:
+#   peer: 64
 #
 max:
 
 #
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-#   To connect more UEs, you need to increase the size further.
-#
-#   - Pool-size 128         => 65536 Number
-#   - Pool-size 256         => 16384 Number
-#   - Pool-size 512         => 4096 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  65536
-#    256:  16384
-#    512:  4096
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-pool:
-
-#
-# time:
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:

configs/open5gs/smf.yaml.in

@@ -1,92 +1,290 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,pfcp,fd,pfcp,gtp,smf,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
     file: @localstatedir@/log/open5gs/smf.log
+
 #
-# smf:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/smf.key
+      cert: @sysconfdir@/open5gs/tls/smf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/smf.key
+      cert: @sysconfdir@/open5gs/tls/smf.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
 #          - ::0
 #        port: 7777
 #
-#  o SBI Server(https://<all address avaiable>:443)
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/smf.key
+#      cert: /etc/open5gs/tls/smf.crt
+#  smf:
 #    sbi:
-#      - tls:
-#          key: smf.key
-#          pem: smf.pem
 #
-#  o SBI Server(https://127.0.0.4:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.4:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/smf.key
+#      cert: /etc/open5gs/tls/smf.crt
+#  smf:
 #    sbi:
 #      - addr: 127.0.0.4
-#        tls:
-#          key: smf.key
-#          pem: smf.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://smf.open5gs.org:80)
+#  o SBI Server(https://smf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/smf.key
+#      cert: /etc/open5gs/tls/smf.crt
+#  smf:
 #    sbi:
 #      - name: smf.open5gs.org
 #
 #  o SBI Server(http://127.0.0.4:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #      - addr: 127.0.0.4
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-smf.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #      - addr: localhost
 #        advertise:
 #          - 127.0.0.99
 #          - ::1
 #
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      addr: 127.0.0.4
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  smf:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  smf:
+#    service_name:
+#      - nsmf-pdusession
+#
+#  <NF Discovery Query Parameter>
+#
+#  o (Default) If you do not set Query Parameter as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - addr: 127.0.0.4
+#        port: 7777
+#
+#    - 'service-names' is included.
+#
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - addr: 127.0.0.4
+#        port: 7777
+#    discovery:
+#      option:
+#        no_service_names: false
+#
+#  o To remove 'service-names' from URI query parameters in NS Discovery
+#         no_service_names: true
+#
+#    * For Indirect Communication with Delegated Discovery,
+#      'service-names' is always included in the URI query parameter.
+#    * That is, 'no_service_names' has no effect.
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - addr: 127.0.0.4
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - addr: 127.0.0.4
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
 #  <PFCP Server>
 #
 #  o PFCP Server(127.0.0.4:8805, ::1:8805)
+#  smf:
 #    pfcp:
 #      - addr: 127.0.0.4
 #      - addr: ::1
 #
 #  o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
+#  smf:
 #    pfcp:
 #      name: localhost
 #
+#  o PFCP Option (Default)
+#    - so_bindtodevice : NULL
+#
+#  smf:
+#    pfcp:
+#      addr: 127.0.0.4
+#      option:
+#        so_bindtodevice: vrf-blue
+#
+#  o Provide custom PFCP address to be advertised to UPF in PFCP association
+#      request/respond
+#  smf:
+#    pfcp:
+#      - addr: 0.0.0.0
+#        advertise: open5gs-smf.svc.local
+#
 #  <GTP-C Server>
 #
 #  o GTP-C Server(127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123)
+#  smf:
 #    gtpc:
 #      addr:
 #        - 127.0.0.4
@@ -94,28 +292,59 @@ logger:
 #
 #  o On SMF, Same configuration
 #    (127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123).
+#  smf:
 #    gtpc:
 #      - addr: 127.0.0.4
 #      - addr: fd69:f21d:873c:fa::3
 #
+#  o GTP-C Option (Default)
+#    - so_bindtodevice : NULL
+#
+#  smf:
+#    gtpc:
+#      addr: 127.0.0.4
+#      option:
+#        so_bindtodevice: vrf-blue
+#
 #  <GTP-U Server>>
 #
 #  o GTP-U Server(127.0.0.4:2152, [::1]:2152)
+#  smf:
 #    gtpu:
 #      - addr: 127.0.0.4
 #      - addr: ::1
 #
 #  o GTP-U Server(127.0.0.1:2152, [::1]:2152)
+#  smf:
 #    gtpu:
 #      name: localhost
 #
+#  o GTP-U Option (Default)
+#    - so_bindtodevice : NULL
+#
+#  smf:
+#    gtpu:
+#      addr: 127.0.0.4
+#      option:
+#        so_bindtodevice: vrf-blue
+#
+#  <Metrics Server>
+#
+#  o Metrics Server(http://<any address>:9090)
+#  smf:
+#    metrics:
+#      - addr: 0.0.0.0
+#        port: 9090
+#
 #  <Subnet for UE Pool>
 #
 #  o IPv4 Pool
+#  smf:
 #    subnet:
 #      addr: 10.45.0.1/16
 #
 #  o IPv4/IPv6 Pool
+#  smf:
 #    subnet:
 #      - addr: 10.45.0.1/16
 #      - addr: 2001:db8:cafe::1/48
@@ -124,6 +353,7 @@ logger:
 #  o Specific DNN/APN(e.g 'ims') uses 10.46.0.1/16, 2001:db8:babe::1/48
 #    ; If the UE has unknown DNN/APN(not internet/ims), SMF/UPF will crash.
 #
+#  smf:
 #    subnet:
 #      - addr: 10.45.0.1/16
 #        dnn: internet
@@ -137,6 +367,7 @@ logger:
 #  o Specific DNN/APN with the FALLBACK SUBNET(10.47.0.1/16)
 #    ; Note that put the FALLBACK SUBNET last to avoid SMF/UPF crash.
 #
+#  smf:
 #    subnet:
 #      - addr: 10.45.0.1/16
 #        dnn: internet
@@ -145,22 +376,26 @@ logger:
 #      - addr: 10.50.0.1/16 ## FALLBACK SUBNET
 #
 #  o Pool Range Sample
+#  smf:
 #    subnet:
 #      - addr: 10.45.0.1/24
 #        range: 10.45.0.100-10.45.0.200
 #
+#  smf:
 #    subnet:
 #      - addr: 10.45.0.1/24
 #        range:
 #          - 10.45.0.5-10.45.0.50
 #          - 10.45.0.100-
 #
+#  smf:
 #    subnet:
 #      - addr: 10.45.0.1/24
 #        range:
 #          - -10.45.0.200
 #          - 10.45.0.210-10.45.0.220
 #
+#  smf:
 #    subnet:
 #      - addr: 10.45.0.1/16
 #        range:
@@ -175,6 +410,7 @@ logger:
 #
 #  o Primary/Secondary can be configured. Others are ignored.
 #
+#  smf:
 #    dns:
 #      - 8.8.8.8
 #      - 8.8.4.4
@@ -193,10 +429,25 @@ logger:
 #
 #  o Proxy Call Session Control Function
 #
+#  smf:
 #    p-cscf:
 #      - 127.0.0.1
 #      - ::1
 #
+#  <CTF>
+#
+#  o Gy interface parameters towards OCS.
+#  o enabled:
+#    o auto: Default. Use Gy only if OCS available among Diameter peers
+#    o yes:  Use Gy always;
+#            reject subscribers if no OCS available among Diameter peers
+#    o no:   Don't use Gy interface if there is an OCS available
+#
+#  smf:
+#    ctf:
+#      enabled: auto|yes|no
+#
+#
 #  <SMF Selection - 5G Core only>
 #  1. SMF sends SmfInfo(S-NSSAI, DNN, TAI) to the NRF
 #  2. NRF responds to AMF with SmfInfo during NF-Discovery.
@@ -205,6 +456,7 @@ logger:
 #  Note that if there is no SmfInfo, any AMF can select this SMF.
 #
 #  o S-NSSAI[SST:1] and DNN[internet] - At least 1 DNN is required in S-NSSAI
+#  smf:
 #    info:
 #      - s_nssai:
 #          - sst: 1
@@ -212,6 +464,7 @@ logger:
 #              - internet
 #
 #  o S-NSSAI[SST:1 SD:009000] and DNN[internet or ims]
+#  smf:
 #    info:
 #      - s_nssai:
 #          - sst: 1
@@ -220,7 +473,8 @@ logger:
 #              - internet
 #              - ims
 #
-#  o S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:90170 TAC:1]
+#  o S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1]
+#  smf:
 #    info:
 #      - s_nssai:
 #          - sst: 1
@@ -228,15 +482,16 @@ logger:
 #              - internet
 #        tai:
 #          - plmn_id:
-#              mcc: 901
+#              mcc: 999
 #              mnc: 70
 #            tac: 1
 #
 #  o If any of conditions below are met:
-#   - S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:90170 TAC:1-9]
+#   - S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1-9]
 #   - S-NSSAI[SST:2 SD:000080] and DNN[internet or ims]
-#   - S-NSSAI[SST:4] and DNN[internet] and TAI[PLMN-ID:90170 TAC:10-20,30-40]
+#   - S-NSSAI[SST:4] and DNN[internet] and TAI[PLMN-ID:99970 TAC:10-20,30-40]
 #
+#  smf:
 #    info:
 #      - s_nssai:
 #          - sst: 1
@@ -244,9 +499,9 @@ logger:
 #              - internet
 #        tai:
 #          - plmn_id:
-#              mcc: 901
+#              mcc: 999
 #              mnc: 70
-#            range:
+#            tac:
 #              - 1-9
 #      - s_nssai:
 #          - sst: 2
@@ -260,13 +515,14 @@ logger:
 #              - internet
 #        tai:
 #          - plmn_id:
-#              mcc: 901
+#              mcc: 999
 #              mnc: 70
-#            range:
+#            tac:
 #              - 10-20
 #              - 30-40
 #
 #  o Complex Example
+#  smf:
 #    info:
 #      - s_nssai:
 #          - sst: 1
@@ -290,29 +546,29 @@ logger:
 #              - internet
 #        tai:
 #          - plmn_id:
-#              mcc: 901
+#              mcc: 999
 #              mnc: 70
 #            tac: [1, 2, 3]
 #          - plmn_id:
-#              mcc: 901
+#              mcc: 999
 #              mnc: 70
 #            tac: 4
 #          - plmn_id:
-#              mcc: 901
+#              mcc: 999
 #              mnc: 70
 #            tac:
 #              - 5
 #              - 6
 #          - plmn_id:
-#              mcc: 901
+#              mcc: 999
 #              mnc: 70
-#            range:
+#            tac:
 #              - 100-200
 #              - 300-400
 #          - plmn_id:
-#              mcc: 901
+#              mcc: 999
 #              mnc: 70
-#            range:
+#            tac:
 #              - 500-600
 #              - 700-800
 #              - 900-1000
@@ -322,11 +578,25 @@ logger:
 #              - internet
 #        tai:
 #          - plmn_id:
-#              mcc: 901
+#              mcc: 999
 #              mnc: 70
 #            tac: 99
-# 
-
+#
+#  <Security Indication - 5G Core only>
+#
+#   According to 3GPP TS38.413 Section 9.3.1.27,
+#   Security Indication IE may be instructed to 5G gNB.
+#
+#   If you set the security_indication in smf.yaml,
+#   this information is delivered using PDU Session Resource Request Transfer IE
+#
+#  smf:
+#    security_indication:
+#      integrity_protection_indication: required|preferred|not-needed
+#      confidentiality_protection_indication: required|preferred|not-needed
+#      maximum_integrity_protected_data_rate_uplink: bitrate64kbs|maximum-UE-rate
+#      maximum_integrity_protected_data_rate_downlink: bitrate64kbs|maximum-UE-rate
+#
 smf:
     sbi:
       - addr: 127.0.0.4
@@ -340,6 +610,9 @@ smf:
     gtpu:
       - addr: 127.0.0.4
       - addr: ::1
+    metrics:
+      - addr: 127.0.0.4
+        port: 9090
     subnet:
       - addr: 10.45.0.1/16
       - addr: 2001:db8:cafe::1/48
@@ -349,24 +622,112 @@ smf:
       - 2001:4860:4860::8888
       - 2001:4860:4860::8844
     mtu: 1400
+    ctf:
+      enabled: auto
     freeDiameter: @sysconfdir@/freeDiameter/smf.conf
 
 #
-# nrf:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 #
 #  <SBI Client>>
 #
-#  o SBI Client(http://127.0.0.1:7777)
+#  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@@ -377,34 +738,43 @@ smf:
 #        - 127.0.0.10
 #        - fd69:f21d:873c:fa::1
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
-
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
 #
-# upf:
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777
+
 #
 #  <PFCP Client>>
 #
 #  o PFCP Client(127.0.0.7:8805)
-# 
+#  upf:
 #    pfcp:
 #      addr: 127.0.0.7
 #
 #  <UPF Selection>
 #
-#  o Round-Robin
-#    (note that round robin can be disabled for a particular node
-#     by setting flag 'rr' to 0)
-#
 #  upf:
 #    pfcp:
 #      - addr: 127.0.0.7
 #      - addr: 127.0.0.12
-#        rr: 0
 #      - addr: 127.0.0.19
 #
 #  o UPF selection by eNodeB TAC
@@ -440,77 +810,63 @@ upf:
     pfcp:
       - addr: 127.0.0.7
 
-#
-# parameter:
-#
-#  o Number of output streams per SCTP associations.
-#      sctp_streams: 30
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 #  o Disable selection of UPF PFCP in Round-Robin manner
-#      no_pfcp_rr_select: true
+#  parameter:
+#    no_pfcp_rr_select: true
+#
+#  o Legacy support for pre-release LTE 11 devices
+#    - Omits adding local address in packet filters for compatibility
+#  parameter:
+#    no_ipv4v6_local_addr_in_packet_filter: true
 #
 parameter:
 
 #
+# o Maximum Number of UE
 # max:
+#   ue: 1024
 #
-# o Maximum Number of UE per AMF/MME
-#    ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-#    gnb: 64
+# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+# max:
+#   peer: 64
+#
+# o Maximum Number of GTP peer nodes per SGWC/SMF
+# max:
+#   gtp_peer: 64
 #
 max:
 
-#
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-#   To connect more UEs, you need to increase the size further.
-#
-#   - Pool-size 128         => 65536 Number
-#   - Pool-size 256         => 16384 Number
-#   - Pool-size 512         => 4096 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  65536
-#    256:  16384
-#    512:  4096
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-pool:
-
-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
-#
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 #
@@ -518,8 +874,10 @@ pool:
 #    Time to wait for SMF to send
 #    PFCP Session Modification Request(Remove Indirect Tunnel) to the UPF
 #    after sending Nsmf_PDUSession_UpdateSMContext Response(hoState:COMPLETED)
+#    (Default values are used, so no configuration is required)
 #
 #  o Handover Wait Duration (500ms)
+#  time:
 #    handover:
 #        duration: 500
 time:

configs/open5gs/tls/amf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjVaFw0zMjExMDgyMzM3MjVaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD2FtZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL5q1eXK8wzvyymrEpxLgdGg8ArHUiGk0BerkwIwOvkJRkqolQx1CVV+
+SZAsnLxrt1+DEb9PTEpqrAXXAWxGtjDCW8FARPFfhziq4B0NPHuTtXusvT+9xF0I
+EY/HFyO/3EYh5vRh5gGZdW5Ukgh4We4Zw/lw0d2BFA2/L5Xz4zOV1P3vSeATyNMq
+4mPWD5xUs0utUzOevmom/+vMO8HGecKv8dpdcM45Gget5pH9OwT0nEAOusW8vYZK
+kCVKNFAvfyCOVzVG82jS8XARrMGzFPfnrkadYrf/sV4OQ7hLc4ZdO83kXubOoCJm
+xrxp7Z8aaXjNEpGW2dZQqU9w57SP9sMCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQU2olHBnRSjS69sZRJT5rFpHAQDhcwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAIEUFoQQ1yuR4apyUddE26Hm
+tnYmXWaTFtL3D98rSj+mwyUOOPD/r7JcsK36XUj8bbMZ4avxMJpYhQGV7x8LG1t1
+3mKlq9JAvLzIREe7zvR8BbOmPu8AVO2Z4uCGrSAa1BsxGgobZ5E2btPHR5RVWiQS
+yYhaIjBuUlPqpa20Pc5cKhZKa8bgfdVs/gsZVwa7T6Xr+hMiSlH0uGIUx85oW4sY
+MidmaMRM1dabSo6nTLcQA0k7h3iC4nZ1MpyMpzt98vZCzVZzWlcJ7AW+py9xKUlN
+48TKTdqHSwt5R9cLnrR7fSVzoPrS9H7KHcemP3poSN/E0PlD+Wou8AFBGBgle8o=
+-----END CERTIFICATE-----

