acouzens
/
ipsec-gtpu-poc2
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

init

This commit is contained in:
Alexander Couzens 2023-01-23 22:52:44 +01:00
commit ceb0815836
28 changed files with 399 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
README.md Normal file
View File

49
ansible/epdg.yml Normal file
View File

@ -0,0 +1,49 @@
---
- name: epdg
hosts: epdg
user: root
tasks:
- apt:
pkg:
- iptables
- strongswan
- charon-systemd
- name: copy ipsec config
copy:
src: swanctl.epdg.conf
dest: /etc/swanctl/swanctl.conf
- name:
service:
name: strongswan
state: restarted
enabled: yes
- name: install repo key
ansible.builtin.get_url:
url: https://downloads.osmocom.org/packages/osmocom%3A/nightly/Debian_11/Release.key
dest: /etc/apt/trusted.gpg.d/osmocom.asc
- name: use osmocom stable repo
ansible.builtin.apt_repository:
repo: "deb https://downloads.osmocom.org/packages/osmocom%3A/nightly/Debian_11/ ./"
state: present
- name: add testing to get a new kernel for bullseye
ansible.builtin.apt_repository:
repo: "deb https://deb.debian.org/debian testing main"
state: present
- name: setup gtp
apt:
pkg:
- linux-image-amd64
- libgtp6
- libgtpnl-tools
- name: setup script
copy:
src: files/epdg.setup.sh
dest: /root/setup.sh
mode: 0755

23
ansible/files/epdg.setup.sh Executable file
View File

@ -0,0 +1,23 @@
#!/bin/sh
term() {
kill %1
gtp-link del gtp
exit 0
}
trap term INT
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe gtp
echo -n 'module gtp +p' > /sys/kernel/debug/dynamic_debug/control
gtp-link del gtp 2>/dev/null
gtp-link add gtp --sgsn &
sleep 2
ip a a 172.20.0.2/32 dev lo
ip r a 172.20.0.0/24 dev gtp
gtp-tunnel add gtp v1 100 100 172.20.0.2 10.0.0.2
echo "Waiting for CTRL-C"
wait %1

3
ansible/files/ims.setup.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
ip route add 172.20.0.0/24 via 172.16.24.1

24
ansible/files/pgw.setup.sh Executable file
View File

@ -0,0 +1,24 @@
#!/bin/sh
term() {
kill %1
gtp-link del gtp
exit 0
}
trap term INT
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe gtp
echo -n 'module gtp +p' > /sys/kernel/debug/dynamic_debug/control
gtp-link del gtp 2>/dev/null
gtp-link add gtp &
sleep 2
ip a a 172.20.0.1/24 dev gtp
gtp-tunnel add gtp v1 100 100 172.20.0.2 10.0.0.1
echo "Waiting for CTRL-C"
wait %1

29
ansible/files/swanctl.epdg.conf Normal file
View File

@ -0,0 +1,29 @@
connections {
rw {
local_addrs = 192.168.0.2
local {
auth = psk
}
remote {
auth = psk
}
children {
net {
local_ts = 172.16.0.0/24
updown = /usr/lib/ipsec/_updown iptables
esp_proposals = null-null
}
}
version = 2
proposals = null-md5-prfmd5-null-ecp192
}
}
secrets {
ike-ue {
id = 192.168.0.1
secret = Ar3etTnp01qlpOgb
}
}

34
ansible/files/swanctl.ue.conf Normal file
View File

@ -0,0 +1,34 @@
connections {
host-host {
local_addrs = 192.168.0.1
remote_addrs = 192.168.0.2
local {
auth = psk
id = 192.168.0.1
}
remote {
auth = psk
id = 192.168.0.2
}
children {
host-host {
remote_ts = 172.16.0.0/24
updown = /usr/lib/ipsec/_updown iptables
# esp_proposals = aes128gcm128-x25519
esp_proposals = null-null
}
}
version = 2
proposals = null-md5-prfmd5-null-ecp192
}
}
secrets {
ike-epdg {
id = 192.168.0.1
secret = Ar3etTnp01qlpOgb
}
}

