• March 28, 2024, 03:19:51 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2 3

Author Topic: DNS-323 Firmware 1.08 Unable to connect via ssl/tls  (Read 26526 times)

mosil

  • Level 2 Member
  • **
  • Posts: 30
DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« on: February 26, 2010, 05:25:14 PM »

Hello,
                I have read numerous posts on this forum about issues of connecting to the DNS-323 via FTP over explicit TLS/SSL. Apparently, there was a lot of frustrated users and no direct answer to a fix. I am in the same boat with alot of sleepless nights and no success.
              Currently, I am on firmware 1.08 and able to connect to the DNS-323 via TLS/SSL using Filezilla (or so i think). On the log I notice that when the PROT P command is executed the response is 534 Fallback to [C]. From what I understand is that this pretty much mean that [C] means Clear and that that all data is in plain text. Has anyone been able to fix this or even able to login in securely to the server at this time? Many thanks.


Mosil
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #1 on: February 26, 2010, 05:29:08 PM »

I gave up on it. :)
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

mosil

  • Level 2 Member
  • **
  • Posts: 30
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #2 on: February 26, 2010, 05:31:41 PM »

gunrunnerjohn> Is dlink aware of this or even acknowledge that this is a problem on the firmware. I did not see it mentioned in the 1.08 known bug forum which is why I am asking.
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #3 on: February 26, 2010, 06:04:28 PM »

I don't think many people use secure-FTP with this box, at least that's my take.
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

mosil

  • Level 2 Member
  • **
  • Posts: 30
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #4 on: February 26, 2010, 06:20:13 PM »

 If the majority of the users don't use it...then why would they implement it on the new firmware? Interesting as it is kinda deceiving to advertise tls/ssl on a product and it doesn't work. I guess its time Dlink go back to the drawing board. Hopefully they can get it fixed in the next release.
« Last Edit: February 26, 2010, 06:22:14 PM by mosil »
Logged

jrak

  • Level 2 Member
  • **
  • Posts: 35
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #5 on: February 26, 2010, 08:25:59 PM »

I thought I was able to connect via ssl/tls with firmware 1.06, but I was wrong.  I updated to 1.08 but still have the same problem (See below).  Has anyone gotten this to work with 1.08?

Connecting to XXXXXXXXXXXXXXX.
Status:   Connection established, waiting for welcome message...
Response:   220---------- Welcome to Pure-FTPd [TLS] ----------
Response:   220-You are user number 1 of 10 allowed.
Response:   220-Local time is now 23:20. Server port: 21.
Response:   220-This server supports FXP transfers
Response:   220 You will be disconnected after 2 minutes of inactivity.
Command:   AUTH TLS
Response:   234 AUTH TLS OK.
Status:   Initializing TLS...
Status:   Verifying certificate...
Command:   USER XXXXXXX
Status:   TLS/SSL connection established.
Response:   331 User XXXXXXXX OK. Password required
Command:   PASS **************
Response:   230 OK. Current restricted directory is /
Command:   SYST
Response:   215 UNIX Type: L8
Command:   FEAT
Response:   211-Extensions supported:
Response:    EPRT
Response:    IDLE
Response:    MDTM
Response:    SIZE
Response:    REST STREAM
Response:    MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:    MLSD
Response:    ESTP
Response:    PASV
Response:    EPSV
Response:    SPSV
Response:    ESTA
Response:    AUTH TLS
Response:    PBSZ
Response:    PROT
Response:   211 End.
Command:   PBSZ 0
Response:   200 PBSZ=0
Command:   PROT P
Response:   534 Fallback to [C]
Status:   Connected
Status:   Retrieving directory listing...
Command:   PWD
Response:   257 "/" is your current location
Command:   TYPE I
Response:   200 TYPE is now 8-bit binary
Command:   PASV
Response:   227 Entering Passive Mode (192,168,0,191,217,50)
Status:   Server sent passive reply with unroutable address. Using server address instead.
Command:   MLSD
Error:   Connection timed out
Error:   Failed to retrieve directory listing
Logged

mosil

  • Level 2 Member
  • **
  • Posts: 30
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #6 on: February 26, 2010, 09:18:11 PM »

Jrak,
         Other than not being able to retrieve the directory listing, I would be more concerned that you are falling back on clear text.>>

Command:   PROT P
Response:   534 Fallback to [C]


From what it looks like is that the client may be defaulting to clear text when Prot P fails. Not an expert in this but that would be my 2 cents on that. Maybe someone with more knowledge can explain a bit more.

I really doubt that it is establishing a ssl/tls connection>send  username + passwd> then switching back to clear text to transfer data. Like I said..I am not expert and hopefully someone that reads this can clarify.

Was a this a remote attempt or within your lan network?
« Last Edit: February 26, 2010, 09:23:57 PM by mosil »
Logged

Buhric

  • Level 3 Member
  • ***
  • Posts: 191
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #7 on: February 27, 2010, 04:55:26 AM »

Not really sure why you guys cant make it work....
Heres the settings I have in CuteFTP.. FileZilla must have the equivalent....


and HEre are the setting in my DNS-323... I just blacked out my IP address


And of course I forward Port 21 and 10050 trough 10099 to the DNS-323 IP
in my router

Edit:
My bad just noticed that I was clearing the "data Channel" thus resulting in unencrypted data transfers....
« Last Edit: February 27, 2010, 05:12:53 AM by Buhric »
Logged

jrak

  • Level 2 Member
  • **
  • Posts: 35
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #8 on: February 27, 2010, 05:39:38 AM »

Was a this a remote attempt or within your lan network?

Mosil,

The log was from an attempt within my lan network.  I've been able to connect remotely, but not via ssl/tls.

Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #9 on: February 27, 2010, 07:08:55 AM »

The problem is it drops to clear data transfers, the encryption is gone.
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

mosil

  • Level 2 Member
  • **
  • Posts: 30
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #10 on: February 27, 2010, 11:06:05 AM »

Ok.....I tried putting the DNS-323 on DMZ (Open to the world with out any firewall or port restrictions) and the results were the same. The FTP server is denying the FTP client request of  PROT P, hence the FTP client is defaulting to [C](This test was done on Filezilla) . It is really interesting to know that there is another thread on this same issue by Mcduarte2000 with over 3860 views to date and that did not raise a red flag for Dlink moderators to intervene. Maybe it did and they are working on a fix to surprise us ;D
« Last Edit: February 27, 2010, 11:07:58 AM by mosil »
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #11 on: February 27, 2010, 12:53:33 PM »

I did the same thing here, DMZ didn't make any difference, so I gave up.
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

mosil

  • Level 2 Member
  • **
  • Posts: 30
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #12 on: February 27, 2010, 09:59:03 PM »

Just to rule out my DIR-655 router as being a problem, I went ahead and connected  my PC and the DNS-323 to a Dlink switch. DGS2208 switch to be specific. No rules or regulations here like the router. Disabled my windows firewall. It didn't surprise me to see that it made no difference. At this point we can only conclude one thing........
Logged

Buhric

  • Level 3 Member
  • ***
  • Posts: 191
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #13 on: February 27, 2010, 10:28:11 PM »

Was a this a remote attempt or within your lan network?

Mosil,

The log was from an attempt within my lan network.  I've been able to connect remotely, but not via ssl/tls.

In my case it happens on both within my LAN and outside... same behaviour....
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #14 on: February 28, 2010, 07:35:04 AM »

FWIW, secure FTP works fine on my local network, I could just never get it to work through the router, even configured as DMZ.
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.
Pages: [1] 2 3