PASV TLS TimeoutError - connectionHandler never called

[danielmahon]

When using TLS and PASV, the LIST command fails and times out on waitForConnection. It seems as though the connectionHandler for tls.createServer() is never called. Non-TLS works fine and connectionHandler for net.createServer() is called. Not sure why but this prevents me from connecting to ftp-srv with TLS. Thoughts?

https://github.com/trs/ftp-srv/blob/0b9167e1e44f41306925879a234f3d914a8b13f7/src/connector/passive.js#L63

https://github.com/trs/ftp-srv/blob/0b9167e1e44f41306925879a234f3d914a8b13f7/src/connector/passive.js#L38

Error:

{"name":"xxxxx","hostname":"xxxxxxxxxx","pid":28,"id":"12ae7069-7fb9-4d58-a503-02ab22e04e37","directive":"LIST","level":50,"err":{"message":"operation timed out","name":"TimeoutError","stack":"TimeoutError: operation timed out\n    at afterTimeout (/usr/src/app/node_modules/bluebird/js/release/timers.js:46:19)\n    at Timeout.timeoutTimeout [as _onTimeout] (/usr/src/app/node_modules/bluebird/js/release/timers.js:76:13)\n    at listOnTimeout (internal/timers.js:531:17)\n    at processTimers (internal/timers.js:475:7)"},"msg":"operation timed out","time":"2020-01-22T16:43:01.417Z","v":0}

[mbartisan]

@danielmahon I was having this same issue on non-TLS while using the cli approach. It seams that the [url] cli argument isn't being passed to the PASV config.

I was able to bypass the issue by instantiating FtpSrv through code rather than the cli. Also ensuring that the root directory is a valid path (if on windows, using a forward slash (/) as a path separator has generally worked better too). For PASV I've found you can't use 0.0.0.0 either, and you need to specify a routable address (i.e. external ip).

[trs]

Passive connections cannot be made without specifying the pasv_url. This is the hostname that a client will use to connect to when attempting a passive connection.

It looks like the docs were incorrect in saying that pasv_url defaults to url. It does not in-fact have a default.

[trs]

With the CLI you can specify the passive hostname using --pasv_url <hostname>

[trs]

@danielmahon Are you using implicit (ftps://) or explicit (ftp://) TLS connections?

[matt-forster]

Closed because this seems stale, and it was most likely a docs issue.

[ldm314]

This appears to be the same issue that my comment on #96 refers to. For me LIST is working but RETR and STOR never have this connection. Using Explicit TLS. My comment from the other issue:

I'm seeing this issue on STOR and RETR with the latest code and passive mode. Strangely enough LIST is working fine. If I copy the logic from the registered commands of LIST into RETR, without TLS on I get a text file with the directory listing as expected and with TLS I see the timeout.

List has PASV before it, makes a new listening connection, has TLS succeed, and sends the directory list across. STOR and RETR have waitForConnection time out in passive.js. With TLS off, no issue. I've tried various node versions: 8,x, 12.x, 15.x with the same result. Wireshark show the client making a connection successfully but TLS negotiation doesn't happen, and eventually waitForConnection times out.