• September 20, 2019, 04:16:21 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 [2] 3

Author Topic: Connecting to DNS-323 using FTP over TLS behind a router with firewall (DIR-655)  (Read 41060 times)

mikef

  • Level 1 Member
  • *
  • Posts: 12

Try Filezilla in Active mode not passive.  I set it this way through a DIR-625 to a DNS-323 ftp server and it works fine.  In passive mode, I cannot get it to work.
Logged

mosil

  • Level 2 Member
  • **
  • Posts: 30

Would be nice if one of the moderators would step in and shed some light on this matter. Either there is or is not a problem in the firmware . No disrespect as I know all newly released firmware will have bugs without a doubt. If this is a known issue, it would be greatly appreciated to let the users know. Till then, I could be fighting a losing battle trying to get FTP over explicit TLS/SSL to work.

Thanks
Mosil
Logged

jrak

  • Level 2 Member
  • **
  • Posts: 35

Would be nice if one of the moderators would step in and shed some light on this matter. Either there is or is not a problem in the firmware . No disrespect as I know all newly released firmware will have bugs without a doubt. If this is a known issue, it would be greatly appreciated to let the users know. Till then, I could be fighting a losing battle trying to get FTP over explicit TLS/SSL to work.

Thanks
Mosil

I agree. I've tried every permutation of options using Filezella and another FTP program with no success.  I don't want to access my files in the clear which is not prudent.  Perhaps the moderater can provide a step-by-step guide for setting it up.  I'm using a D-Link Router (655).
Logged

DocD

  • Level 1 Member
  • *
  • Posts: 21

Hi all...

I might be able to shed a little light on this.  I noticed that I can connect with TLS for login authentication, but the channels were unencrypted (like everyone else).   After looking at the GPL files (at least those included with firmware 1.05), the PureFTPd version that DLink is using is version 1.0.21...

This is significant, as PureFTPd introduced TLS during connect (login) with version 1.0.16.  Encryption over the data channel was only enabled with version PureFTPd version 1.0.22 (per the changelog on the PureFTPd site).

I don't have the GPL files for firmware 1.08 - but it seems like the PureFTPd version has not changed.
Bottom line - data is not going to be encrypted.  Perhaps our wish list for 1.09 Beta can include a later version of PureFTPd to get that data encryption feature.

-DocD



Logged
2x DNS-323 - both with Firmware 1.08 w/ 2x WD Caviar Green 1T RAID 1 in each

jrak

  • Level 2 Member
  • **
  • Posts: 35

Hi all...

I might be able to shed a little light on this.  I noticed that I can connect with TLS for login authentication, but the channels were unencrypted (like everyone else).   After looking at the GPL files (at least those included with firmware 1.05), the PureFTPd version that DLink is using is version 1.0.21...

This is significant, as PureFTPd introduced TLS during connect (login) with version 1.0.16.  Encryption over the data channel was only enabled with version PureFTPd version 1.0.22 (per the changelog on the PureFTPd site).

I don't have the GPL files for firmware 1.08 - but it seems like the PureFTPd version has not changed.
Bottom line - data is not going to be encrypted.  Perhaps our wish list for 1.09 Beta can include a later version of PureFTPd to get that data encryption feature.

-DocD





If I understand you correctly, the password submitted is encrypted, but everything after that is not?
Logged

tfiveash

  • Level 2 Member
  • **
  • Posts: 87

If this is the case would it not be simple for DLink to correct.  It would be nice if we heard from DLink moderator or a DLink engineer.  Has anybody heard from them since they released 1.08 final?  Have they went dead on us?

HELLO MR. DLINK IS THIS CORRECT? IF IT IS CAN IT BE FIXED WITH THE NEW SOFTWARE?
Logged

abuck

  • Level 1 Member
  • *
  • Posts: 2

same problem here:

Response:   220---------- Welcome to Pure-FTPd [TLS] ----------
Response:   220-You are user number 1 of 10 allowed.
Response:   220-Local time is now 08:55. Server port: 21.
Response:   220-This server supports FXP transfers
Response:   220 You will be disconnected after 2 minutes of inactivity.
Command:   AUTH TLS
Response:   234 AUTH TLS OK.
Status:   Initializing TLS...
Error:   Connection timed out
Error:   Could not connect to server

using filezilla with FTPES
Logged

DocD

  • Level 1 Member
  • *
  • Posts: 21

If I understand you correctly, the password submitted is encrypted, but everything after that is not?

Hi jrak...

That is indeed correct.  Just the login credentials, no data is encrypted. :-[

DocD
Logged
2x DNS-323 - both with Firmware 1.08 w/ 2x WD Caviar Green 1T RAID 1 in each

jrak

  • Level 2 Member
  • **
  • Posts: 35

Hi jrak...

That is indeed correct.  Just the login credentials, no data is encrypted. :-[

DocD

So any files or documents that are transferred could be read by anyone that can tap into the transmission?  I would like to access my files away from home, typically from a hotel that provides wireless access.  How risky would that be?   
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717

ZIP the files with a strong password using the AES encryption.
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

mosil

  • Level 2 Member
  • **
  • Posts: 30

jrak,
          That would be very risky....I would go with what gunrunnerjohn suggested and encrypt the files. I really don't see the point why the user's credential is encrypted and the data is wide open. I guess there are a few benefits for those who don't really care about security but that is not me. Currently I am using the system as it is....with my username and passwd encrypted. I am also using a program called "Ironkey". This is all done on the server side and it basically encrypts the file. This way it is not easily accessed during transmission. I am sure if someone really wants to crack it they can but it will definetely get the regular snooping "Joe" to go elsewhere and look.
Logged

jrak

  • Level 2 Member
  • **
  • Posts: 35

Thanks for the guidance on encrypting files.  It certainly is not what I anticipated when I purchased the DNS-323 a year ago. It would be far better and easier to have the encryption system built into FTP process.  I would welcome hearing from the D-Link moderator on this.
Logged

dosborne

  • Level 5 Member
  • *****
  • Posts: 598

FTP is not secure. There are too many implementations for DLINK to pick one that would make people happy. Most don't need or want security and it just slows the system down, requires a specific client etc. If you need that functionality, run a full linux box. Keep the DNS323 a simple unit that serves the masses.
Logged
3 x DNS-323 with 2 x 2TB WD Drives each for a total of 12 TB Storage and Backup. Running DLink Firmware v1.08 and Fonz Fun Plug (FFP) v0.5 for improved software support.

tfiveash

  • Level 2 Member
  • **
  • Posts: 87

Dosborne, a full linux box sounds great but if all you want is encrypted ftp isn't using a full linux box like swatting house flies with a bassball bat?  From an economics standpoint the DNS-323 uses 19 watts how much electricity does your full linux box use?  I bet that I could pay for a dns-323 in a year with the savings.

Also,  If a company advertises a feature it should work.

Terry
Logged

mosil

  • Level 2 Member
  • **
  • Posts: 30

Jrak,
                  Another alternative would be to install fun_plug on your system. The encryption is SSH which is by far better than SSL/TLS.  Keep in mind that it would voids any warranty that you have on your box. You can read a little more on it here.....

http://wiki.dns323.info/howto:fun_plug#how_fun_plug_works
Logged
Pages: 1 [2] 3