7lab

From Tmplab
Revision as of 18:29, 16 April 2009 by Phil (talk | contribs) (Intel / Dialogic SS7 stack)

Intro

Testing with:

  • Dynagen & Dynamips (GNS3 not yet working on my Mac)

Future:

  • Asterisk with chan-ss7
  • Intel SS7 stack
  • OpenSS7 new release
  • Kannel

Network

Addressing

tmp (France)

  • 10.42.0-9.x
  • R1 dynamips Cisco ITP
    • 10.0.0.150
    • 10.42.1.1
    • PC: 4.2.1
    • x25: x25routerR1 250
  • R2 dynamips Cisco ITP
    • 10.0.0.160
    • 10.42.2.1
    • PC: 4.2.2
    • x25: x25routerR2 150

Bangkok (Thailand)

  • 10.42.32.x
  • kin 10.211.55.7
  • mac (parallels 10.211.55.3) 10.42.32.2 VM: 10.42.32.102
  • kiwi 10.42.32.1 VM: 10.42.32.101

tw (Taiwan)

  • 10.42.50-59.x

Source Configuration


Installation

OpenSS7

On Ubuntu 8.04 (only this version, highly kernel version dependent)

apt-get install groff-base info bison flex
apt-get install linux-libc-dev libc6-dev libperl-dev
./configure --without-snmp
make
make install

M3UA

  • Check /home/user/openss7-0.9.2.G/sigtran-0.9.2.4/src/modules/m3ua_as.c

SCTPlib

kextload /System/Library/Extensions/SCTP.kext
  • In order to compile the examples programs (echo_tool etc...) with SCTPlib:
gcc -DHAVE_CONFIG_H -I. -I../.. -I./../sctp  -I/opt/local/include/glib-2.0 \ 
 -I/opt/local/lib/glib-2.0/include -I/opt/local/include    -g -O2 \
 -I/opt/local/include/glib-2.0 -I/opt/local/lib/glib-2.0/include \ 
 -I/opt/local/include   -DDARWIN -DUSE_SELECT -Wall -g3 -O0 -D_REENTRANT \
 -D_THREAD_SAFE  -o echo_server echo_server.c sctp_wrapper.c  -lsctplib

gcc -DHAVE_CONFIG_H -I. -I../.. -I./../sctp  -I/opt/local/include/glib-2.0 \
 -I/opt/local/lib/glib-2.0/include -I/opt/local/include    -g -O2 \
 -I/opt/local/include/glib-2.0 -I/opt/local/lib/glib-2.0/include \
 -I/opt/local/include   -DDARWIN -DUSE_SELECT -Wall -g3 -O0 -D_REENTRANT \
 -D_THREAD_SAFE  -o echo_tool echo_tool.c sctp_wrapper.c  -lsctplib
  • NKE and SCTPlib are mutually exclusive.

Intel / Dialogic SS7 stack

Configuration differences

# diff /mnt/remote/Documents/7bone/intel-stacks/upd/RUN/MTR/M2PA_CONFIG/config.txt /mnt/remote/Documents/7bone/intel-stacks/upd/RUN/MTU/M2PA_CONFIG/config.txt
6c6,8
< CNSYS:IPADDR=192.168.0.2,PER=0;
---
> CNSYS:IPADDR=192.168.0.1,PER=0;
> *
> SNSLI:SNLINK=1,IPADDR=192.168.0.2,SNEND=C,SNTYPE=M2PA,M2PA=1,PPORT=3565;
8,9d9
< SNSLI:SNLINK=1,IPADDR=192.168.0.1,SNEND=S,SNTYPE=M2PA,M2PA=1,PPORT=3565;
< *
16,17c16,17
< * <ssf>
< MTP_LINKSET  0  1  1  0x0000 2 0x08
---
> *             <ssf>
> MTP_LINKSET  0  2  1  0x0000 1 0x08
26c26
< MTP_ROUTE  1  0  0x0008
---
> MTP_ROUTE  2  0  0x0008
31c31

Configurations

(to be updated, testing now)

we will use tcp port 1337 (or should we use something more common like 80 or 53, 443?) for openvpn configuration. So your firewall should allow this port out.

OpenVPN Certificates

coming

OpenVPN Client configs

client dev tap proto tcp remote lab.tstf.net 1337 resolv-retry infinite nobind persist-key persist-tun comp-lzo ns-cert-type server user nobody group nogroup ca ca.crt cert client.crt key client.key

OpenVPN Server configs

local [EXTERNALIP] port 1337 proto tcp dev tap0

  1. we'll add section how to manage certs later

ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh2048.pem

  1. this will allow for people to get the same IP address after a reconnect

ifconfig-pool-persist /etc/openvpn/ipp.txt

keepalive 10 120 comp-lzo max-clients 10 user nobody group nobody persist-key persist-tun status /tmp/openvpn-status.log log-append /var/log/openvpn.log verb 6


Cisco ITP

  1. cs7 variant itu
  2. cs7 point-code 1.2.3
  3. Maybe: cs7 capability-pc 1.2.3

Testing

Security

XOT