• September 20, 2019, 02:32:52 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 [2] 3

Author Topic: DNS-323 Firmware 1.08 Unable to connect via ssl/tls  (Read 23098 times)

mosil

  • Level 2 Member
  • **
  • Posts: 30
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #15 on: February 28, 2010, 08:46:49 AM »

Gunrunnerjohn,
                         That is very interesting that you said that. Just out of curiousity what FTP client are you using? I don't think that it has anything to do with client end but I would sure like to rule it out.

P.S I am on Filezilla (latest version). I tried to manually send the commands to the server and below are the results.


Command:   PROT E
Response:   534 Fallback to [C]
Command:   PROT P
Response:   534 Fallback to [C]
Command:   PROT C
Response:   200 OK

Only Clear text works.
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #16 on: February 28, 2010, 08:49:43 AM »

I'm using FileZilla, and I just did the update that prompted me this morning. :)
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #17 on: February 28, 2010, 11:10:09 AM »

FWIW, secure FTP works fine on my local network, I could just never get it to work through the router, even configured as DMZ.


Assuming that the default gateway on the DNS-323 is properly set, this points to a "client side" issue - is the client also behind a NAT router?
« Last Edit: February 28, 2010, 11:11:53 AM by fordem »
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #18 on: February 28, 2010, 11:42:51 AM »

Well, the default gateway is correct, it's the same as for all the other devices, the base address of the router.

We tried it on the other end also in the DMZ of his router, which should eliminate the NAT layer issue.

The other guy got tired of screwing around with it, so we gave up. :)
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

Wastedfreak

  • Level 1 Member
  • *
  • Posts: 23
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #19 on: February 28, 2010, 12:20:25 PM »

Try assigning a primary and secondary dns address on the NAS.
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #20 on: February 28, 2010, 12:21:40 PM »

A secondary DNS is somewhat pointless here, since my primary points to the router which is what my whole network uses.  This is not a DNS issue anyway.
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

mosil

  • Level 2 Member
  • **
  • Posts: 30
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #21 on: February 28, 2010, 03:49:18 PM »

Gunrunnerjohn,
                      That is really good that you are able to get FTP over explicit SSL/TSL on your home network to work. You are one step ahead of me. I really don't need to have that sort of security while within my network but i still tried it while troubleshooting and I was unsuccessful. Did you have to do anything special to get this to work?

:Other thoughts
I am a little concerned that Filezilla is falling back on clear text without a pop up warning or disconnecting all together. I was unable to find the any option on the software for it not to fall back to this mode and disconnect but was unable to find one. It could be built in to the software to default to [C]. If one is not paying attention to the log, they will not know.

Has anyone tried any other FTP client and what are the results?
« Last Edit: February 28, 2010, 03:54:34 PM by mosil »
Logged

jolley

  • Guest
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #22 on: March 01, 2010, 05:11:57 AM »

mosil,

It works fine once you reset to defaults using the button on the back of the unit and reconfigure manually.

I had the same problem until I did that (you can also do a quick fix by ticking 'TLS/SSL only' and applying, then unticking and applying which avoids resetting the box).

Maybe worth reading http://forums.dlink.com/index.php?topic=9957.30

Cheers
Logged

mosil

  • Level 2 Member
  • **
  • Posts: 30
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #23 on: March 01, 2010, 07:10:26 PM »

Jolley,
                 I have already carried out restore to default and manually doing a hard reset but with no luck. I do get the RSA 2048 bit certificate like you mention in the other thread but if you follow the log beyond that you will see that the encryption drops and falls back to plain text. I did some research on Filezilla forum and found that the  the username/passwd is encrypted but data transfer is not once it falls back to [C]...
>>
>>
PROT P refers to the data transfers. Communication with the server is always encrypted if you use SSL/TLS.
Communication encrypted: PROT C, Communication+Data encrypted: PROT P.

If PROT P isn't enforced, client could send PROT C and transfer files unencrypted. If PROT P is enforced, PROT C is rejected.

This is obviously for a filezilla server and not the DNS..

Here is the link if you would like to read some more...

http://wiki.filezilla-project.org/SSL/TLS
« Last Edit: March 01, 2010, 07:12:30 PM by mosil »
Logged

jolley

  • Guest
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #24 on: March 02, 2010, 04:41:35 AM »

Interesting, cheers for the info.
Logged

mosil

  • Level 2 Member
  • **
  • Posts: 30
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #25 on: March 02, 2010, 09:45:45 PM »

Final Status:

Able to connect to DNS-323 server both locally and remotely via FTP over explicit SSL/TSL. *Appears* that my username and password is masked on both connections. Data transfer is what I am not sure about. Seems that the connection switches back to Clear text afterwards. I would have to assume at this point that the server does not support PROT P. I am able to retrieve directory listing successfully both remotely and locally by configuring the ports.

