forked from acouzens/open5gs
Update VoLTE tutorials
This commit is contained in:
parent
be1305b903
commit
48323bd299
|
@ -457,7 +457,7 @@ $ mysql
|
||||||
|
|
||||||
```
|
```
|
||||||
$ cd ~ && git clone https://github.com/herlesupreeth/Kamailio_IMS_Config
|
$ cd ~ && git clone https://github.com/herlesupreeth/Kamailio_IMS_Config
|
||||||
$ cd Kamailio_IMS_Config
|
$ cd Kamailio_IMS_Config && git checkout 5.3
|
||||||
$ cp -r kamailio_icscf /etc
|
$ cp -r kamailio_icscf /etc
|
||||||
$ cp -r kamailio_pcscf /etc
|
$ cp -r kamailio_pcscf /etc
|
||||||
$ cp -r kamailio_scscf /etc
|
$ cp -r kamailio_scscf /etc
|
||||||
|
|
|
@ -5,63 +5,56 @@ head_inline: "<style> .blue { color: blue; } </style>"
|
||||||
|
|
||||||
Setup description:
|
Setup description:
|
||||||
- MCC: 001, MNC: 01
|
- MCC: 001, MNC: 01
|
||||||
- Docker-compose
|
- Docker + Docker Compose
|
||||||
|
- VM/Physical machine running Ubuntu 20.04 or 22.04
|
||||||
- srsENB + USRP B210 or a commercial eNB
|
- srsENB + USRP B210 or a commercial eNB
|
||||||
- Sysmocom USIM - sysmoUSIM-SJS1
|
- Sysmocom USIM - sysmoUSIM-SJS1
|
||||||
- UE: Mi 9 Pro 5G. Other UE are being tested.
|
- UE: Mi 9 Pro 5G, Oneplus 5, iPhone X and above, Nokia 5.3. Other UE are being tested.
|
||||||
{: .blue}
|
{: .blue}
|
||||||
|
|
||||||
#### 0. Introduction
|
#### 0. Introduction
|
||||||
|
|
||||||
This tutorial introduces an install-and-run lab for Open5GS + Kamailio IMS
|
This tutorial introduces an install-and-run setup for Open5GS + Kamailio IMS VoLTE study.
|
||||||
VoLTE study, a follow-up project of [Open5GS Tutorial: VoLTE Setup with Kamailio IMS and Open5GS](https://open5gs.org/open5gs/docs/tutorial/02-VoLTE-setup/).
|
|
||||||
|
|
||||||
The main purpose is to save researchers' and students' time to debug for a
|
The main purpose is to save researchers' and students' time to debug for a minimum-viable environment before actual study can be proceeded.
|
||||||
minimum-viable environment before actual study can be proceeded.
|
|
||||||
|
|
||||||
**Important notice before you start**
|
|
||||||
|
|
||||||
1. Java 7 is downloaded from an alternative location. You have to agree with
|
|
||||||
Oracle's term of service and have an Oracle account, to legally use Java SDK
|
|
||||||
7u80. By using this repo, I assume you have the legal right to use it and
|
|
||||||
hold no liability.
|
|
||||||
|
|
||||||
You have to prepare IMSI, Ki, OP/OPc, SQN of your SIM cards.
|
|
||||||
|
|
||||||
#### 1. Prepare SIM cards for VoLTE
|
#### 1. Prepare SIM cards for VoLTE
|
||||||
|
|
||||||
1. Wrong KIC / KID / KIK bricks your SIM card.
|
Program IMSI, Ki, OP/OPc, SQN for the SIM cards you plan to use.
|
||||||
|
|
||||||
|
If VoLTE is not enabled on your Android phone then please refer to the instructions mentioned here: [VoLTE settings overriding](https://github.com/herlesupreeth/CoIMS_Wiki/blob/master/README.md).
