Indeed, I created a share on FreeNAS to access the data from a windows client where I have Veracrypt installed. And there on the client I mount the Veracrypt container that is located on the FreeNAS share.But have you installed the Veracrypt program on Windows, and then you have made the Freenas hard drive with the client software?
All right...
This hardware is a bit outdated but shall be working. Just be aware that hardware using FSB is not the most efficient. But depending on your needs it can be working.
You also have to make sure you disable all the hardware RAID so that FreeNAS can access the drives directly.
I don't think you will be able to encrypt the complete FreeNAS volume since this will not appear as a device in Veracrypt. So you'll have to create a container on the FreeNAS share.
Good luck...
Alright. So I make an encrypted file of FreeNAS content with Veracrypt, and then I keep this encrypted file on my FreeNAS server? :)I'll try to explain it differently.
On the FreeNAS server you configure a share to be accessible from the workstation.
Using Veracrypt on the workstation you create a Veracrypt file (or container) located on the the FreeNAS server.
And you use Veracrypt to access the file.
View attachment 31919
I hope it's more clear...
Yes exactly as the video says with the difference that the volume location will be a file on the FreeNAS server.
Great. I created a container and mounted it as a client. I copied the necessary files into the open volume.I don't think (and I'm pretty sure of it) that Veracrypt can be used with FreeNAS directly (I mean on the server's side, in a way that FreeNAS is aware of Veracrypt). There are no plugins or such I believe.
But the way I use it is that I created a Veracrypt volume on one of my FreeNAS share and I use Veracrypt on the client's side to access the Veracrypt container. Works quite well this way.
It's clear that it won't work.))) I'm not arguing with that. I gave an example of the clumsiness of this approach.I am not sure at all (and never tried it either) but I wouldn't be surprised if this is not supported by veracrypt...
###################I'll just take Linux with zfs and install veracrypt there. Excuse me.
If you want to encrypt the files on the server, use ZFS native encryption on the sensitive dataset, and set up controlled access.
It sounds like you're referring to GELI (legacy) + FreeNAS's implementation of it.It was my fault, but it's easier when things are more logical. To me, a storage system with veracrypt looks more logical and predictable. Sorry :)
Well, with this encryption system can be its own pitfalls. It's hard to know what they are. I will understand only when I encounter it.))It sounds like you're referring to GELI (legacy) + FreeNAS's implementation of it.
It's a completely different (and vastly improved) paradigm with native ZFS encryption now with TrueNAS Core/SCALE.
Such simplicity will not make it somehow better visible to many client machines))Just create a VC file container and you're golden :D. Be sure to create one on NVMe, not HDD otherwise it will take more than a day to encrypt it. When you're done, just upload it to TrueNAS server and then mount it from there. Be forewarned, the transfer speed will be ungodly slow, around 5-8 MBPs.
Such simplicity will not make it somehow better visible to many client machines))
Only the container file will be visible.
There is an option to do zfs encryption, of course. Not with geli. But the encryption mechanism is too common and therefore not secure. It's protection from drug thieves, if only. I even trust truecrypt more than veracrypt. Well, veracrypt has only one advantage - it always has a hidden partition repertoire, even if we didn't create it. It's not like that with truecrypt - if you didn't create a hidden partition, you can detect it. But here is the protection itself - truecrypt went through a very thorough audit, after which the project was shut down))) which kind of hints.
And all these "super" "encryptions" (geli, luks etc) cannot create hidden volumes. (double bottom).