Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

free5gc-compose with UERANSIM, UE cannot connect to the internet #26

Closed
JingqiHuang opened this issue Apr 1, 2021 · 13 comments
Closed

Comments

@JingqiHuang
Copy link

JingqiHuang commented Apr 1, 2021

Hi!

I am following the installation and connected it to the UERANSIM. The docker-compose version of free5gc and UERANSIM are installed in the same PC. The free5gc-compose did not have any error and PDU session is established successfully, but I cannot ping google.com using uesimtun0 interface.

After running ‘sudo docker-compose up’ and before I start UERANSIM, I also enter the following in my host PC

sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE
sudo systemctl stop ufw
sudo iptables -I FORWARD 1 -j ACCEPT

But still, I cannot ping google.com using “ping -I uesimtun0 google.com”. I attach pcap file of (possibly) N3 and N6 interface, and uesimtun0 in the file pcaps.zip. Basically, they only have ICMP request but no response.

Does anyone know what is happening and how can I solve this? Thank you very much!!!

pcaps.zip

@JingqiHuang JingqiHuang changed the title Stage 3 free5gc-compose with UERANSIM, UE cannot connect to the internet free5gc-compose with UERANSIM, UE cannot connect to the internet Apr 1, 2021
@JingqiHuang
Copy link
Author

JingqiHuang commented Apr 1, 2021

Update: Not sure which steps are effective, but my case is solved by entering the bash of all UPFs and executing

iptables -t nat -A POSTROUTING -o eth0  -j MASQUERADE
iptables -I FORWARD 1 -j ACCEPT

@manoj1919
Copy link

manoj1919 commented Jun 17, 2021

I have the same problem. I am also looking for alternatives to automatically connect gnb and ue. so I tried adding these two lines

iptables -t nat -A POSTROUTING -o eth0  -j MASQUERADE
iptables -I FORWARD 1 -j ACCEPT

in the Dockerfile in NF_UPF folder. But it gives me following error.

can't initialize iptables table 'nat': Permission denied (you must be root)
has anyone found an elegant way of doing this instead of entering bash of each UPF?
Thank you

@raoufkh
Copy link

raoufkh commented Jun 17, 2021

Hello

iptables rules cannot be set at the docker image building step. You have to write a wrapper script like it is currently done for the n3iwf.

Feel free to take a look at the script I use for my implementation on Kubernetes

@manoj1919
Copy link

@raoufkh , Thank you so much. It worked.
@JingqiHuang , This is what i did, just in case you need it:
I created a shell script "upf-iptables.sh" in config folder. The contents of this file are:

    #!/bin/sh
    
    ### UPF IPtables forwarding rules configuration
    
    
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    iptables -I FORWARD 1 -j ACCEPT

and I modified the upf services docker-compose.yaml as follows:


services:
  free5gc-upf-1:
    container_name: upf
    build:
      context: ./nf_upf
      args:
        DEBUG_TOOLS: "false"
    command: sh -c "chmod +x upf-iptables.sh && ./upf-iptables.sh && ./free5gc-upfd -f ../config/upfcfg.yaml"
    volumes:
      - ./config/upfcfg1.yaml:/free5gc/config/upfcfg.yaml
      - ./config/upf-iptables.sh:/free5gc/free5gc-upfd/upf-iptables.sh
    cap_add:
      - NET_ADMIN
    networks:
      privnet:
        aliases:
          - upf1.free5gc.org

This made the complete setup ready for UERANSIM connections. And I am able to ping google using the command ping -I uesimtun0 google.com.

Thanks @raoufkh again. You saved the day.

@raoufkh
Copy link

raoufkh commented Jun 17, 2021

@manoj1919, you're welcome!

For me, I had to add some commands because it was an multi-interface implementation (eth0, n4, n3, n9, n6 was different interfaces). This is why I've created a routing table for packets coming from the UE subnet by setting the default route to n6 interface in that routing table.

@abousselmi
Copy link
Collaborator

I will add this to the documentation of the project. Closing this issue now.

@agr-priyanshu
Copy link

agr-priyanshu commented Jun 24, 2021

There seems to be an issues with this approach.

The default image doesn't contain iptables so it looks like the image for UPF needs modification. @manoj1919 did you do this as well?

@JingqiHuang
Copy link
Author

There seems to be an issues with this approach.

The default image doesn't contain iptables so it looks like the image for UPF needs modification. @manoj1919 did you do this as well?

@agr-priyanshu Hi, you have to install iptables for UPFs.

@JingqiHuang
Copy link
Author

JingqiHuang commented Jun 24, 2021

@raoufkh , Thank you so much. It worked.
@JingqiHuang , This is what i did, just in case you need it:
I created a shell script "upf-iptables.sh" in config folder. The contents of this file are:

    #!/bin/sh
    
    ### UPF IPtables forwarding rules configuration
    
    
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    iptables -I FORWARD 1 -j ACCEPT

and I modified the upf services docker-compose.yaml as follows:


services:
  free5gc-upf-1:
    container_name: upf
    build:
      context: ./nf_upf
      args:
        DEBUG_TOOLS: "false"
    command: sh -c "chmod +x upf-iptables.sh && ./upf-iptables.sh && ./free5gc-upfd -f ../config/upfcfg.yaml"
    volumes:
      - ./config/upfcfg1.yaml:/free5gc/config/upfcfg.yaml
      - ./config/upf-iptables.sh:/free5gc/free5gc-upfd/upf-iptables.sh
    cap_add:
      - NET_ADMIN
    networks:
      privnet:
        aliases:
          - upf1.free5gc.org

This made the complete setup ready for UERANSIM connections. And I am able to ping google using the command ping -I uesimtun0 google.com.

Thanks @raoufkh again. You saved the day.

@manoj1919 Hi. thanks! I did not get the chance to check the message on Github.. my comment just gave a direction to the solution since there might be several implementations.. Anyway, thanks again for sharing!

@agr-priyanshu
Copy link

There seems to be an issues with this approach.
The default image doesn't contain iptables so it looks like the image for UPF needs modification. @manoj1919 did you do this as well?

@agr-priyanshu Hi, you have to install iptables for UPFs.

Thanks @JingqiHuang, I updated the UPF DockerFile to install iptables package and it worked. Thanks for these pointers, they really helped in enabling the traffic pass thorugh.

@abousselmi abousselmi reopened this Jun 25, 2021
abousselmi added a commit that referenced this issue Jun 25, 2021
As suggested in #26 
this adds iptables to the UPF image to allow additional configuration for 
packet forwarding through the UPF
@abousselmi
Copy link
Collaborator

Thank you @JingqiHuang @raoufkh @manoj1919 @agr-priyanshu. iptables is now included in the UPF dockerfile.

@free5gc-org
Copy link
Contributor

This issue has been mentioned on free5GC. There might be relevant details there:

https://forum.free5gc.org/t/ping-from-ueransim-vm-to-free5gc-compose/1203/6

@free5gc-org
Copy link
Contributor

This issue has been mentioned on free5GC. There might be relevant details there:

http://forum.free5gc.org/t/ue-unable-to-ping-8-8-8-8/2307/7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants