Insecure connection to https://www.ip.filezilla-project.org/ip.php

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
patverner
500 Command not understood
Posts: 4
Joined: 2018-08-28 06:54
First name: Pat
Last name: Verner

Insecure connection to https://www.ip.filezilla-project.org/ip.php

#1 Post by patverner » 2018-08-28 07:13

I am trying to configure my filezilla for an "Explicit FTP over TLS", it hangs after giving the command "AUTH TLS".
I tried using the Network Configuration Wizard, which also hangs.
On checking for the external IP with the link http://ip.filezilla-project.org/ip.php, I get the message (using Firefox):

The owner of www.ip.filezilla-project.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

If I try the same link using lynx, I get the localhost address of 127.0.0.1

I have been using Filezilla for years on the particular web site for years, and only in the last month have things gone wrong. My normal host is a Linux box; in desperation I tried installing Filezilla on my Windows 10 laptop, still cannot access the site I have been uploading to for years.
Any suggestion would be appreciated.
=Pat

User avatar
botg
Site Admin
Posts: 31582
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Insecure connection to https://www.ip.filezilla-project.org/ip.php

#2 Post by botg » 2018-08-28 08:04

I am trying to configure my filezilla for an "Explicit FTP over TLS", it hangs after giving the command "AUTH TLS".
Either the server is broken or a firewall is blocking the connection. You can use https://ftptest.net/ to figure out whether it's a server-side issue.

On checking for the external IP with the link http://ip.filezilla-project.org/ip.php, I get the message (using Firefox):
The resolver script is only for FileZilla, it cannot be used with browsers.

patverner
500 Command not understood
Posts: 4
Joined: 2018-08-28 06:54
First name: Pat
Last name: Verner

Re: Insecure connection to https://www.ip.filezilla-project.org/ip.php

#3 Post by patverner » 2018-08-28 13:59

I have now discovered the cause of my problem -
What has happened is that my service provider has switched to using "Carrier Grade NAT", so that there is a double NAT in place - my local IP on the
192.168.160 .x local net is getting an IP of 100.86.10.zzz, while my real external address is 102.x.y.z.

Is there any way to establish an Explicit FTP over TLS connection with such a combination?

Regards
=Pat

User avatar
botg
Site Admin
Posts: 31582
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Insecure connection to https://www.ip.filezilla-project.org/ip.php

#4 Post by botg » 2018-08-28 14:02

As long as you are using passive mode there shouldn't be any problem connecting to servers on the Internet.

patverner
500 Command not understood
Posts: 4
Joined: 2018-08-28 06:54
First name: Pat
Last name: Verner

Re: Insecure connection to https://www.ip.filezilla-project.org/ip.php

#5 Post by patverner » 2018-11-15 07:07

The very latest FileZilla (3.38.1) has changed my problem, but I still cannot connect. I do get more information in the logs:

When trying the Network Configuration Wizard I get:
Checking for correct external IP address
Retrieving external IP address from http://ip.filezilla-project.org/ip.php
Checking for correct external IP address
IP 102.250.2.4 bac-cfa-c-e
Response: 510 Mismatch. Your IP is 102.250.2.96, bac-cfa-c-jg
Wrong external IP address
Connection closed

If I try to connect to the server I nee to access I get:

Status: Resolving address of xxxxxxxxx
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PASV
Response: 227 Entering Passive Mode (138,201,19,4,168,94)
Command: MLSD
Error: GnuTLS error -110: The TLS connection was non-properly terminated.
Status: Server did not properly shut down TLS connection
Error: Transfer connection interrupted: ECONNABORTED - Connection aborted
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing
Status: Disconnected from server


This issue apparently arises from the "double NAT" configuration by the ISP - is there any way to overcome this?
Obviously I have no TLS issues with the normal https connections.
Regards
=Pat

User avatar
botg
Site Admin
Posts: 31582
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Insecure connection to https://www.ip.filezilla-project.org/ip.php

#6 Post by botg » 2018-11-15 08:44

Did you yet use https://ftptest.net/ to check whether it could be a server-side issue?

patverner
500 Command not understood
Posts: 4
Joined: 2018-08-28 06:54
First name: Pat
Last name: Verner

Re: Insecure connection to https://www.ip.filezilla-project.org/ip.php

#7 Post by patverner » 2018-11-15 09:17

I have just tried to connect using the https://ftptest.net/ and this connection was reported as successful.
The report back was:
Your server is working and assorted routers/firewalls have been correctly configured for explicit FTP over TLS as performed by this test. However there have been warnings about compatibility issues, not all users will be able to use your server.
The only warning in the log is to the effect that the ip address does not resolve to an IPv6 address.
Regards
=Pat

User avatar
botg
Site Admin
Posts: 31582
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Insecure connection to https://www.ip.filezilla-project.org/ip.php

#8 Post by botg » 2018-11-15 10:28

There's one more thing you could try, using a VPN provider to prevent your ISP from tampering with FTP.

Apart from that there's sadly not much you can do short of switching ISPs.

Post Reply