You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
We operate Strongswan/Libreswan based VPNs on AWS. We would like to operate route-based VPN tunnels based on XFRM interfaces (see Strongswan documentation)
AL2023 (and even AL2) use a compatible kernel version + iproute version, but unfortunately the xfrm_interface kernel module is neither built nor available. We also cannot build it ourself as understandably AL2023 requires kernel modules to be signed.
Describe the solution you'd like
I would like for the xfrm_interface kernel module to be made available, so I can load it into my instance's kernel
Describe alternatives you've considered
Using Ubuntu: latest ubuntu builds this module. We want to remain with AL2023 if possible
Building module ourselves: can't load it into the kernel without signing, or disabling module signature verification
Additional context
AL2023:
$ find /lib/modules/6.1.87-99.174.amzn2023.aarch64/ -type f -name '*.ko'| grep net | grep xfrm
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/ipv4/xfrm4_tunnel.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/ipv6/xfrm6_tunnel.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/netfilter/nft_xfrm.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/xfrm/xfrm_algo.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/xfrm/xfrm_ipcomp.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/xfrm/xfrm_user.ko
Ubuntu 22.04:
root@ubuntu:/home/ubuntu# find /lib/modules/5.15.0-94-generic/ -type f -name '*.ko'| grep net | grep xfrm
/lib/modules/5.15.0-94-generic/kernel/net/xfrm/xfrm_user.ko
/lib/modules/5.15.0-94-generic/kernel/net/xfrm/xfrm_algo.ko
/lib/modules/5.15.0-94-generic/kernel/net/xfrm/xfrm_ipcomp.ko
/lib/modules/5.15.0-94-generic/kernel/net/xfrm/xfrm_interface.ko
/lib/modules/5.15.0-94-generic/kernel/net/netfilter/nft_xfrm.ko
/lib/modules/5.15.0-94-generic/kernel/net/ipv6/xfrm6_tunnel.ko
/lib/modules/5.15.0-94-generic/kernel/net/ipv4/xfrm4_tunnel.ko
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
We operate Strongswan/Libreswan based VPNs on AWS. We would like to operate route-based VPN tunnels based on XFRM interfaces (see Strongswan documentation)
AL2023 (and even AL2) use a compatible kernel version + iproute version, but unfortunately the xfrm_interface kernel module is neither built nor available. We also cannot build it ourself as understandably AL2023 requires kernel modules to be signed.
Describe the solution you'd like
I would like for the xfrm_interface kernel module to be made available, so I can load it into my instance's kernel
Describe alternatives you've considered
Additional context
AL2023:
Ubuntu 22.04:
The text was updated successfully, but these errors were encountered: