LUKS Advice

    • OMV 4.x
    • LUKS Advice

      Hey guys,

      So currently in my server I have x2 8TB Ironwolfs, x1 12TB IronWolf and a 5TB 2.5" Barracuda. The latter I use for basically archiving like my pictures and stuff along with the DVR whilst the others are dedicated media storage drives. I am looking at encrypting my 2.5" Barracuda as that will have things like pictures on it and god forbid if that got stolen (it never will) but if it did I would be horrified so firstly is LUKS the right way to go and will it hurt the perfomance on my server? (I would just encypt the folders with the sensitive data if I could but I think that'll be more hastle than just encrpting the whole drive?)

      Also with regrards to installing it can I do it wouthout OMV-Extras (i.e. adding a repo to my list to install/update and control through OMV still?)

      Thanks :)
    • /Ky wrote:

      Also with regrards to installing it can I do it wouthout OMV-Extras (i.e. adding a repo to my list to install/update and control through OMV still?)
      Yes. You do not have to add a repo, just install the package.

      Encryption of a complete disk can be easily done with the plugin.
      To encrypt individual files is not possible.
      From the CLI you can create an encrypted container, mount it and add files or folders. But you need some knowledge of LInux and it will not be well integrated in OMV.

      I would recommend to use the plugin and encrypt the complete drive.
      Note: When encrypting the drive with the plugin all data on it will be deleted and have to be added later.
      Odroid HC2 - armbian - Seagate ST4000DM004 - OMV4.x
      Asrock Q1900DC-ITX - 16GB - 2x Seagate ST3000VN000 - Intenso SSD 120GB - OMV4.x
      :!: Backup - Solutions to common problems - OMV setup videos - OMV4 Documentation - user guide :!:
    • macom wrote:

      /Ky wrote:

      Also with regrards to installing it can I do it wouthout OMV-Extras (i.e. adding a repo to my list to install/update and control through OMV still?)
      Yes. You do not have to add a repo, just install the package.
      Encryption of a complete disk can be easily done with the plugin.
      To encrypt individual files is not possible.
      From the CLI you can create an encrypted container, mount it and add files or folders. But you need some knowledge of LInux and it will not be well integrated in OMV.

      I would recommend to use the plugin and encrypt the complete drive.
      Note: When encrypting the drive with the plugin all data on it will be deleted and have to be added later.
      Thanks and yeah just checked my CPU does have support for AES NI :), and so macon I just download the .deb package from here:
      bintray.com/openmediavault-plu…mediavault-luksencryption
      And then just either use the CLI wget or GUI in OMV and upload the package via package manager to install and it'll integrate into OMV's GUI then and I can configure right?

      Will this method still auto-update or do I have to add the repo?


      Thanks,
      Kyle.
    • I do not know, but I would not do it. There is probably a reason why it is recommended in the FAQ to use omv-extras to install plugins and not install the .deb files.

      I do not see many (any?) problems with omv-extras. May be you just had bad luck?
      Odroid HC2 - armbian - Seagate ST4000DM004 - OMV4.x
      Asrock Q1900DC-ITX - 16GB - 2x Seagate ST3000VN000 - Intenso SSD 120GB - OMV4.x
      :!: Backup - Solutions to common problems - OMV setup videos - OMV4 Documentation - user guide :!:
    • /Ky wrote:

      Yeah, I just don't like using OMV-Extras I had issues with it prior
      What issues? I barely does anything. I don't it was the cause of the issues.

      /Ky wrote:

      the link is where it grabs the .deb package from so I'm assuming if I download that and upload it via the GUI in OMV then it should install like it would vi OMV-Extras - right?
      Depends on the plugin. The omv-extras repos have dependencies for some of the plugins that are no in the regular debian repos. So, you need the omv-extras repos enabled. This is all the omv-extras plugin does.
      omv 4.1.22 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Okay so I have installed LUKS throught OMV - deleted the partion and wiped that I wanted to encypt. Went through the whole process of selecting the drive and creating an exprypted drive then in my file systems generated a ext4 of that encypted partion and all seemed good, then when it came to copying back my files over, windows kept stalling - nothing really strange so just thought I'd reboot my system and boom the partion is showing as missing and the drive is no longer showing in encypted - any ideas??
    • Each time you reboot the drive gets locked which is normal. After reboot you need to login into the omv panel and use the encryption section to unlock the drive(s). So the Fs missing should be normal as the block device is encrypted but it should display in the encryption section as locked drive
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • subzero79 wrote:

      Each time you reboot the drive gets locked which is normal. After reboot you need to login into the omv panel and use the encryption section to unlock the drive(s). So the Fs missing should be normal as the block device is encrypted but it should display in the encryption section as locked drive
      Yeah I thought that should be the case however the drive completely disappeared from encryption section too?? So I couldn't even unlock it :/. I will give it another shot later.
    • subzero79 wrote:

      That’s not normal. When you go back just log into terminal and type blkid you can paste it back here but should show hdd with luks signature.
      I know strange - right? Just waiting for my drive to finish scrubbing haha decided to completly wipe it via dban and its nearing completion after 24+hrs (god dam 5TB lol).

      So I'll try it to redo the encyption again and see how it goes and try what you mentioned :)

      EDIT:
      Okay so after a complete nuking and retry all seems good now - rebooted and drive shows up so I can unlock - yay! :D
      Only thing I have noticed is that during file transfer it transferes as normal then it hangs tempory freezes/lags for a minute or so then resumes transfer (sometimes I get a copy error with a network fault - deffo nothing wrong with my network?) - not sure if this is the encyption casuing this as I have no issues on my other drive although it is a Seagate Barracuda 2.5" drive whereas my others are 3.5" Ironwolfs (I doubt this is the issue as its only 30gb worth of files although there is around 4,000 files (photos, music, etc)) + from what I remeber it was okay before encyption hmmmm?

      The post was edited 3 times, last by /Ky ().