Fully encrypted 16TB volume with no slowdowns.

[zurk]

Connecting a 16TB encrypted volume from a asustor 608T with 8 x 4TB in a RAID6 with one spare (20TB total free volume size).
Build the volume as normal and create an ISCSI container with username / password as below. Enable CRC and authenticate with CHAP.
Then connect to it from a debian server (Mine is a Xeon with ECC RAM running latest stable).

apt-get install iscsitarget-dkms iscsitarget isns-client isns tgt iscsitarget-source iscsi-initiator-utils open-iscsi
modprobe dm-crypt
pico -w /etc/default/iscsitarget
ISCSITARGET_ENABLE=false
pico -w /etc/iscsi/iscsid.conf
node.startup = automatic
/etc/init.d/open-iscsi restart
iscsiadm -m discovery -t st -p nas
iscsiadm -m node -T "iqn.2011-08.com.asustor:as-608t-xxxxxx.raid6" -p 192.168.xx:3260 --op=update --name node.session.auth.authmethod --value=CHAP
iscsiadm -m node -T "iqn.2011-08.com.asustor:as-608t-xxxxxx.raid6" -p 192.168.xx:3260 --op=update --name node.session.auth.username --value=sanxxxxxxxxxxx
iscsiadm -m node -T "iqn.2011-08.com.asustor:as-608t-xxxxxx.raid6" -p 192.168.xx:3260 --op=update --name node.session.auth.password --value=nasxxxxxxxxxxxx
iscsiadm -m node -T "iqn.2011-08.com.asustor:as-608t-xxxxxx.raid6" -p 192.168.xx:3260 --login
fdisk -l
cryptsetup -v luksFormat /dev/sdh
cryptsetup luksOpen /dev/sdh nas
cryptsetup -v status nas
mkfs.ext4 /dev/mapper/nas
mount -t ext4 /dev/mapper/nas /san/test

Thats it for the setup.
Then after if you want routine mounting :

cryptsetup luksOpen /dev/disk/by-uuid/xxxxx-xxxxx-xxxxx-xxxx nas
e2fsck -y /dev/mapper/nas
mount -t ext4 /dev/mapper/nas /san/test

and routine unmounting :
cryptsetup -v luksClose /dev/mapper/nas
iscsiadm -m node --logout

This gives me full performance (since the encryption load is shifted to the server which can handle it) while the NAS runs at 30% load serving data at full wireline speed (110MBytes/sec or faster). The server then serves windows and other clients using CIFS/Samba and NFS while all data is fully encrypted on the NAS box.