LUKS disk encryption plugin

    • OMV 2.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • I just did a quick test of this in a VM, and it looks like the LUKS plugin is currently incompatible with the USB backup plugin, no backup is run when the disk is unlocked.
      There is, however, the potential for them to work - I edited the config for the USB backup plugin, and then it successfully ran when I unlocked the encrypted disk. So, yes, this would still interfere with process - you could not automatically backup just by plugging in as the disk would need to be decrypted, but after that step it is possible to have the backup run automatically.

      I have submitted a bug report for this issue here: bugtracker.openmediavault.org/view.php?id=1470

      The post was edited 1 time, last by igrnt ().

    • Hi @igrnt just want to share that I am very happy with this plugin. Over the last week I converted my two 4Tb Reds to LUKS (data drives) and also re-LUKS-ed my external HDD backups. So all the data is on LUKS encrypted devices (except OMV boot disk).

      Made an export of all the headers and put the passwords in KeePass (my password manager). So after a boot, I unlock the data drives and everything is fine. And secure in case of theft (main reason for using your plugin).

      By the way, I use one 1/8 passphrase per HDD, don't think that's less reliable than multiple passphrases, right? (provided that I don't lose them of course). Thanks again for the plugin.

      Ralph
      ASRock H97 Pro4 | 8Gb 1600 | i3 4130T | 3x WD Red 4TB with SnapRAID | Backup to Crashplan & External HDD
    • May I suggest an UI enhancement for the main view of the plugin. If I have a number of devices, the only reference to them is by /dev/sdx format (1st column). That depends on the physical order of the connected devices to the mb and not on the actual hdd itself.

      Can we have another column with the device's serial number (ie: WD-WCC4E3PVNF54), the same as shown when creating a new device?

      I always pick the wrong passwords from my password manager for the devices when unlocking :)

      Thanks, Ralph
      Images
      • Capture.JPG

        39.51 kB, 577×246, viewed 202 times
      ASRock H97 Pro4 | 8Gb 1600 | i3 4130T | 3x WD Red 4TB with SnapRAID | Backup to Crashplan & External HDD
    • Hi,
      I am new to openmediavault (sorry, newbie) and very happy for this plugin.
      Unfortunately I am not able to make it work as I want it to, most likely I am missing something very simple:
      I have two HDDs installed, I cleaned them and afterwards I encrypted both. After that I decrypted them to create a RAID (JBOD), which worked fine. But as soon as I reboot the server and decrypt the drives again, the RAID is gone or not appearing. Since I am not able to create a new RAID with these HDDs I assume that the info is still stored anywhere?
      How do I have to use the plugin that erverything (RAID, Filesystem etc) is still there once the server is restarted?

      Thanks a lot!
    • I think your process is wrong. You should first create a raid, then proceed to encrypt /dev/md0, once md0 is encrypted you should format it.

      BTW you should not use jbod is inflexible (you cannot grow it) and losing one means loosing everything. Maybe consider aufs or mergerfs
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • Hey guys,

      I am using the Luks plugin on my 8TB disk with OVM 3

      There is an option for a Keyfile which I would like to use to mount the device after boot autmatically (I know the developer is working on it atm to give the user an option)

      Is it possible to make this automatic from the command line or with a script?

      I would store the keyfile on device locally in my lan, which i could access with ftp, ssh or webdav.

      Thanks :)
      OMV 3.x - Plex Media Server - Auto Shutdown - LUKS Disk Encryption

      Intel Core i3 4130 @ 3,4 Ghz, 12GB RAM, 3x WD RED 3TB in RAID5 fully encrypted
    • KingB wrote:

      Hey guys,

      I am using the Luks plugin on my 8TB disk with OVM 3

      There is an option for a Keyfile which I would like to use to mount the device after boot autmatically (I know the developer is working on it atm to give the user an option)

      Is it possible to make this automatic from the command line or with a script?

      I would store the keyfile on device locally in my lan, which i could access with ftp, ssh or webdav.

      Thanks :)


      Look up 'crypttab' - you would put the disk and path to keyfile in here for automatic unlock at boot. That is for the keyfile on a local filesystem, to retrieve it from a connected machine, you would need to do some investigation - I don't know if the network is up by then on the boot sequence. If it is, you can write keyscripts here to fetch the keyfile and pass it to cryptsetup.
      It's unlikely I will implent this kind of thing in the plugin.
    • igrnt wrote:

      Zitat von KingB: „Hey guys,

      I am using the Luks plugin on my 8TB disk with OVM 3

      There is an option for a Keyfile which I would like to use to mount the device <b>after</b> boot autmatically (I know the developer is working on it atm to give the user an…


      Thanks for the answer :)

      I tried to implement that kind of unlock system on my ubuntu server...but now i switches to OMV because i have now my odroid c2 for my owncloud with ubuntu.
      But i failed because of the network type.. I want to have that in case things get stolen, so i should not unlock itself as soon as it is out of the network.

      The odroid i hidden well, so no problems with that.

      The Problem was to fetch the key from a different location, i failed with a script...
      I tried to fetch the keyfile and save it, unlock the disk and mount it and then delete the key file...so no unlock if out of network or the device is offline.

      It would be amazing if you are able to implement that :)

      Send me a pm if you need a tester!
      OMV 3.x - Plex Media Server - Auto Shutdown - LUKS Disk Encryption

      Intel Core i3 4130 @ 3,4 Ghz, 12GB RAM, 3x WD RED 3TB in RAID5 fully encrypted
    • I see some requests for an automatic unlock.
      @igrnt would you please not touch the current manual unlocking mechanism? I like it to be manual. The server is seldom rebooted. So my suggestion would be that if you happen to work on an automatic unlock, make it very optional....

      Thanks, Ralph
      ASRock H97 Pro4 | 8Gb 1600 | i3 4130T | 3x WD Red 4TB with SnapRAID | Backup to Crashplan & External HDD
    • I'm sure he would make an automatic unlock optional. To me, automatic unlock is a bad idea unless it is getting the key file from a different box/location. If someone steals the box, they have everything. A box with automatic unlock only protects your info if a drive fails.
      omv 4.1.13 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Probably wouldn't be that hard to allow a location to be specified (which could be remotely mounted) then. Not a big deal to me since I don't use it on my OMV box (I do at work though).
      omv 4.1.13 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!