I just configured my pure-ftp server with TLS. Before that it worked fine but with no security. I followed this tutorial and when I want to connect from Internet I get the message : [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms. I surely missed something, but my google searches are without success for now.
My station is a PC with Linux Mint 18.3. It is behind an Internet box. The ports 20 and 21 of the box are redirected to my ftp server station. I configured the firewall on the station to authorize connections on ports 20 and 21. I use FileZilla to connect.
-> Executed from localhost, the connection is fine : I get the certificate panel and see the directory listing. OK !
-> Executed from another station on the same private lan and if I target the private lan address (192.168.0.a), I get the certificate panel and see the directory listing. OK !
When I try a connection from another station on the same private lan and if I target the public Internet address, I get the certificate panel but the connection fails. Message : "The server sent a passive response with a non-routable address. Address replaced by the server address." In the syslog of the server I see no problem :
-> New connection from 192.168.0.254 (<- the gateway address)
-> SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher
-> my-user is now logged in
When I try a connection from an Internet station the connection is denied. In syslog I read "Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms." In Filezilla :
Command: AUTH TLS
Answer: 502 AUTH TLS OK.
Command: AUTH SSL
Error: unable to connect to the server
I forgot to redirect the passive ports range in my router. Once it's done the connection from an Internet workstation is fine.