|
||||||
|
{: .notice--info}
|
||||||
|
|
||||||
|
1. Using wrong KIC / KID / KIK bricks your SIM card and is irrecoverable
|
||||||
2. Use MCC = 001, MNC = 01 for a test network, unless you know your MCC/MNC is supported by Android Carrier Privileges.
|
2. Use MCC = 001, MNC = 01 for a test network, unless you know your MCC/MNC is supported by Android Carrier Privileges.
|
||||||
|
{: .notice--warning}
|
||||||
|
|
||||||
Refer to: https://github.com/herlesupreeth/CoIMS_Wiki/blob/master/README.md
|
#### 2. Build Open5GS, Kamailio docker images
|
||||||
* gp --key-enc <KIC1> --key-mac <KID1> --key-dek <KIK1> -lvi
|
|
||||||
* gp --key-enc <KIC1> --key-mac <KID1> --key-dek <KIK1> --unlock
|
|
||||||
* gp --install applet.cap
|
|
||||||
* gp -a 00A4040009A00000015141434C0000 -a 80E2900033F031E22FE11E4F06FFFFFFFFFFFFC114E46872F28B350B7E1F140DE535C2A8D5804F0BE3E30DD00101DB080000000000000001
|
|
||||||
* gp --acr-list-aram
|
|
||||||
|
|
||||||
#### 2. Build Open5GS, Kamailio with docker-compose
|
* Mandatory requirements:
|
||||||
|
* [docker-ce](https://docs.docker.com/install/linux/docker-ce/ubuntu) - Version 22.0.5 or above
|
||||||
|
* [docker compose](https://docs.docker.com/compose) - Version 2.14 or above
|
||||||
|
|
||||||
Mandatory requirements:
|
Clone repository and build base docker image of open5gs and kamailio:
|
||||||
* [docker-ce](https://docs.docker.com/install/linux/docker-ce/ubuntu)
|
|
||||||
* [docker-compose](https://docs.docker.com/compose)
|
|
||||||
|
|
||||||
Install docker-compose and make sure it works before going forward.
|
|
||||||
|
|
||||||
Clone the repository and build base docker images of open5gs and Kamailio:
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
# Build docker images for open5gs EPC/5GC components
|
||||||
git clone https://github.com/herlesupreeth/docker_open5gs
|
git clone https://github.com/herlesupreeth/docker_open5gs
|
||||||
cd docker_open5gs/base
|
cd docker_open5gs/base
|
||||||
docker build --no-cache --force-rm -t docker_open5gs .
|
docker build --no-cache --force-rm -t docker_open5gs .
|
||||||
|
|
||||||
|
# Build docker images for kamailio IMS components
|
||||||
cd ../ims_base
|
cd ../ims_base
|
||||||
docker build --no-cache --force-rm -t docker_kamailio .
|
docker build --no-cache --force-rm -t docker_kamailio .
|
||||||
|
|
||||||
|
# Build docker images for additional components
|
||||||
|
cd ..
|
||||||
|
docker compose -f 4g-volte-deploy.yaml build
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 3. Configuring your setup
|
#### 3. Configuring your setup
|
||||||
|
|
||||||
`.env` is the only file most of them need to edit as per their deployment needs
|
`.env` is the only file most of them need to edit as per your deployment needs
|
||||||
{: .notice--warning}
|
{: .notice--warning}
|
||||||
|
|
||||||
Edit only the following parameters in `.env` as per your setup
|
Edit only the following parameters in `.env` as per your setup
|
||||||
|
@ -69,15 +62,15 @@ Edit only the following parameters in `.env` as per your setup
|
||||||
```
|
```
|
||||||
MCC
|
MCC
|
||||||
MNC
|
MNC
|
||||||
TEST_NETWORK --> Change this only if it clashes with the internal network at your home/office
|
DOCKER_HOST_IP --> This is the IP address of the host running (EPC+IMS)
|
||||||
DOCKER_HOST_IP --> This is the IP address of the host running your docker setup
|
SGWU_ADVERTISE_IP --> Change this to value of DOCKER_HOST_IP
|
||||||
SGWU_ADVERTISE_IP --> Change this to value of DOCKER_HOST_IP set above only if eNB is not running the same docker network/host
|
UE_IPV4_INTERNET --> Change this to your desired (Not conflicted) UE network ip range for internet APN
|
||||||
|
UE_IPV4_IMS --> Change this to your desired (Not conflicted) UE network ip range for ims APN
|
||||||
```
|
```
|
||||||
|
|
||||||
If eNB is NOT running in the same docker network/host as the host running the dockerized Core + IMS then follow the below additional steps
|
If eNB is NOT running in the same docker network/host as the host running the dockerized Core + IMS then follow the below additional steps
|
||||||
|
|
||||||
Under `mme` section in docker-compose file (`docker-compose.yaml`, `nsa-deploy.yaml`), uncomment the following part
|
Under **mme** section in docker compose file (**4g-volte-deploy.yaml**), uncomment the following part
|
||||||
|
|
||||||
```
|
```
|
||||||
...
|
...
|
||||||
# ports:
|
# ports:
|
||||||
|
@ -85,8 +78,7 @@ Under `mme` section in docker-compose file (`docker-compose.yaml`, `nsa-deploy.y
|
||||||
...
