4G router problem with FTPS

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
0v3rl0rd
500 Command not understood
Posts: 1
Joined: 2021-01-28 00:01

4G router problem with FTPS

#1 Post by 0v3rl0rd » 2021-01-28 15:09

Greetings everyone.

I've been using FileZilla for few years now, but lately I've come across a problem with FTP: I cannot connect to my server slot when using "encryption: Require explicit FTP over TLS".


When I choose "Require explicit FTP over TLS" I get the following log:

Code: Select all

Status: Connecting to XXX.XX.XX.XXX:XX...
Status: Connection established, waiting for welcome message...
Response:   220 (vsFTPd 3.0.3)
Command:    AUTH TLS
Response:   504 Command not implemented for that parameter
Command:    AUTH SSL
Response:   504 Command not implemented for that parameter
Error:  Critical error: Could not connect to server
When I choose "USE EXPLICIT FTP OVER TLS IF AVAILABLE " I get the following warning:

Code: Select all

Status: Connecting to XXX.XX.XX.XXX:XX...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
... and then a warning window pops up , saying:

Code: Select all

Warning! You have previously connected to this sever using FTP over TLS, yet the server has now rejected FTP over TLS. 
This may be the result of a downgrade attack, only continue after you have spoken to the server administrator or server hosting provider. 
If you continue, your password and files will be sent in clear over the internet. 
Host: XXX.XX.XX.XXX 
Port: 21 
[ok] [cancel] 
Then, I e-mailed my hosting provider, and after checking they told me that everything works fine on their side.


After that, I managed to narrow down the problem: I have two networks in my home, and to both I connect using WiFi:
1) FIRST router is connected via fixed telephone wire to my ISP. When I connect to this network using WiFi, Filezilla CAN connect with "Require explicit".
2) SECOND router is a 4G router (Archer MR200) and is connected with to the ISP with my SIM card. When I connect to this network using WiFi, Filezilla CANNOT connect with "Require explicit".

Following are detailed logs from both situations:

Code: Select all

When using router 1 which is connected via fixed telephone wire to my ISP: 
Status: Connecting to XXX.XX.XX.XXX:XX...
Status: Connection established, waiting for welcome message...
Response:   220 (vsFTPd 3.0.3)
Command:    AUTH TLS
Response:   234 Proceed with negotiation.
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Command:    USER *********  
Response:   331 Please specify the password.
Command:    PASS **********
Response:   230 Login successful.
Command:    OPTS UTF8 ON
Response:   200 Always in UTF8 mode.
Command:    PBSZ 0
Response:   200 PBSZ set to 0.
Command:    PROT P
Response:   200 PROT now Private.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is the current directory
Status: Directory listing of "/" successful
This one is for a 4G router:

Code: Select all

Status: Connecting to XXX.XX.XX.XXX:XX...
Status: Connection established, waiting for welcome message...
Response:   220 (vsFTPd 3.0.3)
Command:    AUTH TLS
Response:   504 Command not implemented for that parameter
Command:    AUTH SSL
Response:   504 Command not implemented for that parameter
Error:  Critical error: Could not connect to server
I would appreciate any help regarding my problem :)

NOTE: settings in FZ remain the same when connected to any of these 2 networks.

User avatar
boco
Contributor
Posts: 25448
Joined: 2006-05-01 03:28
Location: Germany

Re: 4G router problem with FTPS

#2 Post by boco » 2021-01-29 02:48

And now, compare the client log with the server log from the same session: It will be a jaw-dropping experience for the 4G connection, revealing manipulated FTP commands and server replies. Mobile providers actively and purposely sabotage FTP over TLS, in order to keep the connection in clear text, mostly for traffic-shaping. FTP over TLS is end-to-end encryption and goes directly against their goals.

Unfortunately, the only real solution is: Don't use mobile providers, or, at least, one that allows FTP over TLS. While you can test if FTP over TLS Implicit (port 990) works, there's a good chance it won't, due to a block.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

Post Reply