FTPS issue with specific client
Posted: 2021-06-23 16:02
I am having an issue setting up a FTPS server using FileZilla server v 0.9.6 on a windows machine
Basically everything work as intended when I am connecting form FileZilla client or using https://ftptest.net
Open in new window
However using a (Fujitsu N7100) network scanner I get an error "450 TLS session of data connection has not resumed or the session does not match the control connection" as per bellow:
the only thing I can see is that in the latter attempt the server will use port 51668 for the passive FTP whereas in the first case it used 51488. Both are in the firewall (Mikrotik) 51000-52000 defined range.
In the FileZilla Securtiy Settings I have unchecked the "require matching peer IP address of control and data connection" option (although I don't see why they would not match, but on the off-chance this would be my issue).
Any suggestion most welcome !
Basically everything work as intended when I am connecting form FileZilla client or using https://ftptest.net
Code: Select all
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> Connected on port 2221, sending welcome message...
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> 220 This is not a public server !
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> AUTH TLS
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> 234 Using authentication type TLS
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> TLS connection established
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> USER --someid--
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> 331 Password required for --someid--
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> PASS --someid--
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 230 Logged on
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PBSZ 0
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 200 PBSZ=0
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PROT P
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 200 Protection level set to P
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> CWD /ClientTIFF
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 250 CWD successful. "/ClientTIFF" is current directory.
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PWD
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 257 "/ClientTIFF" is current directory.
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> TYPE A
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 200 Type set to A
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PASV
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 227 Entering Passive Mode (x,x,x,x,199,117)
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> STOR zlog.txt
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 150 Opening data channel for file upload to server of "/ClientTIFF/scan150551001.tif"
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> TLS connection for data connection established
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 226 Successfully transferred "/ClientTIFF/scan150551001.tif"
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> TYPE I
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 200 Type set to I
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PASV
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 227 Entering Passive Mode (x,x,x,x,201,32)
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> MLSD
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 150 Opening data channel for directory listing of "/ClientTIFF"
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> TLS connection for data connection established
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 226 Successfully transferred "/ClientTIFF"
However using a (Fujitsu N7100) network scanner I get an error "450 TLS session of data connection has not resumed or the session does not match the control connection" as per bellow:
Code: Select all
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> Connected on port 2221, sending welcome message...
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 220 This is not a public server !
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> AUTH TLS-P
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 504 Auth type not supported
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> AUTH TLS
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 234 Using authentication type TLS
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> TLS connection established
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> PBSZ 0
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 200 PBSZ=0
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> PROT P
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 200 Protection level set to P
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> USER --someid--
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 331 Password required for --someid--
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> PASS --someid--
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 230 Logged on
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> FEAT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 211-Features:
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> MDTM
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> REST STREAM
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> SIZE
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> MLST type*;size*;modify*;
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> MLSD
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> AUTH SSL
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> AUTH TLS
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> PROT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> PBSZ
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> UTF8
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> CLNT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> MFMT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> EPSV
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> EPRT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 211 End
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> OPTS UTF8 ON
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 202 UTF8 mode is always enabled. No need to send this command.
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> NOOP
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 200 OK
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> PWD
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 257 "/" is current directory.
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> CWD ClientTIFF
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 250 CWD successful. "/ClientTIFF" is current directory.
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> SIZE scan150551001.tif
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 550 File not found
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> TYPE I
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 200 Type set to I
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> PASV
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 227 Entering Passive Mode (x,x,x,x,201,212)
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> STOR scan150551001.tif
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 150 Opening data channel for file upload to server of "/ClientTIFF/scan150551001.tif"
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 450 TLS session of data connection has not resumed or the session does not match the control connection
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> DELE scan150551001.tif
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 250 File deleted successfully
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> disconnected.
(000048)6/23/2021 16:06:43 PM - --someid-- (*.*.*.*)> disconnected.
(000047)6/23/2021 16:07:39 PM - --someid-- (*.*.*.*)> 421 Connection timed out.
(000047)6/23/2021 16:07:39 PM - --someid-- (*.*.*.*)> disconnected.
the only thing I can see is that in the latter attempt the server will use port 51668 for the passive FTP whereas in the first case it used 51488. Both are in the firewall (Mikrotik) 51000-52000 defined range.
In the FileZilla Securtiy Settings I have unchecked the "require matching peer IP address of control and data connection" option (although I don't see why they would not match, but on the off-chance this would be my issue).
Any suggestion most welcome !