Internet access while using outside eNB with dockerized volte on openstack

[modyngs]

Dear @herlesupreeth
Hi,

My topology is
eNB( is on Local computer)[192.168.1.60] <==========> Openstack VM { Floating Ip add [44.102.129.54] , Docker Host(Openstack vm) [192.168.1.107] , VOLTE_DOCKERized [172.22.xx.xx] }

1- eNB <===> MME ))))))))) sucess
2- UE )))))))) got connected to network
3- UE can't access internet while i can see 4G sing in one direction!

Dockerized CORE is on the openstack vm[192.168.1.107] with default docker ip[172.22. ...]
eNB is on the Local Coputer with [192.168.1.60]

here is attached pcap
No Int3.zip

in Both sides ipv4 forwarding is enabled!

Thanks
Best regards

[modyngs]

here is the log
docker logs.txt

[modyngs]

[herlesupreeth]

Set SGWU_ADVERTISE_IP to 44.102.129.54 in .env and then do source .env and bring back the stack with docker-compose up and then give it a try

[modyngs]

Dear @herlesupreeth

Thanks for your replay

I did that but still No internet connection

Here are pcaps and logs:
Core Pcap:
No_internet.zip
Core Log:
Log.txt

Core Configs:
configs.txt

[modyngs]

also it is pcap from eNB prespective:

No int_eNB.zip

[herlesupreeth]

You have set wrong IP, rather than 44.102.129.54 its 46.102.129.54

[modyngs]

its not wrong My ip is 46.102.129.156

i changed floating ip as used new VM!

[herlesupreeth]

Also, you need to uncomment the ports section in sgwu (please read the README properly, its written to avoid these errors)

[modyngs]

Sorry, i thought its just 4G not NSA!
So not changed Sgwu

I changed it, but still not having internet acess on UE!
Thanks
best regards

[modyngs]

Do i need to add some route in eNB?

on eNB when i do:
sudo ip r add 172.22.0.6 via 46.102.129.158

as in readme it says :
ERROR: Nexthup has invalid gateway.

am i doing wrong?

[herlesupreeth]

Check the security policies, are you allowing UDP port 2152? do not set UPF_ADVERTISE_IP to 46.102.129.158, keep it same as UPF_IP as you are in 4G only

[modyngs]

Its all open

[herlesupreeth]

If you modify .env make sure to run source .env again and bring down the stack and up again before re-tryng

[modyngs]

Yea, i always do that

do u have any other idea?
#33 (comment)

[modyngs]

Can it be because of the time syncronization?

I did changed it But Notting happened! so its not the problem!

[herlesupreeth]

Post here the output of ip a command on the eNB machine. Most likely you may have to change the UE IP allocation range in smf and upf, but lets see

[modyngs]

Yea, i think its smf, there are some warning in logs about it,

I'll post ip a here but it is 192.168.1.10/24

new@new:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	inet 127.0.0.1/8 scope host lo
   	valid_lft forever preferred_lft forever
	inet6 ::1/128 scope host
   	valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
	link/ether 10:e7:c6:ab:cc:7a brd ff:ff:ff:ff:ff:ff
	inet 192.168.1.10/24 brd 192.168.1.255 scope global noprefixroute enp1s0
   	valid_lft forever preferred_lft forever
	inet6 fe80::a3f5:3b9b:413f:a5a1/64 scope link noprefixroute
   	valid_lft forever preferred_lft forever

as i see in smf.yaml the Ue pool is like this:

smf:
    freeDiameter: /open5gs/install/etc/freeDiameter/smf.conf
    sbi:
      - addr: SMF_IP
        port: 7777
    gtpc:
      - addr: SMF_IP
    gtpu:
      - addr: SMF_IP
    pfcp:
      - addr: SMF_IP
    subnet:
      - addr: 192.168.100.1/24
        dnn: internet
        dev: ogstun
      - addr: fd84:6aea:c36e:2b69::/64
        dev: ogstun
        dnn: internet
      - addr: 192.168.101.1/24
        dnn: ims
        dev: ogstun2
      - addr: fd1f:76f3:da9b:0101::/64
        dnn: ims
        dev: ogstun2

should i change it?

