New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No Security Context in PDN_CPNNECTIVITY_REQUEST #64

Closed
kewinrausch opened this Issue May 21, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@kewinrausch

kewinrausch commented May 21, 2018

Hi NextEPC!

I have an LTE network setup working with OAI EPC, and I want to migrate from it to another EPC solution. I've already evaluated srsEPC, and I wanted to test also your EPC. I followed all the guides and successfully installed the EPC. Using the WebUI then I inserted the Subscribers present also in the other core networks.

Now, the eNB (srsENB) successfully connects to NextEPC, but when an UE (Nexus 5) tries to authenticate, I get the following error:

[05/21 14:13:11.479] eNB-S1 accepted[192.168.0.178]:49752 in s1_path module
[05/21 14:13:11.479] eNB-S1 accepted[192.168.0.178] in master_sm module
[05/21 14:13:16.306] WARN: NAS MAC verification failed(0x0 != 0x71607789) (nas_security.c:217)
[05/21 14:13:16.307] ASSERT: !(SECURITY_CONTEXT_IS_VALID(mme_ue)). No Security Context in PDN_CPNNECTIVITY_REQUEST (esm_handler.c:32)

I checked twice the values inserted in the Subscriber elements, and I tried to connect the UE by giving some modified Key/OPc values. The error resulting is different, so I'm assuming the values put in the HSS database are correct (as they are they work fine in OAI EPC and srsLTE EPC).

Do you have any idea of what can be the cause of this error?

I've attached the Whireshark capture of SCTP and GTP traffic.

No_Security_Context.zip

acetcom added a commit that referenced this issue May 22, 2018

@acetcom

This comment has been minimized.

Owner

acetcom commented May 22, 2018

You might use EIA2(AES) with changing integrity order like the followings.

    security:
        integrity_order : [ EIA2, EIA1, EIA0 ]

NextEPC MME has a bug in such a situation. So, we've fixed it right now.

Thank you for your effort.

@kewinrausch

This comment has been minimized.

kewinrausch commented May 22, 2018

Ok, I pulled the last code and compiled everything to match the patch. Now I can confirm that the connection is successful and my UE is connected and authenticated to the EPC.

In addition to that, I also confirm that the UE successfully access the Internet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment