Open5GS Network Management System (NMS)
June 10, 2026 Β· View on GitHub
Web-based management system for Open5GS 5G Core and 4G EPC networks. Provides complete configuration management, real-time monitoring, subscriber provisioning, and network visualization through an intuitive interface. Please be aware this project is heavily AI-assisted. If you find any issues please let me know β I will fix them as fast as I can.
π― Overview
Open5GS NMS simplifies the management of Open5GS deployments by providing:
- Complete Network Function Management - Configure all 16 Open5GS network functions (5G Core + 4G EPC)
- Visual Network Topology - Interactive real-time visualization of your network infrastructure
- Subscriber Management - Full CRUD operations with SIM generator and auto-provisioning
- Real-Time Monitoring - Live service status, logs, and active session tracking
- Safe Configuration - Automatic backups, validation, and rollback on failure
- 5G Privacy (SUCI) - Home network key management for subscription concealment
- Authentication - Session-based login protecting all pages and API endpoints

β¨ Key Features
Authentication
- Login required β All pages and API endpoints are protected. A login form is shown automatically to unauthenticated users
- Session persistence β Sessions survive page refresh (24-hour lifetime by default, configurable)
- Secure cookies β HttpOnly, SameSite=lax;
Secureflag enabled when behind HTTPS - First-run setup β Admin account created automatically on first deploy (see First Login)
- Brute force protection β Login endpoint rate-limited to 10 attempts per 15 minutes per IP
Metrics & Monitoring
- Prometheus Integration β Prometheus scrape config auto-generated and live-reloaded on every config apply. No manual
prometheus.ymlediting needed - Grafana Dashboards β Pre-built Open5GS dashboard covering AMF, SMF, UPF, PCF, HSS, PCRF and process health. Grafana datasource auto-provisioned on first start
- Metrics Endpoints Page β Dual-mode editor: table view for individual NF address/port editing, or direct Prometheus scrape config YAML editing. Both views stay in sync
- One-click access β Prometheus and Grafana links directly in the Metrics page header




Configuration Management
- Dual Editor Modes - Form-based editor with 150+ contextual tooltips OR Monaco YAML editor
- All 16 Network Functions - Complete coverage: NRF, SCP, AMF, SMF, UPF, AUSF, UDM, UDR, PCF, NSSF, BSF (5G) + MME, HSS, PCRF, SGW-C, SGW-U (4G)
- Real-Time Validation - Zod schema validation with cross-service dependency checking
- Safe Apply Workflow - Automatic backups, ordered service restarts, automatic rollback on failure
- YAML Preservation - Maintains comments, formatting, and structure

RAN Network Monitoring
- 4G EPC section β S1-MME (control plane) and S1-U (user plane) interface cards with live connected eNodeB IPs
- 5G NR section β N2 (AMF β gNodeB) and N3 (UPF β gNodeB) interface cards with live connected gNodeB IPs
- UE-to-radio mapping β each radio card shows which UEs are connected to it (IMSI, UE IP, CM State) nested directly under the radio row
- Active UE Sessions table β combined 4G + 5G sessions with Generation, CM State, DNN/APN, Security algorithms, AMBR, and Radio IP columns
- True 4G/5G separation β sourced directly from Open5GS internal APIs (AMF, MME, SMF) β no packet capture needed
- All interface IPs sourced from Open5GS YAML configs β no hardcoded addresses

Network Topology Visualization
- Interactive Diagram - JointJS-based professional network topology
- Real-Time Status - Color-coded service indicators (green=active, red=inactive)
- 5G Radio Network Status box β live N2 and N3 gNodeB IPs on the topology canvas
- Active 5G UE Sessions box β UE IP + IMSI pairs sourced from Open5GS AMF/SMF APIs
- Active 4G UE Sessions box β UE IP + IMSI pairs sourced from Open5GS MME API
- Professional Layout - Manual routing with 90-degree orthogonal connectors

Service Management
- Real-Time Monitoring β WebSocket-based live status cards for all 16 NFs plus MongoDB
- Systemd Integration β Start, stop, restart, enable and disable services directly from the UI
- Bulk Operations β Control all services at once in correct dependency order
- MongoDB tracking β MongoDB included as a first-class service with status indicator on topology

Auto-Configuration Wizard
- One-Click Setup β Generate all 16 NF configurations from minimal input (PLMN, host IPs, UE subnets)
- Preview Changes β YAML diff viewer shows exact changes before applying
- Persistent NAT β iptables rules saved via
netfilter-persistentand IP forwarding viasysctl.dβ survive reboots

Backup & Restore
- Automatic Backups β Created before every configuration change; configurable retention policy
- Selective Restore β Restore config only, database only, both, or specific NFs
- Rollback Protection β Automatic restore on service restart failure
- Diff Viewer β Compare any backup against current config before restoring
- Factory Defaults β One-click restore to stock Open5GS configuration


Femtocell Provisioning (Sercomm SCE4255W)
- Auto-credential derivation β derives root SSH and WebUI passwords from MAC address using the calc_f2 algorithm
- Auto-config pull β detects if WebUI is already enabled and pulls current config into the form automatically
- Full provisioning β enables WebUI via SSH if needed, applies all radio and core config, reboots device
- CBRS Band 48 defaults β pre-filled for dual-carrier deployment
- MME IP auto-populated from your Open5GS configuration
- Browser geolocation for SAS lat/long coordinates


CBRS SAS Server (Citizens Broadband Radio Service)
- Built-in SAS β Lab-only SAS-CBSD protocol emulator for controlled testing. Not an FCC-approved SAS and not suitable for live CBRS authorization. For live CBRS operation, CBSDs must obtain grants from an FCC-approved SAS Administrator.
- Multi-radio support β deterministic per-CBSD channel assignment based on serial number sort order; race-condition-proof, survives re-registrations and Clear DB cycles
- Interference coordination groups β radios in the same group are automatically spread across non-overlapping 20 MHz slots
- Multi-band support β configure multiple frequency bands to serve different radio types (e.g. Baicells on 3560β3620 MHz, Sercomm on 3649β3700 MHz)
- Band Assignment β three-level band policy: per-CBSD override > interference group assignment > global default; pins specific radios or entire groups to specific frequency ranges
- Unified spectrum view β all radios and bands shown on a single 3550β3700 MHz plot alongside per-band detail charts
- Multi-site scaling β independent slot assignment per interference group; two sites can reuse the same frequencies without conflict
- Spectrum chart β visual frequency band display with color-coded slots, EARFCN labels, and per-CBSD assignment table
- GPS delay enforcement β configurable lock delay (default 75 s) before grants are issued, ensuring radios are GPS-locked before transmitting
- Pause / Resume β instantly stops all SAS responses (radios return DEREGISTER and go silent) without deleting any data
- Clear DB β wipes all grants and CBSDs in one click for testing; radios re-register and get fresh deterministic slot assignments on reboot
- CBRS SAS protocol β implements the WInnForum CBRS SAS-CBSD interface (registration, spectrumInquiry, grant, heartbeat, relinquishment, deregistration)
- HTTPS SAS endpoint β TLS endpoint on port 8443 with auto-generated self-signed certificate; required for Sercomm radios which mandate HTTPS
- Sercomm SCE4255W full integration β complete SAS parameter provisioning via GenieACS TR-069 including Method, Category, ChannelType, HeightType, ManufacturerPrefix, CPI settings, lat/long in microdegrees
- Baicells TR-069 integration β full SAS parameter provisioning via GenieACS ACS on the Baicells provisioning page
- Quiet docker logs β per-request SAS protocol noise suppressed; clean 30-second status summary printed to docker compose logs instead





Baicells eNodeB Provisioning (Beta)
- GenieACS TR-069 ACS integration β radios register automatically via CWMP on port 7547
- Live RF status β per-radio status dot (green = RF on, amber = RF off, red = offline) with 30-second auto-refresh
- Full config push β all parameters sent in a single TR-069 session, followed by automatic reboot and RF enable
- Editable confirm modal β preview the exact GenieACS NBI API calls before anything is sent; edit the JSON if needed
- Per-radio and global controls β Enable RF, Disable RF, Reboot per radio; RF On All, RF Off All, Reboot All from the header
- Auto-backup β full device parameter snapshot saved to disk after every successful provision
- Audit logging β all provision, reboot, and RF actions logged
- Tested on: Baicells Nova 430i running BaiBLQ_3.0.12 firmware





SUCI Key Management (5G Privacy)
- Keypair Generation β Create X25519 (Profile A) or secp256r1 (Profile B) home network keys
- Public Key Display β Hex format ready for eSIM provisioning
- pySIM JSON Generator β One-click generation of correctly formatted
EF.SUCI_Calc_InfoJSON for pySIM-shell, in both pretty and single-line formats - Automatic Configuration β Updates UDM config with new public key on generate/rotate
- PKI Management β Support for multiple PKI values (0β255) with next-ID auto-suggestion, rename without destroying keys



Subscriber Management
- Full CRUD Operations - Create, read, update, delete subscribers via MongoDB
- SIM Generator - Generate test SIM credentials with country-based MCC selection (65+ countries)
- Auto-Provisioning - Automatically add generated SIMs to Open5GS database
- Multi-Slice Support - Configure multiple network slices and sessions per subscriber
- Search & Pagination - Efficient browsing of large subscriber databases


Time Server (NTP via Chrony)
- Chrony integration β manages Chrony NTP daemon directly from the NMS; start, stop, restart, and configure without touching the CLI
- Live tracking status β reference server, stratum, system offset, RMS offset, frequency, root delay, update interval, and leap status all shown live
- NTP server & pool management β add, remove, and reorder upstream servers and pools with iburst/noselect flags
- Allowed client networks β configure which subnets can query the NTP server (critical for radios and UEs)
- Advanced options β makestep, maxdistance, and other Chrony directives exposed in the UI
- Save & Restart β writes
chrony.confand restarts the daemon in one click

FRR / L3 Routing
- Layer 2 β Layer 3 migration wizard β step-by-step guided migration from flat L2 service IPs to routed L3 using FRR + Virtual Service Interfaces (VSIs)
- Multi-protocol support β EIGRP, OSPF, and BGP; each protocol generates correct FRR config with appropriate neighbor/peer setup
- Live Routing Status β real-time neighbor status, EIGRP/OSPF/BGP topology table showing all prefixes, next-hops, interfaces, and metrics
- Route Filters β outbound and inbound prefix-list based filtering with Auto VSI filter button, preview, apply, and rollback
- Active Configuration β read-only summary of protocol, AS number, peer IP, and VSI mappings once migration is complete
- Pre-flight checklist β built-in requirements guide covering the 3 required interfaces, router-side prerequisites, and known FRR 8.4.x EIGRP limitations
- Full rollback β backup taken before any changes; rollback button restores previous state at any phase



Real-Time Logging
- Dual Log Sources β Stream logs from Open5GS systemd services OR Docker containers
- Live Log Streaming β Tail logs from any service via WebSocket
- Service Filtering β Multi-select services or containers to monitor simultaneously

