Resolving Netgear ReadyNas Volume Decryption Failures

I recently had an issue with a Netgear ReadyNAS where following a clean shutdown the encrypted volume would no longer mount during boot. All the expected tricks were tried - different USB thumb drive with the key, different USB port, etc.

The device would boot, find the encryption key and then get stuck at a certain percentage (different each time) during the decryption process. After a few minutes it would give up and continue booting without the encrypted volume mounted.

Logs would show the following error:

Volume: Failed to activate encrypted volume data-0. Insert an external storage device with the encryption key for this volume and reboot to activate the volume data-0.

There is a post on the Netgear forums with no solution, so I started digging.

The Solution

I got the NAS to the point of being able to mount the encrypted volume so I could get the data off. It still doesn’t boot properly so this isn’t a fix as much as it is a workaround. I had previously added an extra HDD to the device but it refused to expand the RAID (❤️ Netgear) so this was an opportunity to copy all the data off, nuke everything, and rebuild it.

Here’s how I was able to get access to the volume:

• Manually decrypt the volume
• Create a mount point
• Mount the decrypted volume to the mount point
• Create an SMB share (optional)

cryptsetup luksOpen /dev/md127 data --key-file /run/nfs4/media/USB_FLASH_3/data.key
mkdir /mnt/data
mount /dev/mapper/data /mnt/data

The above assumes you have SSH enabled on the device, and you may need to adjust the various paths to suit your setup.

To create the SMB share we need to edit /etc/samba/smb.conf and the following:

[data]
 path = /mnt/data
 valid users = admin
 read only = no
 writable = yes
 browsable = yes

Followed by a service restart

service smb restart

That’s it, hope this helps others facing a similar situation.