Project

General

Profile

Actions

Bug #5868

open

Create a proof-of-concept to forward traffic from IPsec into a GTP tunnel

Added by lynxis 6 days ago. Updated 6 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
01/21/2023
Due date:
% Done:

0%


Description

The UEs traffic (SIP/TCP/IP) arrives at the ePDG as IPsec traffic.
All the traffic from a single UE must be converted from IPsec encapsulation into GTP encapsulation.

As prototype a setup of a couple vms would be a good starting point

- UE (IPsec client)
- EPDG (IPsec server, forwards traffic to a GTP tunnel)
- PGW (GTP tunnel endpoint)
- IMS (http, icmp, .. endpoint in this example)

The interesting part to test. Can linux configured to decapsulate IPsec traffic and encapsulate it in GTP and vice versa?

Further we will have multiple APNs/PGW connections, meaning multiple GTP interfaces.
If we can't connect the IPsec tunnel with a GTP tunnel direct (which I doubt) it would mean we have a lot of `ip rule`s on the machine.

Maybe we would have only a single `ip rule` for every APN.
Or we could use eBPF or XDP for it and only have lookup tables maintained by the user space?


Related issues

Related to osmo-ePDG - VoWifi Evolved Packet Data Gateway - Feature #5861: extend charon with external authentication interfaceStalledlynxis01/17/2023

Actions
Actions #1

Updated by lynxis 6 days ago

  • Status changed from New to In Progress
Actions #2

Updated by lynxis 6 days ago

  • Related to Feature #5861: extend charon with external authentication interface added
Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)