vsftpd over ftpes error

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
xeon
226 Transfer OK
Posts: 128
Joined: 2009-08-19 03:18

vsftpd over ftpes error

#1 Post by xeon » 2009-12-04 01:31

Hello,

I'm getting the following error in my vsftpd ssl debug log when disconnecting or getting timed out on vsftpd 2.2.2 compiled from source while using filezilla client latest version.

It never seems to cause any problem and I can download/upload and get listings fine but whenever I disconnect or get timed out it gives this error.

"Connection terminated without SSL shutdown - buggy client?"

Here are the full debug logs below.

Thu Dec 3 20:26:27 2009 [pid 23903] CONNECT: Client "97.10.199.13"
Thu Dec 3 20:26:27 2009 [pid 23903] FTP response: Client "97.10.199.13", "220 Welcome!"
Thu Dec 3 20:26:27 2009 [pid 23903] FTP command: Client "97.10.199.13", "AUTH TLS"
Thu Dec 3 20:26:27 2009 [pid 23903] FTP response: Client "97.10.199.13", "234 Proceed with negotiation."
Thu Dec 3 20:26:27 2009 [pid 23903] DEBUG: Client "97.10.199.13", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, not reused, no cert"
Thu Dec 3 20:26:29 2009 [pid 23903] FTP command: Client "97.10.199.13", "USER testing"
Thu Dec 3 20:26:29 2009 [pid 23903] [testing] FTP response: Client "97.10.199.13", "331 Please specify the password."
Thu Dec 3 20:26:29 2009 [pid 23903] [testing] FTP command: Client "97.10.199.13", "PASS <password>"
Thu Dec 3 20:26:29 2009 [pid 23902] [testing] OK LOGIN: Client "97.10.199.13"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", "230 Login successful."
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP command: Client "97.10.199.13", "SYST"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", "215 UNIX Type: L8"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP command: Client "97.10.199.13", "FEAT"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", "211-Features:"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", " AUTH SSL??"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", " AUTH TLS??"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", " EPRT??"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", " EPSV??"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", " MDTM??"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", " PASV??"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", " PBSZ??"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", " PROT??"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", " REST STREAM??"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", " SIZE??"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", " TVFS??"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", " UTF8??"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", "211 End"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP command: Client "97.10.199.13", "OPTS UTF8 ON"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", "200 Always in UTF8 mode."
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP command: Client "97.10.199.13", "PBSZ 0"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", "200 PBSZ set to 0."
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP command: Client "97.10.199.13", "PROT P"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", "200 PROT now Private."
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP command: Client "97.10.199.13", "PWD"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", "257 "/""
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP command: Client "97.10.199.13", "TYPE I"
Thu Dec 3 20:26:29 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", "200 Switching to Binary mode."
Thu Dec 3 20:26:30 2009 [pid 23904] [testing] FTP command: Client "97.10.199.13", "PASV"
Thu Dec 3 20:26:30 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", "227 Entering Passive Mode (85,23,12,44,159,27)."
Thu Dec 3 20:26:30 2009 [pid 23904] [testing] FTP command: Client "97.10.199.13", "LIST"
Thu Dec 3 20:26:30 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", "150 Here comes the directory listing."
Thu Dec 3 20:26:30 2009 [pid 23903] [testing] DEBUG: Client "97.10.199.13", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, reused, no cert"
Thu Dec 3 20:26:30 2009 [pid 23903] [testing] DEBUG: Client "97.10.199.13", "SSL shutdown state is: NONE"
Thu Dec 3 20:26:30 2009 [pid 23903] [testing] DEBUG: Client "97.10.199.13", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
Thu Dec 3 20:26:30 2009 [pid 23903] [testing] DEBUG: Client "97.10.199.13", "SSL shutdown state is: 3"
Thu Dec 3 20:26:30 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", "226 Directory send OK."
Thu Dec 3 20:26:31 2009 [pid 23904] [testing] FTP command: Client "97.10.199.13", "MDTM 24000M.bin"
Thu Dec 3 20:26:31 2009 [pid 23904] [testing] FTP response: Client "97.10.199.13", "213 20090809151109"
Thu Dec 3 20:26:43 2009 [pid 23903] [testing] DEBUG: Client "97.10.199.13", "Connection terminated without SSL shutdown - buggy client?"

As you can see at the very bottom is where I disconnected and that error came up.

Any ideas?

Thanks

User avatar
botg
Site Admin
Posts: 33056
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: vsftpd over ftpes error

#2 Post by botg » 2009-12-04 08:14

I'll have a look.

xeon
226 Transfer OK
Posts: 128
Joined: 2009-08-19 03:18

Re: vsftpd over ftpes error

#3 Post by xeon » 2009-12-05 21:40

Hello,

Just wanted to add some more information. When vsftpd over ftpes times out (5 min timeout for idle) filezilla client shows this error.

Error: Disconnected from server: ECONNABORTED - Connection aborted

I don't recall this happening in previous versions of filezilla client but I could be mistaken.

Here are the full filezilla client logs.

