Results 1 to 4 of 4

Thread: Connection time out when logging on vsftp with SSL

  1. #1
    Join Date
    Sep 2009
    Location
    Alverca do Ribatejo, Portugal
    Posts
    53

    Default Connection time out when logging on vsftp with SSL

    Hello all,

    I've got my vsftp server configured with SSL like this:
    Code:
    ssl_enable=YES
    
    ssl_sslv2=NO
    ssl_sslv3=NO
    ssl_tlsv1=YES
    rsa_cert_file=/etc/vsftpd/vsftpd.pem
    rsa_private_key_file=/etc/vsftpd/vsftpd.pem
    
    allow_anon_ssl=NO
    force_local_data_ssl=YES
    force_local_logins_ssl=YES
    When I try to login I get:
    Code:
    Status: Connection established, initializing TLS...
    Error:  Connection timed out
    Any ideia why?
    Without TLS everything worked fine.

  2. #2
    Camalen NNTP User

    Default Re: Connection time out when logging on vsftp with SSL

    jorgeraimundo wrote:

    > I've got my vsftp server configured with SSL like this:
    >
    > Code:
    > --------------------
    > ssl_enable=YES
    >
    > ssl_sslv2=NO
    > ssl_sslv3=NO
    > ssl_tlsv1=YES
    > rsa_cert_file=/etc/vsftpd/vsftpd.pem
    > rsa_private_key_file=/etc/vsftpd/vsftpd.pem
    >
    > allow_anon_ssl=NO
    > force_local_data_ssl=YES
    > force_local_logins_ssl=YES
    > --------------------
    >
    >
    > When I try to login I get:
    >
    > Code:
    > --------------------
    > Status: Connection established, initializing TLS...
    > Error: Connection timed out
    > --------------------
    >
    >
    > Any ideia why?
    > Without TLS everything worked fine.


    Which client are you using to connect? As you disabled standard ftp logins
    (clear passwords) only an ftp client configured with FTP/S sessions could
    handle this.

    Stop the firewall service and apparmor (rcSuSEfirewall2 stop; rcapparmor
    stop) and try again.

    And check the standard logs (messages and warn) and also vsftp logs.

    Greetings,

    --
    Camalen

  3. #3
    Join Date
    Sep 2009
    Location
    Alverca do Ribatejo, Portugal
    Posts
    53

    Default Re: Connection time out when logging on vsftp with SSL

    Sorry again! My bad.

    I'm using FileZilla.

    I indicated the server type as "FTPS - FTP over implicit TLS/SSL" but it must be "FTPES - FTP over explicit TLS/SSL".

    Everything is working fine now... Finally...

    Thank you very much for your patience.

    Best regards,
    Jorge

  4. #4
    Join Date
    Sep 2009
    Location
    Alverca do Ribatejo, Portugal
    Posts
    53

    Default Re: Connection time out when logging on vsftp with SSL

    Just another thing I've discovered (thanks to this post):

    Pay attention to the ports defined on pasv_min_port and pasv_max_port.

    It is necessary to open/forward that port range on the firewall/router so that the client is able to do something, otherwise it'll only be able to login.

    Since the SSL usage forces the client to be passive, the client must use the pasv_*_ports, therefore we must make them available and properly routed.

    Best regards,
    Jorge

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •