Difference between revisions of "7lab"
From Tmplab
(→OpenVPN Client configs) |
(→Cisco ITP) |
||
Line 262: | Line 262: | ||
log-append /var/log/openvpn.log | log-append /var/log/openvpn.log | ||
verb 6 | verb 6 | ||
+ | |||
+ | == Networking == | ||
+ | |||
+ | /etc/init.d/net-addroute | ||
+ | {{{ | ||
+ | #!/bin/sh | ||
+ | ### BEGIN INIT INFO | ||
+ | # Provides: net-addroute | ||
+ | # Required-Start: $all | ||
+ | # Required-Stop: | ||
+ | # Default-Start: 2 3 4 5 | ||
+ | # Default-Stop: 0 1 6 | ||
+ | # Short-Description: Adds 7Bone default routes at boot time | ||
+ | # Description: Enable service provided by daemon. | ||
+ | ### END INIT INFO | ||
+ | #route add -net 10.42.0.0 netmask 255.255.0.0 gw 10.0.0.51 | ||
+ | |||
+ | case "$1" in | ||
+ | start) | ||
+ | route add -net 10.42.0.0 netmask 255.255.0.0 gw 10.0.0.51 | ||
+ | ;; | ||
+ | |||
+ | stop) | ||
+ | route del -net 10.42.0.0 netmask 255.255.0.0 gw 10.0.0.51 | ||
+ | ;; | ||
+ | |||
+ | force-reload|restart) | ||
+ | echo "No reload possibility for this script" | ||
+ | ;; | ||
+ | |||
+ | *) | ||
+ | echo "Usage: /etc/init.d/net-addroute {start|stop|restart|force-reload}" | ||
+ | exit 1 | ||
+ | ;; | ||
+ | esac | ||
+ | |||
+ | exit 0 | ||
+ | }}} | ||
== Cisco ITP == | == Cisco ITP == |
Revision as of 18:23, 10 August 2009
Intro
Testing with:
- Dynagen & Dynamips (GNS3 not yet working on my Mac)
Future:
- Asterisk with chan-ss7
- Intel SS7 stack
- OpenSS7 new release
- Kannel
Network
Addressing
tmp (France)
- 10.42.0-9.x
- R1 dynamips Cisco ITP
- 10.0.0.150
- 10.42.1.1
- PC: 4.2.1
- x25: x25routerR1 250
- R2 dynamips Cisco ITP
- 10.0.0.160
- 10.42.2.1
- PC: 4.2.2
- x25: x25routerR2 150
- NET Intel SS7: 10.42.5.x
- tee1 - Debian 5.02
- 10.0.0.51
- 10.42.5.1
- IP Router, add it:
- tee1 - Debian 5.02
route add -net 10.42.5.0 10.0.0.51 255.255.0.0
- tee2 - Debian 5.02
- 10.0.0.52
- 10.42.5.2
- tee2 - Debian 5.02
- NET Clients VPNSSL: 10.42.8.x
- tee1 - Debian 5.02
- 10.42.8.1
- tee1 - Debian 5.02
bkk (Bangkok, Thailand)
- 10.42.32.x
- kin 10.211.55.7, 10.42.32.102
- mac (parallels 10.211.55.3) 10.42.32.2 VM: kin
- kiwi 10.42.32.1 VM: 10.42.32.101
tw (Taiwan)
- 10.42.50-59.x
Source Configuration
GIT
- There is a GIT repository
Commands
- Get your copy
git clone ssh://sevenbone@penguins.dreamhost.com/~/git/7bone.git 7bone
- Make some modification and compare
git diff
- Update your local copy with the master repository changes
git pull
- Add some files to your GIT repository
git add File14 git add Dir32
- Commit these changes and new files to your local GIT repository
git commit -m "Comment message here"
- Push your changes to the master repository
git push origin master
Installation
OpenSS7
On Ubuntu 8.04 (only this version, highly kernel version dependent)
apt-get install groff-base info bison flex apt-get install linux-libc-dev libc6-dev libperl-dev ./configure --without-snmp make make install
M3UA
- Check /home/user/openss7-0.9.2.G/sigtran-0.9.2.4/src/modules/m3ua_as.c
SCTPlib
- http://sctp.de/sctp-download.html
- On MacOS X there are some NKE to be loaded (http://sctp.fh-muenster.de/sctp-nke.html)
kextload /System/Library/Extensions/SCTP.kext
- In order to compile the examples programs (echo_tool etc...) with SCTPlib:
gcc -DHAVE_CONFIG_H -I. -I../.. -I./../sctp -I/opt/local/include/glib-2.0 \ -I/opt/local/lib/glib-2.0/include -I/opt/local/include -g -O2 \ -I/opt/local/include/glib-2.0 -I/opt/local/lib/glib-2.0/include \ -I/opt/local/include -DDARWIN -DUSE_SELECT -Wall -g3 -O0 -D_REENTRANT \ -D_THREAD_SAFE -o echo_server echo_server.c sctp_wrapper.c -lsctplib gcc -DHAVE_CONFIG_H -I. -I../.. -I./../sctp -I/opt/local/include/glib-2.0 \ -I/opt/local/lib/glib-2.0/include -I/opt/local/include -g -O2 \ -I/opt/local/include/glib-2.0 -I/opt/local/lib/glib-2.0/include \ -I/opt/local/include -DDARWIN -DUSE_SELECT -Wall -g3 -O0 -D_REENTRANT \ -D_THREAD_SAFE -o echo_tool echo_tool.c sctp_wrapper.c -lsctplib
- NKE and SCTPlib are mutually exclusive.
