Lost remote access after rebooting encrypted disk volume

Post your questions about myQNAPcloud service here.
Post Reply
hconceic
Starting out
Posts: 11
Joined: Tue Jan 31, 2017 5:30 am

Lost remote access after rebooting encrypted disk volume

Post by hconceic » Wed Dec 11, 2019 4:57 am

On my TS-251+ running 4.4.1.1146, I have encrypted the disk volume with "Save Encryption Key" disabled (knowing this is the only way to be protected even if the entire NAS is stolen).

What I didn't knew was that if I access it remotely via myqnapcloud, if for some reason I reboot the NAS (after fw upgrade for ex.) it disappears from the My Devices list and I cannot remotely access it anymore, until I am back home, access it locally and Unlock the volume via the local QTS.

Is there any way/workaround for this?

hconceic
Starting out
Posts: 11
Joined: Tue Jan 31, 2017 5:30 am

Re: Lost remote access after rebooting encrypted disk volume

Post by hconceic » Sat Dec 28, 2019 5:46 am

Further information, I found that under myqnapcloud settings, CloudLink status becomes unavailable when volume is encrypted after reboot and only changes to Ok once volume unlocked.
It makes sense that it does not work as CloudLink is an App stored on the encrypted volume.

But then what would be the workaround to be able to remotely access after reboot?

P3R
Guru
Posts: 11462
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: Lost remote access after rebooting encrypted disk volume

Post by P3R » Sat Dec 28, 2019 8:41 am

hconceic wrote:
Sat Dec 28, 2019 5:46 am
But then what would be the workaround to be able to remotely access after reboot?
Well what I suggest is actually much more than a workaround as opening a NAS for remote access is a high risk activity, as have been proven by the frequent malicious attacks and malware infections happening regularly on NASes open for remote access.

My suggestion is to implement a remote access VPN on your firewall/router. With that you can access the NAS in a browser and unlock it to then access other services as you wish. All remote access increases risk but doing it through an openVPN or IPSec VPN using a modern encryption algorithms will in my opinion keep that risk at a reasonable level for the average users.

It's very hard for me to understand the combination of deploying the high security feature of disk encryption (thumbs up for doing it properly by not storing the encryption key in the system!) in combination with opening the NAS up to be a wide open honeypot on the internet. I'm lazy enough to not use disk encryption because of the hassle when rebooting but I would never even consider to expose my data storage for every hacker in the world to try and break. :S
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!

Post Reply

Return to “myQNAPcloud service”