forked from pespin/slides
Compare commits
7 Commits
Author | SHA1 | Date |
---|---|---|
Alexander Couzens | 71b06ee5c9 | |
Alexander Couzens | 6e38fc55a5 | |
Alexander Couzens | 15efd9dd0f | |
Oliver Smith | 094f116430 | |
Oliver Smith | 78a292f946 | |
Oliver Smith | 4bdd2f3217 | |
Oliver Smith | fa91f3d92c |
|
@ -7,6 +7,10 @@ open5gs - feedback from user point of view
|
|||
|
||||
== open5gs - feedback from user point of view
|
||||
|
||||
* First of all: open5gs is awesome!
|
||||
|
||||
== open5gs - feedback from user point of view
|
||||
|
||||
* Source file structure:
|
||||
** (*-build.c, *-path.c, *-handler.c, *-context.c, *-sm.c)
|
||||
|
||||
|
@ -22,7 +26,7 @@ open5gs - feedback from user point of view
|
|||
|
||||
* Commits:
|
||||
** Meaningful commit messages
|
||||
** Logical change per commit
|
||||
** (Ideally just one!) logical change per commit
|
||||
|
||||
== open5gs - feedback from user point of view
|
||||
|
||||
|
@ -33,6 +37,33 @@ open5gs - feedback from user point of view
|
|||
|
||||
* Config file syntax backward compatibility
|
||||
|
||||
Very recently:
|
||||
|
||||
....
|
||||
commit a6830b30a0093ed2fa9d563445bf67026588a8f2
|
||||
Author: Sukchan Lee <acetcom@gmail.com>
|
||||
Date: Sat Apr 13 19:28:36 2024 +0900
|
||||
|
||||
[SMF/UPF] Changes subnet configuration (#2975)
|
||||
|
||||
The way subnet is set up has changed as shown below.
|
||||
|
||||
```
|
||||
<OLD Format>
|
||||
smf:
|
||||
session:
|
||||
- subnet: 10.45.0.1/16
|
||||
|
||||
<NEW Format>
|
||||
smf:
|
||||
session:
|
||||
- subnet: 10.45.0.0/16
|
||||
gateway: 10.45.0.1
|
||||
```
|
||||
|
||||
For more information, please refer to Pull Request #2975.
|
||||
....
|
||||
|
||||
== open5gs - feedback from user point of view
|
||||
|
||||
* mongodb backend:
|
||||
|
@ -43,6 +74,7 @@ open5gs - feedback from user point of view
|
|||
|
||||
* make new features optional
|
||||
* open5gs-smfd: Failed to connect to SBI
|
||||
** (This is actually optional, but not very obvious? -> documentation?)
|
||||
|
||||
== open5gs - congress 36c3 (2023)
|
||||
|
||||
|
@ -55,3 +87,7 @@ open5gs - feedback from user point of view
|
|||
|
||||
* interface to inspect state
|
||||
*
|
||||
|
||||
== EOF
|
||||
|
||||
* again: open5gs is awesome!
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
OSMO_GSM_MANUALS ?= "/home/$(USER)/projects/osmo-gsm-manuals/"
|
||||
html: slides.html
|
||||
|
||||
slides.html: *.adoc
|
||||
asciidoc -f "$(OSMO_GSM_MANUALS)/build/mscgen-filter.conf" slides.adoc
|
||||
asciidoc -f "./build/mscgen-filter.conf" slides.adoc
|
||||
|
||||
.PHONY: html
|
||||
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
digraph G {
|
||||
|
||||
UE -> strongSwan;
|
||||
|
||||
subgraph cluster_0 {
|
||||
label = "ePDG";
|
||||
osmoepdg [label="osmo-epdg/erlang"];
|
||||
strongSwan;
|
||||
}
|
||||
|
||||
subgraph cluster_1 {
|
||||
label = "epc/Open5GS";
|
||||
HSS;
|
||||
PCRF;
|
||||
SMF;
|
||||
UPF;
|
||||
mongo [label="MongoDB"];
|
||||
}
|
||||
|
||||
subgraph cluster_2 {
|
||||
label = "IMS";
|
||||
PCSCF [label="P-CSCF"];
|
||||
ICSCF [label="I-CSCF"];
|
||||
SCSCF [label="S-CSCF"];
|
||||
mysql;
|
||||
}
|
||||
|
||||
strongSwan -> osmoepdg;
|
||||
osmoepdg -> HSS;
|
||||
osmoepdg -> SMF;
|
||||
osmoepdg -> PCRF;
|
||||
|
||||
SMF -> UPF;
|
||||
SMF -> HSS;
|
||||
|
||||
HSS -> mongo;
|
||||
PCRF -> mongo;
|
||||
|
||||
UPF -> PCSCF;
|
||||
UPF -> ICSCF;
|
||||
UPF -> SCSCF;
|
||||
|
||||
PCSCF -> mysql;
|
||||
SCSCF -> mysql;
|
||||
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
#!/usr/bin/env python3
|
||||
"""Simple wrapper for filter programs which ensures that a blank
|
||||
is returned as output. The purpose is to silence the
|
||||
AsciiDoc warning "no output from filter".