configs/open5gs/tls/amf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPYW1mLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmrV5crzDO/LKasSnEuB0aDwCsdSIaTQ
+F6uTAjA6+QlGSqiVDHUJVX5JkCycvGu3X4MRv09MSmqsBdcBbEa2MMJbwUBE8V+H
+OKrgHQ08e5O1e6y9P73EXQgRj8cXI7/cRiHm9GHmAZl1blSSCHhZ7hnD+XDR3YEU
+Db8vlfPjM5XU/e9J4BPI0yriY9YPnFSzS61TM56+aib/68w7wcZ5wq/x2l1wzjka
+B63mkf07BPScQA66xby9hkqQJUo0UC9/II5XNUbzaNLxcBGswbMU9+euRp1it/+x
+Xg5DuEtzhl07zeRe5s6gImbGvGntnxppeM0SkZbZ1lCpT3DntI/2wwIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAGaPpZwtBx66RzpY4jkjHuIjxD4SQop5XbzfNr+l
+HupHV/maWqEwlExTiRqQLUYJ01f4d6y/X8ABU4dyXbaqzWBEBtNg8uIifXLyGcfw
+yzn9zzuE6Vlj2366ssJEP+YFYetrzGYkj4SrXQG7k9ZIM7cTTzD/ZjOAX4VI61LZ
+VXpEOUsjdP9BcxwI6U17NkFePLfLKByp0uTwECFonIyxzlJLSTbk9xtzPtxA7pax
+F/ZrQBEsTdzFQoZca1ZH3UTnmjpcbYJwOpzzlSfrMJs9sv42MZlBuSGzn8xq88xy
+KylL9BUn7ZCOhawIz4FEi335e9aq8xcZXnx40OBMOTFE+xo=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/amf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC+atXlyvMM78sp
+qxKcS4HRoPAKx1IhpNAXq5MCMDr5CUZKqJUMdQlVfkmQLJy8a7dfgxG/T0xKaqwF
+1wFsRrYwwlvBQETxX4c4quAdDTx7k7V7rL0/vcRdCBGPxxcjv9xGIeb0YeYBmXVu
+VJIIeFnuGcP5cNHdgRQNvy+V8+MzldT970ngE8jTKuJj1g+cVLNLrVMznr5qJv/r
+zDvBxnnCr/HaXXDOORoHreaR/TsE9JxADrrFvL2GSpAlSjRQL38gjlc1RvNo0vFw
+EazBsxT3565GnWK3/7FeDkO4S3OGXTvN5F7mzqAiZsa8ae2fGml4zRKRltnWUKlP
+cOe0j/bDAgMBAAECggEAU0sRaLTXj4ufH4l9GRAwZ73R8q0QwLXC7u+23Siyyzfi
+3wqSNEJHxHV7AU16fDNUIbwIOdqaoRy7Rcywiyf9TyPdlhGidsEWOdQJN7wP/nB0
+3PYJTIYajKVYZT+t4A3vcWAoEjN2tLFnfE0TGhBnKi9sGcNfkdiCKKc+TgZCls/M
++ltrp3+QVH9UO6AMj74mNjNSN6EQOcsO8BUqNnzTsJ5mkTLfLyfoerWXtZlppXZM
+/0gyYshP+SN4d3Iuj1NUlM3LLTAx/hg08u3ioBURcRBF0wSIkywpgC9SdqAWKWsX
+V6BEIbNwRQk+0V782HTWaZ8H9aCRg6MOk5KO137r1QKBgQDkF5lApIoDAkVb0tFI
+wyRNnoNtv0HitbXGLGKS3KGyPPqCLgdnngeEgEqB8ejqjkMzdOmn0eaSmg/yml5O
+Vkkw1nSmYholzEbEzl7A34f3AOLMx5hegTjiJe3MrBjZN2qoyDJH8xikl+XFyV5J
+sNZe6uRyFozIRrzEPMxgW+R3hQKBgQDVtys66kqUz+5EGwY/n6kIV3ip8zp08KQj
+Q+a/h/2EZWvulKLv+Wcr8bwSqOs/ZSaKKgK6VOUK76CYQcHDIHuJEd6TEOC32wLM
+uhsjX+aVcTuWPHmGZdJxk5JCI1W0NIxdLVJKg5J1nAmsfRmhtk3yG+C+1i7PSQRT
+Y1m/92SzpwKBgQCpM3hUI7rdkImzHCh0OY5spfIJL5/IddNqNvLIzzKD7ghHGa4U
+h348JI8g5jtKBE6FlWzfOS46Al9iMHFU211gBTZzVsLe1zKIPC6+FRPff6C/GDFH
+qcRwvoIxGlk0iY9ttVTXWtYlAylIF6ECOVRNBSKCH4g/6XmOeSuDL6fDoQKBgQCk
+UWouqTdgxaKnwLOENakMXdzLptR6Vw+Mgcen2dJlemmLDcNdiT/3PKzjF/eQTaBd
+OMHSLDXSu72Zc22cLpxtHk0ofCCbnAvCBxGYmEK9AkvTTnoNiLpOUy1wJqTdok2N
+0qvj2NfCD5AsjB8qA/ZYQXECqcFh5P0rdEbsXzWRHwKBgQCM/GGUXWI0LrkcQpDY
+dpO1C161b+zNJHWwM+7cL2kM9azVwW3CNq1YV7c+GRuJG8YyToIYJJfIIUSiAFH0
+97J/JoQ2a/1baMXNaZf06WATtjsFywtG+O8FwZs9rAQ7oDeSe7l5jP5Mw/WjY/Kq
+BKoi+9Nz8JldcTIi1rj/YyuHag==
+-----END PRIVATE KEY-----

configs/open5gs/tls/ausf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAkSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjVaFw0zMjExMDgyMzM3MjVaMEsxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGTAX
+BgNVBAMMEGF1c2YubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC4kKPcYH2eCayT80Ye9dBf6JmJGwfpkkHlwSlMNW8hh/aCEhDF8pj6
+8xU1Wqqptxs6hHHyLMdtqw9AlnOZlOZdTh8zwA5ExR+vf0IPK/bCDkRtUwBlyOUy
+LsEOoqMbdTEhGmriykQS0t7O63vsPeiX6oF31AgaNfI5glxZpjUI61rKcHTxCYAX
+XALSnIw13fnaQxz2ucmnioTToM28X0GA4ByGs8zgPkAf8F+tDYr+vfiYPZ0ELmLY
+AXJCdK4e/VzY1DsfkqnWCCbVZYg/sCjxFIa77PEQ8rUJ0VBdKE0n+O6hqR/7lL6g
+Idrk9Vh0LWueQI+cNy/IcVQbBOJaPVZXAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYD
+VR0OBBYEFBxp6AfQv4qeBrN5tM2WjNjC23pkMB8GA1UdIwQYMBaAFLFq+pyZvAQq
+Qohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQBBnrBNSkmzMM5TTBrzCmgo
+GktZJy5iM5394OSNKwYdIAxFUotIP7PKwE4GGA9fMauYw+Q5AictubsZEW6Pc4SK
+wtvgDUkCmtOitdMxRGYa7lmVpLxsyCvyMVTH5eKvSWQeMBomOP6WR4Huzj+RGcTc
+dU3BbNByNMnGGoXO0WYoW6nal/cEIaogYtH2JM7v3otDztGN5ixmvkNxmd9ewLEu
+jYkcpqY6WPpK7TM55fBr4f7N5Tin7GM8lE/SQfnJzREsCDPrkLoEuB6DXG7dgjvA
+ZdrM3eD77xamzT3nA0/5Up2bDoQLtYMph0muVfDrOKL+pzrtSrR6CnkPVgX2aWrF
+-----END CERTIFICATE-----

configs/open5gs/tls/ausf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICkDCCAXgCAQAwSzEZMBcGA1UEAwwQYXVzZi5sb2NhbGRvbWFpbjELMAkGA1UE
+BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALiQo9xgfZ4JrJPzRh710F/omYkbB+mS
+QeXBKUw1byGH9oISEMXymPrzFTVaqqm3GzqEcfIsx22rD0CWc5mU5l1OHzPADkTF
+H69/Qg8r9sIORG1TAGXI5TIuwQ6ioxt1MSEaauLKRBLS3s7re+w96JfqgXfUCBo1
+8jmCXFmmNQjrWspwdPEJgBdcAtKcjDXd+dpDHPa5yaeKhNOgzbxfQYDgHIazzOA+
+QB/wX60Niv69+Jg9nQQuYtgBckJ0rh79XNjUOx+SqdYIJtVliD+wKPEUhrvs8RDy
+tQnRUF0oTSf47qGpH/uUvqAh2uT1WHQta55Aj5w3L8hxVBsE4lo9VlcCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQBUpX2wR4LNsuhCeFLjjiJKClOdkqKel/U2gCr5
+pW7JisU1pnSBW1ZnI0usssGQeejJUvS+24fTb4aQp68DJ4E70s4N6M+oMyUlCIhH
+5ELkG/rlXtir4/l7WP/vF5M1F0bPKLCA51nRfV9tvBR1nAVFfr5ZBGWo8vZBKz9v
+v43beNjJxmCkurN7j78WP0TYEs7ehGCXh0mDtW6SurKpnWswsjInKtyUR470XHwt
+cVJy0HelsBsqpf6I9SlY2J7SakGPDtqARkIisKA6vO4sZdKP0aYapY3nCB5rLvNH
+mC28DCX1R0gqBoHTML0lNUiGEsDe4R4O70dHvWHdZr+zPow6
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/ausf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC4kKPcYH2eCayT
+80Ye9dBf6JmJGwfpkkHlwSlMNW8hh/aCEhDF8pj68xU1Wqqptxs6hHHyLMdtqw9A
+lnOZlOZdTh8zwA5ExR+vf0IPK/bCDkRtUwBlyOUyLsEOoqMbdTEhGmriykQS0t7O
+63vsPeiX6oF31AgaNfI5glxZpjUI61rKcHTxCYAXXALSnIw13fnaQxz2ucmnioTT
+oM28X0GA4ByGs8zgPkAf8F+tDYr+vfiYPZ0ELmLYAXJCdK4e/VzY1DsfkqnWCCbV
+ZYg/sCjxFIa77PEQ8rUJ0VBdKE0n+O6hqR/7lL6gIdrk9Vh0LWueQI+cNy/IcVQb
+BOJaPVZXAgMBAAECggEAIqhShNb/r7YMWKn1kGnDa8cfUa4oQbWLt0ua6Cseh7Li
+2NDwomMoU/Nil6bDZmQycj4dsYa0GkVlc1DtOzlJOtspI8wcQdCsXwWsD3JHf3Az
+bD4KVJKxa0d5TDjBHS5X/+nYiWbG+qvrV/rDRfzoGOLZ1fkUXmuj5SW0FseNrPNH
+VaRrC+YdnFfOs1m+U7PZQmxSrp3C9FxQWCg1xTXT4vnOeoqsJLDQX6njCI6AONPD
+9vfeGLMD3D45Bk06xfv1zFz7oNgdu0TbOISiDKewUJX1MIpZbaDvx0LO7dBeJBWI
+x7yZymTy6B7cspyO9WuC7B3uvSZb4Dj0kmityXze0QKBgQDk/6QY2FMZbOpC0xuw
+8T67sxiF9omr23lxWZD+2PMe4IgcD3mijr50bg+pnoZ/R1cPs9IRT27gtuKdpQlS
+FOrV9kmJqXGGMO8R2edafzGRim3M+oKVOC8KuI0z/euGTKtKpozMKaoUF68nrMx4
+/7ybauLVYOuWDEqI+Fu6/yY+MQKBgQDOU8OOe5oW3BcNY3/yq+PWlaI9qEehsJTn
+kyMvzn5YbKg5yfF6rexm04pY9WCOZfOzvP5NdwwG/InR86YaVOxuuiDE/4WMip18
+rDLabGhlcxsja137c14h8hr936xcF2A4Nd5Q6GYOtCMYNAvCTSAgI98jyiwDGxsY
+vXl7WdQTBwKBgQCgZa8698q89FzhkZzDwzZ9omR68MRda80UZ/f3iV5BMmQjw3Mf
+OXyNcMnntPHgFMgWZ42sMkcnfvIcGYz9wUj7tRatJdIue/f4OPijmpPNrXhbKtxs
+SH4qtDmzQRfHacxQ7XeRSV2n1S8KSy6tUfN5qNRZQRnCb7mFVvBpem3/AQKBgEIs
+VUzuUXZBcldF8TRIctNQvG8f+JFgC/HVm/RqOtVrS+z02rDo9SfpcrajRCuHgUjF
+NZ5srvvSpPUkOsK5N/cvVPE5roBruKTSqaCqIjVfXHXYqpTJ5IfomUWRJjuG98Iv
+bLTwREM0/Qh3MMpJaCNGvftBjSoV2HPv2PV50u2jAoGBALbTtPaHLmSjTE6L675y
+Qb440nmgkI+5jl/KX21Gjnes5OqqVmmFzz/1fj1/ZwGpbzp10jdBG2zKChATMsjl
+xqPq6G0Gu5RKUeRbT64at3e1+aukU1W4L05GAS8FQru4qixKVK5be/24bmTLTpJ8
+tm0reJD9N9KJQouyqctAnf1O
+-----END PRIVATE KEY-----

configs/open5gs/tls/bsf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD2JzZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKOY6GHHkFrexUafHFilmA+vsnx7tfbFS7Mkk41QmSXR2+xjG1MenpOQ
+kOJdDq5tFm8SsBIqaNmyTM1Tx2j6vT01KnludLJait4Q1F8o5npF5YFwMegVf06o
+ZcDrsFpdyIi1EjoFt1bhM02j1GkRVzfIycPi3xrJ1croWWtIj0J/CN4TkoAYaqUW
+8B2pccwVbb4jvUyGU61xIARkm/pHIYrCEjiuWP99imbROSUMBX9ne/krtgsJYylZ
+XPvZiZkrAXCFHx2KKrm9zOaXeYHSCEiHJQRAaSJICJA2COz3zzN8XpIJVP8paiXF
+B5oFoUwex/VdZ/a0m8jm05++jcHXVIECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUgkNWEi5vGgi/rNh4n4WI3VkWdxQwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAE4+FPquzZPJfAg3namKryWe
+zJjibTvvZenRDoYhkJ9HWhi4tPvLAUqCHLe8sUfxcf5k17T+u7pYfK/+1IpGomWh
+Y6OxrxnNK4bnhxTFEch9j90x+cLyAAKVzDAotAgI/OoBQgqiSo0I3pe6MBVPZVIH
+Ga5aghA1u9QsLOr7XcuHLAXzMpYPq+6vjHTy1cSi3csQcVNLo67pB3l+b9o1lVGz
+6Y8V1L5n19OQ+gbCOSQrGXPAivWWJIDvKW6mtinFLNZ2f1/WDvkh9L/nSFNUsNOj
+uWqheRX7FegwvwpjhFfe7TdLQg4OZ5Q82JRFiVmcwx3cDRHPe8BlIdkkTmJvilo=
+-----END CERTIFICATE-----

configs/open5gs/tls/bsf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPYnNmLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5joYceQWt7FRp8cWKWYD6+yfHu19sVL
+sySTjVCZJdHb7GMbUx6ek5CQ4l0Orm0WbxKwEipo2bJMzVPHaPq9PTUqeW50slqK
+3hDUXyjmekXlgXAx6BV/TqhlwOuwWl3IiLUSOgW3VuEzTaPUaRFXN8jJw+LfGsnV
+yuhZa0iPQn8I3hOSgBhqpRbwHalxzBVtviO9TIZTrXEgBGSb+kchisISOK5Y/32K
+ZtE5JQwFf2d7+Su2CwljKVlc+9mJmSsBcIUfHYoqub3M5pd5gdIISIclBEBpIkgI
+kDYI7PfPM3xekglU/ylqJcUHmgWhTB7H9V1n9rSbyObTn76NwddUgQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAGh+iW6t1TL6ylPvzJpICuoSitSF2FsxbfNBpu+o
+rZpVlwUsJNRzofxoU7HGEJ8gIAs3MmkkMacaAnZ+o2sHuxtyVnHlXWBfFdRmJIW8
+WikaJTDV2s3lSgntvQJk9PiRtRJfUAO+z78WQisLah/lxKjDEUQs1PTKPbtQTj2O
+S4ys26g0OsBwRV11qB93EEQFjz9eExYk18CKgmzntTU5yOJJ3PFj8rjvyyybNtdY
+WulE9Ht0rcBZcsDfYw2DvOaz50MtUviTjAZxFHLuyE8igbjy3H5BORFOp5Vm2ybH
+/YUwcmvXBiszycaG0JRL+vOIEXAc1lsgmfg3er1QK5N2u7o=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/bsf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCjmOhhx5Ba3sVG
+nxxYpZgPr7J8e7X2xUuzJJONUJkl0dvsYxtTHp6TkJDiXQ6ubRZvErASKmjZskzN
+U8do+r09NSp5bnSyWoreENRfKOZ6ReWBcDHoFX9OqGXA67BaXciItRI6BbdW4TNN
+o9RpEVc3yMnD4t8aydXK6FlrSI9CfwjeE5KAGGqlFvAdqXHMFW2+I71MhlOtcSAE
+ZJv6RyGKwhI4rlj/fYpm0TklDAV/Z3v5K7YLCWMpWVz72YmZKwFwhR8diiq5vczm
+l3mB0ghIhyUEQGkiSAiQNgjs988zfF6SCVT/KWolxQeaBaFMHsf1XWf2tJvI5tOf
+vo3B11SBAgMBAAECggEAAlCr87PItz99LlPauWatA2ZQrd4sj9ugh85IBAVAqJJK
+5OJNaQCHPRZ79WccmcNvkIZ0vUoSOifxuitiCFpZhpnnsiiZ8ErzmYNGlRrpoY/3
+CK0VOLgCqWLcz0VKlWnLuGMLGSz66GjnEmWD0FGTcNW3pLzzfDAgZVbiyo/QHrBS
+mhayw3ceTgggFDeqBXEpG3w1CeWIdOLafdQ7fCUkv34Qww9/kJ7gERbX4eoAHZMO
+fwkkOZ6xsKxH4tKOEAo4hkTnTo95P9n5UpvDGG/8fKV4vkto9KMWnCUSMUZz/t0Y
+G/Jv5aHOQJkfnzS1QtfgfZiHGbto5R5oOGZsy0NdkQKBgQDbJgQwVErskpYGNJwc
+tOcz3gooTEkE9tTsX6mT5cCtY2A59k/y6rXSv8X1es2CCkDFLqGHuOW/TBG6ZE9d
+8JrQVqQbjLe3kcdRdHlwdfzaj9HfQa/ZBZ2gGzhzqrB9Cry7v14F8vQ1M4qWtEXn
+XhWFbR3YP8qjFs3eKLS7DC3x0QKBgQC/G4DJPXvivz+M6iQOYWZH6aO+00Lrm0iv
+UsHPphP3LbIz3cDSAqXRTG18oOikmFCQkfNCRzB55JFwf6Udd/A3CdrIQ4rsqEWn
+kgtY2ZKkU2ZFtCs5wOiD9gk9CnsAb6D8rSaiKkp1X7VMssyoMrHkBFXvQKHtXuCk
+OkEqR56zsQKBgQC43sst0g4aoFY7CeqgNOPN14QOFryKmYdpmBHAGFOAcZLdkrJD
+JEkabnka6uuuxeN59CqECjCWPh++c5yYjL6s/koWi5D4JNxWFMHVY1NZNXZAtnMX
+yyr7w7rNqLKV6ZbpczhoIFpu/vnsxEssMSxKkJBauwXAqx4kSYadPFsN4QKBgQCT
+2SVDi0ui2q7ByArpDTViAUFrSmoFePc8nFvQ1/2uRy4MrkyUrPO3/tbdimcxn50E
+m8WEyyqXwts6G6aUK8wt6HPYZ1i9SlnJEFWzAXBPrS38Uyz122aHYPs4vDj412PG
+1/aBkxJTyB2tHs7yeXXin/ATzv73c2V76I2ttgbzoQKBgF3J7l1yUQ+4yxMUF9PI
+Ta1S87ShIM6B6XgzmdGYyn27lB9jAvmnwNe4pLd5GXZsvIZi8FuQQ9WNPEl78Nj1
+8kSBwSi/MZS1/fiLyP+IaGuaKrfYbEzIlT2rXSgO9IG1gdfO/MouuL4+brynXeDS
+BUuR/ojPd0aSsdGhNFvcwUYA
+-----END PRIVATE KEY-----