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
Under `sgwu` section in docker-compose file (`docker-compose.yaml`, `nsa-deploy.yaml`), uncomment the following part
|
Then, uncomment the following part under **sgwu** section
|
||||||
|
|
||||||
```
|
```
|
||||||
...
|
...
|
||||||
# ports:
|
# ports:
|
||||||
|
@ -94,57 +86,96 @@ Under `sgwu` section in docker-compose file (`docker-compose.yaml`, `nsa-deploy.
|
||||||
...
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 4. Building 4G/5G Core + IMS related components images
|
#### 4. Deploying 4G/5G Core + IMS related components images
|
||||||
|
|
||||||
```
|
```
|
||||||
cd docker_open5gs
|
cd docker_open5gs
|
||||||
source .env
|
source .env
|
||||||
docker-compose -f deploy-all.yaml build --no-cache
|
sudo ufw disable
|
||||||
docker-compose -f deploy-all.yaml up
|
sudo sysctl -w net.ipv4.ip_forward=1
|
||||||
|
docker compose -f 4g-volte-deploy.yaml up
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 5. (Optional) Run srsENB in a separate container
|
#### 5. (Optional) Run srsENB in a separate container
|
||||||
|
|
||||||
I use srsENB and USRP B210 in the lab. Sometimes you may want to restart
|
Sometimes you may want to restart srsENB while keeping the core network running. It is thus recommended to run srsENB separately.
|
||||||
srsENB while keeping the core network running. It is thus recommended to run
|
|
||||||
srsENB separately.
|
In order to run srsENB in a separate host, clone the docker_open5gs repository as mentioned above and build srsENB docker images.
|
||||||
|
|
||||||
|
```
|
||||||
|
# Build docker images for srsRAN_4G eNB
|
||||||
|
cd ../srslte
|
||||||
|
docker build --no-cache --force-rm -t docker_srslte .
|
||||||
|
```
|
||||||
|
|
||||||
|
And, edit only the following parameters in **.env** as per your setup
|
||||||
|
|
||||||
|
```
|
||||||
|
MCC
|
||||||
|
MNC
|
||||||
|
DOCKER_HOST_IP --> This is the IP address of the host running eNB
|
||||||
|
MME_IP --> Change this to IP address of host running (EPC+IMS)
|
||||||
|
SRS_ENB_IP --> Change this to the IP address of the host running eNB
|
||||||
|
```
|
||||||
|
|
||||||
|
Replace the following part in the docker compose file (**srsenb.yaml**)
|
||||||
|
```
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: ${SRS_ENB_IP}
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
external:
|
||||||
|
name: docker_open5gs_default
|
||||||
|
```
|
||||||
|
with
|
||||||
|
```
|
||||||
|
network_mode: host
|
||||||
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
cd docker_open5gs
|
cd docker_open5gs
|
||||||
source .env
|
source .env
|
||||||
docker-compose -f srsenb.yaml build --no-cache
|
sudo cpupower frequency-set -g performance
|
||||||
docker-compose -f srsenb.yaml up
|
docker compose -f srsenb.yaml up -d && docker container attach srsenb
|
||||||
```
|
```
|
||||||
|
|
||||||
#### 6. Configuration and register two UE
|
#### 6. Configuration and provisioning of SIM information in HSS and HLR
|
||||||
|
|
||||||
If there is a need to change the Core Network component configuration files
|
If there is a need to change the Core Network component configuration, then corresponding configuration files can be found under their respective folders.
|
||||||
found under their respective folder, make sure to re-compile images using
|
|
||||||
`docker-compose build` again.
|
|
||||||
{: .notice--warning}
|
{: .notice--warning}
|
||||||
|
|
||||||
Open (http://<DOCKER_HOST_IP>:3000) in a web browser, where <DOCKER_HOST_IP> is
|
- Provision SIM details in open5gs HSS
|
||||||
the IP of the machine/VM running the open5gs containers. Login with following
|
|
||||||
credentials
|
Open (http://<DOCKER_HOST_IP>:3000) in a web browser, where <DOCKER_HOST_IP> is the IP of the machine/VM running the open5gs containers. Login with following credentials
|
||||||
|
|
||||||
```
|
```
|
||||||
Username : admin
|
Username : admin
|
||||||
Password : 1423
|
Password : 1423
|
||||||
```
|
```
|
||||||
|
|
||||||
Follow the instructions in [VoLTE Setup](https://open5gs.org/open5gs/docs/tutorial/02-VoLTE-setup/):
|
Add users with their corresponding IMSI, Ki, OP/OPc value and APN settings. The APN settings should look like below:
|
||||||
- Step 18, set IMSI, Ki, OP, SQN and APN of your SIM cards.