[herlesupreeth]

i dont think you have to change it as your enp1s0 subnet does not collide with UE subnet

[modyngs]

when i turn mobile data on i can see sth like this:

[modyngs]

My topology is
eNB( is on Local computer)[192.168.1.10] <==========> Openstack VM { Floating Ip add [46.102.129.185] , Docker Host(Openstack local vm ip) [192.168.1.141] , VOLTE_DOCKERized [172.22.xx.xx] }

1- eNB <===> MME ))))))))) sucess
2- UE )))))))) got connected to network
3- UE can't access internet while i can see 4G sing in one direction!

Dockerized CORE is on the openstack vm[192.168.1.141] with default docker ip[172.22. ...]
eNB is on the Local Coputer with [192.168.1.10]

I will send some logs again!
Its the latest ip and the new Openstack VM,

[modyngs]

Also there is sth wrong with time!( maybe because i donot have internet access)

In Ue the time is UTC while in Openstack Vm and eNB its all right to local time!

Here is my new logs, pcap and configs:
Log.txt
configs.txt
No-NET.zip

before turning on the UE i removed old APN and add new one!
i'm on the latest branch!(master)

Thanks
Best regards

[modyngs]

Can u give me a hint?

[modyngs]

Dear @herlesupreeth
Is'nt it because UE is behind Double NAT? ( as i'm using cloud and docker at the same time over each other for Core)

I also tested your repo[https://github.com/herlesupreeth/docker_open5gs/tree/4g] with 4G branch( Not master)
Just changed the "DOCKER_HOST_IP" But still do not have internet Access on UE!

Thanks
Best regards

[modyngs]

Also changed timezone of all components including dockers, Openstack VM, native ubuntu(for eNB) as ETC/UTC

root@ve:~# timedatectl
                      Local time: Sat 2021-04-17 13:33:32 UTC
                  Universal time: Sat 2021-04-17 13:33:32 UTC
                        RTC time: Sat 2021-04-17 13:33:33
                       Time zone: Etc/UTC (UTC, +0000)
       System clock synchronized: yes
systemd-timesyncd.service active: yes
                 RTC in local TZ: no
root@ve:~# docker exec -it 34a2a4672483 /bin/bash
root@34a2a4672483:/open5gs# cat /etc/timezone
Etc/UTC

[modyngs]

Even UE gets Ip address!

[herlesupreeth]

I found the reason why you dont have internet access. In the pcap attached here #33 (comment) the S1AP traffic is between NATed IP address of eNB (5.239.89.219) and your EPC at 192.168.1.141. However, the eNB is advertising in s1ap.InitialContextSetupResponse that its transportLayerAddress(IPv4) is 192.168.1.10. As a result of this the GTP traffic in Downlink (EPC to eNB direction) will be sent from 192.168.1.141 to 192.168.1.10 and EPC has no idea where to find 192.168.1.10 resulting in traffic flowing from internet only till EPC and not till eNB.

There are two options to fix this (i.e. if you want to stick with using OpenStack)

1. Create a IPSec VPN link between EPC (VPN server) and eNb (VPN client) and bind the eNB GTP-U and S1AP interface to the VPN tun interface created
2. Or, try adding static route in EPC as follows (although I doubt it will work as there are too many NATs)
   sudo ip r add 192.168.1.10 via 5.239.89.219

[modyngs]

@herlesupreeth
Thank you so much for your replay,

The 5.239.x.x is the dhcp Ip address from ISP, I do not have Dedicated ip in eNB side ( because i'm using fiber optic which bought from isp and i'm using modem (By LAN CABLE ) to connect eNB PC to the internet ( My modem has been assigned 192.168.1.10 to PC while Modem gets 5.239.x.x from ISP)

Can u give me hint for creating IPSEC tunnel?

is it possible to solve the issue By changing My Modem Ip address ? for example change 192.168.1.10 to 172.22.x.x which has no conflict with Core Ip address?

