Encryption Synology NAS question

I have three Linux computers, with LUKS full disc encryption running syncthing.

They all sync to a synology NAS with syncthing running to a single folder.

Are the files still encrypted on the synology NAS?

I cannot encrypt the synology NAS because of the file character limit with ecryptfs and I have too many files longer than 143 characters so they won’t sync.

If the files aren’t encrypted on the synology NAS, do you have a recommendation on how to keep them encrypted on the NAS?

Thanks

Files are encrypted only in transfer, not locally. If you want to encrypt them locally, you can share the folders password-protected and then add them as Receive Encrypted on the NAS. Please also check https://docs.syncthing.net/users/untrusted for all the details on how this works.

1 Like

If you’re using LUKS full disk encryption, this has to be already unlocked when Syncthing runs, so no, the files on the NAS will not be encrypted.

I don’t see where you’re fitting ecryptfs into the picture?

If you want the files on the NAS encrypted, use Syncthing’s “untrusted” feature, as already pointed out.

1 Like

Synology NAS has the option to encrypt the drive which uses ecryptfs. I tried that but it won’t sync files larger than 143 characters.

I will check out the untrusted feature. Thanks

I’m having difficulty understanding the directions.

I have syncthing setup as “spoke” with the Synology NAS as the center with a single folder shared to three computers. The three computers are not directly synced to each other.

How would I set up the untrusted network with this configuration?

Do I have to enter the password every time I open a file or folder?

Thanks

On other devices, you need to unshare the folders with the NAS first. Then, on the NAS, you should remove all folders, both from Syncthing and from the disk. Then, on other devices, you need to share the folders with the NAS again but this time with a password set. Then, on the NAS, you should accept the folders as Receive Encrypted (which they should be set to automatically already).

Also, this isn’t really important in this case, but normally it’s more efficient to just connect all devices with each other. It’s also much less prone to failures, as currently, if the NAS goes down, then the whole sync will stop. There are exceptions to this rule, e.g. when using a very large number of devices, etc. but they don’t seem to apply here.

1 Like

Do I set a password for the shared folder on all three computers and sync all of them first before adding the NAS?

It shouldn’t matter but I prefer to do this one by one. Make sure you only set a password when sharing the folder on each devices with the NAS. If you decide to share the folder between your other devices as well, then you should not set any password for them. Basically, the password is set on a per-device basis and you can use different passwords when sharing the folder with different devices.

This may sound complicated but things should be clearer if you look at the screenshot of the GUI at https://docs.syncthing.net/users/untrusted#gui.

Ok, I set up everything and tried to sync one of my computers to the NAS but I’m getting “Error on folder “Sync” (xwtz4-pfx9b): folder marker missing (this indicates potential data loss, search docs/forum to get information about how to proceed)”

I had deleted the Sync folder through the syncthing gui on the NAS and also completely deleted the folder on the NAS disk as you suggested.

I’ll try rebooting the NAS and see if that works.

Did I need to create an actual folder on the NAS before doing this or will syncthing automatically create the folder? That may be the issue.

Please let me know any ideas you have. thanks

Ok, I rebooted the NAS and this time it added the folder but now it says “Unexpected items” and offers to revert changes. See screenshot:

Difficult to say what is going on exactly. Can you post screenshots of the whole Web GUI from all devices? Also, the global state being zero doesn’t look right.

I ended up having to create a folder on the Synology NAS first and then share the folder from my computer.

It all appears to be configured properly but it’s stuck on syncing 0% so nothing is syncing between the two devices.

Device “pumpkin” is the desktop computer. I’m not getting any errors, just no syncing.

I think I see the issue in this screenshot. It says the remoted device hasn’t accepted sharing the folder. The NAS is the remote device.

I did click on accept to share this folder though when it asked me to so not sure what’s going on.

Ok, I unshared the folder and then shared again and that error is now gone but now it’s stuck on “Preparing to Sync.” This is getting crazy.

Ok, it’s finally syncing now! Not sure what was going on in the background. Perhaps the encryption takes a lot longer to get going.

Thanks for all your help with this.

No problem :slight_smile:. Glad that you’ve managed to get the sync going.

What is the hardware on the NAS? Syncthing itself is quite heavy on resources, however I don’t think encryption should affect it negatively in this case, as a Receive Encrypted folder doesn’t really decrypt anything. It just stores and shares files in their encrypted state.

1 Like

See hardware screenshot. It’ only using 8% cpu and 25% RAM right now.