configs/open5gs/tls/ca.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDczCCAlugAwIBAgIUWqr1d8XhDsM5Gk5y7G9u6KeTF1wwDQYJKoZIhvcNAQEL
+BQAwSTEXMBUGA1UEAwwOY2EubG9jYWxkb21haW4xCzAJBgNVBAYTAktPMQ4wDAYD
+VQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUwHhcNMjIxMTExMjMzNzI1WhcN
+MzIxMTA4MjMzNzI1WjBJMRcwFQYDVQQDDA5jYS5sb2NhbGRvbWFpbjELMAkGA1UE
+BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOfs1L9v9DIXY21LuT8+Gvkmie4Zc1fN
+OXP+rZAwZYiQpu9Awtk/L2YgAnJ9zXCNrL8DoGJGWGp9KyN3LJeFu6XUbyXgYDWu
+Beg6LN6OUPv30zdjm6iIwEmBtiBgL5HYJZunP3b/OdABIJu9foeWdKVuT+jFNlHK
+f6Arod4sVGp2kc6owkGgYE920m04a4UsYuDGhpGvIAv/r5/SBNdKuysF6gE5YHHv
+4Hk8RnrxrRwQIGasMAlguwhNfbNqupQ1cxcOtMTBZ8KMv+dji+2f5PI0tmmbSeJO
+nENk+A/i0JiuBH6szjZ3ylAuMiMZ42FqFLb9k3FHV/YosxZlzTyFldECAwEAAaNT
+MFEwHQYDVR0OBBYEFLFq+pyZvAQqQohl136+YHCiDtpAMB8GA1UdIwQYMBaAFLFq
++pyZvAQqQohl136+YHCiDtpAMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggEBAK01l12RIId/hjjaQy0pEbB8LU0DV9KYw3ibkFTrVnxXdAtOEvsAAGOX
+s5hwltZChJJyIVEh5uwAHUMrOs3MazAMhD/FiWBeqeHjh60BTR66tof2Gll1uPRR
+D7HHg8E2q01OQmZ1zhj25gd5FP7OSAgXh71TfB6CpRC/gPtYv4vrfe7ca7ZCXKM8
+h3sQxwAMajjHzIKn4ZbqzUfP+ALpOGokbCo+a83PlZgTrG0wHH5MheGQmGKUQaMP
+THXAPNaAaoKXbA8rup/fzdinBG0aj5op8bNS+iZUKOLws6M2Zrns2UQ+PxkhlSoa
+soOVoABREvi8iSj0hkEFrVdp8loESs0=
+-----END CERTIFICATE-----

configs/open5gs/tls/ca.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDn7NS/b/QyF2Nt
+S7k/Phr5JonuGXNXzTlz/q2QMGWIkKbvQMLZPy9mIAJyfc1wjay/A6BiRlhqfSsj
+dyyXhbul1G8l4GA1rgXoOizejlD799M3Y5uoiMBJgbYgYC+R2CWbpz92/znQASCb
+vX6HlnSlbk/oxTZRyn+gK6HeLFRqdpHOqMJBoGBPdtJtOGuFLGLgxoaRryAL/6+f
+0gTXSrsrBeoBOWBx7+B5PEZ68a0cECBmrDAJYLsITX2zarqUNXMXDrTEwWfCjL/n
+Y4vtn+TyNLZpm0niTpxDZPgP4tCYrgR+rM42d8pQLjIjGeNhahS2/ZNxR1f2KLMW
+Zc08hZXRAgMBAAECggEACK8vkDOK+00w5ejN+PZEYEv3IjlFvmXq3tMMgLevNZvl
+BFRyd1wMVFCihtL7HFnRvB1Qph1oNiSVtvBBdTMGwcDgoJR0Rc5MXlO/Vl4R3j17
+ZTmPnJHyUU5QGYpAfb+QOPHcSIJqEcXZCLvhvwX9PCyTRW4NCKcCfGbl2sHiL1JL
+BQ4++zPfjqoK7sJ+WC6bcEYQLpRHZSIZm+kzlBNUyWdtY9WzT8mTdfpzS4X8sZIH
+DrmUFufMkgyciN7qt/jBhps/4/S4yjrbRcOsltcg/1Oba7ayC+vGyzGeGPGA1ddS
++bprG7+nUGRvo/bTC5YxVpIXSlOXizpwpzufpyV+GQKBgQDrVVROaG4dcUKdg35y
+dLjhRcAAgR2gRJYxG2tYRGsDhBWAvVqJ5MwY919j4kdwQ6UBTnWgCFsByiv6OX6P
+kK5Em8ImLEOPHn0nIYNFst5S9GfeEPaCo2jtH1k8KJYbIsUWg8toONv54Ee1VxXV
+r6kS9H66zOC0GlayNazQV85JvwKBgQD8SuFHrKrGdo1Wa49LnWRQsTF0rkBXXUR8
+2NC3SiwyrCH8A+nGv4msbkKRcEOQjkbAthYjdhSXdYFtNLYsYa3VCsMDGV3YwA4w
+LhjHUsdt2W8Wl26Oo+WcDa22NjTyc5kk827EsgB52N8ug/ylVP01AVr5kEeQ/t+T
+yzQzeftkbwKBgAccINvtk8YX8edIXb2fgSZtMQvS2s5IxDDfnzKffowwpWWqUt3v
+p6rpblxaLcZahNWxRSR8nCNFtGZu7j/wIxO3kPoORExCo41XGdw1NzpSYAD5ijkQ
+Ls9bLxr+LurK9iFkAfU4Io0+FWyJIQO/tt/3uwxxvCg004G21W3F+VmJAoGBAPJZ
+U7IwERP3yakcRVgTZsuEisdUo4XImAN9mnCXFYHPjA20DJrYXv1+JP/kYWK46Qox
+X27M/NbJD3zBx8U2R2+AmPefJGETjA2IGlFOGThSR73h1Ve75NJU6WtBAvdrR88Q
+8HSNsJtbUngyXTzMOTbziFp21+hWjJpB9nEEWhKNAoGAVLy+5NBYg3XUSZRDhjgG
+D4LyKf7PjaleMceeZHlhOfG03pjnqZ6vEH6g86fUj4CT4m9JNJPtmhTu8vb96h9X
+EVuEkfctkYy8KPmmqqiasZb8viMA3yz4o0gY2Vh/ZgEuFTjLVANmrP4FnPPQSLPX
+OoF11bTHRPDa1vAN0sBCVoY=
+-----END PRIVATE KEY-----

configs/open5gs/tls/hss.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD2hzcy5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALljW/sKEWWc9NmMz8NpkskbjXtlhkduRWDapIKLTdUUjl+xP2Rbve0l
+ag7Gxw/bX3IkSKQcHwiT1+QMD+CgCcMMd9txI4nVkCP/7+YQVGfEe+2iclp1CrM8
+P7a2oaG3LzzS8Xz+iTWFW+eLE20B4QHygCyQwN14IPGYLkzQvGAe8MfiBfOCIJnm
+t4NKGyXGs31Tvbl5+Wzpm6hIXvlqPUEgjHXNtC6u6FQdCPPxcWwt2O8zT9aB5B4G
+n/914qWlzurUTlnhYg8HV9L+iyidD66v8JMiKQ9xuPNWMKdoxaw034qH3Dg9in9j
+Jqdk3AJdvuqjdmQvPBoOFBQKDcYW06kCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQU5GTunEyNMXr1ZZTh79w1hSC6wDYwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBADYTkXOb9Kx31MN3LSLCz+ky
+KEi3Pio+eI65vTByclmfu/ej2AmGMmHylJQ2RpHzbWOe2MPmpFyI/yfqR7ZoIcfs
+soEnYk3vi4Ul7ooYqWTIvAl24/g5ujb9vZ2+7ZtiyFsTNG3kB/zdtS6X6CUk+e3H
+GbYTHjxvN+VmFJmCJjQpSMTQC9JGuqof3z+R7OODyJG24aw2g7rVtSDW3J0rvDgc
+1RylH/D2KJMBGjo/JlXB6y6wCTu9iLQ5prqk7YunFlpLxjsEdqrQ+yukLhwRH93x
+C0GQA6rMQEhC3paBukP2ePAJoGCqanipp/oJ6OJLnKqVDha69IXPSJLEhqAqtX4=
+-----END CERTIFICATE-----

configs/open5gs/tls/hss.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPaHNzLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWNb+woRZZz02YzPw2mSyRuNe2WGR25F
+YNqkgotN1RSOX7E/ZFu97SVqDsbHD9tfciRIpBwfCJPX5AwP4KAJwwx323EjidWQ
+I//v5hBUZ8R77aJyWnUKszw/trahobcvPNLxfP6JNYVb54sTbQHhAfKALJDA3Xgg
+8ZguTNC8YB7wx+IF84Igmea3g0obJcazfVO9uXn5bOmbqEhe+Wo9QSCMdc20Lq7o
+VB0I8/FxbC3Y7zNP1oHkHgaf/3XipaXO6tROWeFiDwdX0v6LKJ0Prq/wkyIpD3G4
+81Ywp2jFrDTfiofcOD2Kf2Mmp2TcAl2+6qN2ZC88Gg4UFAoNxhbTqQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBABWDs9H10OPMkVJspViUa7DpykmjwqgwZeobtUsn
+7MRP7a4/UUA/OMEgK3HQArIE36byYQM9u80FQRVmlgdM8h3gOABNlyD+Xq/PPCdV
+/+YrAWrLkPGbPgKeyAlVYlqi0j8laC9JB/5bEVh8JUxZ9RlZdYmMVITAnIAUfmJ+
+avGxytm5bss//Vat89HlUvPt5NzrmR2YgxzH5PmMx6AB13JIItg05YBE/KPZd+KC
+CsLyCzjZj7GJ12l1X8nI/EN032kRPQD/0knq1rt2gyxs45pzA1XGJNiFMFEnJ7Oh
+jIeFnbnGxBvx6hu8tOky41OubB1erMok0UV9XpT987tPA/Y=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/hss.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5Y1v7ChFlnPTZ
+jM/DaZLJG417ZYZHbkVg2qSCi03VFI5fsT9kW73tJWoOxscP219yJEikHB8Ik9fk
+DA/goAnDDHfbcSOJ1ZAj/+/mEFRnxHvtonJadQqzPD+2tqGhty880vF8/ok1hVvn
+ixNtAeEB8oAskMDdeCDxmC5M0LxgHvDH4gXzgiCZ5reDShslxrN9U725efls6Zuo
+SF75aj1BIIx1zbQuruhUHQjz8XFsLdjvM0/WgeQeBp//deKlpc7q1E5Z4WIPB1fS
+/osonQ+ur/CTIikPcbjzVjCnaMWsNN+Kh9w4PYp/YyanZNwCXb7qo3ZkLzwaDhQU
+Cg3GFtOpAgMBAAECggEAO2h5PdnMmGTzW9HRdHwc80BWlvACV1qhdfeq10Cf2QQk
+2cp5l4YEt32RXpnZiZ3RmMjC1IBEe6GxAd3RqrhuWGhi8lnvuwhKkBbAwFeETNp8
+ojq37X/rRWOtwTYGVsXWp+WrSFRjENkjCfCZ8Yk0G0UkSOO8QlxwJiuPzsLnUt+b
+wO/bahViAu7c+CyPouw0+MJmysZba1DSRoYSAYF6yzOolOOfk9HIEcfFyY+wCO6d
+hRVcGe5FgFS6hsBC2RLDrKc4sp1VoWOSkI8MfsTsnSvIdWHKLqvmdDlhoEgLJQ2C
+BuPX9J50oa9naLb0FszZNjsF1o1xNXvdzzCvWXIYXwKBgQDWCjlJDte/o48jFbvV
+aIa7jkChD6NWlMhGv6wRftblNU2WxzwQNiDxKo2OK3o2OZaOkXD7u/GrUzsOAnRs
+N+4I340UQz9C7tfzUmsFjS4ju+xxeaPQX1Wmnz5HSN5mxU34y3FvLdyeitUbadNL
+CbSeLXI+qzMoecrUp30qHsKarwKBgQDduzhI0xQS3BAWxVz63vMv/Pp7dCjgg/VC
+ULYv2d4z5twS9fRwCzyhtmOPRQzHOvgxPbU/MF9DW/uXzAGPFYZSzfWuJcv4u1mp
+Ha48GZcxA3C3HWpimsn9yZjcdWG7QV2BV6RgMwH0nUIxZHxQ7I6gplJasZN5dwlZ
+glPAAOetJwKBgF8cV+xQ/ioYQgizJa5lLkm1op5vVoOoxX46uflkRZXAo+O2UMhb
+ZTQFVrWwODRUTsS3eF9EWtVovLsy+A0GpW2n+QbiAwB5Jdjn7Mqgu7oBTcX26YY0
+dtj9tizzAnDkiAtgS929oWWKB7yQv+V+QJZxV2zlomwAAtOQQZwv4wXdAoGATReE
+8D0DY7NDnMcuFsNhhjPM2xN+CuGWamIpleWIDj+cELOXM0WU5RzG7M8zLCnilSxB
+UiD9XiwjA5oYiKkRNMULQGs/ydFJ0TTSmW7EVHQ/wkrl7DapOCXZkfz15+dIHWpd
+al0RtvzeQNIRLwmwZUaup33KKpcqlwZrG/y0kE0CgYEAtSp7JuJWnFCRBGYzITFG
+3gILjbzWxKquho7vOjlOZ9Jn0zHAMjMFaa5jO+jDVeFTo2ma6vJNjkrwwSt2ta5j
+RL3+dBFB8uFgihY68j2yP8OeTuMOUevinbKgySMcTP7mlLzya/SAk9bZFqTJEB6w
+CA6ghp5l+Pzf2ziJKd3nc0c=
+-----END PRIVATE KEY-----

configs/open5gs/tls/meson.build

@@ -0,0 +1,63 @@
+# Copyright (C) 2022 by Sukchan Lee <acetcom@gmail.com>
+
+# This file is part of Open5GS.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+tls_sysconfdir = join_paths(open5gs_sysconfdir, 'tls')
+meson.add_install_script(python3_exe, '-c',
+        mkdir_p.format(tls_sysconfdir))
+
+tls_security = '''
+    ca.crt
+    amf.key
+    ausf.key
+    bsf.key
+    hss.key
+    mme.key
+    nrf.key
+    nssf.key
+    pcf.key
+    pcrf.key
+    scp.key
+    smf.key
+    udm.key
+    udr.key
+    amf.crt
+    ausf.crt
+    bsf.crt
+    hss.crt
+    mme.crt
+    nrf.crt
+    nssf.crt
+    pcf.crt
+    pcrf.crt
+    scp.crt
+    smf.crt
+    udm.crt
+    udr.crt
+    testserver.key
+    testserver.crt
+    testclient.key
+    testclient.crt
+'''.split()
+
+foreach file : tls_security
+    gen = configure_file(
+            input : file,
+            output : file,
+            configuration : conf_data)
+    meson.add_install_script(python3_exe, '-c',
+            install_conf.format(gen, tls_sysconfdir))
+endforeach

configs/open5gs/tls/mme.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD21tZS5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOfRYYARkQf16dejrenOv9VbNAInKLH5BByRobC/FXYs/1ZEpE26QQpj
+ElSZfdc9ri6tlGm8JzsWdeospR10abH9wu/80lerrOJFsGAKC55tLbO0N71Odlk0
+UZms/Efets+4Y2N/ubgq1RStl6IhqkmUOgfbvX69h7+po4PILGMixbZiQTW9DwH+
+aZJ9Gb3YScewikE3J6E0RPf43ABX9roI1oU078n2nj7qZlCNd0zJ9vOXQiQOdcW3
+8PKHlrobulMYh5SmG5ASidZzexHy6csKiH/Rr2EC4mZTYBepb3QZy8+ad9b5Cl74
+yuCcKGf95xui1E+YqGBM9Gi5+HNdr3ECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUVhByp4/5SHL0qj7sf6dXxrcO6L8wHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAJTHO3re3/Tc9YeMs3Z+Kog6
+9z3Rb+OJ5nB56Y7nXVpJ70piUpTSVwPxK1r5a6QqHO9tTTgp5kp5i3u1H3cYnn3q
+r9if/lkNotdrOl1uwI9Kb3eb+4iwZe4VUnhDvWbC3oWVHcyZheS95qxuW/HfErxU
+eZakK1J5rynrd0R8fZiJBfpYeBfOczshDlLZ8G40gwmGcHBTJYQ6bYJjjA1jQXzF
+n1fE6WQBu7q79eX9w0U5Sf5Xo9Ale5Y7o6ud2aZT6F83Upt1G83BhEvQ8vrseTD6
+SHme/cpGXmSToBs9hJfrPuDzIkjGG/kjiVsFalHiaUtVbGvMqVa2iaHZ3HBzIro=
+-----END CERTIFICATE-----

