[strongSwan] Making pcrypt stick across boots

[Noel Kuntze]

Hi Ericm

> I’ve gone down the path of exploring parallelization of crypto in Strongswan from [1].

s/Strongswan/Linux kernel/


> My question to the group is, how does one make it stick across boots?  I tried the trick of putting the modprobe in /etc/rc.local and That Was Bad (continuous reboot loop).  Backed it out and we’re ok.  Obviously there has to be a better way.  Wondering what the proper way in Centos 7 is for this module.

Well, load pcrypt, but then load tcrypt with the parameters *and do not care about the exit code*. Loading tcrypt will always error out, even if it configured everything as you wanted.

What did you do exactly?

Kind regards

Noel

On 02.10.2017 02:24, Eric Germann wrote:
> I’ve gone down the path of exploring parallelization of crypto in Strongswan from [1].
>
> It seems to be working as a) the expected output shows up in ‘cat /proc/crypto’ and b) under load in htop, it’s now showing kernel activity on all cores vs. a single core before (not sophisticated, but it definitely changed after the modprobe).
>
> My question to the group is, how does one make it stick across boots?  I tried the trick of putting the modprobe in /etc/rc.local and That Was Bad (continuous reboot loop).  Backed it out and we’re ok.  Obviously there has to be a better way.  Wondering what the proper way in Centos 7 is for this module.
>
> The process in [2] doesn’t seem to work for installing them.
>
> Thanks for sharing any experiences.
>
> EKG
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/Pcrypt
> [2] https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-kernel-modules-persistant.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171002/f98eaec5/attachment-0001.sig>