LUKS Advice

  • Hey guys,


    So currently in my server I have x2 8TB Ironwolfs, x1 12TB IronWolf and a 5TB 2.5" Barracuda. The latter I use for basically archiving like my pictures and stuff along with the DVR whilst the others are dedicated media storage drives. I am looking at encrypting my 2.5" Barracuda as that will have things like pictures on it and god forbid if that got stolen (it never will) but if it did I would be horrified so firstly is LUKS the right way to go and will it hurt the perfomance on my server? (I would just encypt the folders with the sensitive data if I could but I think that'll be more hastle than just encrpting the whole drive?)


    Also with regrards to installing it can I do it wouthout OMV-Extras (i.e. adding a repo to my list to install/update and control through OMV still?)


    Thanks :)

    • Offizieller Beitrag

    Also with regrards to installing it can I do it wouthout OMV-Extras (i.e. adding a repo to my list to install/update and control through OMV still?)

    Yes. You do not have to add a repo, just install the package.


    Encryption of a complete disk can be easily done with the plugin.
    To encrypt individual files is not possible.
    From the CLI you can create an encrypted container, mount it and add files or folders. But you need some knowledge of LInux and it will not be well integrated in OMV.


    I would recommend to use the plugin and encrypt the complete drive.
    Note: When encrypting the drive with the plugin all data on it will be deleted and have to be added later.

  • Thanks and yeah just checked my CPU does have support for AES NI :), and so macon I just download the .deb package from here:
    https://bintray.com/openmediav…mediavault-luksencryption
    And then just either use the CLI wget or GUI in OMV and upload the package via package manager to install and it'll integrate into OMV's GUI then and I can configure right?


    Will this method still auto-update or do I have to add the repo?



    Thanks,
    Kyle.

    • Offizieller Beitrag

    I do not know, but I would not do it. There is probably a reason why it is recommended in the FAQ to use omv-extras to install plugins and not install the .deb files.


    I do not see many (any?) problems with omv-extras. May be you just had bad luck?

    • Offizieller Beitrag

    Yeah, I just don't like using OMV-Extras I had issues with it prior

    What issues? I barely does anything. I don't it was the cause of the issues.

    the link is where it grabs the .deb package from so I'm assuming if I download that and upload it via the GUI in OMV then it should install like it would vi OMV-Extras - right?

    Depends on the plugin. The omv-extras repos have dependencies for some of the plugins that are no in the regular debian repos. So, you need the omv-extras repos enabled. This is all the omv-extras plugin does.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • I can't remember what issues I had but it was a while back now, I'll just have to cross my fingers and install OMV-Extras :D. Thanks guys for the support.

  • Okay so I have installed LUKS throught OMV - deleted the partion and wiped that I wanted to encypt. Went through the whole process of selecting the drive and creating an exprypted drive then in my file systems generated a ext4 of that encypted partion and all seemed good, then when it came to copying back my files over, windows kept stalling - nothing really strange so just thought I'd reboot my system and boom the partion is showing as missing and the drive is no longer showing in encypted - any ideas??

  • Each time you reboot the drive gets locked which is normal. After reboot you need to login into the omv panel and use the encryption section to unlock the drive(s). So the Fs missing should be normal as the block device is encrypted but it should display in the encryption section as locked drive

    Yeah I thought that should be the case however the drive completely disappeared from encryption section too?? So I couldn't even unlock it :/. I will give it another shot later.

  • That’s not normal. When you go back just log into terminal and type blkid you can paste it back here but should show hdd with luks signature.

    I know strange - right? Just waiting for my drive to finish scrubbing haha decided to completly wipe it via dban and its nearing completion after 24+hrs (god dam 5TB lol).


    So I'll try it to redo the encyption again and see how it goes and try what you mentioned :)


    EDIT:
    Okay so after a complete nuking and retry all seems good now - rebooted and drive shows up so I can unlock - yay! :D
    Only thing I have noticed is that during file transfer it transferes as normal then it hangs tempory freezes/lags for a minute or so then resumes transfer (sometimes I get a copy error with a network fault - deffo nothing wrong with my network?) - not sure if this is the encyption casuing this as I have no issues on my other drive although it is a Seagate Barracuda 2.5" drive whereas my others are 3.5" Ironwolfs (I doubt this is the issue as its only 30gb worth of files although there is around 4,000 files (photos, music, etc)) + from what I remeber it was okay before encyption hmmmm?

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!