π Quick Start
Prerequisites
- Ubuntu 24.04 LTS (or compatible Linux distribution)
- Open5GS 2.7+ installed and configured
- MongoDB 6.0+ running on localhost
- Docker Engine 24.0+ and Docker Compose v2.20+
Installation
# Clone the repository
git clone https://github.com/paulmataruso/open5gs-nms
cd open5gs-nms
# Configure environment (required β see Authentication section below)
cp .env.example .env
nano .env
# Build and start all services
docker compose up --build -d
# Access the web interface
open http://YOUR_SERVER_IP:8888
For detailed installation instructions, see INSTALL.md.
π Authentication
First Login
On first startup, an admin account is created automatically.
Option A β Set your own password (recommended):
Add this to your .env before running docker compose up:
FIRST_RUN_PASSWORD=your-secure-password-here
Then log in with username admin and the password you set. Clear FIRST_RUN_PASSWORD from .env after your first login.
Option B β Auto-generated password:
Leave FIRST_RUN_PASSWORD empty. A random password is generated and printed once to the container logs:
docker logs open5gs-nms-backend 2>&1 | grep -A4 "FIRST RUN"
Expected output:
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
FIRST RUN β Admin account created
Username : admin
Password : Xk7mQ2pL9nRv4wYa
Change this password after first login!
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
Missed the password? Delete the auth database and restart:
docker compose down && rm -f ./data/auth.db && docker compose up -d
Auth Configuration
| Variable | Default | Description |
|---|---|---|
FIRST_RUN_PASSWORD | (empty) | Initial admin password. Auto-generated if empty. Clear after first login. |
SESSION_MAX_AGE | 86400 | Session lifetime in seconds (default: 24 hours) |
COOKIE_SECURE | false | Set to true only when serving over HTTPS. Setting this to true on plain HTTP silently breaks login. |
AUTH_DB_PATH | /app/data/auth.db | Path to SQLite auth database inside container. Must match the ./data:/app/data volume mount. |
HTTPS Deployments
When running behind HTTPS (nginx + SSL), set COOKIE_SECURE=true in .env:
COOKIE_SECURE=true
See docs/deployment.md for full nginx SSL configuration.
π System Requirements
Minimum
- CPU: 2 cores
- RAM: 4GB
- Disk: 20GB free space
Recommended
- CPU: 4 cores
- RAM: 8GB
- Disk: 50GB free space (for logs and backups)
Network
- Static IP address or DHCP reservation recommended
- Port 8888 for web interface
- Internet access for Docker builds
For complete requirements, see docs/requirements.md.
π Documentation
Getting Started
- Installation Guide - Step-by-step installation instructions
- Configuration Guide - Network function configuration reference
User Guides
- Features Overview - Detailed feature documentation
- Subscriber Management - Provisioning and SIM generation
- SUCI Key Management - 5G privacy configuration
- Backup & Restore - Data protection strategies
Administration
- Deployment Guide - Production deployment best practices
- Troubleshooting - Common issues and solutions
- API Reference - Backend REST API documentation
Development
- Architecture - System design and component overview
- Development Guide - Local development setup
- Contributing - How to contribute to the project
ποΈ Architecture
The Open5GS NMS follows a Clean Architecture pattern with clear separation of concerns:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Browser (React 18 + TypeScript + JointJS) β
β http://YOUR_SERVER:8888 β
βββββββββββββββββ¬βββββββββββββββββββ¬βββββββββββββββββββββββββββ
β REST API β WebSocket
βΌ βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β nginx Reverse Proxy (Alpine) β
β Proxies /api β backend:3001 β
β Upgrades WebSocket β backend:3002 β
βββββββββββββββββ¬βββββββββββββββββββ¬βββββββββββββββββββββββββββ
β β
βΌ βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Backend (Node.js 20 + TypeScript + Express) β
β Clean Architecture: Domain β Application β Infrastructure β
β Auth: Lucia v3 sessions β SQLite (auth.db) β
β Container: privileged, network_mode: host β
βββββββ¬βββββββββββ¬βββββββββββ¬ββββββββββββ¬βββββββββββββββββββ¬ββ
