• i cant upload files using filezilla when i using pfsense firewall
    the error will be
    "Error: GnuTLS error -110: The TLS connection was non-properly terminated.

    Status: Server did not properly shut down TLS connection
    Error: The data connection could not be established: ECONNABORTED - Connection aborted
    Error: Connection timed out after 20 seconds of inactivity
    Error: File transfer failed

    pls help me!

  • Hi,

    Connecting to pfSense using a SSH client like Putty works for you ?

  • but how to fix that error

    the pfsense is running on my company,the staff members cannot use filezilla.
    the filezilla is use my web developer.
    he cant upload files using ftp

  • @sahan said in GnuTLS error:

    the filezilla is use my web developer.

    Connecting to a FTP (SFTP !) server somewhere on the Internet ?

  • LAYER 8

  • LAYER 8 Global Moderator

    The ftp client package in pfsense is not going to work using ftps.. The control channel is encrypted and pfsense can not see what ports to open up for the data channel.

    You can not use active connection to ftp server outside pfsense if the control channel can not be seen by pfsense so it can open the ports for the inbound data channel.. Use Passive!! So the client will create the data channel connection.

    Which will work if you are using the default any any lan rules, but if you have locked them down and only allow specific ports out - then yeah you could have problems even with passive.

    A better understanding of what "exactly" your trying to do would be helpful - where is the client, where is the server..

  • Yeah, right.

    Does this concerns TLS (SSL) - or a classic FTP client server access ?
    FTP over TLS/SSL is just a TCP stream, as visiting a HTTPS web site, but on port 22 (not 21) instead of 80.

    Today, I'm still using a FTP client from my LAN to access a very ancient (last century) FTP server on the Internet. Didn't have to do anything on pfSense to make that work.

    Note : I do not have FTP servers on my pfSense LAN that should be made available from the Internet.

    It's time @sahan start to communicate.

  • LAYER 8 Global Moderator

    @Gertjan said in GnuTLS error:

    but on port 22 (not 21)

    ftps would normally be on port 990, if implicit - if explicit the normal 21 port. 22 would be sftp.. Completely different animals.

    Why anyone still uses ftp at all is just shameful to be honest.. All you ever do is run into this sort of nonsense issues. Why can they not just upload the files to this server via sftp or https?

    The different channels, control and data just pita when it comes to nat.. Then throw in active vs passive into the mix and you have different directions of who is going to create the data channel. And then if you try and encrypt the control channel the firewall between can not even help you with the ports that will need to be opened, etc.

  • LAYER 8

    ah sorry didn't noticed tls, my mind just focused on "filezilla"

  • Start focussing on answering our question.
    Doing so will help us helping you.

    Otherwise this thread becomes pretty useless.