Did I lose everything?

[mnemonic]

I used FreeNAS for years, but now I'm in real panic for the first time. Please help.

My boot usb flash died. I have two encrypted pools. I reinstalled on a new usb flash. I imported a config that was just 14 days old. Everything looked good so far. Then I tried to decrypt the pool but it said it won't decrypt, but password was right.

I have a recovery key but that is years old, I'm not even sure if it belongs to the pools. It didn't work either.

Do I need the recovery key after first installation? I always thought the password would be enough and only if the password is lost I would need the key. Was my assumption wrong?

 

[mnemonic]

Ok, managed to recover my main pool with the recovery file. The other one was just a backup-pool for snapshots of a certain data-set in the main pool, which means I can live with that. Still I wonder why my password didn't work,

 

[zambanini]

....read the manual. rtfm. no other answer is needed.

 

[mnemonic]

Yeah, found it. http://doc.freenas.org/9.10/freenas_storage.html#importing-an-encrypted-pool

Typical PEBKAC, sorry for the unnecessary thread, but I was in panic. Two lessons learned here: Saving the keys is an absolute must and a regular off-device backup is a good idea, just in case me being stupid again.

 

[gpsguy]

Third lesson - don't use FreeNAS's encryption.

Use something like VeraCrypt to create an encrypted container.

 

[mnemonic]

Well, I did some research on the bug tracker, seems unlocking encrypted pools and changing encryption pass is currently broken in the middleware. Just when I needed it, great. After using the recovery key I can access my data but freenas does not seem to store the key, after a reboot I have to use the recovery key again, pass still does not work. When I hit download key I get a traceback. I don't dare to generate a new one. I might wait for a fix or try an older version. Will see tomorrow.

Yeah, I use Vera for my off-device backup on a hdd hocked up to a windows pc. Works great there but using geli has advantages. I have two pools. Pool 1 has two datasets. Important data and not so important data. The important data is copied via snapshot to pool 2. That works automated and is a lot faster than draging all that stuff over my windows pc from one container to the other.

I had to use nas4free some years ago because when freenas migrated to 8 (i think) geli was missing. But since they reimplemented it did work out for me. Too bad oracle bought SUN. Newer versions of ZFS have transparent encryption. I guess that would work a lot better than geli.

 

[maglin]

I would think this scare would have you think about changing your encryption scheme on your pool.


Sent from my iPhone using Tapatalk