FTP + SSL/TLS + LetsEncrypt ----> error

    • OMV 3.x
    • Resolved

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • FTP + SSL/TLS + LetsEncrypt ----> error

      Hello world !

      Seting up openmediavault FTP with SSL/TLS WITH a letsencrypt cert:

      [Blocked Image: http://i68.tinypic.com/332azk2.jpg]

      getting in ssh shell :
      mod_tls.c: error initializing session nas proftpd[31182]: nas.domaine.tld - mod_tls.c: error initializing session: Permission denied -- (error message modified for privacy)



      Wondering if the proftpd for OMV3.x was built with --with-modules=mod_tls ??

      Display Spoiler



      Installation

      The mod_tls module is distributed with ProFTPD. Simply follow
      the normal steps for using third-party modules in ProFTPD:
      $ ./configure --with-modules=mod_tls $ make $ make installAlternatively, mod_tls can be built as a DSO module:
      $ ./configure --enable-dso --with-shared=mod_tls ...Then follow the usual steps:
      $ make $ make installYou may need to specify the location of the OpenSSL header and library filesin your configure command, e.g.:
      $ ./configure --with-modules=mod_tls \ --with-includes=/usr/local/openssl \ --with-libraries=/usr/local/openssl



      IF NOT, is it possible to do:
      apt-get remove proftpd-basic ( !! used by OMG3.x )
      then
      download proftpd source and
      ./configure --enable-dso --with-shared=mod_tls ??? :?:
      ---------------------------------------------------------------------------------------------------------------------
      French, so forgive my english
      Personal Rig: valid.x86.fr/v72uek as a test bench with Oracle VM.
      And YES, my avatar is real, i am flying "parapentes" in St Hilaire du Touvet and at la coupe icare.
    • anyway, just finish to clone my OMV3.x on a usb key so i am about to test it by myself.

      gimme some minute to screw things up and i come back
      ---------------------------------------------------------------------------------------------------------------------
      French, so forgive my english
      Personal Rig: valid.x86.fr/v72uek as a test bench with Oracle VM.
      And YES, my avatar is real, i am flying "parapentes" in St Hilaire du Touvet and at la coupe icare.
    • Of course tls is included, why would be offering the option and then have the binary with tls disabled. Just check with -V, the error is something different.

      Letsencrypt doesn’t work right away in ftp, you need to add a extra directive in the configuration from what I rememeber. The answer I think is here also definetly in google.
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • Using the source for proftpd 1.3.6rc4 with

      Source Code: ./configure for test

      1. ./configure --prefix=/opt/proftpd --bindir=/opt/proftpd --sbindir=/opt/proftpd --enable-openssl --enable-dso --with-shared=mod_tls --enable-ctrls




      and no compil error:

      Brainfuck Source Code: ./configure results

      1. configure: creating ./config.status
      2. config.status: creating Makefile
      3. config.status: creating config.h
      4. config.status: executing depfiles commands
      5. config.status: executing libtool commands
      6. --------------
      7. Build Summary
      8. --------------
      9. Building the following static modules:
      10. mod_ident
      11. mod_cap
      12. mod_ctrls
      13. Building the following shared modules:
      14. mod_tls
      Display All

      I was able to see a missing include in the proftpd.con pointing to


      Source Code: missing line in proftpd.conf

      1. Include /etc/proftpd/tls.conf
      ( no more error like )

      Source Code

      1. janv. 04 21:00:30 nas proftpd[3095]: nas.****- ProFTPD 1.3.5 (stable) (built Wed Jun 14 2017 09:03:26 UTC) standalone mode STARTUP
      2. janv. 04 21:00:30 nas proftpd[3088]: .
      3. janv. 04 21:00:30 nas systemd[1]: Started LSB: Starts ProFTPD daemon.
      4. janv. 04 21:01:11 nas proftpd[3103]: nas.***** (LFbn-LYO-1-500-****) - mod_tls.c: error initializing session: Permission non accordée
      5. janv. 04 21:01:11 nas proftpd[3103]: nas.***** (LFbn-LYO-1-500-*******) - FTP session closed.
      my tls.conf with letsencrypt key

