[Solved] GnuTLS error -15: An unexpected TLS packet was received

Come here to discuss FileZilla and FTP in general

Moderator: Project members

Post Reply
Message
Author
dryuk94
504 Command not implemented
Posts: 6
Joined: 2020-01-10 15:42
First name: Davide
Last name: Russo

[Solved] GnuTLS error -15: An unexpected TLS packet was received

#1 Post by dryuk94 » 2020-01-14 11:13

Code: Select all

Status:	Connecting to 3x.xxx.xxx.91:21...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Logged in
Status:	Retrieving directory listing...
Status:	Server sent passive reply with unroutable address. Using server address instead.
Command:	MLSD
Error:	GnuTLS error -15: An unexpected TLS packet was received.
Error:	The data connection could not be established: ECONNABORTED - Connection aborted
Hello everyone!
Let me explain the problem: I have a Western Digital NAS where I have activated the FTP protocol. If I use a plain TLS connection (without explicit and implicit TLS) I can connect to the server both locally (192.168.1.5) and remotely (3x.xxx.xxx.91). The moment I activate explicit TLS, it connects without problems locally, while remotely I have this error. Attached I also entered the settings of the NAS of the WD and the ports open in the modem. What could be the problem?
Attachments
Modem Setting.PNG
Modem Setting.PNG (15.04 KiB) Viewed 2310 times
NAS Setting-4.PNG
NAS Setting-4.PNG (30.37 KiB) Viewed 2310 times
NAS Setting-3.PNG
NAS Setting-3.PNG (25.24 KiB) Viewed 2310 times
NAS Setting-2.PNG
NAS Setting-2.PNG (22.82 KiB) Viewed 2310 times
NAS Setting-1.PNG
NAS Setting-1.PNG (21.92 KiB) Viewed 2310 times
Last edited by dryuk94 on 2020-01-15 17:48, edited 4 times in total.

User avatar
boco
Contributor
Posts: 25185
Joined: 2006-05-01 03:28
Location: Germany

Re: GnuTLS error -15: An unexpected TLS packet was received

#2 Post by boco » 2020-01-14 11:56

Does it work if you select the "Report external IP in PASV mode?

Did you configure the router correctly? Network Configuration
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

dryuk94
504 Command not implemented
Posts: 6
Joined: 2020-01-10 15:42
First name: Davide
Last name: Russo

Re: GnuTLS error -15: An unexpected TLS packet was received

#3 Post by dryuk94 » 2020-01-14 13:05

boco wrote:
2020-01-14 11:56
Does it work if you select the "Report external IP in PASV mode?

Did you configure the router correctly? Network Configuration
I have selected the "Report external IP in PASV mode" and entered as the IP address "3x.xxx.xxx.91" (the public IPv4 address of the router). This is the result:

Code: Select all

Status:	Connecting to 3x.xxx.xxx.91:21...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Server does not support non-ASCII characters.
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is your current location
Command:	TYPE I
Response:	200 TYPE is now 8-bit binary
Command:	PASV
Response:	227 Entering Passive Mode (3x,xxx,xxx,91,234,34)
Command:	MLSD
Error:	GnuTLS error -15: An unexpected TLS packet was received.
Error:	The data connection could not be established: ECONNABORTED - Connection aborted
Attached I enter the settings of the router, NAS and FileZilla Client.
Attachments
FileZilla-3.PNG
FileZilla-3.PNG (6.86 KiB) Viewed 2298 times
FileZilla-1.PNG
FileZilla-1.PNG (13.51 KiB) Viewed 2298 times
NAS Settings.PNG
NAS Settings.PNG (54.45 KiB) Viewed 2298 times
Modem Setting-6.PNG
Modem Setting-6.PNG (16.93 KiB) Viewed 2298 times
Modem Setting-5.PNG
Modem Setting-5.PNG (40.89 KiB) Viewed 2298 times
Modem Setting-4.PNG
Modem Setting-4.PNG (23.04 KiB) Viewed 2298 times
Modem Setting-3.PNG
Modem Setting-3.PNG (62.58 KiB) Viewed 2298 times
Modem Setting-2.PNG
Modem Setting-2.PNG (43.29 KiB) Viewed 2298 times
Modem Setting-1.PNG
Modem Setting-1.PNG (41.94 KiB) Viewed 2298 times

User avatar
boco
Contributor
Posts: 25185
Joined: 2006-05-01 03:28
Location: Germany

Re: GnuTLS error -15: An unexpected TLS packet was received

#4 Post by boco » 2020-01-14 14:17

The bottom port forwarding in your router is wrong (the 49153-65534).

"Public door" 49153-65534 is correct, but the local port isn't. If you cannot enter the same port range as in "Public door", but only a single port, enter the first port of the range (49153) and the router will figure out the rest.


Test again. Note that we have a test facility: https://ftptest.net
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

dryuk94
504 Command not implemented
Posts: 6
Joined: 2020-01-10 15:42
First name: Davide
Last name: Russo

Re: GnuTLS error -15: An unexpected TLS packet was received

#5 Post by dryuk94 » 2020-01-14 14:34

boco wrote:
2020-01-14 14:17
The bottom port forwarding in your router is wrong (the 49153-65534).

"Public door" 49153-65534 is correct, but the local port isn't. If you cannot enter the same port range as in "Public door", but only a single port, enter the first port of the range (49153) and the router will figure out the rest.


Test again. Note that we have a test facility: https://ftptest.net
I changed the port setting:
- local port 49153
- public door 49153-65534

Now I have this error:

Code: Select all

Status:	Connecting to 3x.xxx.xxx.91:21...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Server does not support non-ASCII characters.
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is your current location
Command:	TYPE I
Response:	200 TYPE is now 8-bit binary
Command:	PASV
Response:	227 Entering Passive Mode (3x,xxx,xxx,91,213,167)
Command:	MLSD
Error:	The data connection could not be established: ECONNREFUSED - Connection refused by server
Instead from the test facility https://ftptest.net:

Code: Select all

Status: Resolving address of 3x.xxx.xxx.91
Status: Connecting to 3x.xxx.xxx.91
Warning: The entered address does not resolve to an IPv6 address.
Status: Connected, waiting for welcome message...
Reply: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Reply: 220-You are user number 3 of 10 allowed.
Reply: 220-Local time is now 15:27. Server port: 21.
Reply: 220-IPv6 connections are also welcome on this server.
Reply: 220 You will be disconnected after 10 minutes of inactivity.
Command: CLNT https://ftptest.net on behalf of 3x.xxx.xxx.91
Reply: 530 You aren't logged in
Command: AUTH TLS
Reply: 234 AUTH TLS OK.
Status: Performing TLS handshake...
Status: TLS handshake successful, verifying certificate...
Status: Received 1 certificates from server.
Status: cert[0]: subject='CN=192.168.1.5' issuer='CN=192.168.1.5'
Command: USER xxxx
Reply: 331 User xxxx OK. Password required
Command: PASS ***********
Reply: 230 OK. Current restricted directory is /
Command: SYST
Reply: 215 UNIX Type: L8
Command: FEAT
Reply: 211-Extensions supported:
Reply: EPRT
Reply: IDLE
Reply: MDTM
Reply: SIZE
Reply: REST STREAM
Reply: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Reply: MLSD
Reply: ESTP
Reply: PASV
Reply: EPSV
Reply: SPSV
Reply: ESTA
Reply: AUTH TLS
Reply: PBSZ
Error: Carriage return without line feed received
Results
Error: Carriage return without line feed received
- The replies sent by your server are violating the FTP specifications.
- You have to upgrade to a proper server.

dryuk94
504 Command not implemented
Posts: 6
Joined: 2020-01-10 15:42
First name: Davide
Last name: Russo

Re: GnuTLS error -15: An unexpected TLS packet was received

#6 Post by dryuk94 » 2020-01-15 11:45

I tried using Cyberduck instead of FileZilla, and was able to connect remotely with Active mode. But I can't download the files. The moment I try to download a file it gives me an error: 500 - I won't opean a connection to xxx.xxx.xx.xxx (only to 3x.xxx.xxx.91). Why does Cyberduck connect, instead FileZilla doesn't? I can only see the folders and files, but I can't download them(remotely).

dryuk94
504 Command not implemented
Posts: 6
Joined: 2020-01-10 15:42
First name: Davide
Last name: Russo

Re: GnuTLS error -15: An unexpected TLS packet was received

#7 Post by dryuk94 » 2020-01-15 16:15

I decreased the public port range to 65523-65534. Now I can access the folders remotely from FileZilla, but as soon as I try to download a file it gives me this error:

Code: Select all

Status:	Connecting to 3x.xxx.xxx.91:21...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Server does not support non-ASCII characters.
Status:	Logged in
Status:	Retrieving directory listing...
Status:	Directory listing of "/" successful
Status:	Disconnected from server
Status:	Connecting to 3x.xxx.xxx.91:21...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Server does not support non-ASCII characters.
Status:	Logged in
Status:	Starting download of /D-Russo/Desktop/stampa.bollettino.pagamento_rotated.pdf
Command:	CWD /D-Russo/Desktop
Response:	250 OK. Current directory is /D-Russo/Desktop
Command:	PWD
Response:	257 "/D-Russo/Desktop" is your current location
Command:	TYPE I
Response:	200 TYPE is now 8-bit binary
Command:	PASV
Response:	227 Entering Passive Mode (3x,xxx,xxx,91,255,249)
Command:	RETR stampa.bollettino.pagamento_rotated.pdf
Error:	The data connection could not be established: ECONNREFUSED - Connection refused by server
Error:	Connection timed out after 20 seconds of inactivity
Error:	File transfer failed
Instead with WinSCP I have this error:

Code: Select all

Failed to get the folder list
I won't open a connection to 192.168.1.8 (only to 3x.xxx.xxx.91)

dryuk94
504 Command not implemented
Posts: 6
Joined: 2020-01-10 15:42
First name: Davide
Last name: Russo

Re: GnuTLS error -15: An unexpected TLS packet was received

#8 Post by dryuk94 » 2020-01-15 17:48

Problem solved!
I had to assign a number of ports equal to the number of users that can be connected (10). Also I created port forwarding in the router for each port and not an interval. The connection is in passive mode and I can also download the files.

User avatar
botg
Site Admin
Posts: 33047
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: [Solved] GnuTLS error -15: An unexpected TLS packet was received

#9 Post by botg » 2020-01-16 08:40

As a rule of thumb you need at least as many ports as transfers that can possibly be done in 4 minutes.

Post Reply