|
|
||||||
**Important!** Set the type of both APN to IPv4. Kamailio does not support VoLTE over
|
<pre>
|
||||||
IPv6 at the moment. (See the screenshot below.)
|
APN Configuration:
|
||||||
- Step 20, add IMS subscriptions to FHoSS.
|
---------------------------------------------------------------------------------------------------------------------
|
||||||
|
| APN | Type | QCI | ARP | Capability | Vulnerablility | MBR DL/UL(Kbps) | GBR DL/UL(Kbps) | PGW IP |
|
||||||
|
---------------------------------------------------------------------------------------------------------------------
|
||||||
|
| internet | IPv4 | 9 | 8 | Disabled | Disabled | unlimited/unlimited | | |
|
||||||
|
---------------------------------------------------------------------------------------------------------------------
|
||||||
|
| ims | IPv4 | 5 | 1 | Disabled | Disabled | 3850/1530 | | |
|
||||||
|
| | | 1 | 2 | Enabled | Enabled | 128/128 | 128/128 | |
|
||||||
|
| | | 2 | 4 | Enabled | Enabled | 128/128 | 128/128 | |
|
||||||
|
---------------------------------------------------------------------------------------------------------------------
|
||||||
|
</pre>
|
||||||
|
|
||||||
|
**Important!** Set the type of both APN to IPv4. Kamailio does not support VoLTE over IPv6 at the moment. (See the screenshot below)
|
||||||
|
|
||||||
![Set both type to IPv4 only](https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/subscriber-type-ipv4.png)
|
![Set both type to IPv4 only](https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/subscriber-type-ipv4.png)
|
||||||
|
|
||||||
For already running systems, copy SQN from Open5GS and type it in FHoSS. You
|
- Provision IMSI and MSISDN in osmohlr to allow [SMS over SGs](https://github.com/herlesupreeth/docker_open5gs#provisioning-of-imsi-and-msisdn-with-osmohlr-as-follows)
|
||||||
can type SQN in decimal. FHoSS will automagically convert it to hex.
|
|
||||||
|
|
||||||
Pay special attention to copy/paste. You might have leading or trailing spaces
|
- Provision SIM information in pyHSS [IMS](https://github.com/herlesupreeth/docker_open5gs#provisioning-of-sim-information-in-pyhss-is-as-follows)
|
||||||
in FHoSS, resulting in failed connections!
|
|
||||||
|
|
||||||
#### 7. Debugging with Wireshark
|
#### 7. Debugging with Wireshark
|
||||||
|
|
||||||
|
@ -152,15 +183,13 @@ Thanks to Open5GS, the topology is super similar to [SAE on Wikipedia](https://e
|
||||||
|
|
||||||
![Network topology of Open5GS + IMS](https://raw.githubusercontent.com/miaoski/docker_open5gs/master/network-topology.png)
|
![Network topology of Open5GS + IMS](https://raw.githubusercontent.com/miaoski/docker_open5gs/master/network-topology.png)
|
||||||
|
|
||||||
|
|
||||||
**APN**
|
**APN**
|
||||||
|
|
||||||
On your cellphone, there should be *internet* and *ims*.
|
On your cellphone, there should be *internet* and *ims*.
|
||||||
|
|
||||||
<img src="https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/apn-on-cellphone.jpg" width="320" />
|
<img src="https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/apn-on-cellphone.jpg" width="320" />
|
||||||
|
|
||||||
CoIMS should look like the one below. If you don't know what CoIMS is, please
|
If CoIMS is used to force enable VoLTE on the Android device, it should look like in the screenshot below:
|
||||||
refer to step 23 of VoLTE Setup.
|
|
||||||
|
|
||||||
<img src="https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/coims.jpg" width="320" />
|
<img src="https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/coims.jpg" width="320" />
|
||||||
|
|
||||||
|
@ -173,13 +202,11 @@ When DNS is not properly set, you may end up with 478 Unresolvable destination (
|
||||||
|
|
||||||
![478 unresolvable destination](https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/478-unresolvable-destination.png)
|
![478 unresolvable destination](https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/478-unresolvable-destination.png)
|
||||||
|
|
||||||
If the port if not open, or DNS is not properly configured, the phone cannot
|
If the port if not open, or DNS is not properly configured, the phone cannot reach P-CSCF and fails.
