Page 1 of 1

[Solved] GnuTLS error -15: An unexpected TLS packet was received

Posted: 2020-01-14 11:13
by dryuk94

Code: Select all

Status:	Connecting to 3x.xxx.xxx.91:21...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Logged in
Status:	Retrieving directory listing...
Status:	Server sent passive reply with unroutable address. Using server address instead.
Command:	MLSD
Error:	GnuTLS error -15: An unexpected TLS packet was received.
Error:	The data connection could not be established: ECONNABORTED - Connection aborted
Hello everyone!
Let me explain the problem: I have a Western Digital NAS where I have activated the FTP protocol. If I use a plain TLS connection (without explicit and implicit TLS) I can connect to the server both locally (192.168.1.5) and remotely (3x.xxx.xxx.91). The moment I activate explicit TLS, it connects without problems locally, while remotely I have this error. Attached I also entered the settings of the NAS of the WD and the ports open in the modem. What could be the problem?

Re: GnuTLS error -15: An unexpected TLS packet was received

Posted: 2020-01-14 11:56
by boco
Does it work if you select the "Report external IP in PASV mode?

Did you configure the router correctly? Network Configuration

Re: GnuTLS error -15: An unexpected TLS packet was received

Posted: 2020-01-14 13:05
by dryuk94
boco wrote:
2020-01-14 11:56
Does it work if you select the "Report external IP in PASV mode?

Did you configure the router correctly? Network Configuration
I have selected the "Report external IP in PASV mode" and entered as the IP address "3x.xxx.xxx.91" (the public IPv4 address of the router). This is the result:

Code: Select all

Status:	Connecting to 3x.xxx.xxx.91:21...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Server does not support non-ASCII characters.
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is your current location
Command:	TYPE I
Response:	200 TYPE is now 8-bit binary
Command:	PASV
Response:	227 Entering Passive Mode (3x,xxx,xxx,91,234,34)
Command:	MLSD
Error:	GnuTLS error -15: An unexpected TLS packet was received.
Error:	The data connection could not be established: ECONNABORTED - Connection aborted
Attached I enter the settings of the router, NAS and FileZilla Client.

Re: GnuTLS error -15: An unexpected TLS packet was received

Posted: 2020-01-14 14:17
by boco
The bottom port forwarding in your router is wrong (the 49153-65534).

"Public door" 49153-65534 is correct, but the local port isn't. If you cannot enter the same port range as in "Public door", but only a single port, enter the first port of the range (49153) and the router will figure out the rest.


Test again. Note that we have a test facility: https://ftptest.net

Re: GnuTLS error -15: An unexpected TLS packet was received

Posted: 2020-01-14 14:34
by dryuk94
boco wrote:
2020-01-14 14:17
The bottom port forwarding in your router is wrong (the 49153-65534).

"Public door" 49153-65534 is correct, but the local port isn't. If you cannot enter the same port range as in "Public door", but only a single port, enter the first port of the range (49153) and the router will figure out the rest.


Test again. Note that we have a test facility: https://ftptest.net
I changed the port setting:
- local port 49153
- public door 49153-65534

Now I have this error:

Code: Select all

Status:	Connecting to 3x.xxx.xxx.91:21...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Server does not support non-ASCII characters.
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is your current location
Command:	TYPE I
Response:	200 TYPE is now 8-bit binary
Command:	PASV
Response:	227 Entering Passive Mode (3x,xxx,xxx,91,213,167)
Command:	MLSD
Error:	The data connection could not be established: ECONNREFUSED - Connection refused by server
Instead from the test facility https://ftptest.net:

