init
This commit is contained in:
commit
ceb0815836
|
@ -0,0 +1,49 @@
|
|||
---
|
||||
- name: epdg
|
||||
hosts: epdg
|
||||
user: root
|
||||
tasks:
|
||||
- apt:
|
||||
pkg:
|
||||
- iptables
|
||||
- strongswan
|
||||
- charon-systemd
|
||||
|
||||
- name: copy ipsec config
|
||||
copy:
|
||||
src: swanctl.epdg.conf
|
||||
dest: /etc/swanctl/swanctl.conf
|
||||
|
||||
- name:
|
||||
service:
|
||||
name: strongswan
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
- name: install repo key
|
||||
ansible.builtin.get_url:
|
||||
url: https://downloads.osmocom.org/packages/osmocom%3A/nightly/Debian_11/Release.key
|
||||
dest: /etc/apt/trusted.gpg.d/osmocom.asc
|
||||
|
||||
- name: use osmocom stable repo
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb https://downloads.osmocom.org/packages/osmocom%3A/nightly/Debian_11/ ./"
|
||||
state: present
|
||||
|
||||
- name: add testing to get a new kernel for bullseye
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb https://deb.debian.org/debian testing main"
|
||||
state: present
|
||||
|
||||
- name: setup gtp
|
||||
apt:
|
||||
pkg:
|
||||
- linux-image-amd64
|
||||
- libgtp6
|
||||
- libgtpnl-tools
|
||||
|
||||
- name: setup script
|
||||
copy:
|
||||
src: files/epdg.setup.sh
|
||||
dest: /root/setup.sh
|
||||
mode: 0755
|
|
@ -0,0 +1,23 @@
|
|||
#!/bin/sh
|
||||
|
||||
term() {
|
||||
kill %1
|
||||
gtp-link del gtp
|
||||
exit 0
|
||||
}
|
||||
|
||||
trap term INT
|
||||
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
modprobe gtp
|
||||
echo -n 'module gtp +p' > /sys/kernel/debug/dynamic_debug/control
|
||||
gtp-link del gtp 2>/dev/null
|
||||
gtp-link add gtp --sgsn &
|
||||
sleep 2
|
||||
|
||||
ip a a 172.20.0.2/32 dev lo
|
||||
ip r a 172.20.0.0/24 dev gtp
|
||||
gtp-tunnel add gtp v1 100 100 172.20.0.2 10.0.0.2
|
||||
|
||||
echo "Waiting for CTRL-C"
|
||||
wait %1
|
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
|
||||
ip route add 172.20.0.0/24 via 172.16.24.1
|
|
@ -0,0 +1,24 @@
|
|||
#!/bin/sh
|
||||
|
||||
term() {
|
||||
kill %1
|
||||
gtp-link del gtp
|
||||
exit 0
|
||||
}
|
||||
|
||||
trap term INT
|
||||
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
modprobe gtp
|
||||
echo -n 'module gtp +p' > /sys/kernel/debug/dynamic_debug/control
|
||||
gtp-link del gtp 2>/dev/null
|
||||
gtp-link add gtp &
|
||||
sleep 2
|
||||
|
||||
ip a a 172.20.0.1/24 dev gtp
|
||||
gtp-tunnel add gtp v1 100 100 172.20.0.2 10.0.0.1
|
||||
|
||||
echo "Waiting for CTRL-C"
|
||||
wait %1
|
||||
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
connections {
|
||||
rw {
|
||||
local_addrs = 192.168.0.2
|
||||
|
||||
local {
|
||||
auth = psk
|
||||
}
|
||||
remote {
|
||||
auth = psk
|
||||
}
|
||||
children {
|
||||
net {
|
||||
local_ts = 172.16.0.0/24
|
||||
|
||||
updown = /usr/lib/ipsec/_updown iptables
|
||||
esp_proposals = null-null
|
||||
}
|
||||
}
|
||||
version = 2
|
||||
proposals = null-md5-prfmd5-null-ecp192
|
||||
}
|
||||
}
|
||||
|
||||
secrets {
|
||||
ike-ue {
|
||||
id = 192.168.0.1
|
||||
secret = Ar3etTnp01qlpOgb
|
||||
}
|
||||
}
|
|
@ -0,0 +1,34 @@
|
|||
connections {
|
||||
|
||||
host-host {
|
||||
local_addrs = 192.168.0.1
