1
17.7 Legacy Series / FTP reverse proxy TLS?
« on: August 12, 2017, 01:25:16 pm »
Hi,
I've setup a Filezilla FTP server on windows, setup TLS authentication and tested this on the local network, all is working fine.
then I configured the OPNSense (17.7) proxy-ftp module according to the tutorial here: https://forum.opnsense.org/index.php?topic=3868.0 and tested from outside the local network; I can connect and I receive the welcome banner but then I get the following error:
When I disable TLS on the server I can connect fine through the proxy but somehow the TLS authentication fails. Am I missing something in my configuration, or would this not be supported?
A bit more details logging from the client:
I've setup a Filezilla FTP server on windows, setup TLS authentication and tested this on the local network, all is working fine.
then I configured the OPNSense (17.7) proxy-ftp module according to the tutorial here: https://forum.opnsense.org/index.php?topic=3868.0 and tested from outside the local network; I can connect and I receive the welcome banner but then I get the following error:
Code: [Select]
Command: AUTH TLS
Response: 234 Using authentication type TLS
Status: Initializing TLS...
Error: GnuTLS error -110: The TLS connection was non-properly terminated.
Status: Server did not properly shut down TLS connection
Error: Could not connect to server
When I disable TLS on the server I can connect fine through the proxy but somehow the TLS authentication fails. Am I missing something in my configuration, or would this not be supported?
A bit more details logging from the client:
Code: [Select]
Trace: CFtpLogonOpData::ParseResponse() in state 1
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 2
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 Using authentication type TLS
Trace: CFtpLogonOpData::ParseResponse() in state 2
Status: Initializing TLS...
Trace: CTlsSocketImpl::Handshake()
Trace: CTlsSocketImpl::ContinueHandshake()
Trace: TLS handshake: About to send CLIENT HELLO
Trace: TLS handshake: Sent CLIENT HELLO
Trace: CTlsSocketImpl::OnSend()
Trace: CTlsSocketImpl::OnRead()
Trace: CTlsSocketImpl::ContinueHandshake()
Trace: CTlsSocketImpl::Failure(-110)
Error: GnuTLS error -110: The TLS connection was non-properly terminated.
Status: Server did not properly shut down TLS connection
Trace: CRealControlSocket::OnClose(53)
Trace: CRealControlSocket::DoClose(66)
Trace: CControlSocket::DoClose(66)
Trace: CFtpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Error: Could not connect to server
Trace: CFileZillaEnginePrivate::ResetOperation(66)