I started (in /etc/rc.local) with /usr/sbin/modprobe tcrypt alg="pcrypt(rfc4106(gcm(aes)))" type=3 /usr/sbin/modprobe tcrypt alg="pcrypt(rfc4106(gcm(aes-aesni)))" type=3
That dropped me in to a reboot loop with Centos 7 on AWS. I then moved to (in /etc/rc.modules) modprobe tcrypt alg="pcrypt(rfc4106(gcm(aes)))" type=3 modprobe tcrypt alg="pcrypt(rfc4106(gcm(aes-aesni)))" type=3 No reboot loop, but no effect either. I do ignore the output (saw that part of the doc on the site) EKG > On Oct 2, 2017, at 2:46 AM, Noel Kuntze > <[email protected]> wrote: > > Hi Ericm > >> I’ve gone down the path of exploring parallelization of crypto in Strongswan >> from [1]. > > s/Strongswan/Linux kernel/ > > >> My question to the group is, how does one make it stick across boots? I >> tried the trick of putting the modprobe in /etc/rc.local and That Was Bad >> (continuous reboot loop). Backed it out and we’re ok. Obviously there has >> to be a better way. Wondering what the proper way in Centos 7 is for this >> module. > > Well, load pcrypt, but then load tcrypt with the parameters *and do not care > about the exit code*. Loading tcrypt will always error out, even if it > configured everything as you wanted. > > What did you do exactly? > > Kind regards > > Noel > > On 02.10.2017 02:24, Eric Germann wrote: >> I’ve gone down the path of exploring parallelization of crypto in Strongswan >> from [1]. >> >> It seems to be working as a) the expected output shows up in ‘cat >> /proc/crypto’ and b) under load in htop, it’s now showing kernel activity on >> all cores vs. a single core before (not sophisticated, but it definitely >> changed after the modprobe). >> >> My question to the group is, how does one make it stick across boots? I >> tried the trick of putting the modprobe in /etc/rc.local and That Was Bad >> (continuous reboot loop). Backed it out and we’re ok. Obviously there has >> to be a better way. Wondering what the proper way in Centos 7 is for this >> module. >> >> The process in [2] doesn’t seem to work for installing them. >> >> Thanks for sharing any experiences. >> >> EKG >> >> [1] https://wiki.strongswan.org/projects/strongswan/wiki/Pcrypt >> [2] >> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-kernel-modules-persistant.html >