      Source Code: tls.conf

      1. <IfModule mod_tls.c>
      2. TLSEngine on
      3. TLSLog /var/log/proftpd/tls.log
      4. TLSProtocol TLSv1.2
      5. TLSOptions UseImplicitSSL
      6. TLSRSACertificateFile /etc/ssl/certs/openmediavault-b902f74d-14bb-4af1-ae26-50b4bcfd7535.crt
      7. TLSRSACertificateKeyFile /etc/ssl/private/openmediavault-b902f74d-14bb-4af1-ae26-50b4bcfd7535.key
      8. TLSVerifyClient off
      9. TLSRenegotiate required off
      10. TLSRequired on
      11. </IfModule>
      Display All


      Generating ftp with ssl/tls connection with filezilla i generate the following error:
      ---------------------------------------------------------------------------------------------------------------------
      French, so forgive my english
      Personal Rig: valid.x86.fr/v72uek as a test bench with Oracle VM.
      And YES, my avatar is real, i am flying "parapentes" in St Hilaire du Touvet and at la coupe icare.

      The post was edited 3 times, last by stratege1401 ().

    • erreur tls.log


      Source Code: tls.log

      1. 2018-01-04 00:40:13,601 mod_tls/2.6[26286]: TLS/TLS-C requested, starting TLS handshake
      2. 2018-01-04 00:40:13,662 mod_tls/2.6[26286]: client supports secure renegotiations
      3. 2018-01-04 00:40:13,662 mod_tls/2.6[26286]: TLSv1/SSLv3 connection accepted, using cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
      4. 2018-01-04 00:40:17,571 mod_tls/2.6[26286]: Protection set to Private
      5. 2018-01-04 00:40:37,687 mod_tls/2.6[26294]: TLS/TLS-C requested, starting TLS handshake
      6. 2018-01-04 00:40:37,714 mod_tls/2.6[26294]: client supports secure renegotiations
      7. 2018-01-04 00:40:37,714 mod_tls/2.6[26294]: TLSv1/SSLv3 connection accepted, using cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
      8. 2018-01-04 00:40:37,746 mod_tls/2.6[26294]: Protection set to Private
      9. 2018-01-04 00:50:29,790 mod_tls/2.6[27250]: TLSOption UseImplicitSSL in effect, starting SSL/TLS handshake
      10. 2018-01-04 00:50:49,875 mod_tls/2.6[27250]: unable to accept TLS connection: received EOF that violates protocol
      Any clue ??
      ---------------------------------------------------------------------------------------------------------------------
      French, so forgive my english
      Personal Rig: valid.x86.fr/v72uek as a test bench with Oracle VM.
      And YES, my avatar is real, i am flying "parapentes" in St Hilaire du Touvet and at la coupe icare.
    • FINALY
      After reading this post received EOF that violates protocol., i apply a change to the fpt port from 21 to something else.

      With a reboot, now everything works !!!

      Also, the FTP client MUST BE SET TO explicist tls !!!



      ---------------------------------------------------------------------------------------------------------------------
      French, so forgive my english
      Personal Rig: valid.x86.fr/v72uek as a test bench with Oracle VM.
      And YES, my avatar is real, i am flying "parapentes" in St Hilaire du Touvet and at la coupe icare.
    • subzero79 wrote:

      Why are you using implicit ssl?
      sorry for the delayed answer, i was taking a break.

      I did cut/past one of the various log i generate. That one was made with a client with a bad config ....

      Anyway, thank you

      Source Code

      1. 2018-01-04 00:40:13,662 mod_tls/2.6[26286]: TLSv1/SSLv3 connection accepted, using cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
      2. 2018-01-04 00:40:17,571 mod_tls/2.6[26286]: Protection set to Private
      3. 2018-01-04 00:40:37,687 mod_tls/2.6[26294]: TLS/TLS-C requested, starting TLS handshake
      4. 2018-01-04 00:40:37,714 mod_tls/2.6[26294]: client supports secure renegotiations
      5. 2018-01-04 00:40:37,714 mod_tls/2.6[26294]: TLSv1/SSLv3 connection accepted, using cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
      6. 2018-01-04 00:40:37,746 mod_tls/2.6[26294]: Protection set to Private
      ---------------------------------------------------------------------------------------------------------------------
      French, so forgive my english
      Personal Rig: valid.x86.fr/v72uek as a test bench with Oracle VM.
      And YES, my avatar is real, i am flying "parapentes" in St Hilaire du Touvet and at la coupe icare.
    • Users Online 1

      1 Guest