Intro

Testing with:

• Dynagen & Dynamips (GNS3 not yet working on my Mac)

Future:

• Asterisk with chan-ss7
• Intel SS7 stack
• OpenSS7 new release
• Kannel

Network

tmp (France)

• 10.42.0-9.x

• R1 dynamips Cisco ITP
  • 10.0.0.150
  • 10.42.1.1
  • PC: 4.2.1
  • x25: x25routerR1 250
• R2 dynamips Cisco ITP
  • 10.0.0.160
  • 10.42.2.1
  • PC: 4.2.2
  • x25: x25routerR2 150

tw (Taiwan)

• 10.42.50-59.x

Configurations

(to be updated, testing now)

we will use tcp port 1337 (or should we use something more common like 80 or 53, 443?) for openvpn configuration. So your firewall should allow this port out.

OpenVPN Certificates

coming

OpenVPN Client configs

client dev tap proto tcp remote lab.tstf.net 1337 resolv-retry infinite nobind persist-key persist-tun comp-lzo ns-cert-type server user nobody group nogroup ca ca.crt cert client.crt key client.key

OpenVPN Server configs

local [EXTERNALIP] port 1337 proto tcp dev tap0

1. we'll add section how to manage certs later

ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh2048.pem

1. this will allow for people to get the same IP address after a reconnect

ifconfig-pool-persist /etc/openvpn/ipp.txt

keepalive 10 120 comp-lzo max-clients 10 user nobody group nobody persist-key persist-tun status /tmp/openvpn-status.log log-append /var/log/openvpn.log verb 6

Cisco ITP

1. cs7 variant itu
2. cs7 point-code 1.2.3
3. Maybe: cs7 capability-pc 1.2.3

Testing

Security

• http://www.irmplc.com/downloads
• Media:MPLS_Security_Overview.pdf‎
• http://www.irmplc.com/researchlab/whitepapers

XOT

• http://www.fyonne.net/