LUKS disk encryption plugin

    • OMV 2.x
    • @igrnt: Thank you for your work an the LUKS plugin! In my opinion, encryption is a must have on NAS devices nowadays and since the LUKS plugin is more or less the only one for OMV it is a very crucial one.

      I also highly anticipate the LUKS plugin becoming available for OMV 3! In fact, if I had known beforhand that the plugin is not yet ready, I would not have upgraded my NAS to OMV 3. Unfortunately the plugin is listed in the OMV 3 section of omv-extras.org - so I thought everything would work fine. Since I don't want to go back to OMV 2 I will have to be patient and hope that the plugin will be ported soon. ;)

      Best,
      Aiakos
    • dazzil wrote:

      Therefore I am also looking very forward to an omv 3.0 version of this plugin.
      Luxflow and I started porting it but there are still a few things not working like uploading any file.
      omv 4.1.14 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Does anyone want to try the ported plugin on OMV 3.x? It can be found here. Just a warning that it may have problems. So, please don't try it on any data you like.
      omv 4.1.14 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • The Luks-Plugin is one of my most loved plugin in omv for me.
      I'm already very thankful to Luxflow & ryecoaaron for investing time to porting it to omv 3.

      I've just set up an rpi 2 running omv 3.0.59 and will testing it a few days/weeks with the ported Luks encryption plugin.
      For now (having it running for 1 day) everything seems to work like a charm, I haven't noticed anything until now.


      Using this setup right now in combination with the Remote Mount+Rsnapshot Plugin's to achieve a remote Backup of my primary OMV installation.
      I will leave this as it is for a few days and test then, if the encrypted drive can be decrypted on another computer without problems etc... If so, than this will stay as my offside remote Backup :thumbup: .

      I will let you know if anything new happens
    • How is the 3.x port of the plugin working for everyone? Notice any problems?
      omv 4.1.14 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • One thing i've notized: After i restarted my installation, every time i try to unlock my disk i become a error about the missing attribute 'fsname' (screen1.jpg).
      This messages repeates every time i click the OK Button, but however the disk is unlocked successfully. Everything works fine after that, except I'm not able to lock the disk again. The Button is grayed out and inactive, just as the unlocked Button (screen2.jpg).
      Images
      • screen1j.jpg

        126.65 kB, 1,096×477, viewed 189 times
      • screen2.jpg

        26.06 kB, 627×109, viewed 174 times
    • I can't duplicate that. Is the volume on LVM or mdadm raid? I do get a refresh error when removing a volume but it doesn't seem to affect anything.
      omv 4.1.14 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • madoasp wrote:

      One thing i've notized: After i restarted my installation, every time i try to unlock my disk i become a error about the missing attribute 'fsname' (screen1.jpg).
      This messages repeates every time i click the OK Button, but however the disk is unlocked successfully. Everything works fine after that, except I'm not able to lock the disk again. The Button is grayed out and inactive, just as the unlocked Button (screen2.jpg).
      I have exactly the same issue here.


      Source Code

      1. Missing 'required' attribute 'fsname'.
      2. Errore #0:
      3. exception 'OMV\Json\SchemaValidationException' with message ': Missing 'required' attribute 'fsname'.' in /usr/share/php/openmediavault/json/schema.inc:618
      4. Stack trace:
      5. #0 /usr/share/php/openmediavault/json/schema.inc(395): OMV\Json\Schema->checkProperties(Object(stdClass), Array, '')
      6. #1 /usr/share/php/openmediavault/json/schema.inc(285): OMV\Json\Schema->validateObject(Object(stdClass), Array, '')
      7. #2 /usr/share/php/openmediavault/json/schema.inc(257): OMV\Json\Schema->validateType(Object(stdClass), Array, '')
      8. #3 /usr/share/php/openmediavault/rpc/paramsvalidator.inc(59): OMV\Json\Schema->validate('{"id":null}')
      9. #4 /usr/share/php/openmediavault/rpc/serviceabstract.inc(170): OMV\Rpc\ParamsValidator->validate('{"id":null}')
      10. #5 /usr/share/openmediavault/engined/rpc/fstab.inc(171): OMV\Rpc\ServiceAbstract->validateMethodParams(Array, 'rpc.fstab.getby...')
      11. #6 [internal function]: OMVRpcServiceFsTab->getByFsName(Array, Array)
      12. #7 /usr/share/php/openmediavault/rpc/serviceabstract.inc(124): call_user_func_array(Array, Array)
      13. #8 /usr/share/php/openmediavault/rpc/rpc.inc(84): OMV\Rpc\ServiceAbstract->callMethod('getByFsName', Array, Array)
      14. #9 /usr/share/openmediavault/engined/rpc/luks.inc(310): OMV\Rpc\Rpc::call('FsTab', 'getByFsName', Array, Array)
      15. #10 /usr/share/openmediavault/engined/rpc/luks.inc(294): OMVRpcServiceLuksMgmt->mountContainerFS('/dev/mapper/sda...', Array)
      16. #11 [internal function]: OMVRpcServiceLuksMgmt->openContainer(Array, Array)
      17. #12 /usr/share/php/openmediavault/rpc/serviceabstract.inc(124): call_user_func_array(Array, Array)
      18. #13 /usr/share/php/openmediavault/rpc/rpc.inc(84): OMV\Rpc\ServiceAbstract->callMethod('openContainer', Array, Array)
      19. #14 /usr/sbin/omv-engined(516): OMV\Rpc\Rpc::call('LuksMgmt', 'openContainer', Array, Array, 1)
      20. #15 {main}
      Display All
      I've reported this problem to ryecoaaron on JFrog Bintray and he pointed you had the same issue.

      For what regarding my situation, the device is unlocked, but it is NOT mounted, I have to mount it manually with CLI.

      Your device is automatically mounted?

      How can we help ryecoaaron to fix this?

      Marco

      The post was edited 1 time, last by marcolino ().

    • The LUKS device unlocked then mounted is NOT listed in the available devices list (for example in the Shared Folder Add dialog box).

      Here you can see the unlocked LUKS device:


      And here you can see the mounted FS:


      But here there is NO device available!



      Is the same to you, madoasp?


      @ryecoaaron:

      I've noticed that when I unlock the LUKS device, on OMV 2.x it takes the "name" /dev/mapper/sda6-crypt in the File System window:

      while it takes a different "name" in OMV 3.0, i.e. /dev/dm-0:

      Do you think this could be related to the missing fsname issue?

      Marco

      The post was edited 3 times, last by marcolino ().

    • marcolino wrote:

      Do you think this could be related to the missing fsname issue?
      Probably. A ton of code changed between OMV 2.x and 3.x. I just don't know why it is getting the fsname error yet.
      omv 4.1.14 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Hi and sorry for the late reply,

      I'm not using any raid.
      I can confirm, that after i unlock the disk it is called "/dev/dm-0" in the File System.
      But in contrast to marcolino it haven't any trouble to use it in the dropdown field as a drive of a shared folder. As soon as the drive gets unlocked i can select it there!
    • marcolino wrote:

      You still have the "missing attribute 'fsname'" error?
      I can replicate that after a reboot. Just not sure how to fix it.
      omv 4.1.14 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • madoasp wrote:

      One thing i've notized: After i restarted my installation, every time i try to unlock my disk i become a error about the missing attribute 'fsname' (screen1.jpg).
      This messages repeates every time i click the OK Button, but however the disk is unlocked successfully. Everything works fine after that, except I'm not able to lock the disk again. The Button is grayed out and inactive, just as the unlocked Button (screen2.jpg).
      I experience exactly the same.
      OMV3, luks on top of mdadm raid 5, btrfs on top.
      Raid is made of 4x 2TB, I created it by hand on the cli on top of partitions.
      The fs shows up as /dev/mapper/md0-crypt after decryption.

      Everything is running smoothly other than that little bug, I never feel the need to encrypt again after decryption...
      I also can reference the filesystem and use it for shares contrary to what marcolino experiences.

      On a side note:
      Somehow the raid creation in OMV3 failed me twice - gone after reboot, probably because there was an existing gpt layout.
      This was a much bigger annoyance, because twice 10 hours of raid creation where gone.
      I would suggest that the raid creation places a warning and/or completely wipes the drives before starting.
      Or much better: Allow raids on top of partitions, not just full disks.
      Should I report this somewhere?