Code: Select all

Status: Resolving address of 3x.xxx.xxx.91
Status: Connecting to 3x.xxx.xxx.91
Warning: The entered address does not resolve to an IPv6 address.
Status: Connected, waiting for welcome message...
Reply: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Reply: 220-You are user number 3 of 10 allowed.
Reply: 220-Local time is now 15:27. Server port: 21.
Reply: 220-IPv6 connections are also welcome on this server.
Reply: 220 You will be disconnected after 10 minutes of inactivity.
Command: CLNT https://ftptest.net on behalf of 3x.xxx.xxx.91
Reply: 530 You aren't logged in
Command: AUTH TLS
Reply: 234 AUTH TLS OK.
Status: Performing TLS handshake...
Status: TLS handshake successful, verifying certificate...
Status: Received 1 certificates from server.
Status: cert[0]: subject='CN=192.168.1.5' issuer='CN=192.168.1.5'
Command: USER xxxx
Reply: 331 User xxxx OK. Password required
Command: PASS ***********
Reply: 230 OK. Current restricted directory is /
Command: SYST
Reply: 215 UNIX Type: L8
Command: FEAT
Reply: 211-Extensions supported:
Reply: EPRT
Reply: IDLE
Reply: MDTM
Reply: SIZE
Reply: REST STREAM
Reply: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Reply: MLSD
Reply: ESTP
Reply: PASV
Reply: EPSV
Reply: SPSV
Reply: ESTA
Reply: AUTH TLS
Reply: PBSZ
Error: Carriage return without line feed received
Results
Error: Carriage return without line feed received
- The replies sent by your server are violating the FTP specifications.
- You have to upgrade to a proper server.

Re: GnuTLS error -15: An unexpected TLS packet was received

Posted: 2020-01-15 11:45
by dryuk94
I tried using Cyberduck instead of FileZilla, and was able to connect remotely with Active mode. But I can't download the files. The moment I try to download a file it gives me an error: 500 - I won't opean a connection to xxx.xxx.xx.xxx (only to 3x.xxx.xxx.91). Why does Cyberduck connect, instead FileZilla doesn't? I can only see the folders and files, but I can't download them(remotely).

Re: GnuTLS error -15: An unexpected TLS packet was received

Posted: 2020-01-15 16:15
by dryuk94
I decreased the public port range to 65523-65534. Now I can access the folders remotely from FileZilla, but as soon as I try to download a file it gives me this error:

Code: Select all

Status:	Connecting to 3x.xxx.xxx.91:21...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Server does not support non-ASCII characters.
Status:	Logged in
Status:	Retrieving directory listing...
Status:	Directory listing of "/" successful
Status:	Disconnected from server
Status:	Connecting to 3x.xxx.xxx.91:21...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Server does not support non-ASCII characters.
Status:	Logged in
Status:	Starting download of /D-Russo/Desktop/stampa.bollettino.pagamento_rotated.pdf
Command:	CWD /D-Russo/Desktop
Response:	250 OK. Current directory is /D-Russo/Desktop
Command:	PWD
Response:	257 "/D-Russo/Desktop" is your current location
Command:	TYPE I
Response:	200 TYPE is now 8-bit binary
Command:	PASV
Response:	227 Entering Passive Mode (3x,xxx,xxx,91,255,249)
Command:	RETR stampa.bollettino.pagamento_rotated.pdf
Error:	The data connection could not be established: ECONNREFUSED - Connection refused by server
Error:	Connection timed out after 20 seconds of inactivity
Error:	File transfer failed
Instead with WinSCP I have this error:

Code: Select all

Failed to get the folder list
I won't open a connection to 192.168.1.8 (only to 3x.xxx.xxx.91)

Re: GnuTLS error -15: An unexpected TLS packet was received

Posted: 2020-01-15 17:48
by dryuk94
Problem solved!
I had to assign a number of ports equal to the number of users that can be connected (10). Also I created port forwarding in the router for each port and not an interval. The connection is in passive mode and I can also download the files.

Re: [Solved] GnuTLS error -15: An unexpected TLS packet was received

Posted: 2020-01-16 08:40
by botg
As a rule of thumb you need at least as many ports as transfers that can possibly be done in 4 minutes.