Thank you so much again
Best regard

[herlesupreeth]

Will suggest you a fix shortly

[modyngs]

It means i cannot add route ( Your second solution ), because it says

Nexthop has invalid gateway

[modyngs]

4- tried to install Dockerized VOLTE on CLoud and SRSLTE on Local PC

Here is My new test For scenario number 4

UE                =====>>>>>>       SRSLTE    ===>>> ISP DHCP IP add. ===>>>  OPENSTACK VM (Directly Connected To public Dedicated IP)
192.168.100.2       =====>>>>>>  192.168.1.6  ===>>>     5.74.x.x            ===>>>   46.102.129.83

in this scenario I have internet access

as before i did

sudo sysctl net.ipv4.conf.all.forwarding=1
sudo iptables -P FORWARD ACCEPT
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -I INPUT --source 10.45.0.0/16 -j ACCEPT
sudo iptables -t nat -I POSTROUTING --out-interface ens3 -j MASQUERADE
sudo iptables -I FORWARD --in-interface ens3 --out-interface ogstun -j ACCEPT
sudo iptables -I FORWARD --in-interface ogstun --out-interface ens3 -j ACCEPT
sudo ufw disable

For this Scenario of CORE, I just stopped the VM of scenario number 2 ( which was created few hours ago ) and in OpenStack made Snapshot of that VM. So then Created New VM based on the snapshot but with diffrent Ip address [this new VM just have Public Ip address and do not have floating or local Ip] and then signed into it and just changed the .env configs (HOST IP AND SGWU Advertise). then source that and compose up

So Now the interent is stable
Then i tried to add FOHSS configs through 46.102.129.83:8080
I did that and Also add ims APN in UE
and then Enabled VOLTE on UE

so Now i can see same connection rnti name ( twice rnti with the same ID ) in srsenb log file
But i can not see any VOLTE sign on UE ( in the past whenever i enabled VOLTE on UE i could see VOLTE Sign on top, beside 4G sign[ data connection ])

COTS UE is Samsung A42 and SDR is USRP B210
using Cloud [8vCPU,8GBRAM,20GBSSD] for dockerized volte with user "UBUNTU" (not running docker as root )
using local PC ( core i7 6700hq,16GBRAM,256GBSSD) for RAN
i'm using srsRAN (d0c3a4232 on branch master) with UHD ( MASTER branch [UHD_4.0.0.0-218-g0813efb9])

.
.
.
.

here are Core files:
Log.txt
configs.txt
PCAP: https://drive.google.com/file/d/1fuc7Zc9_EAnCc0V1z9itofl2HwdIP_Ic/view?usp=sharing

PCAP was more than 10MB so i upload it in Google DRIVE
.
.
.
.
.
.

RAN files:

[modyngs]

configs.zip
Made By srsenb.zip
enblog.txt
PCAP: https://drive.google.com/file/d/10-GOBwEs5q068Fj9ylnEsp6w302ehY_G/view?usp=sharing

As i said Before My Webui configs are like:

---------------------------------------------------------------------------------------------------------------------
| APN      | Type | QCI | ARP | Capability | Vulnerablility | MBR DL/UL(Kbps)     | GBR DL/UL(Kbps) | PGW IP        |
---------------------------------------------------------------------------------------------------------------------
| internet | IPv4 | 9   | 8   | Disabled   | Disabled       | 1GB/1GB |                 |               |
---------------------------------------------------------------------------------------------------------------------
| ims      | IPv4 | 5   | 1   | Disabled   | Disabled       | 3850/1530           |                 |               |
|          |      | 1   | 2   | Enabled    | Enabled        | 128/128             | 128/128         |               |
|          |      | 2   | 4   | Enabled    | Enabled        | 128/128             | 128/128         |               |
---------------------------------------------------------------------------------------------------------------------

But in DRB, i Do not have QCI 2! ( as you can see in Configs )
[I followed things on this link for configuring it [https://open5gs.org/open5gs/docs/tutorial/02-VoLTE-setup/][https://github.com/herlesupreeth/docker_open5gs/blob/master/srslte/drb.conf]

.
.