|
||||
remote_addrs = 192.168.0.2
|
||||
|
||||
local {
|
||||
auth = psk
|
||||
id = 192.168.0.1
|
||||
}
|
||||
remote {
|
||||
auth = psk
|
||||
id = 192.168.0.2
|
||||
}
|
||||
children {
|
||||
host-host {
|
||||
remote_ts = 172.16.0.0/24
|
||||
updown = /usr/lib/ipsec/_updown iptables
|
||||
# esp_proposals = aes128gcm128-x25519
|
||||
esp_proposals = null-null
|
||||
}
|
||||
}
|
||||
version = 2
|
||||
proposals = null-md5-prfmd5-null-ecp192
|
||||
}
|
||||
}
|
||||
|
||||
secrets {
|
||||
ike-epdg {
|
||||
id = 192.168.0.1
|
||||
secret = Ar3etTnp01qlpOgb
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
[vms]
|
||||
ue ansible_host=192.168.56.51
|
||||
epdg ansible_host=192.168.56.52
|
||||
pgw ansible_host=192.168.56.53
|
||||
ims ansible_host=192.168.56.54
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
- name: ims
|
||||
hosts: ims
|
||||
user: root
|
||||
tasks:
|
||||
- apt:
|
||||
pkg:
|
||||
- iptables
|
||||
- nginx
|
||||
|
||||
- name: setup script
|
||||
copy:
|
||||
src: files/ims.setup.sh
|
||||
dest: /root/setup.sh
|
||||
mode: 0755
|
|
@ -0,0 +1,36 @@
|
|||
---
|
||||
- name: pgw
|
||||
hosts: pgw
|
||||
user: root
|
||||
tasks:
|
||||
- apt:
|
||||
pkg:
|
||||
- iptables
|
||||
|
||||
- name: install repo key
|
||||
ansible.builtin.get_url:
|
||||
url: https://downloads.osmocom.org/packages/osmocom%3A/nightly/Debian_11/Release.key
|
||||
dest: /etc/apt/trusted.gpg.d/osmocom.asc
|
||||
|
||||
- name: use osmocom stable repo
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb https://downloads.osmocom.org/packages/osmocom%3A/nightly/Debian_11/ ./"
|
||||
state: present
|
||||
|
||||
- name: add testing to get a new kernel for bullseye
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb https://deb.debian.org/debian testing main"
|
||||
state: present
|
||||
|
||||
- name: setup gtp
|
||||
apt:
|
||||
pkg:
|
||||
- linux-image-amd64
|
||||
- libgtp6
|
||||
- libgtpnl-tools
|
||||
|
||||
- name: setup script
|
||||
copy:
|
||||
src: files/pgw.setup.sh
|
||||
dest: /root/setup.sh
|
||||
mode: 0755
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
- name: ue
|
||||
hosts: ue
|
||||
user: root
|
||||
tasks:
|
||||
- apt:
|
||||
pkg:
|
||||
- iptables
|
||||
- strongswan
|
||||
- charon-systemd
|
||||
|
||||
- name: copy config
|
||||
copy:
|
||||
src: swanctl.ue.conf
|
||||
dest: /etc/swanctl/swanctl.conf
|
||||
|
||||
- name:
|
||||
service:
|
||||
name: strongswan
|
||||
state: restarted
|
||||
enabled: yes
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
- name: ue
|
||||
hosts: vms
|
||||
user: root
|
||||
tasks:
|
||||
- name: install
|
||||
apt:
|
||||
pkg:
|
||||
- tcpdump
|
||||
- git
|
||||
- vim
|
||||
- inetutils-ping
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/sh
|
||||
|
||||
for br in ipsec gtp plain ; do
|
||||
brctl addbr $br
|
||||
sleep 1
|
||||
ip link set $br up
|
||||
done
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
seed.iso
|
||||
*.img
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
for i in ue epdg pgw ims ; do
|
||||
cd $i
|
||||
genisoimage -output seed.iso -volid cidata -joliet -rock user-data meta-data network-config
|
||||
cd ..
