Search code examples
javaapache-commons-netftps

FTPSClient Socket Timeout on Data Connection

Update...

Sorry for the real time debugging. I was stuck all day, I guess writing it out made me study it a little closer...

I noticed that I was using setUseEPSVwithIPv4(true) which was sending an 

EPSV
229 Entering Passive Mode (|||62110|)

Removing that has allowed me to move a little further, now I'm getting 

Total Bytes To Send: 1033
PASV
227 Entering Passive Mode (xxx,xxx,xxx,42,242,189)
STOR /Inbound/Encrypted/TEST.pgp

File Transfer Failed at: 2013-11-21 18:33:07.846
Error Occurred Transmitting File to Remote System, aborting...

Host attempting data connection xxx.xxx.xxx.42 is not same as server xxx.xxx.xxx.67
java.io.IOException: Host attempting data connection xxx.xxx.92.42 is not same as server xxx.xxx.xxx.67
at org.apache.commons.net.ftp.FTPClient._openDataConnection_(FTPClient.java:912)
at org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:600)
at org.apache.commons.net.ftp.FTPClient._storeFile(FTPClient.java:633)
at org.apache.commons.net.ftp.FTPClient.__storeFile(FTPClient.java:624)150 Opening ASCII mode SSL data connection for /Inbound/Encrypted/TCONW.TEST.IN.pgp.

at org.apache.commons.net.ftp.FTPClient.storeFile(FTPClient.java:1976)
at mycode.FTPConnection.sendFile(FTPConnection.java:667)
at mycode.FTPPropertyProcessor.putFile(FTPPropertyProcessor.java:54)
at mycode.ftputils.FTPClientUtil.main(FTPClientUtil.java:290)
Error Occurred Sending file, aborting...

The secondary server is trusted, as it is one of their DMZ servers. Now to get around this one...

Original Posting Below:

Looking for debugging advice, or a clue as where to go with this.

I have been using this code base for quite a while internally. I had a new need to do client authentication to an external site, and I managed to connect and successfully login, but anytime I enter passive mode, the socket times out.

Using FTPS Connection with Protocol: TLS and Explicit Security Request
220 tss4l589 FTP server (SecureTransport 5.1) ready.
AUTH TLS
234 SSLv23/TLSv1
Connected to xxx.xxx.com on 21
PBSZ 0
200 PBSZ=0
PROT P
200 PROT command successful
USER *******
230 Virtual user XXXX logged in.
PWD
257 "/" is current directory.

...FTPClientUtil Connected Successfully!


Sending:
    Local: c:/test/TEST.txt.asc
    Remote: /Inbound/Encrypted/TEST.pgp
    Starting at: 2013-11-21 17:53:47.877
Total Bytes To Send: 1033
EPSV
229 Entering Passive Mode (|||62110|)

File Transfer Failed at: 2013-11-21 17:54:08.877
Error Occurred Transmitting File to Remote System, aborting...

Connection timed out: connect
java.net.ConnectException: Connection timed out: connect
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(Unknown Source)
    at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
    at java.net.PlainSocketImpl.connect(Unknown Source)
    at java.net.SocksSocketImpl.connect(Unknown Source)
    at java.net.Socket.connect(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source)
    at org.apache.commons.net.ftp.FTPClient._openDataConnection_(FTPClient.java:894)
    at org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:600)
    at org.apache.commons.net.ftp.FTPClient._storeFile(FTPClient.java:633)
    at org.apache.commons.net.ftp.FTPClient.__storeFile(FTPClient.java:624)
    at org.apache.commons.net.ftp.FTPClient.storeFile(FTPClient.java:1976)
    at mycode.ftputils.FTPConnection.sendFile(FTPConnection.java:648)
    at mycode.ftputils.FTPPropertyProcessor.putFile(FTPPropertyProcessor.java:54)
at mycode.ftputils.FTPClientUtil.main(FTPClientUtil.java:290)
Error Occurred Sending file, aborting...

I can connect successfully using other products (cuteFTP and FlashFXP), so I don't believe it's a firewall issue, but what I did notice, is that the products do TLS renegotiation? on the Data Connections. I don't see that happening in the FTPSClient code.

From FlashFPX

    FlashFXP 4.4.3 (build 2026)
Support Forums http://forum.flashfxp.com
Winsock 2.2 -- OpenSSL 1.0.1e 11 Feb 2013
[R] Connecting to Test -> DNS=xxx.xxx.com IP=xxx.xx.xx.xx PORT=21
[R] Connected to Test
[R] 220 tss4l589 FTP server (SecureTransport 5.1) ready.
[R] AUTH TLS
[R] 234 SSLv23/TLSv1
[R] Connected. Negotiating SSL/TLS session
[R] TLSv1 negotiation successful...
[R] TLSv1 encrypted session using cipher AES256-SHA (256 bits)
[R] PBSZ 0
[R] 200 PBSZ=0
[R] USER XXXX
[R] 230 Virtual user XXXX logged in.
[R] SYST
[R] 215 UNIX Type: L8
[R] PWD
[R] 257 "/" is current directory.
[R] TYPE A
[R] 200 Type set to A.
[R] PROT P
[R] 200 PROT command successful
[R] PASV
[R] 227 Entering Passive Mode (159,53,92,42,242,212)
[R] Opening data connection IP: 159.53.92.42 PORT: 62164
[R] LIST -al
[R] Connected. Negotiating SSL/TLS session
[R] TLSv1 negotiation successful...
[R] TLSv1 encrypted session using cipher AES256-SHA (256 bits)
[R] 150 Opening ASCII mode SSL data connection for file list.
[R] 226 Transfer complete.
[R] List Complete: 130 bytes in 0.25 second (0.1 KB/s)
[R] QUIT
[R] 221 Goodbye.
[R] Logged off: Test (Duration: 17 seconds)
Solution

  • Removing the setUseEPSVwithIPv4(true); was the key here.

    To get past the server verification you need to use setRemoteVerificationEnabled(false);

    I was successfully able to send a file to the remote system.

    Sorry to anyone who was actively looking at this...