.

Also FOR FOHSS configuration i followed this
You can see the Diif here:

old@old:~/Desktop$ diff a.txt b.txt
59c59
< 2. sip:0198765432101@ims.mnc001.mcc001.3gppnetwork.org
---
> 2. sip:0198765432101
62c62
< Identity = sip:0198765432101@ims.mnc001.mcc001.3gppnetwork.org
---
> Identity = sip:0198765432101

a.txt
b.txt

MY configuration For FOHSS is b.txt

[modyngs]

Can u please Confirm if i'm doing FOHSS and DRB configuration in the right way?

Also Please Lemme Know if Scenario Number 1 and 3 is needed

Thanks
Best regards

[modyngs]

I Now Also add QCI 2 in DRB
and can see these on CORE LOGS:

at 105185765
mme          | 05/05 14:56:16.873: [mme] INFO: [Added] Number of MME-Sessions is now 2 (../src/mme/mme-context.c:3234)
sgwc         | 05/05 14:56:16.874: [sgwc] INFO: [Added] Number of SGWC-Sessions is now 2 (../src/sgwc/context.c:849)
sgwu         | 05/05 14:56:16.875: [sgwu] INFO: UE F-SEID[CP:0x3 UP:0x3] (../src/sgwu/context.c:144)
sgwu         | 05/05 14:56:16.875: [sgwu] INFO: [Added] Number of SGWU-Sessions is now 2 (../src/sgwu/context.c:149)
smf          | 05/05 14:56:16.876: [smf] INFO: [Added] Number of SMF-Sessions is now 2 (../src/smf/context.c:2400)
smf          | 05/05 14:56:16.877: [smf] INFO: UE IMSI[001010123456792] APN[ims] IPv4[192.168.101.2] IPv6[] (../src/smf/s5c-handler.c:162)
upf          | 05/05 14:56:16.887: [upf] INFO: [Added] Number of UPF-Sessions is now 2 (../src/upf/context.c:158)
upf          | 05/05 14:56:16.887: [upf] INFO: UE F-SEID[CP:0x3 UP:0x3] APN[ims] PDN-Type[1] IPv4[192.168.101.2] IPv6[] (../src/upf/context.c:339)
smf          | 05/05 14:56:16.888: [smf] WARNING: Unknown PCO ID:(0x2) (../src/smf/context.c:2349)
smf          | 05/05 14:56:16.888: [smf] WARNING: Unknown PCO ID:(0x1a) (../src/smf/context.c:2349)
smf          | 05/05 14:56:16.888: [smf] WARNING: Unknown PCO ID:(0x23) (../src/smf/context.c:2349)
smf          | 05/05 14:56:16.888: [smf] WARNING: Unknown PCO ID:(0x24) (../src/smf/context.c:2349)
pcscf        | 101(134) NOTICE: <script>: PCSCF: REGISTER sip:ims.mnc001.mcc001.3gppnetwork.org (sip:001010123456792@ims.mnc001.mcc001.3gppnetwork.org (192.168.101.2:37723) to sip:001010123456792@ims.mnc001.mcc001.3gppnetwork.org, feE7NyUiEwhq_Jr40wLhXQ..@192.168.101.2)
pcscf        | 101(134) INFO: rr [rr_mod.c:515]: pv_get_route_uri_f(): No route header present.
pcscf        | 101(134) NOTICE: <script>: PCSCF REGISTER:
pcscf        |  Destination URI: <null>
pcscf        |  Request URI: sip:ims.mnc001.mcc001.3gppnetwork.org
pcscf        | 101(134) INFO: rr [rr_mod.c:515]: pv_get_route_uri_f(): No route header present.
pcscf        | 101(134) NOTICE: <script>: Source IP and Port: (192.168.101.2:37723)
pcscf        |  Route-URI:
pcscf        | 101(134) NOTICE: <script>: Received IP and Port: (172.22.0.21:5060)
pcscf        | 101(134) NOTICE: <script>: Contact header: <sip:001010123456792@192.168.101.2:5060>;+sip.instance="<urn:gsma:imei:35132542-524972-0>";q=1.0;+g.3gpp.icsi-ref="urn%3Aurn-7%3A3gpp-service.ims.icsi.mmtel";+g.3gpp.smsip
pcscf        | 101(134) INFO: ims_registrar_pcscf [sec_agree.c:296]: cscf_get_security_verify(): No security-verify parameters found
icscf        | 31(57) INFO: ims_icscf [cxdx_uar.c:71]: create_uaa_return_code(): created AVP successfully : [uaa_return_code]
fhoss        | Exception in thread "Thread-13" java.lang.NullPointerException
fhoss        |  at de.fhg.fokus.hss.cx.op.UAR.processRequest(UAR.java:277)
fhoss        |  at de.fhg.fokus.hss.main.Task.execute(Task.java:169)
fhoss        |  at de.fhg.fokus.hss.main.Worker.run(Worker.java:66)
icscf        | 28(54) ERROR: ims_icscf [cxdx_uar.c:107]: async_cdp_uar_callback(): Error timeout when  sending message via CDP
icscf        | 28(54) WARNING: tm [t_suspend.c:192]: t_continue_helper(): active transaction not found
scscf        |  5(35) DEBUG: ims_dialog [dlg_handlers.c:1923]: print_all_dlgs(): ******************** 5(35) DEBUG: ims_dialog [dlg_handlers.c:1924]: print_all_dlgs(): printing 4096 dialogs
scscf        |  5(35) DEBUG: ims_dialog [dlg_handlers.c:1934]: print_all_dlgs(): ******************** 5(35) DEBUG: ims_auth [authorize.c:187]: reg_await_timer(): Looking for expired/useless at 105185775
scscf        |  5(35) DEBUG: ims_auth [authorize.c:232]: reg_await_timer(): [DONE] Looking for expired/useless at 105185775

