ReadyNAS 42600 encrypted volume problems

Question

1. after bootup nas shows timer 10 min, after that again and again i insert usb_with_key after 12+ hours and it start normally, for what this timer ? i need, i think for shutdown w/o key.

2. i need checkbox to allow boot w/o usbkey... and i be very happy if netgear add function for second key ("destroy key") what can erase internal key to lock data after bootup with it.

3. after switching from x-raid to flex-raid and create raid-6 volume with 6x6TB hdd, in apps section no apps.

a) plex installed from upload always show errors (no entry point found from http gui,

[/lib/systemd/system/fvapp-plexmediaserver.service:9] Invalid escape sequences in line, correcting: "/bin/sh -c '/apps/plexmediaserver/Binaries/Plex\ Media\ Server'" - from systemd-journal.log)

b) resilio stop sync after some files.

sorry for bad english

Sandshark · Answer

You have obviously encrypted your volume, but it sounds like you didn't know the consequences of doing that. With an encrypted volume, you need to have the USB key in the machine when you boot. The timer gives you time to put it in if you forgot or if it re-boots because of a power loss and you were not there. If you want to be able to boot without the USB key, you should not have encrypted your volume. The only way back is to destroy it and start over. Alternately, just leave the key in all the time; defeating the purpose of the encryption.

If you need a second key, you should be able to just copy the files to another device. You should definately have the key contents backed up (somewhere other than on your encrypted NAS).

Sandshark · Answer

Yes, the loop re-starts so you can insert the key whenever you are able.

Once a volume is encrypted, there is no turning back except to backup, re-format, and restore. A "boot unencrypted" option is not possible nor prudent where encryption is desired. The data itself is encrypted, it's not some add-on process. I don't work for Netgear, but I can tell you it just won't happen that they allow you to store the key on the NAS itself (which would be the only way to avoid inserting the key) because that would leave open the possibility of recovering that key even if erased.

As I said, it appears you encrypted your volume without really realizing the purpose and consequences thereof. The main purposes of it are that if your NAS is stolen, the thief will not have access to your data (unless you also leave him the USB key) and that you can safely discard a failed drive wihout some garbage picker being able to recover your data. It has nothing at all to do with security of the data in transit or someone accessing it once booted with the key (whether authorized or hacked).

Since creating an encrypted volume normally includes destroying the original data volume, I assume you did that but did not call the encrypted volume data. That can be problematic with some app installers, and it is a shame that Netgear does not warn about that.

What is the reason that you have encrypted your volume? I suspect you would be better off backing up your data, destroying and re-creating the volume unencrypted (calling it data) or even factory defaulting to a non-encrypted volume, and then restoring the data.

NGF · Answer

big thanks for answer and again:1. the timer is looped, i insert key after 12 hours and NAS showed Volume normally.Question: for what that timer ?2. i said about second key, what can erase pairs of key (nas-external key), to stop allowing read data with standard(default key). key for "3-rd" party people that can insert usb without me. they didn't get access and permanently block all data.Question: in next firmware can you add checkbox to allow boot without external key. Add function to create "erase key".3. all apps what i try to install didn't work properly(plex, resilio). resilio when i try to create share folder shows what cant access to *data*. try to read *data* volume what can be accessed only when i create x-raid volume. with flex-raid i have raid "volume_name_set_by_myself" (some apps cant write to it as i understand because try to search *data* volume!?).Question: i can't see any apps in my web gui for 426, in what problem maybe?&nbsp;

StephenB · Answer

Sandshark wrote:
&nbsp;
What is the&nbsp;reason that you have encrypted your volume?

I think that's an important question.&nbsp; Disk Encryption is only helpful if a thief doesn't get the usb key, so the key needs to be separately safeguarded.&nbsp; But it also needs to be accessible, since it needs to be reinserted on a reboot.&nbsp; If it's conveniently stored (or in the NAS), the thief might well steal it too.&nbsp; And of course, you need to keep another copy somewhere, since USB thumb drives fail.
&nbsp;
As&nbsp;Sandshark&nbsp;says, disk encryption doesn't secure your data over the network - that depends on your password strength and configuration (including whether you require SMB encryption), and of course keeping your security patches are up to date.
&nbsp;
On balance, I think the disk encryption has very limited value and isn't worth the risk of losing the key - so I've chosen not to use it.&nbsp;&nbsp;

Forum Discussion

ReadyNAS 42600 encrypted volume problems

4 Replies

Related Content

Readynas 628x Encryption-what standard

ReadyNAS Volume not expanding - with encryption

Problems downloading make to ReadyNAS RN 212

ReadyNAS 312/314 : SMB3 Transport Encryption options

Backup of ReadyNAS that has Encrypted Volumes

NETGEAR Academy

ProSupport for Business