|
||||
done
|
|
@ -0,0 +1,2 @@
|
|||
instance-id: epdg.osmocom
|
||||
local-hostname: epdg.osmocom
|
|
@ -0,0 +1,22 @@
|
|||
version: 2
|
||||
ethernets:
|
||||
# opaque ID for physical interfaces, only referred to by other stanzas
|
||||
first:
|
||||
match:
|
||||
macaddress: '52:54:00:ab:78:58'
|
||||
addresses:
|
||||
- 192.168.56.52/24
|
||||
gateway4: 192.168.56.1
|
||||
nameservers:
|
||||
search: [fe80.eu]
|
||||
addresses: [8.8.8.8]
|
||||
ipsec:
|
||||
match:
|
||||
macaddress: '52:54:00:eb:1e:ad'
|
||||
addresses:
|
||||
- 192.168.0.2/24
|
||||
gtp:
|
||||
match:
|
||||
macaddress: '52:54:00:8e:d3:82'
|
||||
addresses:
|
||||
- 10.0.0.1/24
|
|
@ -0,0 +1,10 @@
|
|||
#cloud-config
|
||||
|
||||
ssh_pwauth: false
|
||||
|
||||
users:
|
||||
- name: root
|
||||
lock-passwd: false
|
||||
passwd: "$5$ciu7ed4fumee5oog$psIozFirhSipeC/OTlyzm5G1fVKmtQvuqVna/8o/dq6"
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQ5OPY/ZTGu3L+gF7ZBKdEHWAPrsILlzBYKm1jLFIQV lynxis@javelin
|
|
@ -0,0 +1,2 @@
|
|||
instance-id: ims.osmocom
|
||||
local-hostname: ims.osmocom
|
|
@ -0,0 +1,17 @@
|
|||
version: 2
|
||||
ethernets:
|
||||
# opaque ID for physical interfaces, only referred to by other stanzas
|
||||
first:
|
||||
match:
|
||||
macaddress: '52:54:00:2d:c9:d0'
|
||||
addresses:
|
||||
- 192.168.56.54/24
|
||||
gateway4: 192.168.56.1
|
||||
nameservers:
|
||||
search: [fe80.eu]
|
||||
addresses: [8.8.8.8]
|
||||
plain:
|
||||
match:
|
||||
macaddress: '52:54:00:37:f0:b0'
|
||||
addresses:
|
||||
- 172.16.24.2/24
|
|
@ -0,0 +1,10 @@
|
|||
#cloud-config
|
||||
|
||||
ssh_pwauth: false
|
||||
|
||||
users:
|
||||
- name: root
|
||||
lock-passwd: false
|
||||
passwd: "$5$ciu7ed4fumee5oog$psIozFirhSipeC/OTlyzm5G1fVKmtQvuqVna/8o/dq6"
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQ5OPY/ZTGu3L+gF7ZBKdEHWAPrsILlzBYKm1jLFIQV lynxis@javelin
|
|
@ -0,0 +1,2 @@
|
|||
instance-id: pgw.osmocom
|
||||
local-hostname: pgw.osmocom
|
|
@ -0,0 +1,22 @@
|
|||
version: 2
|
||||
ethernets:
|
||||
# opaque ID for physical interfaces, only referred to by other stanzas
|
||||
first:
|
||||
match:
|
||||
macaddress: '52:54:00:57:43:3e'
|
||||
addresses:
|
||||
- 192.168.56.53/24
|
||||
gateway4: 192.168.56.1
|
||||
nameservers:
|
||||
search: [fe80.eu]
|
||||
addresses: [8.8.8.8]
|
||||
gtp:
|
||||
match:
|
||||
macaddress: '52:54:00:6c:50:f8'
|
||||
addresses:
|
||||
- 10.0.0.2/24
|
||||
plain:
|
||||
match:
|
||||
macaddress: '52:54:00:25:6c:6e'
|
||||
addresses:
|
||||
- 172.16.24.1/24
|
|
@ -0,0 +1,10 @@
|
|||
#cloud-config
|
||||
|
||||
ssh_pwauth: false
|
||||
|
||||
users:
|
||||
- name: root
|
||||
lock-passwd: false
|
||||
passwd: "$5$ciu7ed4fumee5oog$psIozFirhSipeC/OTlyzm5G1fVKmtQvuqVna/8o/dq6"
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQ5OPY/ZTGu3L+gF7ZBKdEHWAPrsILlzBYKm1jLFIQV lynxis@javelin
|
|
@ -0,0 +1,2 @@
|
|||
instance-id: ue.osmocom
|
||||
local-hostname: ue.osmocom
|
|
@ -0,0 +1,17 @@
|
|||
version: 2
|
||||
ethernets:
|
||||
# opaque ID for physical interfaces, only referred to by other stanzas
|
||||
first:
|
||||
match:
|
||||
macaddress: '52:54:00:b8:b7:0c'
|
||||
addresses:
|
||||
- 192.168.56.51/24
|
||||
gateway4: 192.168.56.1
|
||||
nameservers:
|
||||
search: [fe80.eu]
|
||||
addresses: [8.8.8.8]
|
||||
ipsec:
|
||||
match:
|
||||
macaddress: '52:54:00:1c:26:27'
|
||||
addresses:
|
||||
- 192.168.0.1/24
|
|
@ -0,0 +1,10 @@
|
|||
#cloud-config
|
||||
|
||||
ssh_pwauth: false
|
||||
|
||||
users:
|
||||
- name: root
|
||||
lock-passwd: false
|
||||
passwd: "$5$ciu7ed4fumee5oog$psIozFirhSipeC/OTlyzm5G1fVKmtQvuqVna/8o/dq6"
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQ5OPY/ZTGu3L+gF7ZBKdEHWAPrsILlzBYKm1jLFIQV lynxis@javelin
|
Loading…
Reference in New Issue