When I try to connect to SSL enabled proftpd as installed on Freenas 8.3.0, I see my client feedback output saying that AUTH TLS is working, the connection goes encrypted (as confirmed by Wireshark) and everything goes as far as:
[2] MLSD
[2] 150 Opening ASCII mode data connection for MLSD
After a while of nothing happening I get:
[2] 425 Unable to build data connection: Operation not permitted
The exact same configuration, less the SSL related directives (unchecking 'Enable SSL' in the FreeNAS GUI), works perfectly.
This is an issue with a bit of both pieces of software. Your TLS log for proftpd will probably be saying something like this:
So the directive that is needed to resolve the issue is
TLSOptions NoSessionReuseRequired
. BUT, you can't simply add this to directives to append to the conf file in the FreeNAS GUI, because interally it already uses aTLSOptions
directive and subsequent usage of this directive is ignored (ie your addition).A future version of proftpd will resolve this by permitting multiple declarations of
TLSOptions
. Or, the FreeNAS GUI needs to either includeNoSessionReuseRequired
under its Enabled SSL umbrella of directives or add a checkbox if such a thing isn't always desired (requiring session re-use saves resources so if all your clients support it, it's preferred).In the meantime, navigate to
/usr/local/etc/
and editproftpd.conf
. Find the line:and make it look like:
I created a bug report on the matter. Check it out here: https://bugs.freenas.org/issues/1910