Customisation¶

femtocell parts (see Partitions):

• the OS is in kernel and rootfs
• the radio applications are in apps.
• the operator network configuration is in unidata
• the femtocell configuration is in data

To access the operator network you have to configure the security gateway (SeGW) on the femtocell (it uses ipsec):

• the server certificate is in cert/segw_ca.pem
• the client/femtocell certificate is in cert/hnb.pem
• the hostname is either in the server certificate, the local configuration (see below), or hard coded in /APP/bin/oamc_start (I'm not sure which one is used in which order)

The configuration is stored in SQLite database /data/tr106.db and /data/tr196.db (in table Parameters).
This should be settable remotely, once the femtocell connected to the operator's Home Management Server (HMS) behind the SeGW.

IPsec¶

You need to configure ipsec (Strongswan)

• create own IPsec certificates (on local machine)
  • create CA
    

    ipsec pki --gen --type rsa --size 4096 --outform pem > /etc/ipsec.d/private/ca_key.pem
    sudo ipsec pki --self --ca --lifetime 3650 --in /etc/ipsec.d/private/ca_key.pem --type rsa --dn "C = UK, O = Vodafone Group, CN = Vodafone" --outform pem > /etc/ipsec.d/certs/ca_cert.pem
    

  • create server certificate
    

    ipsec pki --gen --type rsa --size 2048 --outform pem  > server_key.pem
    ipsec pki --pub --in server_key.pem --type rsa |  ipsec pki --issue --lifetime 365 --cacert ca_cert.pem --cakey ca_key.pem --dn "C = UK, O = Vodafone Group, CN = Vodafone" --flag serverAuth --flag ikeIntermediate --outform pem > server_cert.pem
    

  • copy ipsec certificate to femtocell
    

    scp -i /tmp/femto_id_rsa -o KexAlgorithms=diffie-hellman-group1-sha1 server_cert.pem root@192.168.23.120:/tmp/segw_ca.pem
    

• on the femtocell (using original image, with root access):
  • stop ipsec (charon, from strongswan) before reconfiguring it
    

    killall starter
    

  • copy watchdog trigger before unmounting the partition
    

    cp /APP/dev_only/wdretrigger.sh /tmp/wdretrigger.sh
    

  • periodically kick dog
    

    /tmp/wdretrigger.sh &
    sleep 10
    

  • stop monitor, monitor_start, oam_start, rnc_start
    

    /APP/dev_only/stop.sh
    

  • prepare own APP folder
    

    umount /APP
    mkdir /tmp/APP
    mount /dev/mtdblock10 /tmp/APP
    mount -t ramfs ramfs /APP
    cp -r /tmp/APP/* /APP/
    rm /APP/cert
    mkdir /APP/cert
    cp /tmp/APP/cert/hnb.pem /APP/cert/
    cp /tmp/segw_ca.pem /APP/cert/
    

  • set date for certificate to be valid
    

    date -s 2017.07.25-15:00:00
    

You can see what is going on by reading the logs produces by these applications using /sbin/logread -f