|
||||||
reach P-CSCF and fails.
|
|
||||||
|
|
||||||
![RST at port 5060](https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/RST-5060.png)
|
![RST at port 5060](https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/RST-5060.png)
|
||||||
|
|
||||||
If there is an NAT between PGW and P-CSCF, IPsec-NAT would not work, and the
|
If there is an NAT between PGW and P-CSCF, IPsec-NAT would not work, and the PCAP looks like the one below. Note that you need to run P-CSCF as root, in
|
||||||
PCAP looks like the one below. N.B. that you need to run P-CSCF as root, in
|
|
||||||
order to add xfrm state and policy.
|
order to add xfrm state and policy.
|
||||||
|
|
||||||
![401 Unauthorized](https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/401-unauthorized.png)
|
![401 Unauthorized](https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/401-unauthorized.png)
|
||||||
|
@ -193,17 +220,12 @@ Herle Supreeth has shared PCAP files of successful calls, including
|
||||||
- [Non-IPSec UE to IPSec UE calling]({{ site.url }}{{ site.baseurl }}/assets/pcapng/nonipsec_to_ipsec_call.pcapng)
|
- [Non-IPSec UE to IPSec UE calling]({{ site.url }}{{ site.baseurl }}/assets/pcapng/nonipsec_to_ipsec_call.pcapng)
|
||||||
- [IPSec UE to Non-IPSec UE calling]({{ site.url }}{{ site.baseurl }}/assets/pcapng/ipsec_to_nonipsec_call.pcapng)
|
- [IPSec UE to Non-IPSec UE calling]({{ site.url }}{{ site.baseurl }}/assets/pcapng/ipsec_to_nonipsec_call.pcapng)
|
||||||
|
|
||||||
The successful calls were made with a commercial eNB (in his case a Casa
|
|
||||||
smallcell), while srsENB the ACK takes a very long time to reach the UE,
|
|
||||||
resulting in disconnected calls.
|
|
||||||
|
|
||||||
**UE registration**
|
**UE registration**
|
||||||
|
|
||||||
![UE registration with IPSec](https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/ue-ipsec.png)
|
![UE registration with IPSec](https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/ue-ipsec.png)
|
||||||
|
|
||||||
From the screenshot, we see a UE that supports IPSec got a response from
|
From the screenshot, we see a UE that supports IPSec got a response from S-CSCF, indicating that ipsec-3gpp is supported, protocol is ESP (ethernet proto 50, IPSec). Client port (port-c) is 5100 and server port (port-s) 6100.
|
||||||
S-CSCF, indicating that ipsec-3gpp is supported, protocol is ESP (ethernet
|
|
||||||
proto 50, IPSec). Client port (port-c) is 5100 and server port (port-s) 6100.
|
|
||||||
Refer to [IMS/SIP - Basic Procedures](https://www.sharetechnote.com/html/IMS_SIP_Procedure_Reg_Auth_IPSec.html) if you want to know more.
|
Refer to [IMS/SIP - Basic Procedures](https://www.sharetechnote.com/html/IMS_SIP_Procedure_Reg_Auth_IPSec.html) if you want to know more.
|
||||||
Also, notice that packets after 401 Unauthorized are transmitted over ESP.
|
Also, notice that packets after 401 Unauthorized are transmitted over ESP.
|
||||||
|
|
||||||
|
@ -216,8 +238,7 @@ If a UE does not support IPSec, you don't see the "security-server", as shown be
|
||||||
|
|
||||||
![ipsec to ipsec call](https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/ipsec-to-ipsec%20calls.png)
|
![ipsec to ipsec call](https://raw.githubusercontent.com/miaoski/docker_open5gs/gh-pages/screenshots/ipsec-to-ipsec%20calls.png)
|
||||||
|
|
||||||
The Wireshark above shows that after several IPSec (ESP) packets, S-CSCF is
|
The Wireshark above shows that after several IPSec (ESP) packets, S-CSCF is sending a SIP INVITE for UE 03 to UE 04. To be more precise,
|
||||||
sending a SIP INVITE for UE 03 to UE 04. To be more precise,
|
|
||||||
|
|
||||||
```
|
```
|
||||||
Request-Line: INVITE sip:0398765432100;phone-context=0498765432100@0498765432100;user=phone SIP/2.0
|
Request-Line: INVITE sip:0398765432100;phone-context=0498765432100@0498765432100;user=phone SIP/2.0
|
||||||
|
|
Loading…
Reference in New Issue