5
ansible/hosts Normal file
View File

@ -0,0 +1,5 @@
[vms]
ue ansible_host=192.168.56.51
epdg ansible_host=192.168.56.52
pgw ansible_host=192.168.56.53
ims ansible_host=192.168.56.54

15
ansible/ims.yml Normal file
View File

@ -0,0 +1,15 @@
---
- name: ims
hosts: ims
user: root
tasks:
- apt:
pkg:
- iptables
- nginx
- name: setup script
copy:
src: files/ims.setup.sh
dest: /root/setup.sh
mode: 0755

36
ansible/pgw.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: pgw
hosts: pgw
user: root
tasks:
- apt:
pkg:
- iptables
- name: install repo key
ansible.builtin.get_url:
url: https://downloads.osmocom.org/packages/osmocom%3A/nightly/Debian_11/Release.key
dest: /etc/apt/trusted.gpg.d/osmocom.asc
- name: use osmocom stable repo
ansible.builtin.apt_repository:
repo: "deb https://downloads.osmocom.org/packages/osmocom%3A/nightly/Debian_11/ ./"
state: present
- name: add testing to get a new kernel for bullseye
ansible.builtin.apt_repository:
repo: "deb https://deb.debian.org/debian testing main"
state: present
- name: setup gtp
apt:
pkg:
- linux-image-amd64
- libgtp6
- libgtpnl-tools
- name: setup script
copy:
src: files/pgw.setup.sh
dest: /root/setup.sh
mode: 0755

21
ansible/ue.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: ue
hosts: ue
user: root
tasks:
- apt:
pkg:
- iptables
- strongswan
- charon-systemd
- name: copy config
copy:
src: swanctl.ue.conf
dest: /etc/swanctl/swanctl.conf
- name:
service:
name: strongswan
state: restarted
enabled: yes

12
ansible/vms.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: ue
hosts: vms
user: root
tasks:
- name: install
apt:
pkg:
- tcpdump
- git
- vim
- inetutils-ping

8
create_networks.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
for br in ipsec gtp plain ; do
brctl addbr $br
sleep 1
ip link set $br up
done

5
graph.dot Normal file
View File

@ -0,0 +1,5 @@
graph {
UE -- EPDG;
EPDG -- PGW;
PGW -- IMS;
}

2
vms/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
seed.iso
*.img

7
vms/cloudinit/create_iso.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/sh
for i in ue epdg pgw ims ; do
cd $i
genisoimage -output seed.iso -volid cidata -joliet -rock user-data meta-data network-config
cd ..
done

2
vms/cloudinit/epdg/meta-data Normal file
View File

@ -0,0 +1,2 @@
instance-id: epdg.osmocom
local-hostname: epdg.osmocom

22
vms/cloudinit/epdg/network-config Normal file
View File

@ -0,0 +1,22 @@
version: 2
ethernets:
# opaque ID for physical interfaces, only referred to by other stanzas
first:
match:
macaddress: '52:54:00:ab:78:58'
addresses:
- 192.168.56.52/24
gateway4: 192.168.56.1
nameservers:
search: [fe80.eu]
addresses: [8.8.8.8]
ipsec:
match:
macaddress: '52:54:00:eb:1e:ad'
addresses:
- 192.168.0.2/24
gtp:
match:
macaddress: '52:54:00:8e:d3:82'
addresses:
- 10.0.0.1/24

10
vms/cloudinit/epdg/user-data Normal file
View File

@ -0,0 +1,10 @@
#cloud-config
ssh_pwauth: false
users:
- name: root
lock-passwd: false
passwd: "$5$ciu7ed4fumee5oog$psIozFirhSipeC/OTlyzm5G1fVKmtQvuqVna/8o/dq6"
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQ5OPY/ZTGu3L+gF7ZBKdEHWAPrsILlzBYKm1jLFIQV lynxis@javelin