configs/open5gs/tls/mme.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPbW1lLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA59FhgBGRB/Xp16Ot6c6/1Vs0AicosfkE
+HJGhsL8Vdiz/VkSkTbpBCmMSVJl91z2uLq2UabwnOxZ16iylHXRpsf3C7/zSV6us
+4kWwYAoLnm0ts7Q3vU52WTRRmaz8R962z7hjY3+5uCrVFK2XoiGqSZQ6B9u9fr2H
+v6mjg8gsYyLFtmJBNb0PAf5pkn0ZvdhJx7CKQTcnoTRE9/jcAFf2ugjWhTTvyfae
+PupmUI13TMn285dCJA51xbfw8oeWuhu6UxiHlKYbkBKJ1nN7EfLpywqIf9GvYQLi
+ZlNgF6lvdBnLz5p31vkKXvjK4JwoZ/3nG6LUT5ioYEz0aLn4c12vcQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBACCmqKiZ7lalTo2IacCqfhzE9XCzwltNoygocky7
+aEed7vSX/3pxf4x7ASphZd1gytnePc3bVvqChxFKkgTOUCLd6KTcKsPuXhVPcr6C
+0/f3APspWyvZX/sYMLHpS+b1BkO6Uego3ZM9FauEP1kynNHy6Bf0h5BL3YB7yYBJ
+nj9UaGWpEAs4LivGWD+4iici2a1GfhS++PBD8dSd6ipELCEOkTuTZoFquZF66cfC
+3q+Isd29jbIiO40LnQg3Qi75ECXw7Rgzn5rr0eclIEv50fayyd1vWAG5yXbSOyxT
+L/ZBnNDXSLtZV1DMHEvB7rlhXvLEK0874QDtYcQEOltgVOY=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/mme.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDn0WGAEZEH9enX
+o63pzr/VWzQCJyix+QQckaGwvxV2LP9WRKRNukEKYxJUmX3XPa4urZRpvCc7FnXq
+LKUddGmx/cLv/NJXq6ziRbBgCguebS2ztDe9TnZZNFGZrPxH3rbPuGNjf7m4KtUU
+rZeiIapJlDoH271+vYe/qaODyCxjIsW2YkE1vQ8B/mmSfRm92EnHsIpBNyehNET3
++NwAV/a6CNaFNO/J9p4+6mZQjXdMyfbzl0IkDnXFt/Dyh5a6G7pTGIeUphuQEonW
+c3sR8unLCoh/0a9hAuJmU2AXqW90GcvPmnfW+Qpe+MrgnChn/ecbotRPmKhgTPRo
+ufhzXa9xAgMBAAECggEAHPsdqSueXzQ8pZ32XjkKiCtXP1T9mZur38B1yjQRWaKl
+fKJR4iUWACzuO+UBM6P9PyOp3rrMMsRg6G49aYcbYZ+mZmdL3/RRRZZ4cYE//kXg
+RUuTU6zX+dijF5xl4RGe9tgH64aqcAjsIPd/cfWrJXi3n9zg/f5xgUy9aaUK+4zp
+K77vv6ir3PjtHdQOqDTHblLdXJBDtNprF6Q3kvzWLdVptM2jhtsfhoZ5J4RnrkGm
+e9VwUksWnWK6NU3ezYndN2zDe8fkwRKWmLD/DLMrWxOd/E+1T2sUsiTYytxhCMpR
++x9hQZ8P1ogWivYZe0aEwzEcr9SR7sOafdnF+pFnswKBgQD/4fFSHI+c/nL0d0TR
+72BfNieuelnaxWzbsPDC8/7YzRd4g25uWCwoyMxzVntVSAdADmI2aD6REfIejLro
+m27AvEkMvXCBJIn6ZD6a/GVvLGAiJt060Y3znyRm2xCsynnfw+4RAK3Rs3Vqu4EC
+igHytUCKRsU1F3PeFYBABSKdswKBgQDn7JyG4uFl8YB3dm47SiaVxSNHVNnIKQJD
+kULqgxLV0jWbMyXx/brS+tp0ABwavRFYxhl3f1wm/ZBk7YnFCTxrpwG3E1MPu4bn
+fMJqVEbGFfJEkBePpB+3o2VFGYCrC8wsQx9+RsM98+f+jETqIn7J/j8W9Ht4Y1J/
+2mlWubqUSwKBgQDFugBSJQPMmsqVobwqRUFBEYXkS2M3rCsMMFQ7MXQSb5jdZSJm
+XffxpAhob8FqCvifRP4bcL44N5fSh4i+yazxfg0srQ5MnMGKHQBLnxF6sN2wRjvZ
+gaihQq5MVKcz/lni0XIa7V1jl7r5uN5d6erLc8flkf49olvElvS9g7pWBQKBgBNX
+3q45WgdAnzBXhlYXlyRCrvCSGR/im7e689PPXtDKmYH6QB3wxZY3KeUm5TEtt7ap
+vxICY1M1LsfcL/NpE8r+wNveFr1nLJc+BpELumNnDS++vNhUHfkY/adHuz2I3FyM
+tKG5kSsnnp/SXyUP/3clZ2motmuSDR1wv/xlvTQFAoGBAKDDpj2v3u6R5qWWWb4C
++kO41YOGAlx52pcukmPV682CQZyJHdWFG3YHNeJaSBMVayHN+roIbnZQHJGTbS0B
+jOMxgRyt6a86uGBHQ9PUDRrtOH8hcM4Wg5RnKip5GGHWnZYXH421p2ErpDE3ZAO2
+nt+0/3cXT4rENRXogOlzP3aG
+-----END PRIVATE KEY-----

configs/open5gs/tls/nrf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD25yZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAJYwtO+kISwKZjSQlQ9eQNtF1/DpUFi8qrupceRuPtlAwsEFaly8BRiH
+bCuBcRdGjrIgHtoyFJDW3wi3veKn+xkUoSTcIdHahGwon6nryW049ef5tV2CtNqf
+RovgVACdKh7QIruIyqUhJUED+lm4s18aJjKb8QYne4jl18unM5xQkdHfL2bRh7Ce
+BZV9/GxjYyNGcLQUWf1Qme3dqLvq539XACxBr8NqmYSDJGlrSRG0i4z0Faa2Znnn
+epOTyRuttBrRgsebzszh1evg/zWgc5hsMDr4DoPVOfWfAihNkXmq2LF5kZsBqXdr
+kQS6rZsxV4KRF1ynafMNxp0E2I768ZECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUofXRxrSK7mNyrNQCStGT0rE5vJAwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAHAaED78OABG0UPbkWUG1Bqd
+kWPiZVKySEj1zc8dOqCcgn79VGH8TruxK+/dHwQY/YClq/8o9tZzfFOwc/OdtdfO
+dk4AxHwyA+5zJMBWOaGOAIFzPkrRY7RIQnUlkL9FgRg/3hel70TyjBsRm5QEUCPF
+p100S0TS5AACJm5gcC7QPfx0Pz1EPsK0q8nm0V1zAus/mDY67jJcbkCGwH839J3s
+rVzMrnXEVeoubEr0u4fPB4ulsT1uufnmRPjO+Gw4ToqW+QB8aUX1y0PdxaV2K17g
+HD7N6TaLZzXLZDhXB183tMKgOMTzAN/+sDofLUgAT/npO35bAbMmbisCk8Alha0=
+-----END CERTIFICATE-----

configs/open5gs/tls/nrf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPbnJmLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljC076QhLApmNJCVD15A20XX8OlQWLyq
+u6lx5G4+2UDCwQVqXLwFGIdsK4FxF0aOsiAe2jIUkNbfCLe94qf7GRShJNwh0dqE
+bCifqevJbTj15/m1XYK02p9Gi+BUAJ0qHtAiu4jKpSElQQP6WbizXxomMpvxBid7
+iOXXy6cznFCR0d8vZtGHsJ4FlX38bGNjI0ZwtBRZ/VCZ7d2ou+rnf1cALEGvw2qZ
+hIMkaWtJEbSLjPQVprZmeed6k5PJG620GtGCx5vOzOHV6+D/NaBzmGwwOvgOg9U5
+9Z8CKE2RearYsXmRmwGpd2uRBLqtmzFXgpEXXKdp8w3GnQTYjvrxkQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAD7FDen5uEbzgzjW6w3vbyKw/irx+s59YS9zLnrc
+K1l4C/eGUxOjXzL1i5th6TJ6y+860OalWfui1JMfdKFXAz4a/wGhZGbGsQelau7r
+lQTH1nlm+b5BGShGg0R053FuX3PK8vKBpZzPRuyn9n6unc/PKzoRjub5FXKZnrVJ
+8rDz2HXi7ZdxBrU3FUU8dbiTuROgsrCEldyndxhD7vH4mJIPM/0+j8aAU0t9GbRK
+pX2Jo1z0Z83NxKegAtMXho0IoEpESEMZmYStBreOY2mp38Zw3+hEJV7SP3nLxr68
+J/c1HVddfoLt7N6mKvIuVbWK7OxkeFLVGGq2o1/Gs+PkVjw=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/nrf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCWMLTvpCEsCmY0
+kJUPXkDbRdfw6VBYvKq7qXHkbj7ZQMLBBWpcvAUYh2wrgXEXRo6yIB7aMhSQ1t8I
+t73ip/sZFKEk3CHR2oRsKJ+p68ltOPXn+bVdgrTan0aL4FQAnSoe0CK7iMqlISVB
+A/pZuLNfGiYym/EGJ3uI5dfLpzOcUJHR3y9m0YewngWVffxsY2MjRnC0FFn9UJnt
+3ai76ud/VwAsQa/DapmEgyRpa0kRtIuM9BWmtmZ553qTk8kbrbQa0YLHm87M4dXr
+4P81oHOYbDA6+A6D1Tn1nwIoTZF5qtixeZGbAal3a5EEuq2bMVeCkRdcp2nzDcad
+BNiO+vGRAgMBAAECggEADL0D06F5mMknAwVSRzPoz1A8sPew813JI1KLUOMS3I1U
+F1f0vfnKetqdj5ESfPVki/ISe9IskV5QG2auKceykd2Aj2ZGTgy5F41YgWp4spVW
+sf6pZc18tmA09Q8pQMYTuPpRP9Op0Fif1sRWGv8B46qNm9RDHJEDtsg7xc+gHn1L
+oeMNin1jZvypm/ZHv0gv2s+/ziOP9ZLcEsI/Zp8ljlGMJJ4Gv5bpZyZB6MCrC1xI
+2EOBIeQbO/DnvKw5tiflIiiE+UoTcLvRiX0yxS9IpcYTpV65uwsBsmj+yeg9eunh
+ZhoQNnEYeTwHpdzCX0ZO0IwTacb/gElutJ1n/FlMUwKBgQDKHh9UZYx1ejPrCzKT
+jyoiXClNEt14Ze3bh3hIgDLaENq24jadNYOfTyCwPd1CGYYkgnNlY8VWBtisafRW
+g7e28VGrzaEoYZ0S8p1vNsMabM1oWnq/P/oy0vY9YFvth7lZdlegDj8om+7tA0L/
+q0bDpcU0rQhLzxGExJaLJUjlIwKBgQC+OrTxkfrPvK/CIXole2Gu/Se/5smWNxGc
+LNuX39vgIzPvSf1I9rHCr4omqHoeFooujTckfNKR1yc6x/a0jPjDD35ztmPmSKs+
+8PCmhaq3yfjYnt2+0oZd3KVZ9acayNJ205/YVYxG27Gn8s2V2TnEHMXO18NZxPnL
+KHKDCGm7uwKBgDf7L+JIXicLueWYLGICfUEXFblrSDxYvxDW7NHn8C3GDU4qScYx
+VEuDtyIZgHcWarkiCKREhhvVuZ3Hmw17Xh8lp+FWCxUMNF1TJZfwKwneqOYGaYkf
+R0VceSd20P9xYD0PMiX6zDOLPRoYlS4LWoZGG+EDLBETQV7stGXF5fLRAoGAa4xN
+WHYr0t7ej2bV4/MJmyFNI9WbCu4/aoiB7i+F5AaDCjpOlL3EaklMVebSg8hCf2cf
+UeWwNvvpFfaPqCw7SCyuVUU83akgCAm4RK01g4sQwYev3n6vsMlaQq37t8zqEHw8
+1tYm5Li4jDddu+aAHjwWKYcaztnqT82iUCqlfJkCgYEAyK8xQfiWNPWADHILRDy0
+xtI415k+skYDx77dSmancF/10PGaZRO+UWI/EfweV8lR6ChSf9MuJxKZXOGupv/N
+2MY5qTAJ0WluunA/bGRS7VSzetq0ZC2LOLlARqvZQQSVINq406eUjhLzdwJZaR8z
+dtlKQ+91L56ELsd1XZ5DZfQ=
+-----END PRIVATE KEY-----

configs/open5gs/tls/nssf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAkSgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEsxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGTAX
+BgNVBAMMEG5zc2YubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDIrtclpBRox3SHlIWyxwKH/u77/UP+ML6C6AQOfsI6j7+G3o73cqIb
+zVlpFCfuy7Xh6+Y6uLqLQccNFlj0ckX/k+T3wR3Xpj6YAJ3W9ynPcgDWDK75Mlta
+YDR1r69mkZ+SvDAE2gjHgv9zb5Jujyd3s419wHv5qzJQmgEMmIfRhP3sBJNw5+GB
+D226dIR4QWmySrNku3BpTXrmKT8piStnnpWvEaoIBrYcAhUvFkETpWv2FIJyQJGH
+Ku5894DuK2kEdxhA2MTAeEOxRnq9Xfv4Qq9JpyYNRLSfpUeSeJW3ZjCYan+mpciA
+y7QPY2dG/RraGPvkGtTmlBEUMV2kThYjAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYD
+VR0OBBYEFKDi3dKxojvcTkXTSa6mQwULPtKBMB8GA1UdIwQYMBaAFLFq+pyZvAQq
+Qohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQBJ5p0AF6bwFB2IaCdcpPix
+Ai8kh73og4G1fi6+5m0Es0Sj9atAS2jFerPw4w8qLlWQCQUu5c9TFRmC29PmYMKd
+1uPFfxOoaw6ohnfqbrmZyNOFpKLSYAi7VAcmVTt2ErolVAkWxknVTNFbC4QtgqOl
+vH7WF6UjRXpkGdEcDewBcNjo/GpMacTsMGpQrb09JH8Sfvi+O+RDJY3kYI8e8glx
+ejonu+gKXxCEZf0ALI/dIGyDIDTG30nShCMSBjOy+VjVFt2W9PFYykEc0yOpa+jX
+C0nbS8zvC0KnCFeIomYUTbkOj3mgEWKa+gewXkFA3+i8XxOPBbmsXU4cWyVJ3sBp
+-----END CERTIFICATE-----

configs/open5gs/tls/nssf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICkDCCAXgCAQAwSzEZMBcGA1UEAwwQbnNzZi5sb2NhbGRvbWFpbjELMAkGA1UE
+BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMiu1yWkFGjHdIeUhbLHAof+7vv9Q/4w
+voLoBA5+wjqPv4bejvdyohvNWWkUJ+7LteHr5jq4uotBxw0WWPRyRf+T5PfBHdem
+PpgAndb3Kc9yANYMrvkyW1pgNHWvr2aRn5K8MATaCMeC/3Nvkm6PJ3ezjX3Ae/mr
+MlCaAQyYh9GE/ewEk3Dn4YEPbbp0hHhBabJKs2S7cGlNeuYpPymJK2eela8RqggG
+thwCFS8WQROla/YUgnJAkYcq7nz3gO4raQR3GEDYxMB4Q7FGer1d+/hCr0mnJg1E
+tJ+lR5J4lbdmMJhqf6alyIDLtA9jZ0b9GtoY++Qa1OaUERQxXaROFiMCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQCFIub4/cIs9fJihlSgOfkqR5BVjv+UZgKocmPz
+wACPxgLeXGzH+8aQvCnsmb9p8A7r4CamKkpzeJHuYyzLj2wqTaif0gsAvVnjkksi
+uyxZtkWV9HDKgWYIaJnCYtKvAl7qKiY6DDk7McqPcGnI5zjYakxi6pLE2ZC0TUH2
+M0Zy54Tzj7rC889TfwGjbPIPm4mqliy7isxDJed1yiFizG0RT3CFB2qnjxqoU3sa
+x0fYGWP7mcNuioBU2VyPHkc8/8lNM9sR7+K5Ne8Orq8ooeb/kTdvGZJ5MX67W2Bz
+g+TwAs7ZPD4+ZGNIihlIMl2w8aOibYKmdIR6sc/01GHDhmV+
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/nssf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIrtclpBRox3SH
+lIWyxwKH/u77/UP+ML6C6AQOfsI6j7+G3o73cqIbzVlpFCfuy7Xh6+Y6uLqLQccN
+Flj0ckX/k+T3wR3Xpj6YAJ3W9ynPcgDWDK75MltaYDR1r69mkZ+SvDAE2gjHgv9z
+b5Jujyd3s419wHv5qzJQmgEMmIfRhP3sBJNw5+GBD226dIR4QWmySrNku3BpTXrm
+KT8piStnnpWvEaoIBrYcAhUvFkETpWv2FIJyQJGHKu5894DuK2kEdxhA2MTAeEOx
+Rnq9Xfv4Qq9JpyYNRLSfpUeSeJW3ZjCYan+mpciAy7QPY2dG/RraGPvkGtTmlBEU
+MV2kThYjAgMBAAECggEAHfOlE250cq781WogCkQUPKKanewkRGvsrd0IaKFtRmWY
+pah8mLH4lUMGH94Xl6xlGQhRnwdd0Cr2anL2E9slAgrbbEmGYAk6jl/ehEGfcTay
+qT/QsvYGbGwEvbaFlz66HPcOs6qsZMVIcGeBPhRfmkindX1Prj5pjrNtif5knFXZ
+YezQyv32wsXn0blE6Nfz7s6udA2JOhEj9hbl7VpK5Diq9X7zXD9eLlEB2vcF06xW
+u3mMZHCN0Bl9Ftq0KM3Mn56GjqIKMXZpQOZGL6hwKbQQRgLAwWqGGkQASsd+zpIJ
+i4NTibBDQarf6Wiob6SluEkpeaCim3cvf+lpHYCnAQKBgQDc/1StN7SB5Hpw6ApF
+RkWQb996UnmM7DUQp4G13iGww4iC9+pC/F6vb3WwcjITmxdLbSWPrMByTPzUIk+y
+kkBRD/TaAfPqSRsect9DjMhNyjxjSYL46jH7sR9VhebmuL4LhD2OpSPNGsnJwZ7O
+GcWWGRcEgQdMiXZTLpZhgJ+tXwKBgQDod9TRgADMMKFF55qCa5M+a/Jp2s6pgFBN
+BY8S0JApcOec0EyUZZ4fKX+vzP2PvQj4ITbEwsnnYDxGUIp76Wgo6ZvD50nSaxCC
+/liDY0pPEOFTIootByPVj56nrpBQ5Rcuon7DcIS2z7kCnoDZ3d52UTqXjuu1sQet
+8B7L8OVJvQKBgQDICwvgG+t2JJY8u54IZPq1Kr8035ENYgcKw0WjlaYTdnuMadMQ
+vZcL4K28gTIZEys76Fm2ux4cmNnHQCO6Na6ocfQmntvmuDQnFL5KTBZIbAbLrRA0
+NvH1rbf6V1HSiWnlzNdX1t4YW+ZKjcwtLaDwJFf0iMNNoaSM2T/glGh1qwKBgEB5
+5AQLTa1Um5Zo61ja/2bjx8OGVaV7mkoSjaE5SZLE5uh+eY77NEUOXITlBTrVwmQX
+yjn+kMNk1LLn6dD+Zs5aJMLMJpR+74B1jRU798NAOk61mL9uaIj2IZn+d7aII8ri
+dOg+EAEoUfchATnsKKSGWQrqMAQfyrJ6lAAam229AoGALHAQxLc2fXztnZ7g2ftw
+YsjutOSPPf+xBWZBVILYQMdY7Y3bEMIuz0oJqWSnvJ5ZMz09JQwoz9EzM1PL7GJ6
+PVlNNqqWdHtDlFamXS4rUXdsJLbKdoHy51bG1qIc5euYutpSUpKuc4n/g6erz7RD
+iJue+kVzeFjZeLSMFeoN5dQ=
+-----END PRIVATE KEY-----