|
||||
"""
|
||||
|
||||
import sys, subprocess
|
||||
|
||||
p = subprocess.Popen(sys.argv[1:])
|
||||
sys.stdout.write(' ') # To suppress asciidoc 'no output from filter' warnings.
|
||||
sys.exit(p.wait())
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
#
|
||||
# AsciiDoc mscgen filter configuration file.
|
||||
# ${OSMO_GSM_MANUALS}/build is symlinked to ./build when building.
|
||||
#
|
||||
|
||||
[mscgen-filter-style]
|
||||
mscgen-style=template="mscgen-block",subs=(),posattrs=("style","target"),filter='./build/filter-wrapper.py mscgen -o "{outdir={indir}}/{imagesdir=}{imagesdir?/}{target}" -T{format={basebackend-docbook!svg}{basebackend-docbook?svg}} -'
|
||||
|
||||
[blockdef-listing]
|
||||
template::[mscgen-filter-style]
|
||||
|
||||
[paradef-default]
|
||||
template::[mscgen-filter-style]
|
||||
|
||||
[mscgen-block]
|
||||
template::[filter-image-pngsvg-blockmacro]
|
||||
|
||||
[filter-image-pngsvg-blockmacro]
|
||||
{target%}{counter2:target-number}
|
||||
{target%}{set2:target:{docname}__{target-number}.{format={basebackend-docbook!svg}{basebackend-docbook?svg}}}
|
||||
|
|
||||
template::[image-blockmacro]
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
msc{
|
||||
hscale = 2;
|
||||
width = 1400;
|
||||
UE, DNS, ePDG, IMS;
|
||||
|
||||
UE => DNS [label="A/AAAA epdg.epc.mnc070.mcc901.pub.3gppnetwork.org"];
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
osmo-epdg: The osmocom ePDG for VoWiFi
|
||||
======================================
|
||||
:author: Pau Espin Pedrol <pespin@sysmocom.de>
|
||||
:author: Alexander Couzens <acouzens@sysmocom.de>, Pau Espin Pedrol <pespin@sysmocom.de>
|
||||
:copyright: 2024 by sysmocom - s.f.m.c. GmbH <info@sysmocom.de> (License: CC-BY-SA)
|
||||
:backend: slidy
|
||||
:max-width: 54em
|
||||
|
@ -13,6 +13,8 @@ osmo-epdg: The osmocom ePDG for VoWiFi
|
|||
* link:https://nlnet.nl/project/Osmocom-ePDG/[NLnet Foundation grant] to implement open source EPDG.
|
||||
* link:https://osmocom.org/projects/osmo-epdg/wiki[osmo-epdg] is implemented
|
||||
|
||||
image:waffles-2812276262.jpg[height=400]
|
||||
|
||||
|
||||
== Architecture: Control plane
|
||||
|
||||
|
@ -22,132 +24,26 @@ include::osmo_epdg_architecture_control_plane.adoc[]
|
|||
|
||||
include::osmo_epdg_architecture_user_plane.adoc[]
|
||||
|
||||
== UE
|
||||
== strongSwan / Why?
|
||||
|
||||
* UE can behave nice and just work.
|
||||
* but they don't
|
||||
* IKEv2 (control plane)
|
||||
* ESP (user plane)
|
||||
* EAP/AKA implementation
|
||||
|
||||
== What a phone should do?
|
||||
== strongSwan / Why?
|
||||
|
||||
* Read Simcard related files (name it)
|
||||
* Read UE configuration
|
||||
* Do DNS query
|
||||
* Connect to ePDG (SWu/IPsec/IKEv2)
|
||||
* IMS connection with SIP + ESP protection
|
||||
|
||||
== What a phone should do?
|
||||
|
||||
[mscgen]
|
||||
----
|
||||
include::sip_register_msc_gen.dot[]
|
||||
----
|
||||
|
||||
== What a phone should do?
