FTP problems within site-to-site IPSec tunnel

  • Hello,

    I have the following setup:

    LOCAL LAN <==> LOCAL pfSense <==> Cisco router <==> INTERNET <==> A router <==> REMOTE pfSense <==> REMOTE LAN


    There's an IPSec tunnel between the local pfSense and the remote one.

    There's also an FTP server on the remote LAN, having IP
    I'm trying to upload some files from an FTP client on to the remote FTP server.

    The initial FTP connection is OK. I successfully get the directory listing.
    NB: I'm using passive FTP.

    I also successfully uploaded a small file of size 12KB.
    However, when I try to upload a larger file, the transfer starts (327680 bytes are uploaded), and then I get an error.
    See log extract below:

    Command:	STOR test.pdf
    Response:	150 Opening BINARY mode data connection for 'test.pdf'.
    Error:	Could not write to transfer socket: ECONNRESET - Connection reset by peer
    Response:	426 Data connection: No such file or directory.
    Error:	File transfer failed after transferring 327,680 bytes in 26 seconds

    Extract from pfSense firewall log:

    Jan 1 15:08:03   LAN   TCP:PA
    Jan 1 15:08:02   LAN   TCP:A
    Jan 1 15:08:02   LAN   TCP:PA

    I have the following rule on the LAN, WAN and IPSec interfaces on the Firewall rules page:
    Allow from LAN subnet to
    Allow from to LAN subnet

    I also tested uploading from the same FTP client to a public FTP server without any problem.

    Can anyone please shed some light?

  • Please ignore this post.

    The system administrator at the remote end had the wrong gateway on the FTP server.

Log in to reply