Looks like there is an error in CDP
ERROR: ims_icscf [cxdx_uar.c:107]: async_cdp_uar_callback(): Error timeout when sending message via CDP

[herlesupreeth]

I do not have internet connection while i did all of following in both eNB ( on local PC) and Core(Dockerized Volte on cloud)

sudo sysctl net.ipv4.conf.all.forwarding=1
sudo iptables -P FORWARD ACCEPT
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -I INPUT --source 10.45.0.0/16 -j ACCEPT
sudo iptables -t nat -I POSTROUTING --out-interface ens3 -j MASQUERADE
sudo iptables -I FORWARD --in-interface ens3 --out-interface ogstun -j ACCEPT
sudo iptables -I FORWARD --in-interface ogstun --out-interface ens3 -j ACCEPT
sudo ufw disable

Do NOT run this if you are using docker_open5gs repository as its already been executed inside the container. I dont understand why you are executing the above in eNB (its meaningless, so please dont run it on eNB)

[herlesupreeth]

MY configuration For FOHSS is b.txt

a.txt is the correct one.

[modyngs]

a.txt is the correct one.

Thanks

So this is My FOHSS configs

[modyngs]

Also Add QCI 2 as Follows in srsran/drb.conf

{
  qci=2;
  pdcp_config = {
    discard_timer = 100;
    pdcp_sn_size = 12;
  }
  rlc_config = {
    ul_um = {
      sn_field_length = 10;
    };
    dl_um = {
      sn_field_length = 10;
      t_reordering    = 50;
    };
  };
  logical_channel_config = {
    priority = 2;
    prioritized_bit_rate   = -1;
    bucket_size_duration  = 100;
    log_chan_group = 1;
  };
},

I dont understand why you are executing the above in eNB

Yea you are right. i was wrong
In eNB for scenaio number 2 i did that and just repeat it wrongly! wanted just wanted to forward ipv4

In Core run that because i'm using cloud so tried to forward ipv4

Thanks

[modyngs]

a.txt is the correct one.

