azureftpazure-virtual-machineftpsproftpd

Connection refused with implicit tls proftpd on Azure VM


We have a proftpd server on an AzureVM configured to use implicit ftps.

Error:

Status: Connecting to myPublicIP:990... Status: Connection attempt failed with "ECONNREFUSED - Connection refused by > server". Error: Could not connect to server

Relevant configuration

# /etc/proftpd/proftpd.conf
Port                            21
PassivePorts                  49152 49190
MasqueradeAddress               myPublicIP

# /etc/proftpd/tls.conf
TLSEngine                               on
TLSLog                                  /var/log/proftpd/tls.log
TLSProtocol                             TLSv1 TLSv1.2
TLSCipherSuite AES128+EECDH:AES128+EDH
#TLSOptions                 NoCertRequest AllowClientRenegotiations UseImplicitSSL EnableDiags
TLSRSACertificateFile      /etc/proftpd/ssl/certificate.pem
TLSRSACertificateKeyFile   /etc/proftpd/ssl/certificate.key
TLSVerifyClient            off
TLSRequired                on

I have open the following ports in the security group and interface of the virtual machine:

20,21,49152-49190,990,989.

If I do not force the connection through the implicit port, the rest of the connections works perfectly


Solution

  • According to your configuration, you did not enable implicit. If you execute netstat -ant|grep 990, it should return null.

    So, if you use port to connect ftp server, you will get the error log.

    You could check this link to enable implicit.

    <IfModule mod_tls.c>
    <VirtualHost 0.0.0.0>
        Port 990
        TLSEngine on
        TLSOptions UseImplicitSSL
    </VirtualHost>
    </IfModule>
    

    Then you need restart ftp server, service xinetd restart

    When you execute netstat -ant|grep 990, you will get like below:

    root@shui:~# netstat -ant|grep 990
    tcp6       0      0 :::990                  :::*                    LISTEN