|
||||
|
||||
* Read Simcard related files (name it)
|
||||
* Read UE configuration
|
||||
* **Read hidden baseband configuration**
|
||||
* Do DNS query
|
||||
* Connect to ePDG (SWu/IPsec/IKEv2)
|
||||
* IMS connection (*sorry we don't do spec compliant IMS*)
|
||||
|
||||
== Android
|
||||
|
||||
* use Open Mobile Network Toolkit
|
||||
* Thanks to Peter, Johann, ...
|
||||
* (usually) requires Android Carrier Settings
|
||||
|
||||
== Pixel (6/7/7a)
|
||||
|
||||
* All based on Google/Samsung SoC
|
||||
* Shannon baseband (Samsung)
|
||||
|
||||
== Pixel (6/7/7a)
|
||||
|
||||
* All based on Google/Samsung SoC
|
||||
* Shannon baseband (Samsung)
|
||||
* Insert commerical SIM
|
||||
* Insert osmocom SIM
|
||||
* Connect to ePDG
|
||||
|
||||
== Pixel 6 IMS
|
||||
|
||||
* Pixel 6
|
||||
* Connect to IMS
|
||||
* Does SIP Auth/AKA
|
||||
* **forgets** to do ESP on the SIP
|
||||
|
||||
== Pixel 7/7a IMS
|
||||
|
||||
* Connect to IMS
|
||||
* **Tries** SIP Auth/AKA
|
||||
* Depends on the IMS
|
||||
* Doesn't encode SIP auth fields correct
|
||||
|
||||
image:screenshot_pixel7_wireshark.png[height=600]
|
||||
|
||||
== Pixel 7/7a IMS
|
||||
|
||||
* Connect to IMS
|
||||
* **Tries** SIP Auth/AKA
|
||||
* Depends on the IMS
|
||||
* Doesn't encode SIP auth fields correct
|
||||
|
||||
image:screenshot_pixel7_wireshark_errors.png[height=600]
|
||||
|
||||
== Pixel 7/7a IMS
|
||||
|
||||
* Connect to IMS
|
||||
* **Tries** SIP Auth/AKA
|
||||
* Depends on the IMS
|
||||
* Doesn't encode SIP auth fields correct
|
||||
|
||||
image:screenshot_pixel7_wireshark_errors_correct.png[height=600]
|
||||
|
||||
== Pixel 7/7a IMS
|
||||
|
||||
* Connect to IMS
|
||||
* **Tries** SIP Auth/AKA
|
||||
* Depends on the IMS
|
||||
* Doesn't encode SIP auth fields correct
|
||||
|
||||
image:screenshot_pixel7_wireshark_errors_correct2.png[height=600]
|
||||
|
||||
== iPhones
|
||||
|
||||
* Seems to be a good testing phone
|
||||
* MCC 999 only support data! Skip 999
|
||||
|
||||
== iPhones
|
||||
|
||||
* Seems to be a good testing phone
|
||||
* MCC 999 only support data!
|
||||
|
||||
image:screenshot_iphone_ipsec_failure.png[height=600]
|
||||
|
||||
== other phones?
|
||||
|
||||
* unsure
|
||||
* Qualcomm seems problematic requires additional configs
|
||||
|
||||
== strongSwan
|
||||
|
||||
* Instead of impementing IKEv2
|
||||
[role="incremental"]
|
||||
* Instead of impementing IKEv2/ESP/crypto
|
||||
* use strongSwan to do it
|
||||
* other people seems to have done it as well
|
||||
* plugin architecture
|
||||
|
||||
== strongSwan
|
||||
|
||||
* IKEv2
|
||||
* ESP
|
||||
* EAP/AKA implementation
|
||||
|
||||
== strongSwan
|
||||
== strongSwan / How?
|
||||
|
||||
[role="incremental"]
|
||||
* create a plugin
|
||||
* use hooks
|
||||
* implement a GSUP protocol to handle state
|
||||
* CEIA: a GSUP protocol to handle state
|
||||
|
||||
== strongSwan
|
||||
|
||||
|
@ -156,9 +52,6 @@ image:screenshot_iphone_ipsec_failure.png[height=600]
|
|||
include::strongswan_internal.dot[]
|
||||
----
|
||||
|
||||
|
||||
* TODO-lynxis: Talk about strongswan, ipsec, IKEv2, specific configs which were needed
|
||||
|
||||
== Erlang domain: osmo-epdg
|
||||
|
||||
.Control Plane
|
||||
|
@ -187,20 +80,184 @@ include::osmo_epdg_sample_cfg_file.adoc[]
|
|||
|
||||
== open5gs
|
||||
|
||||
[role="incremental"]
|
||||
* Some specific patches for S2b were merged open5gs upstream:
|
||||
** APCO IE (DNS, P-CSCF addr) handling link:https://github.com/open5gs/open5gs/commit/4aaac999f7bc337bcaed2789ccc6269c256564d2[(1)].