configs/open5gs/tls/pcf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD3BjZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANJDzsbZ910GqsJTS2Z+FKu3KnNHtPUvtJ4/pXdz6b2s9ECm0bPpTofQ
+7N17yvv1GmEoBiCEpoz13q6ZZ/CCW4PLXUTXQzKsB3HVbm7luJA9JziKbXnSrGnp
+SQk97HWN1RYdTKQKi46JaEg8MfyImeopyHQUmYbyg6oJSm/8JyXT9LAil8BJeLgS
+JpOGvhE+Pus1+7XS9hswr/zz/6jiy2i6Cc5AKxF1Qp1qp69/8EMBFPRtxiHkwnQR
+jMS3A7sk8N4z2P6JlRx3uBHvrActS7Q2IAUZHCqGPO+atdWjPpZmDJTTkiBcPBid
+xNBM1efy4xtCbJm3bXQStVgELdXxZwkCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUAPQBjYhnG8101VwEMOb7qk7Lix4wHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBADjP6PVyrc5X0Av/FvkODQ0f
+9FcVH36olgqHMXH8HMtSaLhWB/NdOoeMfNnrZKlJJe12t05vd1b6c495Xg5bCpCn
+14wjUg/TM4FijXECGl0KT/VvPd+DI6sJiDgJB6wwVQoujY8c8k3inPoRBmPY56C6
+6UeD+NA3rUKnCas2yKq+eR2l+U48nfN9Sxdj5/LAQeY6CEaKKAdLZoN5YyxzZfTZ
+esG7mPpj5c7+oF2SBk7NEf+3yT8aZ2Uy20GXwLnQYk9d92AWUtBywe1LXgJxY3Yi
+snDuwEymRteXODzjMp6JXsCUwZ7e2e2QvTdDASx1QREidr9z/ddcpnXQWwQncHA=
+-----END CERTIFICATE-----

configs/open5gs/tls/pcf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPcGNmLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kPOxtn3XQaqwlNLZn4Uq7cqc0e09S+0
+nj+ld3Ppvaz0QKbRs+lOh9Ds3XvK+/UaYSgGIISmjPXerpln8IJbg8tdRNdDMqwH
+cdVubuW4kD0nOIptedKsaelJCT3sdY3VFh1MpAqLjoloSDwx/IiZ6inIdBSZhvKD
+qglKb/wnJdP0sCKXwEl4uBImk4a+ET4+6zX7tdL2GzCv/PP/qOLLaLoJzkArEXVC
+nWqnr3/wQwEU9G3GIeTCdBGMxLcDuyTw3jPY/omVHHe4Ee+sBy1LtDYgBRkcKoY8
+75q11aM+lmYMlNOSIFw8GJ3E0EzV5/LjG0JsmbdtdBK1WAQt1fFnCQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBACom4xjdCg4uDodIeninSNXwaOFK4g3zI6aIDyi2
+FhBxDcutDAAJHnXTOxVNWHan09UiYUeCRlh22NXfOXTAkR2cWDDizIGlcw7IUPal
+5+AqgyoBqZ1sD51+oDkZArZad07HbaBgkHoCDBDnGcWC7E6tpd1MniVuv5xPGp+g
+TIEKR9wEiHsUEePON9rrIqntgvpq8LpHVv9+BDdn6AEbkAim0U/IvHcmCjIzwp+8
+N2iFBuqngt/P/v/A0/eL06qqWIpVuVpBIYDdd6JrMMM3QWcATiFTVX19Dpov0dRN
+2iR9zsWC2Z/NYPQzGoJyKees7prTXpOyS/s8LLMTAKGnxdY=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/pcf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDSQ87G2fddBqrC
+U0tmfhSrtypzR7T1L7SeP6V3c+m9rPRAptGz6U6H0Ozde8r79RphKAYghKaM9d6u
+mWfwgluDy11E10MyrAdx1W5u5biQPSc4im150qxp6UkJPex1jdUWHUykCouOiWhI
+PDH8iJnqKch0FJmG8oOqCUpv/Ccl0/SwIpfASXi4EiaThr4RPj7rNfu10vYbMK/8
+8/+o4stougnOQCsRdUKdaqevf/BDART0bcYh5MJ0EYzEtwO7JPDeM9j+iZUcd7gR
+76wHLUu0NiAFGRwqhjzvmrXVoz6WZgyU05IgXDwYncTQTNXn8uMbQmyZt210ErVY
+BC3V8WcJAgMBAAECggEAEobL/ORuscEpIZcyQRUh4CFy+ZZbYPEzom/sNfK+KSrI
+mLu6JXaMp1Xm0Psb3whxKxdaNtpJTIlLdinpKR1rT9kG3k5zSs8ylrqeEOJn2Tmy
+L36u97ly3KAkAc71e0Qkft7VBm0xb702tYqsQtqMaUAGPAgmoOfUZxKLfwOCNYhn
+FvD76Qvv2jOwO0UvDzrlOdDsLiDPqYGR+4VhJOGEBVzZnQeQswbhTEj9JTBNc6Dn
+Gvh5ZxhaV82yxpB8J0JVWESb3w6KDnDpCskW8IVznjr4D2hxjQRjDXx4IMcWtCVg
+BnEknKR74uSaKZza5jwGf6XwoA1YlkCNbEmGeZn8yQKBgQDlFGx/KkSNIeDOUuFQ
+9la4jBjBf0RQkost9h10SVgk7UhnUOdhAzd8gygAdL8opesoVyY2lbIhv62iH+94
+5Eoh0mLT9siKjR/d56wyQRccrjoHLt91GnD6qKeGO0hbI5QeeKbdDrbCgzEpm385
+u0HYLhlkM+bpPnMDaai5wgnPpQKBgQDq+Vx2K9lNHN/Gdz7vq0xn/oGeiT0EWQAl
+nGD9E03f1QYsSA0DqX3MWJ+7rmXHxZcT4HC1DNcgpG27mEnIVxw3n3JoPWaY5DKd
+BXvQEA+SaNfXj+nEQft/mFgVGmadhnS8IgTk3obAQXVWXrgV/0xO4YaQH4D/08Zp
+eeWr7neclQKBgBceZoy24VA0+REZgC/BjKL3UJBGnchb4bvzuKlBtamUYNg8a/14
+a6MfQWw6XAhoJkFd+jdMCDwrsgRIoMxcjba4Gs01fKuu7mZguRohQ4nbc3PCIT8a
+Ogix+KYtWXIJNyuUFZL9pygeQVnnnYFgCpccn+di7Yzgho7znNmSYZcZAoGASOpi
+r+UBhLVuF5dPd24vwqGutXSe86durT0ut7ny03+2b61YJIfHGs9xmfsPaIO/UxK1
+xukaJO4Bg1JJqxqlDfmztfc/zDgcIK/f8Pva6TMRr7nf7+AN3FV5F+teZomf1fW0
+kRUgua5WbBvughz8IApKCJVOIZUlH/wMsmLIyVUCgYBL9vzRI1RliwBWZRRHGuuX
+Eg2x3GUvIAMbA7Yfpd08VCkxPGrNtPjb+nPbV5zHf0lSrKsBzCtgy6WAulhUGTBw
+tfcU//wg+1MDb7OY3ZBy0+8e0FDfS674DnD4YT7E+RoEqSrNPJ7v+Z1+LjkQPU/k
+58Nf0K4LaLiLah5T6dNIeA==
+-----END PRIVATE KEY-----

configs/open5gs/tls/pcrf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAkSgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEsxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGTAX
+BgNVBAMMEHBjcmYubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDMiA6Y/1qYyV3CMfVer498oPZNlnjciFECal71JbgigzvUUAIXT5tx
+KQUWKTjeyhbCGHMekwuyyUoljo6jMIoYFL5m1DKS6GV9mQgOhj2QpDEN44FFWm4B
+BRM+pHxXr71h51lXffH6l+wt1O7Y76ok2ZIxB8vzUUfKzmeg6wUQntS4oWuzZCHl
+5Ca/5FaDcty6H4ixE1O3+dRHPmbT+aWrZwekZyrOXYnOd4jNlJ9mz8STXLP+mEEH
+X3VbPkBOwFOHNq44WHYzZNj0CEjVghWWtse0T5V3QWluYxiBmJF3q9sWNe6bn9FI
+qOeJue5TzhqsldDZ75qhmvpRn7Kn+hz5AgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYD
+VR0OBBYEFGyP1+kC3lw5HoXa6O9i41J/tZZqMB8GA1UdIwQYMBaAFLFq+pyZvAQq
+Qohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQBkZI1BdcoRFyQGCb5AhiXc
+Su7MlrdPBACUvXqF4R1OeNUAa6dwlFVINxZmrFYrJ2MCo+4KBURXEBjugLloWGTP
+ChsM7eRoFniCQChWkEjoaTe8wDIWYSyZ6tBfiDgdM87uP4rbK9HO7C5lByj9QtAz
+OHYbkv5NEi5j+S0i9et9jjXoHjtqBRnlzF3lSWc461CkJA1Dgv6jldY+ozhxJlPq
+ZWvLc+8B44pgsQYkwpsg3CFESNAUa02h7qynswdmaB4AtPON13qjPzZxuawVco6K
+Fuy68CkHwwUTk3Qq2Nd5DLE5yOstiUOpJJ5qlQy0Fkp2SG+FEC9Rlfbl9Eh/Yxua
+-----END CERTIFICATE-----

configs/open5gs/tls/pcrf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICkDCCAXgCAQAwSzEZMBcGA1UEAwwQcGNyZi5sb2NhbGRvbWFpbjELMAkGA1UE
+BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyIDpj/WpjJXcIx9V6vj3yg9k2WeNyI
+UQJqXvUluCKDO9RQAhdPm3EpBRYpON7KFsIYcx6TC7LJSiWOjqMwihgUvmbUMpLo
+ZX2ZCA6GPZCkMQ3jgUVabgEFEz6kfFevvWHnWVd98fqX7C3U7tjvqiTZkjEHy/NR
+R8rOZ6DrBRCe1Liha7NkIeXkJr/kVoNy3LofiLETU7f51Ec+ZtP5patnB6RnKs5d
+ic53iM2Un2bPxJNcs/6YQQdfdVs+QE7AU4c2rjhYdjNk2PQISNWCFZa2x7RPlXdB
+aW5jGIGYkXer2xY17puf0Uio54m57lPOGqyV0NnvmqGa+lGfsqf6HPkCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQAmSA4jedvdB8xQrrEr5eJwAiBv72vu6t0okW/v
+80cLid140/stZSNHdJ7dXlXWhyWfCxS6dMVuXhYBgRCucwVpMjU2CX/ukhzT0JQW
+kTrdWCsrqzHnD/ukGQXA1fvaMHTLUzcBe/CznS/H3pVkSjdtiENZhxZwghigI0dP
+hePe2O2GmhKXCl+mtD08Wo9cD5NuDj937Wa0x9JHsjsoKxBRVvdmOXBrAZ+8p2k1
+nwwadBpUpGLbMDS19CMGOXjRpITE1lhXFDn1xtQRAM0eYE93jLzUE+i+o90CR24Q
+g21BL9lz3emPLDHgKB1PXdp2azdfd+cyVzDVGrzEFdFoqxNT
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/pcrf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMiA6Y/1qYyV3C
+MfVer498oPZNlnjciFECal71JbgigzvUUAIXT5txKQUWKTjeyhbCGHMekwuyyUol
+jo6jMIoYFL5m1DKS6GV9mQgOhj2QpDEN44FFWm4BBRM+pHxXr71h51lXffH6l+wt
+1O7Y76ok2ZIxB8vzUUfKzmeg6wUQntS4oWuzZCHl5Ca/5FaDcty6H4ixE1O3+dRH
+PmbT+aWrZwekZyrOXYnOd4jNlJ9mz8STXLP+mEEHX3VbPkBOwFOHNq44WHYzZNj0
+CEjVghWWtse0T5V3QWluYxiBmJF3q9sWNe6bn9FIqOeJue5TzhqsldDZ75qhmvpR
+n7Kn+hz5AgMBAAECggEAAyK73I8fp7OAnztOWHkHEWFTXV2m9TSWz1troMUHBWpv
+JqJiYdKb3riDBjO0FkBRaIDg9PFKrt9Epn5AxBI4r8VTpPZwXw22jp4jwDtBIuBN
+izm3b+WCxbu6740shdihJeja1wtMhCvDmHFJByTnfiCiy+MjdpPCrsKK1q37uiU6
+NwQM96hwi6TYTX/i2FcTgB8TtPmy0hKiN5pUdWYGNq8xjNAKarNptELveOkTDmCc
+dlpqS+4ii5BrADrNDjuP7FS4KnBn45vEB+y13OAPrY2TvbfQDBI4i5HdCVw3zo0c
+NOf+TpJykg+Cxa/WqutX8im/3X8K8WymkcfdZ1I0QQKBgQDdadXvCrJNz8j5o2OU
+ClCvkFnPoCiySCT19/RN6C45C/LiWi67OxcD1kr3uWMjblPwXoyrfZnxjraOpeaM
+fVXnzNbqD+Rnre5/YskvU5hcgoKrAMSgcwa2wc/DKPrgj83PWaxrxLKCguPIh6zk
+DTvAFsx13SBQuRQwiAVyJY6KIQKBgQDsex/TndN4+kxdPhZMENExoqZ9wBvLFuvq
+q6ODTSDw/yahPlmAAuqyIYq3NY8Qdi4IEKnna6wVVBtZU313TADVntIKT+1xsdHp
+SLKChdFggqdUXIS1/FOCosoWCaFHe0jM/YVxn+QpooZLWtEjTofxGbfEiQf+sKPV
++KDED5wn2QKBgQCM/wazMLaXAojTIA8biO4UvvHSXAVOcs7Gq92xdvdocIl9RzyX
+Emv3j5Ex66aMO4fMfAlMc7GCuATdFhyYvn/kGveJGhGzTHmiOUAwmSVfU+TuDJEq
+M9XEr+skNoZ8VlcTgeFgx2N95Og1HOEmYJ76Fgqhy+z2OsX2mcgOBoicwQKBgEah
+R5I201CQwXof7xzs8O44PC3W0PZJdFD0zrOKt8oDCxChxK19MYfeiMXLk11BTuJN
+x9E80XrVUg3N5+1Xn/AtrWIzGSIaEC3y7o4ZVb3TiBKkR2brZC3iXSVT3v2wjr/b
+AJ49OTJOPnoHN+upquSR39ctblvdejGQPsQQPX2RAoGBAMPEbxnbW+4ueDqDLjZa
+Sycio+MO8wPtsBL6g0sg80zduoBLPb0djCSiqYCTEgwtkYG9oQtKYvEycvb8h1qB
+9TrLpwWTl/k1ERmjME94Kf0IJZU9KInq5zmIKAn0iIdoHjSWK78JiOMb9pw2A44V
+RmU/iXW95u9YMWPrtijdc/9y
+-----END PRIVATE KEY-----