β β β β β
βΌ βΌ βΌ βΌ βΌ
/etc/open5gs systemd MongoDB auth.db /var/log
(bind mount) (via dbus) (host:27017) (./data volume) (bind mount)
Technology Stack
Frontend:
- React 18.2, TypeScript 5.3, Vite 5.0
- TailwindCSS 3.4, Zustand 4.4
- JointJS 3.7 (topology), Monaco Editor 4.6 (YAML)
Backend:
- Node.js 20 LTS, TypeScript 5.3, Express 4.18
- Lucia v3 (sessions), better-sqlite3 (auth DB), oslo (bcrypt)
- Zod 3.22 (validation), MongoDB Native Driver 6.3
- WebSocket (ws) 8.16, Pino 8.17 (logging)
Infrastructure:
- Docker + Docker Compose
- nginx (reverse proxy)
- systemd (service management)
For detailed architecture documentation, see ARCHITECTURE.md.
π§ Configuration
The NMS is configured through environment variables. Copy .env.example to .env and customize:
# Authentication (review before first deploy)
FIRST_RUN_PASSWORD=your-password # Initial admin password
SESSION_MAX_AGE=86400 # Session lifetime in seconds
COOKIE_SECURE=false # Set true only for HTTPS deployments
# Backend
PORT=3001
WS_PORT=3002
MONGODB_URI=mongodb://127.0.0.1:27017/open5gs
CONFIG_PATH=/etc/open5gs
LOG_LEVEL=info
HOST_SYSTEMCTL_PATH=/usr/bin/systemctl
Default values work for most deployments. For production, see docs/deployment.md.
π‘οΈ Security
What's protected
- All API endpoints require a valid session cookie
- Login is rate-limited (10 attempts / 15 min per IP)
- Passwords are bcrypt-hashed
- Session cookies are HttpOnly (not accessible to JavaScript)
- Auth data is stored in a separate SQLite database β the Open5GS MongoDB is never touched for auth
Production recommendations
- Enable HTTPS β Configure nginx SSL termination (Let's Encrypt) and set
COOKIE_SECURE=truein.env - Network restrictions β Deploy behind a VPN or firewall for internet-exposed instances
- Regular backups β Automate backup jobs and store copies off-site
- Monitoring β Set up external monitoring (Prometheus, Grafana)
See docs/deployment.md for detailed hardening guidance.
π€ Contributing
We welcome contributions! Whether it's bug reports, feature requests, or code contributions, please see our Contributing Guide.
Development Setup
# Clone repository
git clone https://github.com/paulmataruso/open5gs-nms
cd open5gs-nms
# Backend development
cd backend
npm install
npm run dev # Runs on http://localhost:3001
# Frontend development (separate terminal)
cd frontend
npm install
npm run dev # Runs on http://localhost:5173
For detailed development instructions, see docs/development.md.
π Changelog
See CHANGELOG.md for a complete version history.
Latest Release: v2.0-beta_0.3 (2026-06-04)
π Critical install fix β nginx blocked on fresh deploy
cert-initwas failing with exit code 1 on every fresh install due to Docker Compose interpolating shell variables in the inline entrypoint script as Compose variables. This prevented nginx from starting, making the entire web interface unreachable and blocking all logins.- Fixed by moving the cert generation script to
nginx/setup-sas-cert.shand mounting it as a volume. Docker Compose never interpolates file contents. - Script rewritten as POSIX sh (Alpine container has no bash), with context detection, skip-if-exists logic, and IP fallback to 127.0.0.1.
Workaround for existing broken installs:
mkdir -p nginx/certs && openssl req -x509 -newkey rsa:4096 \
-keyout nginx/certs/sas.key -out nginx/certs/sas.crt \
-days 3650 -nodes -subj '/CN=sas.local' \
-addext 'subjectAltName=DNS:localhost' && docker compose up -d
π‘ Baicells SAS β AUTHORIZED state fix (radios now transmit)
This release resolves a series of root-cause bugs that prevented Baicells BaiBLQ firmware radios from ever transitioning from GRANTED to AUTHORIZED in SAS mode 2. Radios were stuck heartbeating in GRANTED state indefinitely and never enabling RF.
- Timestamp format β
sasFmt()now produces ISO 8601 Z format (2026-06-03T02:54:09Z). Baicells firmware silently ignored the old compact UTC format, leavingSAS_CONFIG_TRANSEXPIRETIMEempty on the radio β the root cause of the GRANTED loop - REM scan disabled β Factory default
