Synology Inc. Online Community Forum

[aarfing]

Hi everyone,

I have a curious problem. I can't seem to get FTP over SSL/TLS to work properly. It works fine over the LAN. It also works fine over the Internet, but only if I make my Synology the default host on my Airport Extreme (ie. the recipient of all Internet port-requests). If I portforward specific ports the problems begin. I've tried forwarding the following FTP-related ports the synology at the same time: 20, 21, 989, 990, 55536-55663.

I have no problems connecting with SSL/TLS turned off.

I've tried with and without "Report external IP in PASV mode" and haven't changed the default passive range. I've also tried the old trick of turning off SSL/TLS, restarting the Synology and turning it back on. No dice.

This is the closest I seem to come to connecting using FileZilla (also tried CuteFTP Pro without succes):

Code: Select all

Status:   Resolving address of xxxxxxx.xxx
Status:   Connecting to yyy.yyy.yyy.yyy:21...
Status:   Connection established, waiting for welcome message...
Response:   220 Synology FTP server ready.
Command:   AUTH TLS
Response:   234 AUTH SSL command successful.
Status:   Initializing TLS...
Status:   Server did not properly shut down TLS connection
Error:   Could not connect to server


I don't know what this means: "Server did not properly shut down TLS connection"

I'm running newest firmware on everything.

It seems to me I need to forward some secret additional port to make things work - just don't know which. Anyone have any ideas?

[mr_man]

Hi:

I am having *** EXACTLY *** the same issue as yourself but with a different Synology product (i.e. the DS-101j).

I have also used about 6 different FTP clients.
They all fail with similar error messages to what you have described.

I suggest that you contact Tech Support at Synology and complain. Here is teh link:
http://www.synology.com/enu/support/form.php

Sorry I could not help you any more,
mr_man

[experto]

"Status: Server did not properly shut down TLS connection"

I had this kind of problem and it came from the router's config, check this out as well as the log file
(I can't help further with this device, since the conf guide available at apple is soooo light !)

[aarfing]

Hmm... I actually found a way of fixing this, just forgot to post it, but better late than never - maybe someone else can use this info.

It was as simple as using a different port instead of port 21 as the default port in the Synology DSM. I chose port 990 which is commenly used for FTPS. I of course changed both the setting in the DSM and in the AE (still had to add a passive range though).

So it seems to be a bug in the AE which is still present in the 7.4.1 firmware btw.

Wel, now it works...

[Dintid]

I have the exact same problem as described in the first post, and I have also opened all relevant ports.

My problem isn't fixed by changing the port from 21 from the ftp server.

[stpolky]

I've been having the same issues. SSL not working from the WAN side, but OK on Lan side.

I'd already opened up port 21 on the router, and that worked fine from the WAN side with SSL disabled.

I opened up the passive range from 55536 to 55663 and FTP over SSL is now working just fine.

[Dintid]

I've been having the same issues. SSL not working from the WAN side, but OK on Lan side.

I'd already opened up port 21 on the router, and that worked fine from the WAN side with SSL disabled.

I opened up the passive range from 55536 to 55663 and FTP over SSL is now working just fine.

Same solution did it for me. Forgot to mention it earlier

[pharcyde]

This is a very late post, but this contribution may shed light on this problem if other people have it. Good information thus far in the post, however I saw no mention of the WAN connection being residential or commericial (i.e. port blocking vs. no port blocking).

If you are using standard ports on a residential connection, you may be a victim of port blocking at the ISP level. If you are attempting to host an FTP of any type on a residential connection, you will either be stopped via port blocking or deep-packet inspection at the ISP level. Using nonstandard ports may help work around this.

FTP is considered a business class service, and is using exempt from residential class connections. You can forward ports until you are blue in the face, but it might be in vain. You, as a residential end-user can initiate FTP connections, but not in reverse. Keep this in mind if you find yourself trying tons of clients and settings. Typically, restrictions vary by service provider.

[Dintid]

Above poster has some valid points. However, here in Denmark the only port blocked is port 25 due to spam mail, so port-blocking in Denmark, at least, is not an issue.
The default ADSL/fiber router needs to be set to forward the ports though of course.

[bird1110]

I set default server on my route (forward all ports to my ds209) and made my ds209 like connected to wan directly, but ssl/tls still fail
I am using the DSM 3.0-1354

[macair317]

I set default server on my route (forward all ports to my ds209) and made my ds209 like connected to wan directly, but ssl/tls still fail
I am using the DSM 3.0-1354

I am having the same problem. My debt collection software is now messing up. I don't know if the issues are related but if anyone can help me out, it would be greatly appreciated. I'd like to have everything up and running for when I do my taxes.

[macbart]

Guys ! With my colleague, we found a solution to this “problem” and we connect successfully through SSL from the internet (not on LAN)

It is not a true a problem due to Synology NAS. Upgrading firmware, contacting ISP, opening more new ports behind server’s side will change nothing.

If you can’t use a direct connection on the client side, you can only connect in passive mode, opening passive ports on server’s side…
Good Look !
PS : Why you don’t try Web DAV ? Much better that FTPS…