configs/open5gs/tls/scp.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD3NjcC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAJ34VbJi6C7XISkQdq0pKXcTITsG8w41IxlFm4nuglYyDWsdQJf4+sGO
+I+E6E8b0LVDkUljh4cRD3ZTZy/MlBC2EHIi1zP0ZRDzl6Av9qVUhCkQ5bviPmvUe
+fQp63Suo4MzdzhbAipzsEC/zFDdjtjHKziV16zxjzpWoR9Qhr8YzLWT4t2wxJVP8
+lOlgAdkWYPDW6/PAz9PNmJ0xuhtMC04Ia+RHxFi4xeH4umBcp2cHbdup8fW+sI4Q
+RSg6449FiL4XlElggMpNlixcvNE6umzCAS5rJj2FIODd1i4J7JJjbs2nxZWJQTj5
+B5mpvFr5UlkKAxNVDfEC1jNzkS7ttscCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUGcbPg++D5U187URxcjqTsqmmAogwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAD3hPDcxv6j4n92UC/+XSsLQ
+cR0gZH454Y52Tocee1MgbQeDQauJAVtu4A79reBDmL8pVF14auBzLqLdyBTxAfOn
+4hcbw9OjxF/eKeNvYXL4tNu4KzZOoZuUiM78wnvJQObRp+30/dIUHt5B2nuKdStI
+kHgQrUXMuvJBCzmDKqiyDkkY8gN6/no6LzHQcpC7KiAhhQZ9s6IIgg8ulVqgeLXd
+Ia7Jit1Abm68+JDifwof3IGF6fzjxmWNzifxlVSgbMWMOnmgIVXojZrS2ofiJ2es
+VvLkGvyeCQtUV0NuGNS5QHyKN68mfDNRbk7A5gcr4ga9YzXHc9aQ5VJZyDvax3I=
+-----END CERTIFICATE-----

configs/open5gs/tls/scp.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPc2NwLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfhVsmLoLtchKRB2rSkpdxMhOwbzDjUj
+GUWbie6CVjINax1Al/j6wY4j4ToTxvQtUORSWOHhxEPdlNnL8yUELYQciLXM/RlE
+POXoC/2pVSEKRDlu+I+a9R59CnrdK6jgzN3OFsCKnOwQL/MUN2O2McrOJXXrPGPO
+lahH1CGvxjMtZPi3bDElU/yU6WAB2RZg8Nbr88DP082YnTG6G0wLTghr5EfEWLjF
+4fi6YFynZwdt26nx9b6wjhBFKDrjj0WIvheUSWCAyk2WLFy80Tq6bMIBLmsmPYUg
+4N3WLgnskmNuzafFlYlBOPkHmam8WvlSWQoDE1UN8QLWM3ORLu22xwIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAFRCjdAFXqzb4Hb9ssaABrW9nDwO+ZTGiMeQg122
+RJ8TiH0jq3qurRdq6owPDJiqVVNklCdba93fB9TRqXf3E8RKswp9JfM3OfVdpgT6
+gYoQcJOVsY1iyDbC/RQZvDGprAF/zUI/7+Lgb41CHU3rd2XOVgZtJf3NeBHV2ZmH
+VMnPW8t2KSxtDiCNuAePfFnmUfSYZfTqpyswO5nO+qyfazyH1teLKcnjrHi5yCXD
+r32l1W7sP46pQukJjLgEKQA+ekA7pTmqENJLY9a01yY42N/ZB35fXNuxeJNS0I8Q
+Zo4AoFwBWINSTiOF4/n1OSIctmkxc/51dKNLWu3kZSOholA=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/scp.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCd+FWyYugu1yEp
+EHatKSl3EyE7BvMONSMZRZuJ7oJWMg1rHUCX+PrBjiPhOhPG9C1Q5FJY4eHEQ92U
+2cvzJQQthByItcz9GUQ85egL/alVIQpEOW74j5r1Hn0Ket0rqODM3c4WwIqc7BAv
+8xQ3Y7Yxys4ldes8Y86VqEfUIa/GMy1k+LdsMSVT/JTpYAHZFmDw1uvzwM/TzZid
+MbobTAtOCGvkR8RYuMXh+LpgXKdnB23bqfH1vrCOEEUoOuOPRYi+F5RJYIDKTZYs
+XLzROrpswgEuayY9hSDg3dYuCeySY27Np8WViUE4+QeZqbxa+VJZCgMTVQ3xAtYz
+c5Eu7bbHAgMBAAECggEAFJLs2lxeYAddxsLhqgDT6THBILZxfna2OQrjTI4XRJGl
+RL+dE432XrIcAy/0tnND2aa7AN9+b3jlSYcqNGMsTZ9IthdzeL1LMWFCHRmu7art
+cuBGDzJo3KbZYz2IQ7DtglEbD8SI6RIns48FoYcnigmfWqqmdgmLtNsja8HtajM4
+nF9CZQvGkpM5DxXm5K6OigkZ9JKHkvw3a3uglH5uNTmf5UqMSktQQUks996lNlcF
+ncjJeagOazWk5suG/fR8y7jrf2JrhcKwuYSg8jEFwf/ykAKuy0SNHU1TfF0ply9w
+84HvMScv2nRsdB3cT0J2yfGhV1+y6S1tCkA1EhOWCQKBgQDY7V65kKaFJhyZDIrT
+vZoJMCWfYAYe9It64LLuGl+K2b7HQWMa8AONy8PV1NPIoMzX+AKmfvo7Yt6WL4tW
+lNdmQIcVPYnoPfGW+9si6ajByQuaLMYzFKXYsMmazNuIxgx/+4x7U4NJmtHxKhyW
+izy8M0D2GY5wPQqKDYD5Ew2MDwKBgQC6bGsTVoUp3RyQfuH8zCCavOjJCk36pyYX
+U7NToCNaDzA4j69NiDY3AQi4qjLN+qIuNh7WLi9VUubwaqiwVvzBiKe4AfVPlh2R
+cOtXJZxCmZ0pcsSsMvv5JbQVLbmOTU5OVUBx1IosakXFyPbX0+HlRTCXQWV9/WGU
+Rk1PvmZRyQKBgBApp3wmBfI3w7u3joR2RQrYNoVobyxRRi8ynMJW3rWGwcsw2QSB
+y5H+E6pUAC+bo4eX6AKlxVk1ZaZFBpm930q0FhyECElwjBaWz14LkNJXe3DSUzYt
+HKpHic3p45WORBIpGO97anXKfkf8vkKNP0o6e2Waw90i/y0IEor8W28LAoGBALQZ
+nfBWu9tP5BKsogKp6i3Tp0jiDafD54bNtAdsQ/rzhXB/T6qll0rYUuakduSL6Dag
+znW4tL3Hk5hcUo/Z2eHW9cFNEwNKUVJ7NsFAco/c+/pZCCwcLVXr2OhE/mi9wpLm
+xZWy8bIrETEdD2w/JJNsnp7h7P0k1yp6KKKLnSoRAoGAEZOB+A1EGllcsEMX23jZ
+SfECJntHZomP1GvstLvaQNlSC5lDmT6KO7Rw2RNEDJPyfelO/A17CICpDGU2NndC
+hI4zzywqqsLfCaYpPz1CD/BzP4ugyXM8W/kP4w8hSlHdqgyNi+iWqeBzsrZXtHLT
+4XJt75eQQ48u+NWkaQ4kLY4=
+-----END PRIVATE KEY-----

configs/open5gs/tls/smf.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBCzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD3NtZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMrZsOPjIlGG8FptBo7fdxaEKusuBoQEfSV/8KoQovMca1yn3SEiFNdv
+dDG2RusBCzZ6K/bjTieYpkUuTH5nTPQiz0MRM0ErlxUXKrosZ8aalRNajveq3fgR
+K7pa1tnS4iEArMwtr1Fgj4jA5B48pOQrS5vmx8w5JCaPXJ9HPjTwdFubXSfMT9fT
+qcP/E9Z13zfhDZ1TStz0hYIanQZlp2BTJJgZQJ5kJsdEsp5Ect+t3ZVwDxT90iFo
+1X96dR/xf0DEKHxmybrahhmePvzEETgz03McVEUVBdQMMvDnqyXicLNzLJICY0Yw
+KzGeAg9Lh3PVjUnx/ctGdp8BCJRRkS0CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQU6p4PokOU3iROPZzUmvS88xnI/QcwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBACpTSu1iB2ZWmTrR6zvnn57p
+xuE7udN7M52yG58N5k+f9cwXwmvvo//VK5AkJLqc/qBERwOC1yUQPTotBq8K0dF7
+Gx+zyG7o24GjZYgJvqIADEE0pWLTN6GkkYTzYXQwfv9kPDpAWbXl2bsYoY8610ce
+rRCQE7FkGuITR5mqKbJbvMSAwiH7gZ5yjjWXaUB1b6zzXiPOvME23IewgnddB3Ab
+zkGqgYO2qCcelkE5ciFl75d+DovfMXQDU1qGV6s0NTEqIWy5BnYj2jKoJJp2zKfE
+nOhyty5eh08CrH3PbYjmU5pNP7/ibG0oVJR5xLx5SWlPCbkEImcOwUH1cCoxEbU=
+-----END CERTIFICATE-----

configs/open5gs/tls/smf.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPc21mLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytmw4+MiUYbwWm0Gjt93FoQq6y4GhAR9
+JX/wqhCi8xxrXKfdISIU1290MbZG6wELNnor9uNOJ5imRS5MfmdM9CLPQxEzQSuX
+FRcquixnxpqVE1qO96rd+BErulrW2dLiIQCszC2vUWCPiMDkHjyk5CtLm+bHzDkk
+Jo9cn0c+NPB0W5tdJ8xP19Opw/8T1nXfN+ENnVNK3PSFghqdBmWnYFMkmBlAnmQm
+x0SynkRy363dlXAPFP3SIWjVf3p1H/F/QMQofGbJutqGGZ4+/MQRODPTcxxURRUF
+1Awy8OerJeJws3MskgJjRjArMZ4CD0uHc9WNSfH9y0Z2nwEIlFGRLQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAL883rfAD6ZTH1sxq7vdKax9V7R01o8b7IdQcV7M
+nwZx0wIH4ZGef6LwUXfWa07X8DxlySPxiMwRitkKWtJ1D63AgsfUhi9UOHj6IWjW
+skMVn/uczTq7eIZIjICftHVVvYd7HteMYxDLrLwWCSCE8P+UIE23eHrY391QOXjY
+J3OUXb2kvNK2snEvAL3h+tULePFsUqZix08c+L2DtjFmb2xAia/jte3Qii8nj3et
+9fw6Xl2yjM/fJ+pTwPXlmALvfzSxCFyBLdMAkuB/DeXeMsAEB6Z8S25lFEA3H6CD
+F27mGEVKeSrH2c9O24N34vToOZ1PM5rU9dEVD71Zj107sG4=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/smf.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDK2bDj4yJRhvBa
+bQaO33cWhCrrLgaEBH0lf/CqEKLzHGtcp90hIhTXb3QxtkbrAQs2eiv2404nmKZF
+Lkx+Z0z0Is9DETNBK5cVFyq6LGfGmpUTWo73qt34ESu6WtbZ0uIhAKzMLa9RYI+I
+wOQePKTkK0ub5sfMOSQmj1yfRz408HRbm10nzE/X06nD/xPWdd834Q2dU0rc9IWC
+Gp0GZadgUySYGUCeZCbHRLKeRHLfrd2VcA8U/dIhaNV/enUf8X9AxCh8Zsm62oYZ
+nj78xBE4M9NzHFRFFQXUDDLw56sl4nCzcyySAmNGMCsxngIPS4dz1Y1J8f3LRnaf
+AQiUUZEtAgMBAAECggEADlqgK0gPziAT0vpDDAohFa1Nki3EFURyDJzEjWw286gP
+qtNQEP+l5ObEnJ3u38NHpVe407Qa/C9PmLahgBJUPjRWYUMO0u5ANyRYCCuLPmEC
+6ocudbUYFu00IHA8ItbK3JX9JEeZT9Na5Mztd3xIGMM9iu8mNTvX5Iihf73dV4aK
+AtD1L5fCGckEJ0Va/xLta0sjdxLSYMIzacIpn9gdK7DXf9DL/eTACrf1U2ZAMQRr
+plKeri4OFBjMBy68kdpPF5ZyQwj1Plx6E2Dm0eNzsdF1zSkP75BYbi3OaIJR77Xk
+jp9lQvkP74e2ItzYJn9sGWhwAW2AiQt1zn+7v5eGEQKBgQDSajh8jMvFt93GgCqR
+OTGR2s4k4jp2XvcEWnJJax3ksqiGHMhlvCQDV/39saTcLUvc+bymtMc5Tws2ewaS
+LstUeBh/GrEMn8tQH7TXns+rq62I+CwSYzYqu2/uHBHkk1nXrTBxQ4LE/l4a6ZyT
+eVHr/x4iy9KMF3WhTBJytQJfFQKBgQD2y+7s1Hh7r+THSgo1CBZRtlw0CuA5EOgM
+iuglkU2cbx8q/XdXb9u6sLfldHGu3E18TYUJqPTrc3PVSEEA948qJ527PZh3VxRg
+L64M7gt+g1MqyZvuRYzTZOMBcJNJpfJSnP4mPY+o2L7mNpAS2Twe2K9/zuIWyChy
+g6xbVw4vuQKBgQCOGWQKYP9giHqCip20s35RdQYQjKNUu29whjB2epuWjj0XTSrc
+4cEkbPE/ug+PDhwUoKeRobaFcmctJMpcQLPaWLyaYgk9cFDazH7RuxOeaPNp88e3
+pz62fxzpHhXLWuOqrvBvHVub8/jTjf7K7XywtvrAHwwSxekPxBMVWj6+vQKBgHWS
+H4d5jNA3skByeDxdVuykeHZefAUTlchr4D4NY7DTi0CasWDZLA9bIrBP8dyAnPVL
+pMY+VDdar+L6YeVJCk3lw5GwvVKVDGLqM/t658TkYRlwJDW1smn+lNpZvAEI6lEK
+81RaXXbtkrvvYGFqVebICYtUjoaV4hbzvYdiCKMZAoGBAIFv6AMnXaWHoO4Qpnch
+FCSBNckhzajPmmZ1fskWR95d9ArmrJUaA0KKMqno767zVkrDzm2fw4+q12Ba1xRe
+J2KW1M12IPfZtNwSfQPYs4wej0VGScbOWve9qpA3WrLv08W63MXz7XRpeg5ZnzG/
+3bZZLfqZIBdQR9/f9ibP1h98
+-----END PRIVATE KEY-----

configs/open5gs/tls/testclient.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAkqgAwIBAgIBDzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjhaFw0zMjExMDgyMzM3MjhaMFExCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxHzAd
+BgNVBAMMFnRlc3RjbGllbnQubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/2SPBDa9KE9rRuKHp2ZNNm8X+Jgl34tocbcYiWm3I7+je
+NPOiUIB6TpuP0gkwbzfhqbRdO59EmAsGjtjonwC2mTxDLWflfAUVUEGUml3b9ESf
+ZUtMWh1qBBme99DL9kqqNWaXVL9xAX/yLWbdXxfc/+Zuc3j/uRVOzqGLROqfw/k7
+iKmfZvBjVrtxR/xyRa3LfjuTPnM30UA7sk0jrZH9feOCEbNeYGa12TloDh05RzU9
+RgkBL1AH7Zvha3iNlXwQLkgEpnJEeegQ/iS9pPEwgqsquBRoQTClzVGzbs5Ttpzi
+ZL5q/Hf7sGE2x00v3XKNDvUPg9k7RvVZoG/fUy+VAgMBAAGjTTBLMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFEegxvp7oDrpJfd4LDD4LSGouPVnMB8GA1UdIwQYMBaAFLFq
++pyZvAQqQohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQAPDVSwdX8u25Pd
+a7UNANFAf87AurQKsaeLpKu1AfZZakgu+XQ9W/5fJXCSvuVc3g+JAwxVKZfO3yae
+C7vcLSughlUGbjJyVV4wn9xzbKISWwAXmBEt+pP+vJAcyCyRD2uXZjO89sCFxHmD
+/Oh84m/ygiUAx+u2to55HPjNTZs9wphdyDws1lPUwxj01B84r6QPgTKBpnhOAr96
+xUYNZKAt1ycRXcoi7RNieEZP/r0j92RVA57twMGSDHpCgb7YnCXAS9ptlpHySbOK
+akfqFx04eVilqKGee4NeM4rt7363Fr61H+bjkYjvS//ZS/L5ZrbNAMWmkr94Xkcj
+m1BG0Bwg
+-----END CERTIFICATE-----

