Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Feature Request] Router Full Disk Encryption

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    4 Posts 4 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ipv6kid
      last edited by

      Full Disk Encryption included in the PFsense standard installation would be nice. With Squid proxy cache, routing tables, VPN keys, and the central Certificate Authority our PFsense routers are vulnerable to physical manipulation attacks. Does anybody else think this may be a good idea for local routers?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        If someone gains access to your machine physically then encryption of your disk won't help….

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • Cry HavokC
          Cry Havok
          last edited by

          Encryption of the disk only defends against physical attacks where the system was powered off when it was taken and where the system required user intervention (the entering of a pass phrase) when started. It doesn't protect against remote attacks, any local attacks where the system is running or at all if the system can automatically boot without a pass phrase. It also means that you need to be at the device to boot it - no remote reboots or upgrades and if there is a power failure you need to be at the device to boot it again.

          In short, it doesn't provide a network device with much protection and it adds considerable inconvenience.

          FreeBSD, on which pfSense is based, has disk encryption so it is possible to do. I don't know if the required modules for geli are in pfSense though.

          1 Reply Last reply Reply Quote 0
          • D
            dvserg
            last edited by

            Possible use HDD with hardware AES256 sequrity as Toshiba MK1661GSY/ MK6461GSY ?

            SquidGuardDoc EN  RU Tutorial
            Localization ru_PFSense

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.