Thank you Neels!

The "logfile /tmp/foo" did gave an error message saying "unrecognized option".

I'm going to look at DNS packets going through a GGSN to try and find ways to detect DNS tunnels, do you have any recommendations how to do this?
I do not have the time or resources to use real UE's so I hope to simulate it on a computer using VMs or something like that.

I have looked at this: http://openbsc.osmocom.org/trac/wiki/OpenBSC_GPRS as an idea of how to set up the testbed, but I do not know which of the nodes I really need. Do you have any idea?


Regards
Terje Kristoffer Skow

2016-02-29 18:50 GMT+01:00 Neels Hofmeyr <nhofmeyr@sysmocom.de>:
Hey Terje,

On Mon, Feb 29, 2016 at 12:46:30PM +0100, Terje Kristoffer Hybbestad Skow wrote:
> Does this mailinglist also regard openGGSN?

Yes, the Osmocom community has adopted maintenance of OpenGGSN, even though it
wasn't written "here".

> If so do I have some questions. I have problem setting it up correctly.

To test the basic openggsn I used to do something like this:


  sudo -s

  LD_LIBRARY_PATH=/usr/local/lib ./git/openggsn/ggsn/ggsn -f -c ./localggsn.conf &

  ./git/openggsn/sgsnemu/sgsnemu --createif -l 127.0.0.1 -r 127.0.0.2


With localggsn.conf as

listen 127.0.0.2
net 127.0.0.0/24
pcodns1 8.8.8.8
logfile /tmp/foo


The above works on linux because it allows implicitly creating the 127.*.*.*
interfaces. On other OSes, you'd have to create those first on one of your
network interfaces.

See http://git.osmocom.org/openggsn/tree/examples/ggsn.conf for more config
options.

I'd recommend to use wireshark to see what packets are transmitted back and
forth, if you're not already doing that.

I've "recently" implemented GTPhub, which relays GTP, e.g. through a NAT. If
that's of interest too, call again, and I can give you an example config for
testing sgsnemu -> gtphub -> openggsn, too.

To actually relay data through the tunnel interface that is created, AFAIK you
first need to send a Create PDP Context message to the GGSN. Maybe read
http://git.osmocom.org/openbsc/tree/openbsc/tests/gtphub/gtphub_test.c
For testing real data, I used an actual sysmoBTS with a "special" SIM card
instead of sgsnemu, because here in the lab that was easier... :P

Hope to have helped :)

~Neels



--
- Neels Hofmeyr <nhofmeyr@sysmocom.de>          http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschäftsführer / Managing Directors: Holger Freyther, Harald Welte