configs/open5gs/tls/testclient.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICljCCAX4CAQAwUTEfMB0GA1UEAwwWdGVzdGNsaWVudC5sb2NhbGRvbWFpbjEL
+MAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/ZI8ENr0oT2tG4oenZk02b
+xf4mCXfi2hxtxiJabcjv6N4086JQgHpOm4/SCTBvN+GptF07n0SYCwaO2OifALaZ
+PEMtZ+V8BRVQQZSaXdv0RJ9lS0xaHWoEGZ730Mv2Sqo1ZpdUv3EBf/ItZt1fF9z/
+5m5zeP+5FU7OoYtE6p/D+TuIqZ9m8GNWu3FH/HJFrct+O5M+czfRQDuyTSOtkf19
+44IRs15gZrXZOWgOHTlHNT1GCQEvUAftm+FreI2VfBAuSASmckR56BD+JL2k8TCC
+qyq4FGhBMKXNUbNuzlO2nOJkvmr8d/uwYTbHTS/dco0O9Q+D2TtG9Vmgb99TL5UC
+AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAdqoupSBRB+iFdX3ULgt1sTfqxio9d
+X2avV8mhQt8Ivrgw3/+iggz0y54JS+yL+tfzFu2upxmeemnImkKremt/zwQDhKJC
+2yLtDBDCWIwrdQyoC8V5irUEZNwFjZn/VrZty7lFsAA46HOXPysPJuYEXMQ1JYoV
+VB7N7JdfaFDGDLe7lKsOA/zK3QF1yRvFqdaNyeVP7SZ68K6JzzuP1eakp6BO0pBF
+X8xQc3LlMcMSP+G+IjN5LFp+gRMpxv6BkLHFn3ahN9aUPOJb4np/uEg5Mo6fT+gc
+qNW1NZ9ZkYPWfTV7SmgWfar+tKXjG7TQyLQfTDqMD+VbSZtWQFGLp5T5
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/testclient.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC/2SPBDa9KE9rR
+uKHp2ZNNm8X+Jgl34tocbcYiWm3I7+jeNPOiUIB6TpuP0gkwbzfhqbRdO59EmAsG
+jtjonwC2mTxDLWflfAUVUEGUml3b9ESfZUtMWh1qBBme99DL9kqqNWaXVL9xAX/y
+LWbdXxfc/+Zuc3j/uRVOzqGLROqfw/k7iKmfZvBjVrtxR/xyRa3LfjuTPnM30UA7
+sk0jrZH9feOCEbNeYGa12TloDh05RzU9RgkBL1AH7Zvha3iNlXwQLkgEpnJEeegQ
+/iS9pPEwgqsquBRoQTClzVGzbs5TtpziZL5q/Hf7sGE2x00v3XKNDvUPg9k7RvVZ
+oG/fUy+VAgMBAAECggEABEzMuJsYKp/4d7AR+aYYX1+xB8yDSfuHbyYwZUeOGOLJ
+tHtO2lHqw0hc7mkN2YGl/hSZ7Ty0yeqM1WGLxTuqc4Kf6hM2i4X6A4Yy5hlcpl1a
+prue56/zDf6CstWz9B0J2OKisUcjawLBLaTXXqRZlP5BBF4/CspI9Y/Q6Uh1ks2d
+dkGob3+leeDCLtggVbIE7FqdjmLI4gD9cVYvH39cTvFd3uXYRyjDtGUdbAH5MYsy
+/ji8Y7ZkR+Phas0xYiJBRSKIxsdZzDDRbVDaQJM8DgUOQawtE7aQs+s8+rddR0xH
+WFdQIM51vTNYENVA0BzNY3Es7roBDaeaZbD53y30kQKBgQDLDq2c5OuxS66NaHGH
+UShytecC9ugeKYVALzDen/CM7Wvf/3hJw/bXrzEm+FO0h/Xz7rHBtSfOzwHbQmM/
+FZ4TxGohDhPgqR0bP0vqR9sKE9Kc4K2eRjjncd7wiVBstHMKZysyD3IQtNDJqzqw
+umVFyVy1lWBGLXM+l0IuTjNwRQKBgQDx3kse4lkIxYCFW+ZjJtUs2DzyOy0Ga7BD
+UkRw/tbyzD7kzj3xp9MJAeUz8vaZ+zcqQgjsfhmLMbflCuuNdREWLA17Cpejekmf
+nTu8hxpEEvtESkj0aq55iessUpfLxdPZepKfz/UkDNa+mJus4QILDp/tUnGSvGIA
+v0DV8AT/EQKBgCSR6SyXgec1ZSNsiv2+3RUDs64x/43nFmt/1EJT9cO7wrDd1rEa
+TOt9TtHg6VpbHi2ncHYdhSTW3VO6uhsTbpvKxP5dBbFxY5+Tn7164XUIKuc8A6i8
+puTv+iHB6S0atplKCVqDs5xUpEGdx/0qJLET2dGOLH+XEelU3oNubA8tAoGAbqs7
+Diede5D7LIoPUcD7+6f5wxBmmrB9l2A2JsnESpZAFOt1lnQm8NEoMevzACPdav2K
+HcPZJkKalTe47iHpro57oJgJKGkU9O653Zqn3wwcYnPnC8cgjEYaEE6+XCPpunIG
+Uw+RaGxjehRT7veJust3S9zUUMLXyOW54eoQLzECgYBBTcFVoDIqJY5MSOuQTYri
+lro7YcXk0kvahCSgXzdecU+ajG6+ppHvIje/h7nBZizFfsGsZQj3j9hrmxXxJn4H
+4gSLHSycFGY65G6tBC4eNKi6umBi8rgw+kQ0PtY23ZDoRTdePXYT4OzQaGiGzZhO
+4su2WwkXmgev/Rcan3hj1w==
+-----END PRIVATE KEY-----

configs/open5gs/tls/testserver.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAkqgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjhaFw0zMjExMDgyMzM3MjhaMFExCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxHzAd
+BgNVBAMMFnRlc3RzZXJ2ZXIubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDK/mRxA7vFDetSR7J58pT+deCpXdjH6rFyebKsPRklq6aq
+P8eLMj3CYG641BHNFoMygnK1SEuPXxoLqVYFOf1aZh+9OdvLPjKB37ZfikzXR5az
+PRvGKOO9bM+lgviZvmgnE2sEVYtoBJAeK+ZXQkPUQ+Q3QBsdyZXFKu4uQZukW7UO
+sp+IGQ5guCi+MAkppB/T6WbuTl7Hr7wjLd/eFK5rHik57D0N1f1fX7G5+K1jfFu9
+OsVYDsp3f7LB1QjZntAfE7dnddmAXdDz3FCPm7keLSrdsYSY9Q5tVqBl5yRzMcq2
+C4DQX7JcqWCfpGjm8Gnc4gmDyKV4zZPaQXiXr6TzAgMBAAGjTTBLMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFNNWx1Ixb8nBttAAziCdNf5iUfGCMB8GA1UdIwQYMBaAFLFq
++pyZvAQqQohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQDeFTLtNW8hPvUB
+QOBVZU4kyzOw3v7Y74lug88I92XMagWVV71lLGCzHcQodI7p0ih/3uK9CO+yuhU9
+Wkmimb3oh44wao6+R9qtYF/OdbKLvRZ9y3Fd5y5RiYJNFCuBPLGf/0UwIifP0tcI
+bivpNkB5WByebbhzo7zZXz+pgMMDkLtBfvwNF9JYM6WAdEw/3cYaN6jwtwvA9/2O
+wQ08z1BtuA0Cxjy+7DgFl9b7EQE4q85+TNCyl59x0vO2M9lo01C/APQ8HmCRc8Ax
+YCY7zYz5AqnO3HPnQ6plYbIw1xaLEwNYDZ6sxIpCRP+g+ZDG6A3YW76n019lEm75
+02901MR9
+-----END CERTIFICATE-----

configs/open5gs/tls/testserver.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICljCCAX4CAQAwUTEfMB0GA1UEAwwWdGVzdHNlcnZlci5sb2NhbGRvbWFpbjEL
+MAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMr+ZHEDu8UN61JHsnnylP51
+4Kld2MfqsXJ5sqw9GSWrpqo/x4syPcJgbrjUEc0WgzKCcrVIS49fGgupVgU5/Vpm
+H70528s+MoHftl+KTNdHlrM9G8Yo471sz6WC+Jm+aCcTawRVi2gEkB4r5ldCQ9RD
+5DdAGx3JlcUq7i5Bm6RbtQ6yn4gZDmC4KL4wCSmkH9PpZu5OXsevvCMt394Urmse
+KTnsPQ3V/V9fsbn4rWN8W706xVgOynd/ssHVCNme0B8Tt2d12YBd0PPcUI+buR4t
+Kt2xhJj1Dm1WoGXnJHMxyrYLgNBfslypYJ+kaObwadziCYPIpXjNk9pBeJevpPMC
+AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQACkHItCrvQWANviVk27ntZE/Ze1/NF
+W8jPeJG3V9Zemwp2QWE530gdhNy717kGJzW0Udvx57By4tS1bORlKDL7ikpPaIm3
+q2YLXzusJ3JXyD2aYoaY+uP6+gt1541aLep8eSQPgG0jJlo8VbbsrPrXj9T15Nsb
+MhDlKDLZhW+JCwp53/IB8Az3s6oCUelwENOTDkmuaksTbo9NX9TJ68ByAtSqroT3
+/jHqvSpD+VVnQcWn6XE6lLNyXcFcQ/jQLKLVbdV+CLPrUORNCyB5Vy7Qxm49g4lB
+H9Cx2fPDBpYw7BlFIrNU9bxLAem2lE2x+H5NbbFoMfi8Bq3q+2MWZg+a
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/testserver.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDK/mRxA7vFDetS
+R7J58pT+deCpXdjH6rFyebKsPRklq6aqP8eLMj3CYG641BHNFoMygnK1SEuPXxoL
+qVYFOf1aZh+9OdvLPjKB37ZfikzXR5azPRvGKOO9bM+lgviZvmgnE2sEVYtoBJAe
+K+ZXQkPUQ+Q3QBsdyZXFKu4uQZukW7UOsp+IGQ5guCi+MAkppB/T6WbuTl7Hr7wj
+Ld/eFK5rHik57D0N1f1fX7G5+K1jfFu9OsVYDsp3f7LB1QjZntAfE7dnddmAXdDz
+3FCPm7keLSrdsYSY9Q5tVqBl5yRzMcq2C4DQX7JcqWCfpGjm8Gnc4gmDyKV4zZPa
+QXiXr6TzAgMBAAECggEAGwG1EkDJaAJIkcCpMvE+YmEDcUpjj4F0Ie36rVCkT683
+yW8ag189TpGELuyZVlxNkILrc56OiEts9yqMdRM4gkuToxoXWcHIzXTv2g6Cgk0W
+HyWc/tms0aRa4e3RWP8MnfpG4s47cazTEbiMeNp/lLYtntjVYrqm8D2cb6SvP4fu
+kvi7bKLhcd4l9v42oZKF5wZjynUEh+424TNxqI8OTcnT15xoOjauM9aQnbFYB0ON
+tOJ5cO8Pmjbo1wfFsSntC7NrIspaTrlseOl/bK3LadLlb9UHW3GRVwIcIzEYPabU
+PZcTKjzk1nAu1fpHgoCuMequxDaXSSWyDLMqwLfqoQKBgQDtcOHFJHO63SIOrwlG
+OjZiMxKekjVqtbdiN+7h3FBR0+M7EZnyFO7zsfmDaN3k4m3a6idlnn9HvsEilf+K
+Cc+8I0dCeBbZOs/TqVN8ZHB6MqUmtMdGIc1Fau1HYis+d4g1pbQ9tpG0OVa806rR
+AkBwD+/Vm6+8uZKilq+oijSpEwKBgQDa3Dt9LFYOG6gnWHlq7uLIWnA4wHKmgEGL
+AykaZgW2bxIhQa1C+460OQaCwBbBG2NlN7Lt8MXsr48epnSKROfCYIBuqlH3i2CN
+ka+W7pEtnkeEnZSUMb/IF5T868xbYkzXFqJkr17o2MBMbLiM2G79dT/j83MJVc1A
+FecQByNwoQKBgArrdBai9IeVf+l49045gyLFAog0ZSyBKuvjcqMEhNUej4a56oCN
+oeenObhnbD0IhNDaj/FGdsgP58X1bAknJlyaqr5N048t+zzavrIr1FhqV9oN2lRJ
+Xa1hm4P66c43pRYChuWHre/B61FH0sVF+zysHvWN8WkWh73efDmeEYntAoGAMcq1
+Bg9WLLOCGCF6zic3FRnuOhseel7ninbXnRfk6NJwL3y/rGOK3dmzb3/ALYLLpDV9
+0cBbZzOxvelkzihLCd/mmEbLiyP8fXjNl+sCwHwoDTXEncqLtTwYO0pyHcBJdw3B
+OGLlltfpN/nsKq764VMRjAzQ+Si6H4BcJztYhsECgYEAnql7JlJlg/jUOS3hU/sM
+iZ1EY7K8DFjaIOitcPcjbZqH4Ha9922MSGW4hCKMo3ncDdaDKDvrfYd9pgtrSvHd
+vH1vXcVrdzuLPVzvCxlRxQbSZpK6RZT+OF1OTvg9zMu2hemMwyKNxrRmjADwuU/E
+f7etkEMnboFO//fGoMXU5cc=
+-----END PRIVATE KEY-----

configs/open5gs/tls/udm.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBDDANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD3VkbS5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMnNHwgMDlTfi2x5QMvhdhGzOxCZvboqcrkHrTGkRJtUrxNjddjhSkm3
+KeRKEdcDq/t126t2CAxiYiRprKr9II1o6rq2JUZz7VU0aC9wWnZyWhIf4VIzyhz5
+G5s5cWT7IoJZ/cjmoS89e5cPv34G0jLaqz2m/Kl2zqmVozQRdDuO7Hreh9KgPs92
+kqA6XYy1z+hxUILAjpdVoTwgJm0UchF9Ibgc5+ab1XuaaYzxlYAzwcWcCibFzgGO
+I6+MdTpJISJBHRzkLOsmFyJ2XpH53aRPN51yQDRnPTDfJj4og6FyFWjtIfCeBHBf
+3taz6SPFPHIZhR8OIMt25T4r2bXmS68CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUfzKzBycjEgN97TEqC+0iKaWBdVIwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBACQXPgeUMGyWGbGPwr/cg0lC
+SPiIL1s7oZQoNisbTtTqnBHo36xLTGb051o9ZTwd2xTRNJ4ue9/rDnMTK//9+6V5
+FKDOYFqikSmCtzuJFB5Q24KxdUM679feAy7v7BWTGd7LoN0dOgPCHqPT7/daxgYW
+Xaip1lslx5TYNTnhrJAoVfj0VGrSrTqQqCNf3ifQDI0HRuheKC2WM6Ep7E8MyjiT
+kzfsznaWul06geQn7vT4MMTHUNUI49Y2uCCgosD8Xi23Oi8qSiguCeSLcg2ns0p6
+eELtPm1xcTWoJHomDNf150ZW5swFDfE9asAWGeYqONShUp5Zim1agcuGTpp9uaQ=
+-----END CERTIFICATE-----

configs/open5gs/tls/udm.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPdWRtLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc0fCAwOVN+LbHlAy+F2EbM7EJm9uipy
+uQetMaREm1SvE2N12OFKSbcp5EoR1wOr+3Xbq3YIDGJiJGmsqv0gjWjqurYlRnPt
+VTRoL3BadnJaEh/hUjPKHPkbmzlxZPsigln9yOahLz17lw+/fgbSMtqrPab8qXbO
+qZWjNBF0O47set6H0qA+z3aSoDpdjLXP6HFQgsCOl1WhPCAmbRRyEX0huBzn5pvV
+e5ppjPGVgDPBxZwKJsXOAY4jr4x1OkkhIkEdHOQs6yYXInZekfndpE83nXJANGc9
+MN8mPiiDoXIVaO0h8J4EcF/e1rPpI8U8chmFHw4gy3blPivZteZLrwIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAMN+RIzcc2m7iImxiGpwIitwP8l7XLVYdZhMm90/
+SEDHmmlxebl8Re/nrt/17xKTH7xM+vjvWqieal6MT476Ye3cvk/obR7mv6f5UPoq
+nmOCr9Ov3SaUy0WKEqEShs171NM6+DOLoXaN8oBWYkL8mGL4tP7lKcBTmNlM5Vuu
+Y42XzLa2NO4nkm3cVTJma/hvMw9zNDwbBeH7qgfWDAL4LAC9Ea6RrYgLvgEiiJHm
+J6CkrntvPfemwMguWtt3Roq0MkR3J4vyHgyfIHpJIEM1GLJhXSaEZ3cUPELrIyVs
+ro8vAXGEXaxriKCCQ0BWiCPUN08Tisc9k5AKEe8Yst2M2Qg=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/udm.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJzR8IDA5U34ts
+eUDL4XYRszsQmb26KnK5B60xpESbVK8TY3XY4UpJtynkShHXA6v7ddurdggMYmIk
+aayq/SCNaOq6tiVGc+1VNGgvcFp2cloSH+FSM8oc+RubOXFk+yKCWf3I5qEvPXuX
+D79+BtIy2qs9pvypds6plaM0EXQ7jux63ofSoD7PdpKgOl2Mtc/ocVCCwI6XVaE8
+ICZtFHIRfSG4HOfmm9V7mmmM8ZWAM8HFnAomxc4BjiOvjHU6SSEiQR0c5CzrJhci
+dl6R+d2kTzedckA0Zz0w3yY+KIOhchVo7SHwngRwX97Ws+kjxTxyGYUfDiDLduU+
+K9m15kuvAgMBAAECggEAGPA7bIAo6T4y+bXGVyvGrotKulN1ieMjCFC1i5P0UonV
+lPzOnH3C83cqOycYK00t3MaE3hyZBAbIgB17FCpx8mfL0kUeOCWtZ8ExOuOUmlyp
+WuILs1/pE0mJqtYfeE48xoUegsxVkQP1GQb+MDHhmh1B2j2frcWb5oMyhwW9KnrX
+8yoMUq0J41keGbM4nd6hYY/0mqQL4BffJd/UdLOGL5SupAYTzyELuycktMBbt8EG
+CIlIOsd5ZfD5aLHiM0ZUGnK7URQBIpf//tBw6SBeYmc02CmfaLvqRLvnH9oE47/9
+0vFLDGifUY9vRuX4rBlghmy+/jzCBMRW6Rlbj8LyGQKBgQDb2UXmQ7NiMAuNTb2+
+4498QIi1ReQyyg1ONtMoZ9vXc9CwtFVdLk6JTru2VRvXIwpCWHZGsS9vWtuIk+1p
+QqZYT8lRqX4TEDIjC4MG2XdGCnox4FuKPqyjESwd0O45xqfv45Nbx2NAsNOgm/xg
+oJULFMuVVHMztOcH+6fQamRJxQKBgQDq/B++VMDoXnYyNmhxfSR0NPfeQuCkHlXo
+kfX2cve27yI9mLKXKtNKtwlAAdhSGZ9Hbe2B1mINLpqajKUuoyD0eyNPzZGWiINH
+7BM+oxIMbzRo+o2a7Eyaa12RLJ1b2O2wOPriddwa0ycx3BqTy2mzgRvSzoA9fAPY
+6mHAXp164wKBgE6YJSIFj+qJLIgOg8frSE9uLrFHVCZID2uns+NdBb3HXJLfVSkj
+tdXmfLrZQEOv9inzwAzTqRaRD6yK3bPkrN0jYOA9zKF6B8J5ihT3x2kVs8uC3pbU
+gxkkuXXLTG8BMuZSoEqORFBLJszjFt1gawf0Hje7YhfZE0LKV5rtff7VAoGAMIMg
+opCoytBFopQs99EYJ42P5qjz663/mmYX22tczL2N2h2eMSs8N96V4EsBN+HmSj7d
+m8KAt6v5axLCP2CaOx746U7NUcCZKc4JIxNTdJG4xjuD5IoIPpEP3hrR2dZtK8Z3
+tS0T5c3V96szKXQDPHXZIqpTO15RBQVObQKbjHUCgYEAo6smzS8yppgd4zQaPkIK
+7gRdfvIxXwcmWeVG5GeFIHmSpBsdPVgcwhbsdHoFWLBu1kU4pXsi6Mm8RQqW8GQv
+TqLtQg+8UZwOUcZpwK3ubEJpPst8meVfi5KPQYgeqNHcBjOhllQWobdI1Zh6i76r
+BDBpY0brm19iZHspDFURjjY=
+-----END PRIVATE KEY-----

