Go to file

Alexander Couzens 14ce58cb1e epdg: fix UE to UE traffic UE to UE traffic when both UE are connected via the same ePDG couldn't send traffic to each other because of xfrm policies. The firewall on the ePDG was catching this traffic because it tried to shortcut without passing the P-GW. Use fwmark for both directions and mark them also strongswan which will configure it to the xfrm policies. Related: OS#6435		2024-07-04 14:00:53 +02:00
group_vars	add authorized_keys to the playbooks	2024-02-08 17:41:13 +01:00
roles	epdg: fix UE to UE traffic	2024-07-04 14:00:53 +02:00
vars	vars: add mcc/mnc	2024-06-24 18:02:16 +02:00
LICENSE.md	license under MIT	2024-02-08 20:39:37 +01:00
README.md	Add a minimal README.md	2024-02-08 20:53:07 +01:00
epc.yml	vars: add mcc/mnc	2024-06-24 18:02:16 +02:00
epdg.yml	epdg: add support to define the diameter realm	2024-06-24 18:02:16 +02:00
hosts	roles: add ims role from c3gsm	2024-02-06 10:31:21 +01:00
ims.yml	ims: use consistent bind ips	2024-06-24 18:02:16 +02:00

README.md

ansible-prototype

Deploy the osmo-epdg and epc (IMS is deployed but untested yet).

See https://osmocom.org/projects/osmo-epdg/wiki/Hosted_epdg_playground for further information on the setup.

To install

The setup expect to have a private network available with layer 2 connectivity between the 3 hosts. Additional you need to setup the strongswan and osmo-epdg as both only prepare, but not installed.

ansible-playbook -i hosts epdg.yml epc.yml ims.yml

cd /srv/strongswan
./autogen.sh
./configure \
	--enable-eap-aka \
	--enable-eap-aka-3gpp \
	--enable-eap-aka-3gpp2 \
	--enable-eap-simaka-reauth \
	--enable-systemd \
	--enable-save-keys \
	--enable-p-cscf \
	--enable-osmo-epdg
make && make install
systemctl daemon-reload
systemctl restart strongswan

cd /srv/osmo-edpg
rebar3 shell --config ./config/local.config