I run that again But the same thing happened as #33 (comment)

Each time this will happen:

scscf        |  5(36) DEBUG: ims_dialog [dlg_handlers.c:1923]: print_all_dlgs(): ******************** 5(36) DEBUG: ims_dialog [dlg_handlers.c:1924]: print_all_dlgs(): printing 4096 dialogs
scscf        |  5(36) DEBUG: ims_dialog [dlg_handlers.c:1934]: print_all_dlgs(): ******************** 5(36) DEBUG: ims_auth [authorize.c:187]: reg_await_timer(): Looking for expired/useless at 115544661
scscf        |  5(36) DEBUG: ims_auth [authorize.c:232]: reg_await_timer(): [DONE] Looking for expired/useless at 115544661
scscf        |  5(36) DEBUG: ims_dialog [dlg_handlers.c:1923]: print_all_dlgs(): ******************** 5(36) DEBUG: ims_dialog [dlg_handlers.c:1924]: print_all_dlgs(): printing 4096 dialogs
scscf        |  5(36) DEBUG: ims_dialog [dlg_handlers.c:1934]: print_all_dlgs(): ******************** 5(36) DEBUG: ims_auth [authorize.c:187]: reg_await_timer(): Looking for expired/useless at 115544671
scscf        |  5(36) DEBUG: ims_auth [authorize.c:232]: reg_await_timer(): [DONE] Looking for expired/useless at 115544671
scscf        |  5(36) DEBUG: ims_dialog [dlg_handlers.c:1923]: print_all_dlgs(): ******************** 5(36) DEBUG: ims_dialog [dlg_handlers.c:1924]: print_all_dlgs(): printing 4096 dialogs
scscf        |  5(36) DEBUG: ims_dialog [dlg_handlers.c:1934]: print_all_dlgs(): ******************** 5(36) DEBUG: ims_auth [authorize.c:187]: reg_await_timer(): Looking for expired/useless at 115544681
scscf        |  5(36) DEBUG: ims_auth [authorize.c:232]: reg_await_timer(): [DONE] Looking for expired/useless at 115544681
pcscf        | 108(142) NOTICE: <script>: PCSCF: REGISTER sip:ims.mnc001.mcc001.3gppnetwork.org (sip:001010123456792@ims.mnc001.mcc001.3gppnetwork.org (192.168.101.2:34485) to sip:001010123456792@ims.mnc001.mcc001.3gppnetwork.org, vW17dlVFJ5OfpIS458n9fQ..@192.168.101.2)
pcscf        | 108(142) INFO: rr [rr_mod.c:515]: pv_get_route_uri_f(): No route header present.
pcscf        | 108(142) NOTICE: <script>: PCSCF REGISTER:
pcscf        |  Destination URI: <null>
pcscf        |  Request URI: sip:ims.mnc001.mcc001.3gppnetwork.org
pcscf        | 108(142) INFO: rr [rr_mod.c:515]: pv_get_route_uri_f(): No route header present.
pcscf        | 108(142) NOTICE: <script>: Source IP and Port: (192.168.101.2:34485)
pcscf        |  Route-URI:
pcscf        | 108(142) NOTICE: <script>: Received IP and Port: (172.22.0.21:5060)