LTE_REM_SCAN_ON_BOOT=1scanning Band 7 was blocking the OAM state machine (remScanDonenever reaching 1), causing all TR-069 writes ofSAS_RADIO_ENABLEto be silently reset withNow Nothing To Do For Dynamic Configure. Provision tasks now pushScanOnBoot=false,ScanPeriodically=false,InServiceHandling=Disabled - Heartbeat response simplified β Removed
heartbeatIntervalandoperationParamfields from heartbeat responses to exactly match the WInnForum reference SAS (fake_sas.py) - NTP clock skew β
transmitExpireTimewas always in the radio's past when clocks were offset. Debug log added showing calculated expire time. Time Server page (Chrony) enables NTP sync across all radios SAS.RadioEnablepersistence β RF On/Off endpoint now sets bothX_COM_RadioEnableandSAS.RadioEnablewhen SAS is enabled. Deployments without SAS are unaffected- Spectrum chart Baicells grants β Fixed TypeScript type for
getSlotsthat was discarding thebandsarray, preventing Baicells grants from appearing in the chart - EARFCN display β Radio card now calculates EARFCN from
sasReqLowFrequency/sasReqHighFrequencycenter point instead of the stale TR-069EARFCNDLvalue. All three radios now show distinct EARFCNs - GenieACS provisions cleaned β
defaultprovision no longer declaresInternetGatewayDevice.*paths that caused constant9005faults.informprovisiontoo_many_commitsloop fixed - RF All endpoints β
rf-allnow correctly filters to Baicells only (OUI48BF74); Sercomm RF is handled byrf-sercomm-allonly
π‘ CBRS SAS β Multi-Band Support & Sercomm Integration
- Multi-band frequency configuration β configure separate bands for different radio types (Baicells, Sercomm) with independent slot assignment per band
- Three-level Band Assignment system: per-CBSD override > interference group policy > global default
- Band Assignment tab in SAS page β assign bands to interference groups with slot preview table, and set per-CBSD overrides via compact table with modal editor
- Unified spectrum chart β all radios and bands on a single 3550β3700 MHz CBRS plot alongside individual per-band detail charts
- HTTPS SAS endpoint (port 8443) β auto-generated self-signed TLS certificate on
docker compose upviacert-initservice; nginx serves HTTPS SAS endpoint required by Sercomm radios - Sercomm SCE4255W full TR-069 SAS provisioning β all parameters: Method (Direct SAS/DP), Installation Method (Single/Multi-Step), Category (A/B), Channel Type (GAA/PAL), Location Source (Manual/GPS), Height Type (AGL/AMSL), ManufacturerPrefix, CPI settings, lat/long decimal degrees auto-converted to microdegrees
- Per-CBSD band override modal β fixed-position centered modal prevents popover clipping in table rows
- Quiet docker logs β per-request SAS protocol traffic (grant/heartbeat/spectrumInquiry) downgraded to trace level; 30-second summary line shows all active grants with serial, frequency, and EARFCN
π‘ CBRS SAS Server
- Full built-in WInnForum SAS-CBSD protocol server (registration, spectrumInquiry, grant, heartbeat, relinquishment, deregistration)
- Deterministic per-CBSD channel assignment keyed by serial number β race-condition-proof, survives re-registrations and Clear DB cycles
- Interference coordination group support β radios in the same group auto-spread across non-overlapping 20 MHz slots
- Multi-site scaling β independent slot assignment per group; two sites can reuse frequencies without conflict
- GPS delay enforcement (75 s configurable) before grants issued
- Grants issued as AUTHORIZED immediately (no GRANTEDβheartbeatβAUTHORIZED delay)
- Pause SAS / Resume SAS button β radios return DEREGISTER instantly, no data deleted
- Clear DB button β wipes all grants and CBSDs in one click for testing
- Spectrum chart β visual frequency band with color-coded slots, EARFCN labels, per-CBSD assignment table
- Baicells TR-069 full SAS parameter provisioning (reqLowFrequency, reqHighFrequency, PreferredFrequency, enableMode, FccId, groupId, groupType, MaxEIRP, LegacyMode, etc.)
- SAS admin REST API:
/sas/admin/reset,/sas/admin/pause,/sas/admin/resume,/sas/admin/status,/sas/admin/slots
π‘ Baicells eNodeB Provisioning
- Full Band 42/43/48 band selector with auto-fill defaults
