OWLRemoteConnect

If there is the need to connect remotely here a proposal about how to manage this. This setup could be used to access the NETCONF/YANG interface of the device and allow VES Registration at SMO.

Prerequisite "Remote Site"

Provide wifi/wlan with internet access for "tunnel computer"
Allow cable or network connection from "Tunnel computer" to "Remote RAN/Netconf device"
Make sure that setup is according to local security rules
Below you can find for this standalone configuration an installation guide. If you want to use it in another environment than this, e.g. with an existing dhcpv6 please contact us before installing

Configuration

Remote device mountpoint at non-realtimne-ric is configured with "SSH tunnel server" IP and &NCPORT.
Example is with one remote device. If there are more remote devices, additonal ports could be configured to be forwarded.
ONAP VES Collector is supported in the example. Further ONAP services could be additonally configured with further tunnels.
SSH tunnel client setup uses standard Linux with SSH Client/Server and SSH Keyauthentification.

Overview

Remote Netconf Device

IPV4 or IPV6
Point-to-point connection to "tunnel client"
"tunnel client" IP is used as termination IP for VES Message

SSH tunnel Client

Linux machine (e.g. Raspberry Pi 3B with 1 gig ram)
Configuration with IPV6 and IPV4 DHCP
SSH Client, with setup to connect to "SSH tunnel server" via "OWL SSH" Gateway

Installation Guide using the existing configuration of PI

Requirements for PI

Electrical RJ45 connection to IP network
IP V6 subnetwork configuration.
DHCP V6 service available
Bidirectional ipv6 route between PI and O-RAN device configured (L2 or L3)
WiFi access point to public internet
If WiFi access needs a browser interaction:
- PI has linux server edition. But GUI could be installed via SSH.
- Use SSH port forwarding for browser on diffent machine.
  "ssh -L8080:<WiFiGwIP>:80 <raspiip>" to connect with url "localhost:8080" to WiFiGwIP

Steps to configure PI

Connect Laptop directly to Raspberry PI for configuration of the PI.
ssh pi@raspberrypi.local (user: pi pw: raspberry)
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

Please update the parameters accordently

network={
  ssid="JoyToTheWorld" 
  psk="temp_password" 
}

sudo service radvd stop
sudo systemctl disable radvd.service // to deactivate DHCPv6
sudo nano /etc/dhcpcd.conf
comment the following line
```
# static ip6_address=2001:db8::1/64
```
save and close (ctrl-o, ctrl-x)
Restart the Pi with sudo reboot
wait 60s
Discconect cable from Labtop, connect cable end to O-RAN device network
Connect Labtop to WIFI of the SSID as configured above.
ssh pi@raspberrypi.local (user: pi pw: raspberry)
ifconfig
1. remember the IPv6 of eth0 which is close to the IpV6 of the O-RAN device (should be different to fe80:...)

Edit tunnel.sh for NCPORT and REMOTEIP with O-RAN device parameters (remote from PI point of view)

#variables: here you can change
# netconf port of the device
NCPORT=830
# user for winlab access 
WINLAB_USER="micha"
# ip of the remote RAN device 
REMOTEIP="[2001:db8::4e50:afd7:a5c6:3d88]"

start tmux
ping6 <device-v6-ip of step 15a>
start tunnel.sh to OWL (./tunnel.sh)
Configure VES EndPoint in O-RAN device
1. use for IP the one from step 15a
2. VES port is 30235
  1. url: http://<ip-from-15a>:30235
3. no_auth
Configure in OWL ONAP SDN-R the mount point with the 10.31.3.71:<NCPORT> of step 16.

Installation Guide from scratch

Download raspbian-lite image (https://www.raspberrypi.org/downloads/raspbian/)
extract zip file
flash img file to microsd card
- linux: dd bs=1M if=file/to/flash.img of=/dev/devicetoflash
- windows: use win32diskimager
after finished flashing, remount microsd on your computer to add some files
- create an empty file on boot partition named "ssh"
- create a file on boot partition named "wpa_supplicant" with the following content

country=US
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
    ssid="NETWORK-NAME"
    psk="NETWORK-PASSWORD"
}

unmount microsd card and put it into raspberry pi and start
now you have to find out the ip address the pi gets in your wifi
- for me with nmap -sn 192.168.202.0/24
then you can login with ssh pi@ip-address
if you do not have a local dns in your network you can also try ssh pi@raspberrypi.local

$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install radvd
$ ssh-keygen

$ sudo nano /etc/sysctl.conf

  net.ipv6.conf.all.forwarding=1

$ sudo reboot
$ sudo nano /etc/dhcpcd.conf

  static ip6_address=2001:db8::1/64

$ sudo nano /etc/radvd.conf

  interface eth0 {
     AdvSendAdvert on;
     AdvLinkMTU 1280;
     MaxRtrAdvInterval 120;
     prefix 2001:db8::/64 { };
     AdvSourceLLAddress on;
  };

$ sudo systemctl enable radvd.service
$ sudo reboot

now we create a script called tunnel.sh

#!/bin/bash

#please do not change
VESPORT=30235
WINLAB_GATEWAY_IP="10.31.3.71"
VES_COLLECTOR_IP="10.31.3.20"

#variables: here you can change
# netconf port
NCPORT=2230
# user for winlab access
WINLAB_USER="micha"
# ip of the remote RAN device 
REMOTEIP="[2001:db8::4e50:afd7:a5c6:3d88]"


ssh -L$VESPORT:localhost:$VESPORT -R$NCPORT:$REMOTEIP:$NCPORT $WINLAB_USER@console.sb10.orbit-lab.org -t \                                                                                                        
  ssh -L$VESPORT:localhost:$VESPORT -R$NCPORT:localhost:$NCPORT -X native@10.30.1.1 -t \
  ssh -L$VESPORT:$VES_COLLECTOR_IP:$VESPORT -R$NCPORT:localhost:$NCPORT -X ubuntu@$WINLAB_GATEWAY_IP

and make it afterwards executable with "chmod +x tunnel.sh"
provide the generated ssh public key to a valid winlab user

cat .ssh/id_rsa.pub

Example of using the PI to connect any device to OWL

The PI has the SSH tunnel pre-configured. However, the SSID and its password need to be configured.

```

ssh pi@raspberrypi.local

```

Cabling

Just power cables and Ethernet between the Device and the PI.