FTP problems within site-to-site IPSec tunnel
I have the following setup:
LOCAL LAN <==> LOCAL pfSense <==> Cisco router <==> INTERNET <==> A router <==> REMOTE pfSense <==> REMOTE LAN
LOCAL LAN: 10.6.0.0/16
REMOTE LAN: 192.168.2.0/24
There's an IPSec tunnel between the local pfSense and the remote one.
There's also an FTP server on the remote LAN, having IP 192.168.2.86/24.
I'm trying to upload some files from an FTP client on 10.6.0.7/16 to the remote FTP server.
The initial FTP connection is OK. I successfully get the directory listing.
NB: I'm using passive FTP.
I also successfully uploaded a small file of size 12KB.
However, when I try to upload a larger file, the transfer starts (327680 bytes are uploaded), and then I get an error.
See log extract below:
Command: STOR test.pdf Response: 150 Opening BINARY mode data connection for 'test.pdf'. Error: Could not write to transfer socket: ECONNRESET - Connection reset by peer Response: 426 Data connection: No such file or directory. Error: File transfer failed after transferring 327,680 bytes in 26 seconds
Extract from pfSense firewall log:
Jan 1 15:08:03 LAN 10.6.0.7:57584 192.168.2.86:21 TCP:PA Jan 1 15:08:02 LAN 10.6.0.7:57584 192.168.2.86:21 TCP:A Jan 1 15:08:02 LAN 10.6.0.7:57584 192.168.2.86:21 TCP:PA
I have the following rule on the LAN, WAN and IPSec interfaces on the Firewall rules page:
Allow from LAN subnet to 192.168.2.0/24
Allow from 192.168.2.0/24 to LAN subnet
I also tested uploading from the same FTP client to a public FTP server without any problem.
Can anyone please shed some light?
Please ignore this post.
The system administrator at the remote end had the wrong gateway on the FTP server.