Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] - XFRM Interfaces Kernel module #712

Open
mantoine96 opened this issue May 7, 2024 · 0 comments
Open

[Feature Request] - XFRM Interfaces Kernel module #712

mantoine96 opened this issue May 7, 2024 · 0 comments
Labels
enhancement New feature or request kernel

Comments

@mantoine96
Copy link

Is your feature request related to a problem? Please describe.

We operate Strongswan/Libreswan based VPNs on AWS. We would like to operate route-based VPN tunnels based on XFRM interfaces (see Strongswan documentation)

AL2023 (and even AL2) use a compatible kernel version + iproute version, but unfortunately the xfrm_interface kernel module is neither built nor available. We also cannot build it ourself as understandably AL2023 requires kernel modules to be signed.

Describe the solution you'd like

I would like for the xfrm_interface kernel module to be made available, so I can load it into my instance's kernel

Describe alternatives you've considered

  • Using Ubuntu: latest ubuntu builds this module. We want to remain with AL2023 if possible
  • Building module ourselves: can't load it into the kernel without signing, or disabling module signature verification

Additional context

AL2023:

$ find /lib/modules/6.1.87-99.174.amzn2023.aarch64/ -type f -name '*.ko'  | grep net | grep xfrm
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/ipv4/xfrm4_tunnel.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/ipv6/xfrm6_tunnel.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/netfilter/nft_xfrm.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/xfrm/xfrm_algo.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/xfrm/xfrm_ipcomp.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/xfrm/xfrm_user.ko

Ubuntu 22.04:

root@ubuntu:/home/ubuntu# find /lib/modules/5.15.0-94-generic/ -type f -name '*.ko' | grep net | grep xfrm
/lib/modules/5.15.0-94-generic/kernel/net/xfrm/xfrm_user.ko
/lib/modules/5.15.0-94-generic/kernel/net/xfrm/xfrm_algo.ko
/lib/modules/5.15.0-94-generic/kernel/net/xfrm/xfrm_ipcomp.ko
/lib/modules/5.15.0-94-generic/kernel/net/xfrm/xfrm_interface.ko
/lib/modules/5.15.0-94-generic/kernel/net/netfilter/nft_xfrm.ko
/lib/modules/5.15.0-94-generic/kernel/net/ipv6/xfrm6_tunnel.ko
/lib/modules/5.15.0-94-generic/kernel/net/ipv4/xfrm4_tunnel.ko
@stewartsmith stewartsmith added enhancement New feature or request kernel labels May 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request kernel
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stewartsmith @mantoine96