Status: Connecting to 85.23.12.44:21...
Status: Connection established, waiting for welcome message...
Response: 220 Welcome!
Command: AUTH TLS
Response: 234 Proceed with negotiation.
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER testing
Status: TLS/SSL connection established.
Response: 331 Please specify the password.
Command: PASS ***********
Response: 230 Login successful.
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: AUTH SSL
Response: AUTH TLS
Response: EPRT
Response: EPSV
Response: MDTM
Response: PASV
Response: PBSZ
Response: PROT
Response: REST STREAM
Response: SIZE
Response: TVFS
Response: UTF8
Response: 211 End
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Command: PBSZ 0
Response: 200 PBSZ set to 0.
Command: PROT P
Response: 200 PROT now Private.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/"
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (85,23,12,44,231,32).
Command: LIST
Response: 150 Here comes the directory listing.
Response: 226 Directory send OK.
Status: Directory listing successful
Error: Disconnected from server: ECONNABORTED - Connection aborted

User avatar
boco
Contributor
Posts: 25189
Joined: 2006-05-01 03:28
Location: Germany

Re: vsftpd over ftpes error

#4 Post by boco » 2009-12-05 22:55

Just a hint: You should enable timed logs in FileZillas settings. This enables better evaluation of the logs, especially timeouts.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

xeon
226 Transfer OK
Posts: 128
Joined: 2009-08-19 03:18

Re: vsftpd over ftpes error

#5 Post by xeon » 2010-01-04 03:08

Hello,

boco, thanks for the tip I was unaware of it.

I just noticed there's additional error logging added in the latest filezilla client and it gives more information on the ECONNABORTED message here's the full log.

21:59:29 Status: Connecting to 85.23.12.44:21...
21:59:29 Status: Connection established, waiting for welcome message...
21:59:29 Response: 220 Welcome!
21:59:29 Command: AUTH TLS
21:59:29 Response: 234 Proceed with negotiation.
21:59:29 Status: Initializing TLS...
21:59:30 Status: Verifying certificate...
21:59:31 Command: USER testing
21:59:31 Status: TLS/SSL connection established.
21:59:31 Response: 331 Please specify the password.
21:59:31 Command: PASS ********
21:59:31 Response: 230 Login successful.
21:59:31 Command: SYST
21:59:31 Response: 215 UNIX Type: L8
21:59:31 Command: FEAT
21:59:31 Response: 211-Features:
21:59:31 Response: AUTH SSL
21:59:32 Response: AUTH TLS
21:59:32 Response: EPRT
21:59:32 Response: EPSV
21:59:32 Response: MDTM
21:59:32 Response: PASV
21:59:32 Response: PBSZ
21:59:32 Response: PROT
21:59:32 Response: REST STREAM
21:59:32 Response: SIZE
21:59:32 Response: TVFS
21:59:32 Response: UTF8
21:59:32 Response: 211 End
21:59:32 Command: OPTS UTF8 ON
21:59:32 Response: 200 Always in UTF8 mode.
21:59:32 Command: PBSZ 0
21:59:32 Response: 200 PBSZ set to 0.
21:59:32 Command: PROT P
21:59:32 Response: 200 PROT now Private.
21:59:32 Status: Connected
21:59:32 Status: Retrieving directory listing...
21:59:32 Command: PWD
21:59:32 Response: 257 "/"
21:59:32 Command: TYPE I
21:59:32 Response: 200 Switching to Binary mode.
21:59:32 Command: PASV
21:59:32 Response: 227 Entering Passive Mode (85,23,12,44,210,166).
21:59:32 Command: LIST
21:59:32 Response: 150 Here comes the directory listing.
21:59:33 Response: 226 Directory send OK.
21:59:33 Status: Calculating timezone offset of server...
21:59:33 Command: MDTM 24000M.bin
21:59:33 Response: 213 20090809151109
21:59:33 Status: Timezone offsets: Server: 0 seconds. Local: -18000 seconds. Difference: -18000 seconds.
21:59:33 Status: Directory listing successful
22:04:33 Error: GnuTLS error -8: A record packet with illegal version was received.
22:04:33 Error: Disconnected from server: ECONNABORTED - Connection aborted

Thanks

xeon
226 Transfer OK
Posts: 128
Joined: 2009-08-19 03:18

Re: vsftpd over ftpes error

#6 Post by xeon » 2010-01-23 00:37

Hello,

Any information about this?

Thanks

User avatar
boco
Contributor
Posts: 25189
Joined: 2006-05-01 03:28
Location: Germany

Re: vsftpd over ftpes error

#7 Post by boco » 2010-01-23 07:58

This sounds like a firewall issue (again :()... But I'd like to hear botg's opinion, as it's TLS.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

User avatar
botg
Site Admin
Posts: 33056
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: vsftpd over ftpes error

#8 Post by botg » 2010-01-23 08:32

I'm with boco on this one, the failure to receive the directory listing looks like something caused by some misbehaving firewall.

xeon
226 Transfer OK
Posts: 128
Joined: 2009-08-19 03:18

Re: vsftpd over ftpes error

#9 Post by xeon » 2010-01-23 19:32

Sorry if I explained things badly. The directory listing works fine and so do uploads/downloads.

The logs I showed are me logging in successfully getting a directory listing and waiting 5 minutes for vsftpd's default timeout.

Once that timeout occurs due to inactivity that error comes up.

User avatar
botg
Site Admin
Posts: 33056
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: vsftpd over ftpes error

#10 Post by botg » 2010-01-23 19:58

Nothing to worry about then. The FTP protocol says that just terminating a connection by closing the underlying TCP connection is equivalent of performing an orderly QUIT sequence.

Post Reply