ULCL pings to websites work , but when accessing a website from UE, the connection fails

Q/A
,
#1

Hi @free5GC,
I have been using free5gc v3.0.5 and UERANSIM v3.1.1 following diagram summarizes my setup

ULCL
ULCL1997×1133 261 KB

Below is my uerouting.yaml file
ueRoutingInfo: # the list of UE routing information

  • SUPI: imsi-208930000000003 # Subscription Permanent Identifier of the UE
    AN: 10.200.200.101 # the IP address of RAN
    PathList: # the pre-config paths for this SUPI

    • DestinationIP: 142.250.183.110 # youtube.com

      UPF: !!seq

      • BranchingUPF
      • AnchorUPF1

    • DestinationIP: 172.217.160.206 # google.com

      UPF: !!seq

      • BranchingUPF
      • AnchorUPF2

At the UE, ping works perfectly fine. when I ping google.com (172.217.160.206), traffic flows through UPF2. and when I ping youtube.com (142.250.183.110), the traffic flows through UPF1. As expected.
But when I use nr-binder from UERANSIM to bind all traffic from firefox through the ue, I am not able to access google.com or youtube.com.
Can you please help me understand what could be the potential problem?

Thank you
Manoj

Working behind a corporate proxy?
#2

Hi @manoj1919

First, execute the following as a user,

$ xhost +local:

Then switch to root with sudo, and run the following to start firefox,

# export DISPLAY=:0
# sh nr-binder 60.60.0.1 firefox

By tcpdumping the upfgtp on each Anchor-UPF, I think that you may confirm that the packets are passing in the path defined by uerouting.yaml.

In addition to firefox, I also checked with curl and wget.

#8

Hi @manoj1919,

Can you tell me how to setup config file for branchingUPF and AnchorUPF?

The packet of UE go through branchingUPF OR AnchorUPF one of them, and directly go to Internet. It cannot go through both of them.

#3

Hi @s5uishida,
Thank you for your help!
I tried this
$ xhost +local:
Then switch to root with sudo, and run the following to start firefox,

# export DISPLAY=:0
# sh nr-binder 60.60.0.1 firefox

But I got the following error:
Running Firefox as root in a regular user's session is not supported. ($XAUTHORITY is /run/user/1000/gdm/Xauthority which is owned by manoj.)
And then i googled this error, and followed instructions from here:

And I got the firefox running as a root using the following command
XAUTHORITY=/root/Xauthority sudo sh nr-binder 60.60.0.2 firefox
and firefox opened

but still, I get the same error message when I try to access google dot com
below is the screenshot:

image
image1710×1268 240 KB

By the way pings and wgets are working perfectly fine. its just browser opening a website that is creating issues for me.
Thank you,
Manoj

#4

Hi @manoj1919

First, for browsing that www.google.com with firefox, did the upfgtp tcpdump packets on each Anchor-UPF pass the path you expected? (about this packet that reached www.google.com and resulted in an error)

If so, the ULCL probably seems OK. I think that Secure Connection Failed of firefox is a different issue from ULCL setting.

#5

Hi @s5uishida,
The packets go to each anchor-upf pass the expected path. But I cannot access the website on firefox.
I suspect the data is failing the security checks due to incorrect proxy settings. My concern is though, How is the ULCL supposed to work in the real world? If it does not allow browsing of websites? or are there additional things to be implemented for such browsing that are not yet implemented in the free5gc UPF yet?
Thanks a lot again for all the help
Manoj

#6

May it be the problems on MTU?

#7

Hi @calee,
Thank you for your suggestion!! and Sorry for the late reply.
I don’t think it’s the issue of MTU’s because wget for large files also works without any problem.
But yet, I tried limiting the MTU for the VM running the UE and increased the MTUs of the VM’s running the UPFs. Yet I have the same problem.(Am I doing anything wrong with these MTUs, please let me know)
I am guessing it might have to do with the secure handshakes when loading an HTTPS website and browser failing to verify the authentication of packets(I am no expert here, guessing based on a lot of googling).
Any insight/help regarding this is much appreciated.
Thanks,
Manoj

#9

Hi, @manoj1919

I think I faced same trouble.
Have you tried to fix the TLS version of firefox to TLS1.2?

If the situation is same as mine, you may solve this problem which you couldn’t access to website when you use ulcl.

Few days ago, I posted a question as follows.

I wonder the cause was TLS version, but the way to solve this problem using free5GC setting has not found yet.