truenas · DjP-iX · Dec 6, 2024 · Dec 6, 2024 · Dec 6, 2024 · Dec 6, 2024
@@ -26,4 +26,4 @@
 #apps/ #octocat
 # In this example, #doctocat owns any file in the `/docs`
 # directory in the root of your repository.
-#/docs/ #doctocat
+#/docs/ #doctocat
@@ -134,6 +134,8 @@ Users with 24.04.2.4 installed and SMB shares in use are encouraged to upgrade t
 
 ### 24.04.2.5 Known Issues
 
+* An issue has been discovered for cloud sync tasks configured with **Filename Encryption**, which is available in **Advanced Remote Options** ([NAS-132472](https://ixsystems.atlassian.net/browse/NAS-132472)). As this is an upstream issue in rclone, we recommend that users should not create new cloud sync tasks with **Filename Encryption** enabled. Existing users of this feature must leave it enabled for existing cloud sync tasks to be able to recover backups.
+
 Please see the 24.04.2 changelog below and use the Jira filter links to see the full changelog and known issues related to the 24.04.2 > 24.04.2.5 releases.
 
 ## 24.04.2.4 Changelog

@@ -46,8 +46,9 @@ This requires entering the same password used to encrypt data in both **Encrypti
 With **Push** selected as the **Transfer Direction**, data is encrypted before it is transferred and stored on the remote system.
 This also requires entering the same password used to encrypt data in both **Encryption Password** and **Encryption Salt**.
 
-**Filename Encryption** is selected by default.
-When selected, the pull and push transfers encrypt or decrypt file names with the rclone [Standard file name encryption mode](https://rclone.org/crypt//#file-name-encryption-modes).
+{{< include file="/static/includes/FilenameEncryption.md" >}}
+
+When **Filename Encryption** is selected, transfers encrypt and decrypt file names with the rclone [Standard file name encryption mode](https://rclone.org/crypt//#file-name-encryption-modes).
 The original directory structure of the files is preserved.
 When disabled, encryption does not hide file names or directory structure, file names can be 246 characters long, use sub-paths, and copy single files.
 When enabled, file names are encrypted, file names are limited to 143 characters, directory structure is visible, and files with identical names have identical uploaded names.

@@ -170,9 +170,11 @@ The **Advanced Remote Options** settings are for advanced users to configure rem
 | Settings | Description |
 |----------|-------------|
 | **Remote Encryption** | Select to use [rclone crypt](https://rclone.org/crypt/) encryption during pull and push transfers. Selecting **PUSH** in **Direction** encrypts files before transfer and stores the encrypted files on the remote system. Files are encrypted using the encryption password and encryption salt values. Selecting **PULL** decrypts files stored on the remote system before the transfer. Transferring the encrypted files requires entering the same encryption password and encryption salt used to encrypt the files. Additional details about the encryption algorithm and key derivation are available in the [rclone crypt File formats documentation](https://rclone.org/crypt/#file-formats). |
-| **Filename Encryption** | Selected by default. When selected, the pull and push tranfers encrypt or decrypt file names with the rclone [Standard file name encryption mode](https://rclone.org/crypt//#file-name-encryption-modes). The original directory structure of the files is preserved. <br>When enabled, file names are encrypted, file names are limited to 143 characters, directory structure is visible, and files with identical names have identical uploaded names. File names can use sub-paths, single copy files, and shortcuts to shorten the directory recursion. <br>When disabled, encryption does not hide file names or directory structure, file names can be 246 characters long, use sub-paths, and copy single files. |
+| **Filename Encryption** | **Not recommended** (see below). When selected, transfers encrypt and decrypt file names with the rclone [Standard file name encryption mode](https://rclone.org/crypt//#file-name-encryption-modes). The original directory structure of the files is preserved. <br>When enabled, file names are encrypted, file names are limited to 143 characters, directory structure is visible, and files with identical names have identical uploaded names. File names can use sub-paths, single copy files, and shortcuts to shorten the directory recursion. <br>When disabled, encryption does not hide file names or directory structure, file names can be 246 characters long, use sub-paths, and copy single files. |
 | **Encryption Password** | Enter the password to encrypt and decrypt remote data.<br>Warning: Always securely back up this password! Losing the encryption password results in data loss. |
 | **Encryption Salt** | Enter a long string of random characters for use as salt for the encryption password.<br>Warning: Always securely back up the encryption salt value! Losing the salt value results in data loss. |
 | **Transfers** | Enter the number of simultaneous file transfers. Enter a number based on the available bandwidth and destination system performance. See [rclone --transfers](https://rclone.org/docs/#transfers-n). |
-| **Bandwidth limit** | Enter a single bandwidth limit or bandwidth limit schedule in rclone format. Separate entries by pressing <kbdEnter</kbd>. Example: *08:00,512 12:00,10MB 13:00,512 18:00,30MB 23:00,off*. You can specify units with the beginning letter **b**, **k** (default), **M**, or **G**. See [rclone --bwlimit](https://rclone.org/docs/#bwlimit-bandwidth-spec). |
+| **Bandwidth limit** | Enter a single bandwidth limit or bandwidth limit schedule in rclone format. For example: *08:00,512 12:00,10MB 13:00,512 18:00,30MB 23:00,off*. Separate entries by pressing <kbd>Enter</kbd>. You can specify units with the beginning letter **b**, **k** (default), **M**, or **G**. See [rclone --bwlimit](https://rclone.org/docs/#bwlimit-bandwidth-spec). |
 {{< /truetable >}}
+
+{{< include file="/static/includes/FilenameEncryption.md" >}}
@@ -0,0 +1,10 @@
+&NewLine;
+
+{{< hint type=warning title="Filename Encryption"  >}}
+The rclone project has identified known issues with **Filename Encryption** in certain configurations, such as when long file names are used. See [SSH_FX_BAD_MESSAGE when syncing files with long filename to encrypted sftp storage](https://forum.rclone.org/t/ssh-fx-bad-message-when-syncing-files-with-long-filename-to-encrypted-sftp-storage/46228).
+In some cases, this can prevent backup jobs from completing or being restored.
+
+We do not recommend enabling **Filename Encryption** for any cloud sync tasks that did not previously have it enabled.
+Users with existing cloud sync tasks that have this setting enabled must leave it enabled on those tasks to be able to restore those existing backups.
+Do not enable file name encryption on new cloud sync tasks!
+{{< /hint >}}