- EARFCN dropdown per band with SAS mode awareness (EARFCN greyed in SAS mode 2, labeled
(SAS)) - EARFCN mismatch warning when configured EARFCN doesn't match expected SAS-assigned slot
- SAS mode 2 handling β EARFCN not pushed to radio in SAS mode 2 (radio tunes to SAS grant)
- RF enable sends task twice (queued + connection_request) to ensure immediate effect
rfStatuscorrectly derived fromX_COM_RadioEnable AND opState
π Remote UPF / SGW-U Architecture (4G + 5G Edge Deployments)
- Remote UPF generator (UPF config page) β generates ready-to-deploy
upf.yamlfor edge sites; "Add to SMF & Apply" wires it intosmf.yamlautomatically - SMF config page β full UPF routing table (DNN, TAC, eNodeB Cell ID, NR Cell ID selection criteria); local UPF labeled "same host"; routable address selector; routing destination badge on session pools
- Remote SGW-U generator (SGW-U config page) β mirrors UPF pattern; generates
sgwu.yamlwith SGW-C address and deployment steps - SGW-C config page β full SGW-U routing table with TAC, APN, Cell ID (e_cell_id) selection criteria; local SGW-U labeled; routable PFCP server section
- TAC/APN/Cell ID routing criteria β all three SGW-U selection methods from Open5GS
sgwc.yamlsupported in both SGW-C editor and SGW-U generator - "How it works" topology button on SMF and SGW-C pages β opens modal with full network diagram explaining Remote UPF/SGW-U architecture, IP requirements, and interface routing
- Network topology diagram (SVG) showing central site (AMF, MME, SMF, SGW-C) β edge site (UPF, SGW-U) with all interface IPs, PFCP/N4/Gxc connections, N2/S1-MME control plane, N3/S1-U user plane
βοΈ Auto-Config improvements
- "Use Local UPF Only" checkbox (default checked) β hides PFCP addressing complexity for single-server deployments; auto-detects from existing config
mergePfcpServers()helper β prevents duplicate IP entries in PFCP server lists across all services (SMF, UPF, SGW-C); also self-heals existing duplicates on next runlocalUpfOnlyandlocalSgwuOnlyflags β when set, forces loopback defaults (127.0.0.x) regardless of IP fields
π§ͺ Unit Tests
- 32 Jest unit tests for RAN UE session reporting covering: 4G/5G session detection, IMSI field variants (supi/imsi, prefixed/bare), UE deduplication, live eNodeB/gNodeB filter, Prometheus metrics fallback, interface status
parsePeerIPhelper tests (bracketed IPv4, IPv6, plain IP:port)- 5G-only deployment short-circuit β skips all 4G logic when MME not running
π Bug Fixes
- RAN page UE crash fix β
mmeUe.supinull guard with fallback toimsifield for older Open5GS versions - RAN page eNodeB filter relaxed β
setup_success: falseno longer drops all UEs from display - RAN page N3/5G filter relaxed β shows UEs even when gNodeB
setup_successis false - Services page route order fix β
/all/:actionregistered before/:name/:actionin Express; fixes "Stop 4G" / "Stop 5G" buttons - SGW-C and SGW-U metrics sections removed β neither service exposes a Prometheus metrics HTTP endpoint
- Duplicate PFCP server IP bug (auto-config) β entering a loopback address that already exists in the YAML no longer creates duplicate entries
π License
Copyright (C) 2026 Paul Mataruso
This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0) β see the LICENSE file for details.
In plain terms:
- You are free to use, modify, and distribute this software
- If you run a modified version on a server and users interact with it over a network, you must make your modified source code available to those users under the same license
- Commercial use requires either compliance with AGPL-3.0 or a separate commercial license agreement with the copyright holder
For commercial licensing inquiries, open an issue or discussion on GitHub.
π Acknowledgments
- Open5GS Project - The open-source 5G Core and EPC implementation
- Lucia Auth - Session management library
- JointJS - Professional diagramming library
- React and TypeScript communities
π Support
- Documentation: docs/
- Installation Issues: INSTALL.md β docs/troubleshooting.md
- Bug Reports: GitHub Issues
- Feature Requests: GitHub Issues
- Discussions: GitHub Discussions
Built with β€οΈ for the Open5GS community