How to create a Shared Folder for an encrypted LUKS partition?

  • Hello,


    I'm running OMV on a RockPro64 with one disk splitted in 2 partitions: one formatted in ext4 and one crypted with LUKS.
    I want this last one to only be available and decrypted when needed (and key available) but can't find how to define a Shared Folder with it.


    I have done my setup with the LUKS key on an USB stick and using autofs to automount a special path like /mnt/crypted/private. It works. I can have my crypted path automatically decrypted, and also mounted on the define path.


    But when I want to define a Shared Folder on the mounted path, or using the device /dev/mapper/sda2 I can't select it, only sda1 which is already used.


    I tried with the luksencryption plugin, and without it (I don't really need it), and rebooted, but the device still doesn't appear.
    I also tried with the device decrypted and mounted, or decrypted and not mounted.


    I'm not sure I'm using the right technique to do what I want, but I think it could be. If only I could see the device...


    Does anyone knows what can be wrong with my setup, or how to solve this problem?


    OMV 4.1.22-1

  • I have tested another way using luksencryption plugin to unlock my crypted partition and in fact this way I can mount the FS and create a Shared Folder.


    But I don't want to have the partition always uncrypted, and also I don't want to need the WebUI to unlock it.
    So this is not a perfect solution for me, I'll search for another way.


    I have the following setup : LUKS partition decrypted -> FS mounted -> Shared folder created.
    If I want to lock the LUKS partition, I need to delete the Shared Folder then unmount the FS.


    Same problem the other way around: if I find a way to decrypt the partition outside of OMV, I still need a way to inform OMV about it, then mount the FS inside OMV, and then recreate the Share Folder.
    Hum... not exactly simple, or maybe even possible...

    • Offizieller Beitrag

    But I don't want to have the partition always uncrypted, and also I don't want to need the WebUI to unlock it.

    You only need to decrypt after boot. So once decrypted stays like that until reboot or poweroff or manual lock

    If I want to lock the LUKS partition, I need to delete the Shared Folder then unmount the FS.

    no so like that. This is a limitation on device mapper, you cannot detach a mapped device if still in use, and device mapper is used by default by cryptsetup, no other option.
    You can force unmount in CLI(the webui doesn't allow that), then close the luks device, you don't need to delete shared folders.


    Once again omv is not designed to deal with mobile hard drives if that is what you're looking for. Maybe you need to deal with a standard plain server and handle the devices on your own.

  • Once again omv is not designed to deal with mobile hard drives if that is what you're looking for. Maybe you need to deal with a standard plain server and handle the devices on your own.


    OK, manual unlocking after reboot will be fine.
    I'm back to more normal setup but I still can't find how to do it.


    I unlock my LUKS partition with the dedicated plugin, I now try to create a SharedFolder but no possibility to select /dev/mapper/sda2-crypt. And there is an ext4 fs on it.
    I also tried to 'create' the fs via omv, but can't select my /dev/mapper device.


    Any idea of what I have to do?


    Update: I finally saw the /dev/dm-0 in the filesystems page... that's the good one, i could create the SharedFolder. Need to note the 2 steps (unlock, mount) Thanks for your help.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!