Actions
Customisation¶
femtocell parts (see Partitions):- the OS is in
kernel
androotfs
- the radio applications are in
apps
. - the operator network configuration is in
unidata
- the femtocell configuration is in
data
- the server certificate is in
cert/segw_ca.pem
- the client/femtocell certificate is in
cert/hnb.pem
- the hostname is either in the server certificate, the local configuration (see below), or hard coded in
/APP/bin/oamc_start
(I'm not sure which one is used in which order)
The configuration is stored in SQLite database /data/tr106.db
and /data/tr196.db
(in table Parameters
).
This should be settable remotely, once the femtocell connected to the operator's Home Management Server (HMS) behind the SeGW.
IPsec¶
You need to configure ipsec (Strongswan)
- create own IPsec certificates (on local machine)
- create CA
ipsec pki --gen --type rsa --size 4096 --outform pem > /etc/ipsec.d/private/ca_key.pem sudo ipsec pki --self --ca --lifetime 3650 --in /etc/ipsec.d/private/ca_key.pem --type rsa --dn "C = UK, O = Vodafone Group, CN = Vodafone" --outform pem > /etc/ipsec.d/certs/ca_cert.pem
- create server certificate
ipsec pki --gen --type rsa --size 2048 --outform pem > server_key.pem ipsec pki --pub --in server_key.pem --type rsa | ipsec pki --issue --lifetime 365 --cacert ca_cert.pem --cakey ca_key.pem --dn "C = UK, O = Vodafone Group, CN = Vodafone" --flag serverAuth --flag ikeIntermediate --outform pem > server_cert.pem
- copy ipsec certificate to femtocell
scp -i /tmp/femto_id_rsa -o KexAlgorithms=diffie-hellman-group1-sha1 server_cert.pem root@192.168.23.120:/tmp/segw_ca.pem
- create CA
- on the femtocell (using original image, with root access):
- stop ipsec (charon, from strongswan) before reconfiguring it
killall starter
- copy watchdog trigger before unmounting the partition
cp /APP/dev_only/wdretrigger.sh /tmp/wdretrigger.sh
- periodically kick dog
/tmp/wdretrigger.sh & sleep 10
- stop monitor, monitor_start, oam_start, rnc_start
/APP/dev_only/stop.sh
- prepare own APP folder
umount /APP mkdir /tmp/APP mount /dev/mtdblock10 /tmp/APP mount -t ramfs ramfs /APP cp -r /tmp/APP/* /APP/ rm /APP/cert mkdir /APP/cert cp /tmp/APP/cert/hnb.pem /APP/cert/ cp /tmp/segw_ca.pem /APP/cert/
- set date for certificate to be valid
date -s 2017.07.25-15:00:00
- stop ipsec (charon, from strongswan) before reconfiguring it
You can see what is going on by reading the logs produces by these applications using /sbin/logread -f
Updated by tsaitgaist over 6 years ago · 1 revisions