Arch Linux

Stefan_xyz

Member

Registered: 2019-09-01

Posts: 104

[SOLVED] VSFTPD / Filezilla GnuTLS error -15

So I want an vsftpd server which only verifies via an encrypted connection. Therefore I followed the Arch Wiki guide.

I tried to log on with FileZilla (required FTP over TLS).
But I get the following error code:

11:22:40	Status:	Connecting to 127.0.0.1:21...
11:22:40	Status:	Connection established, waiting for welcome message...
11:22:40	Status:	Initializing TLS...
11:22:40	Error:	GnuTLS error -15: An unexpected TLS packet was received.
11:22:40	Status:	Connection attempt failed with "ECONNABORTED - Connection aborted".
11:22:40	Error:	Could not connect to server
11:22:40	Status:	Waiting to retry...
11:22:45	Status:	Connecting to 127.0.0.1:21...
11:22:45	Status:	Connection established, waiting for welcome message...
11:22:45	Response:	220 "Hello"
11:22:45	Command:	AUTH TLS
11:22:45	Response:	234 Proceed with negotiation.
11:22:45	Status:	Initializing TLS...
11:22:45	Error:	GnuTLS error -15: An unexpected TLS packet was received.
11:22:45	Status:	Connection attempt failed with "ECONNABORTED - Connection aborted".
11:22:45	Error:	Could not connect to server

This is the config file:

# /etc/vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
debug_ssl=YES
connect_from_port_20=YES
idle_session_timeout=600
nopriv_user=ftpsecure
async_abor_enable=YES

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
listen=YES
pam_service_name=vsftpd

userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.user_list

rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_private_key_file=/etc/ssl/certs/vsftpd.pem

ssl_enable=YES
ssl_request_cert=NO
force_local_logins_ssl=YES
force_local_data_ssl=YES

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_private_key_file=/etc/ssl/certs/vsftpd.pem
require_ssl_reuse=NO

pasv_enable=YES
pasv_min_port=20
pasv_max_port=21
pasv_address=127.0.0.1
listen_port=21

allow_writeable_chroot=YES
chroot_local_user=YES
local_root=/tftpboot/$USER

log_ftp_protocol=YES
port_enable=YES
ftp_username=ftpsecure
ftpd_banner="Hello"

The log file of vsftpd /var/log/vsftpd.log isn't much help either but here it is:

Fri Mar 27 11:22:40 2020 [pid 2] CONNECT: Client "127.0.0.1"
Fri Mar 27 11:22:40 2020 [pid 2] FTP response: Client "127.0.0.1", "220 "Hello""
Fri Mar 27 11:22:40 2020 [pid 2] FTP command: Client "127.0.0.1", "AUTH TLS"
Fri Mar 27 11:22:40 2020 [pid 2] FTP response: Client "127.0.0.1", "234 Proceed with negotiation."
Fri Mar 27 11:22:45 2020 [pid 2] CONNECT: Client "127.0.0.1"
Fri Mar 27 11:22:45 2020 [pid 2] FTP response: Client "127.0.0.1", "220 "Hello""
Fri Mar 27 11:22:45 2020 [pid 2] FTP command: Client "127.0.0.1", "AUTH TLS"
Fri Mar 27 11:22:45 2020 [pid 2] FTP response: Client "127.0.0.1", "234 Proceed with negotiation."

Does anybody knows how I can fix that?
Thanks in advance!

EDIT: Filezilla also doesn't ask for a certificate (which it should according to this guide)

Last edited by Stefan_xyz (2020-03-27 17:51:38)

Chuck Arch Linux

Member

Registered: 2011-06-23

Posts: 81

Re: [SOLVED] VSFTPD / Filezilla GnuTLS error -15

I got a VSFTPD server set for ftpes connection and I need to add in /etc/vsftpd.conf :

seccomp_sandbox=NO

to remove this error.

Last edited by Chuck Arch Linux (2020-03-27 13:12:25)

Stefan_xyz

Member

Registered: 2019-09-01

Posts: 104

Re: [SOLVED] VSFTPD / Filezilla GnuTLS error -15

I got a VSFTPD server set for ftpes connection and I need to add in /etc/vsftpd.conf :

seccomp_sandbox=NO

to remove this error.

That worked thanks!

Chuck Arch Linux

Member

Registered: 2011-06-23

Posts: 81

Re: [SOLVED] VSFTPD / Filezilla GnuTLS error -15

For this

EDIT: Filezilla also doesn't ask for a certificate (which it should according to this guide)

Maybe because of that

This is the config file:

# /etc/vsftpd.conf
...
ssl_request_cert=NO