2
vms/cloudinit/ims/meta-data Normal file
View File

@ -0,0 +1,2 @@
instance-id: ims.osmocom
local-hostname: ims.osmocom

17
vms/cloudinit/ims/network-config Normal file
View File

@ -0,0 +1,17 @@
version: 2
ethernets:
# opaque ID for physical interfaces, only referred to by other stanzas
first:
match:
macaddress: '52:54:00:2d:c9:d0'
addresses:
- 192.168.56.54/24
gateway4: 192.168.56.1
nameservers:
search: [fe80.eu]
addresses: [8.8.8.8]
plain:
match:
macaddress: '52:54:00:37:f0:b0'
addresses:
- 172.16.24.2/24

10
vms/cloudinit/ims/user-data Normal file
View File

@ -0,0 +1,10 @@
#cloud-config
ssh_pwauth: false
users:
- name: root
lock-passwd: false
passwd: "$5$ciu7ed4fumee5oog$psIozFirhSipeC/OTlyzm5G1fVKmtQvuqVna/8o/dq6"
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQ5OPY/ZTGu3L+gF7ZBKdEHWAPrsILlzBYKm1jLFIQV lynxis@javelin

2
vms/cloudinit/pgw/meta-data Normal file
View File

@ -0,0 +1,2 @@
instance-id: pgw.osmocom
local-hostname: pgw.osmocom

22
vms/cloudinit/pgw/network-config Normal file
View File

@ -0,0 +1,22 @@
version: 2
ethernets:
# opaque ID for physical interfaces, only referred to by other stanzas
first:
match:
macaddress: '52:54:00:57:43:3e'
addresses:
- 192.168.56.53/24
gateway4: 192.168.56.1
nameservers:
search: [fe80.eu]
addresses: [8.8.8.8]
gtp:
match:
macaddress: '52:54:00:6c:50:f8'
addresses:
- 10.0.0.2/24
plain:
match:
macaddress: '52:54:00:25:6c:6e'
addresses:
- 172.16.24.1/24

10
vms/cloudinit/pgw/user-data Normal file
View File

@ -0,0 +1,10 @@
#cloud-config
ssh_pwauth: false
users:
- name: root
lock-passwd: false
passwd: "$5$ciu7ed4fumee5oog$psIozFirhSipeC/OTlyzm5G1fVKmtQvuqVna/8o/dq6"
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQ5OPY/ZTGu3L+gF7ZBKdEHWAPrsILlzBYKm1jLFIQV lynxis@javelin

2
vms/cloudinit/ue/meta-data Normal file
View File

@ -0,0 +1,2 @@
instance-id: ue.osmocom
local-hostname: ue.osmocom

17
vms/cloudinit/ue/network-config Normal file
View File

@ -0,0 +1,17 @@
version: 2
ethernets:
# opaque ID for physical interfaces, only referred to by other stanzas
first:
match:
macaddress: '52:54:00:b8:b7:0c'
addresses:
- 192.168.56.51/24
gateway4: 192.168.56.1
nameservers:
search: [fe80.eu]
addresses: [8.8.8.8]
ipsec:
match:
macaddress: '52:54:00:1c:26:27'
addresses:
- 192.168.0.1/24

10
vms/cloudinit/ue/user-data Normal file
View File

@ -0,0 +1,10 @@
#cloud-config
ssh_pwauth: false
users:
- name: root
lock-passwd: false
passwd: "$5$ciu7ed4fumee5oog$psIozFirhSipeC/OTlyzm5G1fVKmtQvuqVna/8o/dq6"
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQ5OPY/ZTGu3L+gF7ZBKdEHWAPrsILlzBYKm1jLFIQV lynxis@javelin