LOCALLY


Status:   Resolving address of unknown.com
Status:   Connecting to xxx.xxx.xxx.xxx:0000...
Status:   Connection established, waiting for welcome message...
Response:   220---------- Welcome to Pure-FTPd [TLS] ----------
Response:   220-You are user number 1 of 5 allowed.
Response:   220-Local time is now 00:29. Server port: 0000.
Response:   220-This server supports FXP transfers
Response:   220 You will be disconnected after 5 minutes of inactivity.
Command:   AUTH TLS
Response:   234 AUTH TLS OK.
Status:   Initializing TLS...
Status:   Verifying certificate...
Command:   USER ME
Status:   TLS/SSL connection established.
Response:   331 User ME OK. Password required
Command:   PASS ******
Response:   230 OK. Current restricted directory is /
Command:   SYST
Response:   215 UNIX Type: L8
Command:   FEAT
Response:   211-Extensions supported:
Response:    EPRT
Response:    IDLE
Response:    MDTM
Response:    SIZE
Response:    REST STREAM
Response:    MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:    MLSD
Response:    ESTP
Response:    PASV
Response:    EPSV
Response:    SPSV
Response:    ESTA
Response:    AUTH TLS
Response:    PBSZ
Response:    PROT
Response:   211 End.
Command:   PBSZ 0
Response:   200 PBSZ=0
Command:   PROT P
Response:   534 Fallback to [C]
Status:   Connected
Status:   Retrieving directory listing...
Command:   CWD /mnt/HD_b2/unknown
Response:   550 Can't change directory to /mnt/HD_b2/unknown: No such file or directory
Command:   PWD
Response:   257 "/" is your current location
Command:   TYPE I
Response:   200 TYPE is now 8-bit binary
Command:   PASV
Response:   227 Entering Passive Mode (xxx,xxx,xxx,xxx,x,xxx)
Status:   Server sent passive reply with unroutable address. Using server address instead.
Command:   MLSD
Response:   150 Accepted data connection
Response:   226-ASCII
Response:   226-Options: -l
Response:   226 1 matches total
Status:   Directory listing successful

REMOTELY

Status:   Resolving address of unknown.com
Status:   Connecting to xxx.xxx.xxx.xxx:0000...
Status:   Connection established, waiting for welcome message...
Response:   220---------- Welcome to Pure-FTPd [TLS] ----------
Response:   220-You are user number 1 of 5 allowed.
Response:   220-Local time is now 00:37. Server port: 0000.
Response:   220-This server supports FXP transfers
Response:   220 You will be disconnected after 5 minutes of inactivity.
Command:   AUTH TLS
Response:   234 AUTH TLS OK.
Status:   Initializing TLS...
Status:   Verifying certificate...
Command:   USER ME
Status:   TLS/SSL connection established.
Response:   331 User ME OK. Password required
Command:   PASS *************
Response:   230 OK. Current restricted directory is /
Command:   SYST
Response:   215 UNIX Type: L8
Command:   FEAT
Response:   211-Extensions supported:
Response:    EPRT
Response:    IDLE
Response:    MDTM
Response:    SIZE
Response:    REST STREAM
Response:    MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:    MLSD
Response:    ESTP
Response:    PASV
Response:    EPSV
Response:    SPSV
Response:    ESTA
Response:    AUTH TLS
Response:    PBSZ
Response:    PROT
Response:   211 End.
Command:   PBSZ 0
Response:   200 PBSZ=0
Command:   PROT P
Response:   534 Fallback to [C]
Status:   Connected
Status:   Retrieving directory listing...
Command:   PWD
Response:   257 "/" is your current location
Command:   TYPE I
Response:   200 TYPE is now 8-bit binary
Command:   PORT xx,xxx,xxx,xxx,x,xxx
Response:   200 PORT command successful
Command:   MLSD
Response:   150 Connecting to port xxxx
Response:   226-ASCII
Response:   226-Options: -l
Response:   226 4 matches total
Status:   Directory listing successful
Logged

tfiveash

  • Level 2 Member
  • **
  • Posts: 87
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #26 on: March 02, 2010, 10:03:07 PM »

I wish that Dlink would respond to this issue.  Are we doing something wrong or is it a bug in the firmware?  It would save a lot of time if they would help.

Terry
Logged

mosil

  • Level 2 Member
  • **
  • Posts: 30
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #27 on: March 03, 2010, 06:03:47 AM »

Terry,
                I could not agree more. Hope Dlink is reading this. >:(
Logged

mosil

  • Level 2 Member
  • **
  • Posts: 30
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #28 on: March 13, 2010, 03:48:57 PM »

Hellooooooooooooooooooooooooooooooooooooooo........... Does not have to be a fix....Just an answer to shed some light.
Logged

davss

  • Level 1 Member
  • *
  • Posts: 3
Re: DNS-323 Firmware 1.08 Unable to connect via ssl/tls
« Reply #29 on: July 22, 2010, 09:23:02 AM »

Same issue on my side, Did some tests which are here:
http://forums.dlink.com/index.php?topic=8643.msg82653#msg82653

D-Link don't seem to care about users that are unable to use such basic features as secure FTP. I may have to sell this device and get some other brand that have them working properly... it's a shame because used to think D-link wasn't that bad but over the past few years gradually getting worse and worse.
Logged
Pages: 1 [2] 3