configs/open5gs/tls/udr.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBDTANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjhaFw0zMjExMDgyMzM3MjhaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD3Vkci5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALS3q+2uJj5htQxIoV5PjCbuUbETFbWunNBpU3n/bs5wtcl1jf/Ez8f+
+4nhN+liNHvInFyxflA9Qu2eL9/+HbZxMXlyFwcHZo82SMa+CQEoFcZQUxtPa7Zo0
+WovYJJH+XMqdFFPMQgq3VRsRkbSJJIRID0Lx1jx3RSIMMCcWTOyrGgIDOySSkNGo
+8CuJ3VzsH5Httj1crrZhypGrY4rgoYO2gsc9KtI4r3hS7hHTjD1C3lDLKJj035Xu
+t8g0rDe4S5DqKJ7WF+z7nIplVuVmj6HWFhW8H16fxNMohmjkHMLL7QIkyCZOYkWY
+rbymCPQGYuBRKajTAoI80yj237vxiFkCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUoc0vMqJQ773qf3xn5qGb3YTTtDUwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAFbO+6lgHIhX9tcNDspiO/2d
+BwBVruQuslYNVmKN53IS+Dr1fku49/WDo5WVd59JVV5OStLdXMZoj6103ie12GQ0
+2fTelMDLk/GRBv80OpD8vPnUKRI/uNDjGjAgle6ruMX7LZHmPfoIM4s1yIfYMEOt
+R9F6BmZbRAPQX6OgHsTp6+uaCRIk6nBVJP+eIdVU+IAON7gzJIsiJesm78u+Jmvm
+SdOkSsoW/mHgoDtC5EgwMHYOfuHZPPBZOa5HOFvQPhi7lgFNUVUim2iNBxYoDecF
+J2i3J07fE7mvETfmfiTUfWPqGHSJG9C8zuKvHRWW0rky9Vjjcux69QyUANnyYZU=
+-----END CERTIFICATE-----

configs/open5gs/tls/udr.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPdWRyLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLer7a4mPmG1DEihXk+MJu5RsRMVta6c
+0GlTef9uznC1yXWN/8TPx/7ieE36WI0e8icXLF+UD1C7Z4v3/4dtnExeXIXBwdmj
+zZIxr4JASgVxlBTG09rtmjRai9gkkf5cyp0UU8xCCrdVGxGRtIkkhEgPQvHWPHdF
+IgwwJxZM7KsaAgM7JJKQ0ajwK4ndXOwfke22PVyutmHKkatjiuChg7aCxz0q0jiv
+eFLuEdOMPULeUMsomPTfle63yDSsN7hLkOoontYX7PucimVW5WaPodYWFbwfXp/E
+0yiGaOQcwsvtAiTIJk5iRZitvKYI9AZi4FEpqNMCgjzTKPbfu/GIWQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAHSvfRFofc40z1H15RtNFs1aISVznyWYueOMcxlN
+kJ6V6SzEhGhDCssGfP3o4/ruO/EKtj01YXJOQHfdU/tNv2ukDlJTOLXx7f3CTrOZ
+U28esxISCbfrMcjHUe46cRc4fO6wW1GyZAB4engShdQLzTCPi+EMp6sodQt1aVV1
+wCs2t7FI35gXoxydTn/AGzW86nmy61XHNHxhSZPAH1cE+ynfN6PI1ApCX71HgsyN
+3bWt1D+hFQ4Q1t0p2W2x3jyXS/1O/7Uxr7Og8Zwvziwb+WvZRSed1dyaR/kdo7pW
+aMLhY/WGaSYY72mV+fXAhhwVW7A0u8EvrRmzpu/pjonsoVE=
+-----END CERTIFICATE REQUEST-----

configs/open5gs/tls/udr.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC0t6vtriY+YbUM
+SKFeT4wm7lGxExW1rpzQaVN5/27OcLXJdY3/xM/H/uJ4TfpYjR7yJxcsX5QPULtn
+i/f/h22cTF5chcHB2aPNkjGvgkBKBXGUFMbT2u2aNFqL2CSR/lzKnRRTzEIKt1Ub
+EZG0iSSESA9C8dY8d0UiDDAnFkzsqxoCAzskkpDRqPArid1c7B+R7bY9XK62YcqR
+q2OK4KGDtoLHPSrSOK94Uu4R04w9Qt5QyyiY9N+V7rfINKw3uEuQ6iie1hfs+5yK
+ZVblZo+h1hYVvB9en8TTKIZo5BzCy+0CJMgmTmJFmK28pgj0BmLgUSmo0wKCPNMo
+9t+78YhZAgMBAAECggEADdVR7jKSl5uZ1OAB5zLaYPgE7ZOvCZ5dP1hSpR/sAtYu
+miZbGWkeuRnOCuS4LTtXMzTSEanazu3QfJmCoS8kES7o2bb86QpwfxnJ3xwOsQPX
+6PyKqDilz7QierovuXOxtWo+/jegVgro0za98yZ80rnj3i1eJ3h/RJ8PeAx9VK/W
+nsE/aoR/AiNmdwyZRStVdsvW98GNdONc8la2Cs9fC71tbeKnL/QFSmgZpVGz606u
+Y3ykNxPgcePFscS+6UR+ML5L34HtZfQV4KCAnEWUO1tXYoLDKM+h7sp03rNoGdQK
+/L3xNd1jI0gcm/t0LFhBuKGrKo1pKwrONwm6LMbRkQKBgQDAep8a46jKwQbbVNnp
+qSxy9l3it/TjbYuLSAuRlz8YXaJSvF/EMmTYtYQ1G4T2exkBN11UeP/tdywD+J/p
+4jEI9UZz9QCjXFyleDZZfScs7SuRfKlZ6ygY+cbKb8T75rO/J/StU4VgNPtKjxzv
+OZEpJwCLsZLkOj7mmqlfwSwaiQKBgQDwW2P9XF2XkcoGyEffQDX0qylekUZ8Zqq9
+UnuWmjLJxD+rbJcQiyMIKxzY5gKw1FtquBMKryfuKHiDRCTO/Sr5V4VjRG13etAN
+WqPWUrjmvlutMZhvwS876wS15hyHkL9Jjbj6F0TvYRIMXTa6yLFMLVNBZFSJzfRH
+aRxnfb9LUQKBgF2S/4i+BxBTGTdGIA6lrTNSrMAM+KQcXIvhAabNJeJ9mu2oINKs
+QTTNwjFjaJe/rp9VwCzSCnHyztY7Z9r3mSkmvRKgmKfSvkO/loSZAJOp1dWMCnTp
+ivvhapB+GADy3o3fKeedxCjKeSR9QO7YSMb97Bj9wlDsNCo+JHul2QApAoGAb5/B
+3BRdUtreHDA/UKsdY7dpywVk2rlDahE4XETYeWOuvgn8Ti6P4mdDSmfnr/+vROyf
+y0J1JOGetjebcJWas5m11NgejnJ21PzXQd3BCUg2g0SZKq1pJkaLNX7cmQjcDWjI
+Ez1jQliubReNJ0m1LU+PbrsNl8ISRGfITTfU80ECgYEAjzlKdEB0GUyDev9yuJWb
+xLPgbtQmIFJ0wcr55R1BrLlOw5nhJvHYUuAqNVwbZyDOcZT6RdC2k1uyybAupPFF
+ZRFFBnGQGGXj2fiPvFyJCVcbT6QhtkvXqBRwbRakJY1FMWCw079VzcoRtt+mcgFu
+u179+NNjjTx63C4ZElNl654=
+-----END PRIVATE KEY-----

configs/open5gs/udm.yaml.in

@@ -1,99 +1,427 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,sbi,udm,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
     file: @localstatedir@/log/open5gs/udm.log
+
 #
-# udm:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/udm.key
+      cert: @sysconfdir@/open5gs/tls/udm.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/udm.key
+      cert: @sysconfdir@/open5gs/tls/udm.crt
+
+#
+#  <Home Network Public Key>
+#
+#  o Generate the private key as below.
+#    $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key
+#    $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key
+#
+#  o The private and public keys can be viewed with the command.
+#    The public key is used when creating the SIM.
+#    $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text
+#    $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text
+#
+#  o Home network public key identifier(PKI) value : 1
+#    Protection scheme identifier : ECIES scheme profile A
+#  udm:
+#    hnet:
+#      - id: 1
+#        scheme: 1
+#        key: /etc/open5gs/hnet/curve25519-1.key
+#
+#  o Home network public key identifier(PKI) value : 2
+#    Protection scheme identifier : ECIES scheme profile B
+#  udm:
+#    hnet:
+#      - id: 2
+#        scheme: 2
+#        key: /etc/open5gs/hnet/secp256r1-2.key
+#
+#  o Home network public key identifier(PKI) value : 3
+#    Protection scheme identifier : ECIES scheme profile A
+#  udm:
+#    hnet:
+#      - id: 3
+#        scheme: 1
+#        key: /etc/open5gs/hnet/curve25519-1.key
+#
+#  o Home network public key identifier(PKI) value : 4
+#    Protection scheme identifier : ECIES scheme profile B
+#  udm:
+#    hnet:
+#      - id: 4
+#        scheme: 2
+#        key: /etc/open5gs/hnet/secp256r1-2.key
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
 #          - ::0
 #        port: 7777
 #
-#  o SBI Server(https://<all address avaiable>:443)
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/udm.key
+#      cert: /etc/open5gs/tls/udm.crt
+#  udm:
 #    sbi:
-#      - tls:
-#          key: udm.key
-#          pem: udm.pem
 #
-#  o SBI Server(https://127.0.0.12:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.12:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/udm.key
+#      cert: /etc/open5gs/tls/udm.crt
+#  udm:
 #    sbi:
 #      - addr: 127.0.0.12
-#        tls:
-#          key: udm.key
-#          pem: udm.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://udm.open5gs.org:80)
+#  o SBI Server(https://udm.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/udm.key
+#      cert: /etc/open5gs/tls/udm.crt
+#  udm:
 #    sbi:
 #      - name: udm.open5gs.org
 #
 #  o SBI Server(http://127.0.0.12:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #      - addr: 127.0.0.12
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-udm.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #      - addr: localhost
 #        advertise:
 #          - 127.0.0.99
 #          - ::1
 #
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
+#    sbi:
+#      addr: 127.0.0.12
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  udm:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  udm:
+#    service_name:
+#      - nudm-sdm
+#      - nudm-uecm
+#      - nudm-ueau
+#
+#  <NF Discovery Query Parameter>
+#
+#  o (Default) If you do not set Query Parameter as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
+#    sbi:
+#      - addr: 127.0.0.12
+#        port: 7777
+#
+#    - 'service-names' is included.
+#
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
+#    sbi:
+#      - addr: 127.0.0.12
+#        port: 7777
+#    discovery:
+#      option:
+#        no_service_names: false
+#
+#  o To remove 'service-names' from URI query parameters in NS Discovery
+#         no_service_names: true
+#
+#    * For Indirect Communication with Delegated Discovery,
+#      'service-names' is always included in the URI query parameter.
+#    * That is, 'no_service_names' has no effect.
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
+#    sbi:
+#      - addr: 127.0.0.12
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
+#    sbi:
+#      - addr: 127.0.0.12
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
 udm:
+    hnet:
+      - id: 1
+        scheme: 1
+        key: @sysconfdir@/open5gs/hnet/curve25519-1.key
+      - id: 2
+        scheme: 2
+        key: @sysconfdir@/open5gs/hnet/secp256r1-2.key
+      - id: 3
+        scheme: 1
+        key: @sysconfdir@/open5gs/hnet/curve25519-3.key
+      - id: 4
+        scheme: 2
+        key: @sysconfdir@/open5gs/hnet/secp256r1-4.key
+      - id: 5
+        scheme: 1
+        key: @sysconfdir@/open5gs/hnet/curve25519-5.key
+      - id: 6
+        scheme: 2
+        key: @sysconfdir@/open5gs/hnet/secp256r1-6.key
     sbi:
       - addr: 127.0.0.12
         port: 7777
 
 #
-# nrf:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 #
 #  <SBI Client>>
 #
 #  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@@ -104,81 +432,74 @@ udm:
 #        - 127.0.0.10
 #        - fd69:f21d:873c:fa::1
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777
 
-#
-# parameter:
-#
-#  o Number of output streams per SCTP associations.
-#      sctp_streams: 30
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:
 
 #
-# max:
-#
-# o Maximum Number of UE per AMF/MME
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-#    gnb: 64
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
 #
 max:
 
-#
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-#   To connect more UEs, you need to increase the size further.
-#
-#   - Pool-size 128         => 65536 Number
-#   - Pool-size 256         => 16384 Number
-#   - Pool-size 512         => 4096 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  65536
-#    256:  16384
-#    512:  4096
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-pool:
-
-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:

configs/open5gs/udr.yaml.in

@@ -1,101 +1,366 @@
 db_uri: mongodb://localhost/open5gs
 
-#
-# logger:
 #
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,sbi,udr,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
     file: @localstatedir@/log/open5gs/udr.log
+
 #
-# udr:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/udr.key
+      cert: @sysconfdir@/open5gs/tls/udr.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/udr.key
+      cert: @sysconfdir@/open5gs/tls/udr.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
 #          - ::0
 #        port: 7777
 #
-#  o SBI Server(https://<all address avaiable>:443)
+#  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
 #    sbi:
-#      - tls:
-#          key: udr.key
-#          pem: udr.pem
 #
-#  o SBI Server(https://127.0.0.20:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.15:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
 #    sbi:
-#      - addr: 127.0.0.20
-#        tls:
-#          key: udr.key
-#          pem: udr.pem
+#      - addr: 127.0.0.15
 #      - addr: ::1
 #
-#  o SBI Server(http://udr.open5gs.org:80)
-#    sbi:
-#      - name: udr.open5gs.org
+#  o SBI Server(https://bsf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
 #
-#  o SBI Server(http://127.0.0.20:7777)
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
 #    sbi:
-#      - addr: 127.0.0.20
+#      - name: bsf.open5gs.org
+#
+#  o SBI Server(http://127.0.0.15:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr: 127.0.0.15
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - dev: eth0
-#        advertise: open5gs-udr.svc.local
+#        advertise: open5gs-bsf.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - addr: localhost
 #        advertise:
 #          - 127.0.0.99
 #          - ::1
 #
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      addr: 127.0.0.15
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+#  <NF Service>
+#
+#  o NF Service Name(Default : all NF services available)
+#  udr:
+#    service_name:
+#
+#  o NF Service Name(Only some NF services are available)
+#  udr:
+#    service_name:
+#      - nudr-dr
+#
+#  <NF Discovery Query Parameter>
+#
+#  o (Default) If you do not set Query Parameter as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  udr:
+#    sbi:
+#      - addr: 127.0.0.20
+#        port: 7777
+#
+#    - 'service-names' is included.
+#
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  udr:
+#    sbi:
+#      - addr: 127.0.0.20
+#        port: 7777
+#    discovery:
+#      option:
+#        no_service_names: false
+#
+#  o To remove 'service-names' from URI query parameters in NS Discovery
+#         no_service_names: true
+#
+#    * For Indirect Communication with Delegated Discovery,
+#      'service-names' is always included in the URI query parameter.
+#    * That is, 'no_service_names' has no effect.
+#
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  udr:
+#    sbi:
+#      - addr: 127.0.0.20
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  udr:
+#    sbi:
+#      - addr: 127.0.0.20
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
 udr:
     sbi:
       - addr: 127.0.0.20
         port: 7777
 
 #
-# nrf:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 #
 #  <SBI Client>>
 #
 #  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@@ -106,89 +371,74 @@ udr:
 #        - 127.0.0.10
 #        - fd69:f21d:873c:fa::1
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777
 
-#
-# parameter:
-#
-#  o Number of output streams per SCTP associations.
-#      sctp_streams: 30
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:
 
 #
-# max:
-#
-# o Maximum Number of UE per AMF/MME
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-#    gnb: 64
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
+#    peer: 64
 #
 max:
 
-#
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-#   To connect more UEs, you need to increase the size further.
-#
-#   - Pool-size 128         => 65536 Number
-#   - Pool-size 256         => 16384 Number
-#   - Pool-size 512         => 4096 Number
-#   - Pool-size 1024        => 1024 Number
-#   - Pool-size 2048        => 512 Number
-#   - Pool-size 8192        => 128 Number
-#   - Pool-size 1024*1024   => 8 Number
-#
-#    128:  65536
-#    256:  16384
-#    512:  4096
-#    1024: 1024
-#    2048: 512
-#    8192: 128
-#    big:  8
-#
-pool:
-
-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
-#  o NF Instance Heartbeat (Disabled)
-#    nf_instance:
-#      heartbeat: 0
-#
-#  o NF Instance Heartbeat (10 seconds)
-#    nf_instance:
-#      heartbeat: 10
-#
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time: