Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
LUKS Encryption
« previous
next »
Print
Pages: [
1
]
Author
Topic: LUKS Encryption (Read 360 times)
peterwkc
Full Member
Posts: 115
Karma: 0
LUKS Encryption
«
on:
November 20, 2024, 02:51:02 am »
Dear all, I would like to have LUKS whole disk encryption on opnsense box. How to achieve it? Is there any similar mechanism for HardenedBSD?
Logged
Patrick M. Hausen
Hero Member
Posts: 6862
Karma: 576
Re: LUKS Encryption
«
Reply #1 on:
November 20, 2024, 06:02:13 am »
There is GELI for that. You would need to perform a manual FreeBSD installation, then use the bootstrap method to install OPNsense on top.
https://freebsdfoundation.org/wp-content/uploads/2019/11/Configuring-Full-Disk-Encryption.pdf
https://github.com/opnsense/update/tree/master
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
peterwkc
Full Member
Posts: 115
Karma: 0
Re: LUKS Encryption
«
Reply #2 on:
November 27, 2024, 08:33:51 am »
Any others encryption method directly from Opnsense installation ?
«
Last Edit: November 27, 2024, 08:37:26 am by peterwkc
»
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1626
Karma: 178
Re: LUKS Encryption
«
Reply #3 on:
November 27, 2024, 08:47:09 am »
You could use self encrypting drives (SEDs).
Logged
Hardware:
DEC740
Patrick M. Hausen
Hero Member
Posts: 6862
Karma: 576
Re: LUKS Encryption
«
Reply #4 on:
November 27, 2024, 08:51:16 am »
Quote from: peterwkc on November 27, 2024, 08:33:51 am
Any others encryption method directly from Opnsense installation ?
If there was I would have told
Install FreeBSD 14.1-RELEASE with GELI, bootstrap OPNsense.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
dseven
Sr. Member
Posts: 323
Karma: 34
Re: LUKS Encryption
«
Reply #5 on:
November 27, 2024, 09:38:27 am »
Run OPNsense in a VM on Proxmox, and do encryption there, perhaps?
I wonder what the value would be, though - if someone physically steals your firewall and is able to read the disk, what are you going to lose (besides the hardware)?
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1626
Karma: 178
Re: LUKS Encryption
«
Reply #6 on:
November 27, 2024, 09:41:43 am »
The value here is probably a checklist somewhere for compliance.
It's why self encrypting drives exist, just put them in and you can say "Yeah indeed I have encryption thanks"
Logged
Hardware:
DEC740
Patrick M. Hausen
Hero Member
Posts: 6862
Karma: 576
Re: LUKS Encryption
«
Reply #7 on:
November 27, 2024, 09:42:08 am »
It's really dead easy. The bootstrap method is a supported way of installing OPNsense and fully documented in the Github repo I linked above.
And the FreeBSD HowTo for a GELI based installation is also quite extensive.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
viragomann
Full Member
Posts: 214
Karma: 7
Re: LUKS Encryption
«
Reply #8 on:
November 27, 2024, 05:38:22 pm »
Quote from: peterwkc on November 27, 2024, 08:33:51 am
Any others encryption method directly from Opnsense installation ?
Why are you not happy with GELI?
I installed OPNsense with this months ago. I don't remember how I exactly I did it, but I can tell you, it was as easy, that I didn't found it worth to document the steps, since it's well documented on Github.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
LUKS Encryption