|
||||
** Gy bugs in S2b: link:https://github.com/open5gs/open5gs/commit/32de75b1a50ffbd324b60f93103dbe2853a45bc5[(1)].
|
||||
|
||||
* TODO-lynxis: Maybe talk about the required specific open5gs configs?
|
||||
* Configs
|
||||
** PGW/SMF: P-CSCF PCO
|
||||
** HSS: Allow APN ims
|
||||
|
||||
== IMS
|
||||
== IMS / kamailio
|
||||
|
||||
* TODO-lynxis: Talk about kamailio, specific configs which were needed
|
||||
[role="incremental"]
|
||||
* follow open5gs/IMS howto
|
||||
* better use an old version
|
||||
[role="incremental"]
|
||||
** (or have crashes)
|
||||
* example dialplan not perfect
|
||||
** can't call itself
|
||||
** might want to add a pbx
|
||||
|
||||
== UE
|
||||
|
||||
[role="incremental"]
|
||||
* UE can behave nice and just work.
|
||||
[role="incremental"]
|
||||
* but they don't
|
||||
|
||||
== What a phone should do?
|
||||
|
||||
* Read Simcard related files
|
||||
* Read UE configuration
|
||||
* Do DNS query
|
||||
* Connect to ePDG (SWu/IPsec/IKEv2)
|
||||
* IMS connection with SIP + ESP protection
|
||||
|
||||
== What a phone should do?
|
||||
|
||||
[mscgen]
|
||||
----
|
||||
include::sip_register_msc_gen.dot[]
|
||||
----
|
||||
|
||||
== DNS override
|
||||
|
||||
* required for testing
|
||||
* epdg.epc.mnc070.mcc901.pub.3gppnetwork.org
|
||||
* 213.95.46.81 (epdg.osmocom.org)
|
||||
|
||||
== What a phone should do?
|
||||
|
||||
* Read Simcard related files
|
||||
* Read UE configuration
|
||||
* Do DNS query
|
||||
* Connect to ePDG (SWu/IPsec/IKEv2)
|
||||
* IMS connection with SIP + ESP protection
|
||||
|
||||
== What a phone should do?
|
||||
|
||||
* Read Simcard related files
|
||||
* Read UE configuration
|
||||
* **Read hidden baseband configuration**
|
||||
* Do DNS query
|
||||
* Connect to ePDG (SWu/IPsec/IKEv2)
|
||||
* IMS *hacks* (*sorry we don't do spec compliant IMS*)
|
||||
|
||||
== Android
|
||||
|
||||
* use Open Mobile Network Toolkit
|
||||
* use CoIMS
|
||||
* Thanks to Supreeth, Peter, Johann, ...
|
||||
* (usually) requires Android Carrier Settings
|
||||
|
||||
== Android / Carrier Profiles
|
||||
|
||||
* .xml on the filesystem
|
||||
** MCC/MNC
|
||||
** SPN/GID1/GID2
|
||||
** IMSI ranges
|
||||
* Android application (trust by simcard)
|
||||
|
||||
== Pixel (6/7/7a)
|
||||
|
||||
* All based on Google/Samsung SoC
|
||||
* Shannon baseband (Samsung)
|
||||
|
||||
== Pixel (6/7/7a)
|
||||
|
||||
* All based on Google/Samsung SoC
|
||||
* Shannon baseband (Samsung)
|
||||
[role="incremental"]
|
||||
* Insert commerical SIM
|
||||
* Insert osmocom SIM
|
||||
* Connect to ePDG
|
||||
|
||||
== Pixel 6 IMS
|
||||
|
||||
* Connect to IMS
|
||||
* Does SIP Auth/AKA
|
||||
[role="incremental"]
|
||||
* **forgets** to do ESP on the SIP
|
||||
|
||||
== Pixel 7/7a IMS
|
||||
|
||||
* Connect to IMS
|
||||
[role="incremental"]
|
||||
* **Tries** SIP Auth/AKA
|
||||
* Depends on the IMS
|
||||
* Doesn't encode SIP auth fields correct
|
||||
|
||||
image:screenshot_pixel7_wireshark.png[height=400]
|
||||
|
||||
== Pixel 7/7a IMS
|
||||
|
||||
* Connect to IMS
|
||||
* **Tries** SIP Auth/AKA
|
||||
* Depends on the IMS
|
||||
* Doesn't encode SIP auth fields correct
|
||||
|
||||