Intel / Dialogic SS7 stack
- Commercial stack
- 10h license free runtime
- http://resource.dialogic.com/telecom/support/ss7/cd/hostprotocolsoftware/index.htm
- http://www.dialogic.com/support/helpweb/signaling/
Configuration differences between two peers
- Useful bits
- For logging
FORK_PROCESS ./s7_log -fms7.log -o0xff1f -pms7.pcap
- Between two different configs
# diff upd/RUN/MTR/M2PA_CONFIG/config.txt upd/RUN/MTU/M2PA_CONFIG/config.txt 6c6,8 < CNSYS:IPADDR=192.168.0.2,PER=0; --- > CNSYS:IPADDR=192.168.0.1,PER=0; > * > SNSLI:SNLINK=1,IPADDR=192.168.0.2,SNEND=C,SNTYPE=M2PA,M2PA=1,PPORT=3565; 8,9d9 < SNSLI:SNLINK=1,IPADDR=192.168.0.1,SNEND=S,SNTYPE=M2PA,M2PA=1,PPORT=3565; < * 16,17c16,17 < * <ssf> < MTP_LINKSET 0 1 1 0x0000 2 0x08 --- > * <ssf> > MTP_LINKSET 0 2 1 0x0000 1 0x08 26c26 < MTP_ROUTE 1 0 0x0008 --- > MTP_ROUTE 2 0 0x0008 31c31 < SCCP_CONFIG 2 0x8 0x0102 --- > SCCP_CONFIG 1 0x8 0x0102 39c39 < SCCP_SSR 1 RSP 1 0 0x0000 --- > SCCP_SSR 1 RSP 2 0 0x0000 47c47 < SCCP_SSR 3 RSS 1 0x08 0 --- > SCCP_SSR 3 RSS 2 0x08 0
Commands for MTU/MTR
- Link activation
./mtpsl ACT 0 0
- SS7 MSU Play
./s7_play -f../intel-dev-upd/RUN/MTU/SCRIPTS/mtucfg.ms7
- Combined
(./gctload -csystem.txt -d &) ; sleep 5; ./mtpsl ACT 0 0; sleep 5; ./s7_play -f../intel-dev-upd/RUN/MTU/SCRIPTS/mtucfg.ms7
(./gctload -csystem.txt -d &) ; sleep 5; ./mtpsl ACT 0 0; sleep 5; ./s7_play -f../intel-dev-upd/RUN/MTU/SCRIPTS/mtucfg.ms7 ;\ sleep 5; /mnt/remote/Documents/7bone/intel-stacks/upd/BIN/BACKUP_LNX/mtu -m0x2d -g43010008 -a43020008 -i987654321 -s"Hello world"
./gctload -x; sleep 3; (./gctload -csystem.txt -d &) ; sleep 5; ./mtpsl ACT 0 0; sleep 5;\ ./s7_play -fintel-dev-upd/RUN/MTU/SCRIPTS/mtucfg.ms7 ; sleep 5; ./intel-dev-upd/BIN/BACKUP_LNX/mtu\ -m0x2d -g43010008 -a43020008 -i987654321 -s"Hello world"
Configurations
Hamachi
Quick Start Run 'make install' and then 'tuncfg' from under the root account Run 'hamachi-init -c /etc/hamachi' to generate crypto identity (any account). Run 'hamachi start' to launch Hamachi daemon. Run 'hamachi login' to put the daemon online and to create an account. Run 'hamachi join <network>' to join the network. Run 'hamachi go-online <network>' to go online in the network. Run 'hamachi list' to list network members and their status.
OpenVPN
Introduction
Good tutorials can be found here:
- http://www.nemako.net/dc2/?post/openvpn
- http://openvpn.net/index.php/open-source/documentation/howto.html
we will use tcp port 9443 for openvpn VPNSSL configuration. So your firewall should allow this port out.
OpenVPN Certificates
coming
OpenVPN Client configs
client dev tun proto tcp remote lab.tstf.net 1337 resolv-retry infinite nobind persist-key persist-tun comp-lzo ns-cert-type server user nobody group nogroup ca ca.crt cert client.crt key client.key
OpenVPN Server configs
local [EXTERNALIP] port 8443 proto tcp dev tap0
- we'll add section how to manage certs later
ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh2048.pem
- this will allow for people to get the same IP address after a reconnect
ifconfig-pool-persist /etc/openvpn/ipp.txt
keepalive 10 120 comp-lzo max-clients 10 user nobody group nobody persist-key persist-tun status /tmp/openvpn-status.log log-append /var/log/openvpn.log verb 6
Networking
/etc/init.d/net-addroute restart)
echo "No reload possibility for this script" ;;
- )
echo "Usage: /etc/init.d/net-addroute {start
Cisco ITP
- cs7 variant itu
- cs7 point-code 1.2.3
- Maybe: cs7 capability-pc 1.2.3
Diagnostics
SIGTRAN sniffing
- wireshark
- Remove the HEARTBEAT and HEARTBEAT_ACKs with display filter:
sctp.chunk_type != 4 and sctp.chunk_type != 5
- Check inits
sctp.chunk_type == 1
Testing
Security
- http://www.irmplc.com/downloads
- Media:MPLS_Security_Overview.pdf
- http://www.irmplc.com/researchlab/whitepapers