pcscf        | 108(142) NOTICE: <script>: Contact header: <sip:001010123456792@192.168.101.2:5060>;+sip.instance="<urn:gsma:imei:35132542-524972-0>";q=1.0;+g.3gpp.icsi-ref="urn%3Aurn-7%3A3gpp-service.ims.icsi.mmtel";+g.3gpp.smsip
pcscf        | 108(142) INFO: ims_registrar_pcscf [sec_agree.c:296]: cscf_get_security_verify(): No security-verify parameters found
icscf        | 31(57) INFO: ims_icscf [cxdx_uar.c:71]: create_uaa_return_code(): created AVP successfully : [uaa_return_code]
fhoss        | Exception in thread "Thread-13" java.lang.NullPointerException
fhoss        |  at de.fhg.fokus.hss.cx.op.UAR.processRequest(UAR.java:277)
fhoss        |  at de.fhg.fokus.hss.main.Task.execute(Task.java:169)
fhoss        |  at de.fhg.fokus.hss.main.Worker.run(Worker.java:66)
scscf        |  5(36) DEBUG: ims_dialog [dlg_handlers.c:1923]: print_all_dlgs(): ******************** 5(36) DEBUG: ims_dialog [dlg_handlers.c:1924]: print_all_dlgs(): printing 4096 dialogs
scscf        |  5(36) DEBUG: ims_dialog [dlg_handlers.c:1934]: print_all_dlgs(): ******************** 5(36) DEBUG: ims_auth [authorize.c:187]: reg_await_timer(): Looking for expired/useless at 115544691
scscf        |  5(36) DEBUG: ims_auth [authorize.c:232]: reg_await_timer(): [DONE] Looking for expired/useless at 115544691
icscf        | 28(54) ERROR: ims_icscf [cxdx_uar.c:107]: async_cdp_uar_callback(): Error timeout when  sending message via CDP
icscf        | 28(54) WARNING: tm [t_suspend.c:192]: t_continue_helper(): active transaction not found
scscf        |  5(36) DEBUG: ims_dialog [dlg_handlers.c:1923]: print_all_dlgs(): ******************** 5(36) DEBUG: ims_dialog [dlg_handlers.c:1924]: print_all_dlgs(): printing 4096 dialogs
scscf        |  5(36) DEBUG: ims_dialog [dlg_handlers.c:1934]: print_all_dlgs(): ******************** 5(36) DEBUG: ims_auth [authorize.c:187]: reg_await_timer(): Looking for expired/useless at 115544701
scscf        |  5(36) DEBUG: ims_auth [authorize.c:232]: reg_await_timer(): [DONE] Looking for expired/useless at 115544701
scscf        |  5(36) DEBUG: ims_dialog [dlg_handlers.c:1923]: print_all_dlgs(): ******************** 5(36) DEBUG: ims_dialog [dlg_handlers.c:1924]: print_all_dlgs(): printing 4096 dialogs
scscf        |  5(36) DEBUG: ims_dialog [dlg_handlers.c:1934]: print_all_dlgs(): ******************** 5(36) DEBUG: ims_auth [authorize.c:187]: reg_await_timer(): Looking for expired/useless at 115544711
scscf        |  5(36) DEBUG: ims_auth [authorize.c:232]: reg_await_timer(): [DONE] Looking for expired/useless at 115544711

[modyngs]

dear @herlesupreeth
Have you managed to check my pcaps or logs?

This is Also My SecurityGroup in openstack

All are Open

.
.
.

I'm using cloud image for my VM in Openstack [https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img]

Should it be because of that?

[modyngs]

Hello again,

We've got The Problem solved by adding IPTABLE in UPF Container
Or you can Fix it before running docker-compose up as bellow:

ADD this to UPF_INIT.SH after python3s
$nano docker_open5gs/upf/upf_init.sh
########################################################################
iptables -t nat -A OUTPUT -p udp -d $SGWU_ADVERTISE_IP --dport 2152 -j DNAT --to-destination $SGWU_IP:2152
########################################################################

@herlesupreeth is it possible to add this in repo?
in this way internet access is possible

Thanks
Best regards

[herlesupreeth]

@modyngs I dont think this is needed if UPF and SGWU is running in the same VM. Cam you send me a pcap for this? I mean UE registration pcap

[modyngs]

Yea, they are in the same VM, the UPF sends packets to 46.102.143.x while it can not access the interface as UPF advertise IP is Not set for NSA
So this should be forwarded to sgwu and then via SGWU ADVERTISE IP to UE

I'll send it in few minutes. can you also check this ( #37) in between please?

[herlesupreeth]

I have an example pcap here, where eNb is running at 172.30.200.48 and docker_open5gs running at 172.30.200.223. and if you follow the GTP packets from 1359 till 1395 i see UPF properly sending the packets to SGWU internal address and from SGWU to UE via advertised address.
external_eNB.zip

This setup does not use openstack..its purely based on physical machine running in 172.30.200.0/24 subnet

[modyngs]

@herlesupreeth
Hi again

This is the same structure with the same VM on the same Docker, just comment that line
So it is NO NET scenario
EPC.zip

I'll send the successful Pcap after adding that line on the same VM and same Docker, just add that line

I have an example pcap here, where eNb is running at 172.30.200.48 and docker_open5gs running at 172.30.200.223. and if you follow the GTP packets from 1359 till 1395 i see UPF properly sending the packets to SGWU internal address and from SGWU to

I think its Not Running Over OpenStack!
Sorry Just saw you said its not running over Openstack.

So the problem is with Openstack. its fine in other setups

[modyngs]

Success.zip

Sorry for late

[modyngs]

i see UPF properly sending the packets to SGWU internal address and from SGWU to UE via advertised address.

I do not know whats wrong with Openstack in that case!
but we enter UPF container and saw that packets stuck there!

So u can also add that manually by
docker exec -it upf /bin/bash
iptables -nvL --line-number && iptables -t nat -nvL --line-number
iptables -t nat -A OUTPUT -p udp -d 46.102.143.93 --dport 2152 -j DNAT --to-destination 172.22.0.6:2152

[herlesupreeth]

Thanks for the pcap, i still dont think this issue could arise from using openstack.. looks like a residual NAT rule in your VM

[modyngs]

Anytime
@herlesupreeth as shown here #33 (comment)
all policies are open
No restriction
Also checked IPTABLES on VM, there was notting wrong! I do not know. maybe sth else. even in New VMs this may happen. also tested this with other repos. this is the same behaivior

Can you give hint on this issue? #37

Thanks
Best regards

[modyngs]

Dear @herlesupreeth

Hi again, Sorry for opening an old issue,

Thanks for you recommendation in open5gs/open5gs#1341 (comment)

but i saw this issue here that the same problem was solved for SRSLTE in #33 (comment) by adding GTP Advertise address in SRSLTE repo

I'm using OAI gNB for the RAN and open5GS as my core setup for 5G SA

the actual setup is now like bellow:

      UE      =====>>>>>>         OAI( gNB)      ===>>>   ISP DHCP IP add. (gNB side)   ===>>> OPENSTACK ( VM Floating IP)     ==>>>      VM ( Core_ All open5gs components on a single VM )     

10.45.0.2      =====>>>>>>        192.168.1.6      ===>>>          80.210.x.x            ===>>>         31.7..x.x                  ==>>>        10.10.10.115

I've set the Advertise Ip in UPF and all the forwardings are set! but still do not have internet access.

If it is possible to do the same thing on OAI code as done for SRSLTE, that would be really amazing.
There is no issue while deploying on LOCAL pcs! ( i mean the gNB and 5G core on the same network )

Also, I've installed the Quicktun in both sides ( CORE[openstack] & RAN ) but is there any configurations should be changed in gNB or AMF_UPF ?

Thanks
Best regards

[bhuvaneshnexn]

Dear @herlesupreeth
My UE get connected to dockerized core network, but it does not have internet even my core machine have internet access.
core IP- 172.18.1.225
enb -172.18.1.210
Thanks ,
Bhuvaneshnexn

[herlesupreeth]

@bhuvaneshnexn please post a pcap file so that I can get complete picture of the issue. Also, describe your setup, send your .env file used

[s21sm]

I had same issue for 5G SA setup. UE registration was OK but no internet access. When my AMF is

amf:
  addr: 10.53.1.2                  # The address or hostname of the AMF.
  bind_addr: 10.53.1.1             # A local IP that the gNB binds to for traffic from the AMF.

and my UE IPs are in this range 10.45.0.0/16 (e.g., exactly 10.45.1.2 ) following route to the UE solved my problem

sudo ip ro add 10.45.0.0/16 via 10.53.1.2

Now I have internet access on my UE via USRP gNB