image:screenshot_pixel7_wireshark_errors.png[height=400]
|
||||
|
||||
== Pixel 7/7a IMS
|
||||
|
||||
* Connect to IMS
|
||||
* **Tries** SIP Auth/AKA
|
||||
* Depends on the IMS
|
||||
* Doesn't encode SIP auth fields correct
|
||||
|
||||
image:screenshot_pixel7_wireshark_errors_correct.png[height=400]
|
||||
|
||||
== Pixel 7/7a IMS
|
||||
|
||||
* Connect to IMS
|
||||
* **Tries** SIP Auth/AKA
|
||||
* Depends on the IMS
|
||||
* Doesn't encode SIP auth fields correct
|
||||
|
||||
image:screenshot_pixel7_wireshark_errors_correct2.png[height=400]
|
||||
|
||||
== iPhones
|
||||
|
||||
* Seems to be a good testing phone
|
||||
* MCC 999 only support data! Don't use 999 for Voice
|
||||
|
||||
== iPhones
|
||||
|
||||
* Seems to be a good testing phone
|
||||
* MCC 999 only support data! Don't use 999 for Voice
|
||||
|
||||
image:screenshot_iphone_ipsec_failure.png[height=100]
|
||||
|
||||
== iPhones
|
||||
|
||||
* Seems to be a good testing phone
|
||||
* MCC 999 only support data! Don't use 999 for Voice
|
||||
|
||||
image:screenshot_iphone_ipsec_failure.png[height=100]
|
||||
|
||||
* This might be a config option
|
||||
|
||||
== other phones?
|
||||
|
||||
[role="incremental"]
|
||||
* unsure
|
||||
* qualcomm! ACLs on the baseband filesystem
|
||||
* mediatek?
|
||||
* huawei?
|
||||
|
||||
== Ansible setup
|
||||
|
||||
* TODO: Talk about ansible-prototype and the manual tests we did
|
||||
* Tell how to test with SWu-EMulator
|
||||
* 3 VMs
|
||||
** ePDG/AAA
|
||||
** epc
|
||||
** IMS
|
||||
|
||||
[graphviz]
|
||||
----
|
||||
include::ansible_setup.dot[]
|
||||
----
|
||||
|
||||
== TTCN-3: EPDG_Tests
|
||||
|
||||
|
@ -209,14 +266,34 @@ include::ttcn3_component_diagram.adoc[]
|
|||
* Extra script to set up iface + routing for userplane in docker-playground setup
|
||||
* 15 tests so far
|
||||
|
||||
== Testing SWu-IKEv2
|
||||
|
||||
* python script
|
||||
* 3.5k
|
||||
[role="incremental"]
|
||||
* implement IKEv2, ESP, EAP, ..
|
||||
* tun interface
|
||||
* pcscd, csv file, https server
|
||||
|
||||
== Future work
|
||||
|
||||
* Implement SWm Diameter interface over the wire
|
||||
[role="incremental"]
|
||||
* Split AAA out of osmo-epdg into its own process
|
||||
** Implement SWm Diameter interface over the wire
|
||||
* Implement GTPUv1 inner IPv6 support
|
||||
* Implement GTPUv1 outter IPv6 support
|
||||
* Implement GTPCv2 IPv6 support
|
||||
* Get changes to erlang repositories gtplib, gtp_u_kmod, gen_netlink, gen_socket merged upstream (travelping)
|
||||
* IKEv2 Notify Payloads (Network error code, Request IMEI)
|
||||
|
||||
== Thanks!
|
||||
|
||||
* Thanks to NLnet for funding
|
||||
* Open5GS
|
||||
* CoIMS
|
||||
* OMNT
|
||||
* kamailio
|
||||
* strongSwan
|
||||
|
||||
== Know more
|
||||
|
||||
|
@ -224,3 +301,4 @@ include::ttcn3_component_diagram.adoc[]
|
|||
* link:https://osmocom.org/projects/osmo-epdg/wiki[osmo-epdg redmine osmocom project]
|
||||
* link:https://gitea.osmocom.org/ims-volte-vowifi/ansible-prototype[Deploy with Ansible]
|
||||
* link:https://github.com/fasferraz/SWu-IKEv2[SWu-IKEv2]
|
||||
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 202 KiB |
Loading…
Reference in New Issue