I'm not making any argument for or against encryption in this post. Discussion of the merits of encryption in general or FreeNAS's specific use/implementation is beyond the scope of this guide. To by knowledge the commands below are good on all versions of 11.2 and possibly even 11.3. I have...

Hi all! I know what you're thinking: Oh no, another "my data is encrypted and I can't recover it!". I understand the risks that come with running encrypted disks. I have a peculiar situation none-the-less and would love a few additional brains on the matter. (I figured I'd take my long...

Добрый день. Есть FreeNAS на Proxmox VE, на котором есть зашифрованный пул. Перестало хватать места, добавил в гипервизоре, сделал gpart commit da1 (то есть, расширил физический диск пула), попытался расширить zpool свойством autoexpand -- не расширился. Попытался расширить раздел, где...

Let's get the messy bit out of the way. This resource makes no claim about whether you should or should not use encryption. Discussion on the merits or implementation strategy used in FreeNAS is not relevant to this resource. I'm not looking to advocate for or against encryption. This resource...

Hello, I was not aware that the GELI keys are only on the USB stick and in the config backup missing. So I wrote the FreeNAS install iso (about 650 MB) over my boot USB stick. Now I can't import the pool from the stick. I need 2 GELI key files (64 Byte) from the stick. zpool "import -a" and...

I've been interested in writing a bit of a detailed encryption guide for some time. The idea is to walk folks through how they can play with and manipulate the keys in their system to understand how FreeNAS makes use of encryption so folks could better make an informed decision about whether to...

Hi, I have a freenas box with 4 pools. All of the pools are encrypted. They were originally created with an installation on crappy USB stick, which I've replaced since and reinstalled the OS. The original installation was with version 11.2 R2, which got upgraded to R3 before getting replaced. I...

Hi I have just moved my drives from an old FreeNAS box to some new hardware. Now one of my encrypted ZFS pools won't decrypt using the freshly downloaded recovery key from the old system. How is that even possible when the same pool is unlocked just fine using my passphrase on the old...

Currently running 11.2-u1 native on a otherwise stable system. Freenas 11.2-U1 8GB non-ECC Intel(R) Core(TM) i3-4160 CPU @ 3.60GHz (4 cores) MSI Motherboard SSD for bootdrive Couple of data drives for my media collection (which are connected to an LSI HBA card) Drive in question is connected...

I am setting up a new pool and plan to use Encryption. I was reading over the docs here. The doc references multiple ways to keep the keys. I am interested in how this one is achieved? It seems the default setup is to initially enable encryption with no passphrase. Adding a passphrase...

Greetings, I noticed half of the "Master Key" data returned by 'geli dump /dev/gptid/[disk-uuid]' changes to zero's (0's) after assigning a password to the volume in FreeNAS. Does anyone know why? Thanks.

One of the disks in a mirrored ZVOL was reporting large number of failed sector reads so I got myself a replacement disk. I shutdown the system, removed the dodgy disk and put in it's replacement. I go to replace the disk in the webGUI in the Volume Status section and I'm told "WARNING: The...

Hello. I want to install FreeNAS with my own partitioning scheme: - boot_partition (optional). - freenas-root -> GELI -> ZFS (mirrored on the second SSD). - zil_part -> GELI -> ZIL (mirrored on the second SSD). Is it possible (it's possible with FreeBSD 11, even without separate boot...

Hi everyone, how is the correct procedure to unlock an encrypted pool after a clean install of FreeNAS on a new boot device? I had the problem that I was only able to unlock my pool with the help of a geli_recovery.key. I had to use this file/key every time I wanted to unlock the pool. What I...

Hallo zusammen, Ich habe FreeNAS 11.1 auf einem neuen USB-Stick installiert und nicht, wie bisher immer, ein Upgrade einer bestehenden Installation gemacht. Von meiner bestehenden Installation (11.0-U4) habe ich dein Einstellungen, den GELI.key und Recovery.key herunter geladen. Nach der...

Hi, It may seem obvious, or I haven't had enough coffee yet today, but why is a re-key required when replacing an encrypted volume? Typing in the password to add the new drive seems to bring it on line. What does a re-key do after that, that is needed? Does the geli key for the volume need to...

Hello Everyone, I've had an encrypted zfs pool on my freenas server that I initially created in November 2016. I copied the Geli key, created a passkey, and I copied the config file then. I haven't had any problems with decrypting the pool simply by giving it my password after updating or...

Config: FreeNAS-9.10.2-U4 on VMware ESXi 6.0 U3. 1 zPool = "Tank1" = 8 2-disk mirror vdevs (reference signature for all details), encrypted, no passphrase. Problem: Boot environment gone, attempted to import with recent config backup + recovery key (/data/GELI not available to restore)...

I think I fell victim to a a combination of two "bugs". No, I don't have a backup of my 24TB of data, but literally had just bought new hardware to setup as a full backup the day before and had started to copy a little bit of data over. I'm new to this so here is what happened... I added a...

Background Lately i had issues with one of my drives in my encrypted zpool. I was getting read and writeerrors and pool degradation. After doing some smarttests, short and long one, nothing seemed strange. I cleared the faults. But freeNAS kept complaining and degrading the pool and after a few...

Hallo zusammen, ich habe gestern mein erstes FreeNAS System aufgebaut und installiert. Bei der Einrichtung des Volumes habe ich erwartet zwischen verschiedenen Verschlüsselungsmethoden und Schlüssellängen wählen zu können. Verschiedenen Aussagen zufolge wird ein AES-256 Verschlüsselungssystem...

Hi folks, I'm about to upgrade my 6x 4TB WD-Green raidZ1 vdev setup and enhance storage capabilities. Therefore I want to replace them with 6x 8TB Seagate IronWolf NAS drives, which arrived today. My Z1-pool is encrypted though and I'm still running the older freenas 9.3 version...