Category: Wireshark

Troubleshooting VSFTPD connection with Wireshark

Problem setup. Using a built-in FTP client on commercial software to transfer log files to another location. The VSFTPD server was configured on a Raspberry Pi 3 with a 1TB HDD connected by USB. Configuration was tested with FileZilla and everything worked as expected. However, the client was unable to connect despite trying numerous configurations in accordance with the documentation. To make matters more confusing, the client could connect to a Windows native FTP server configured in Windows 10.

Cut to the chase. The client was not well written which resulted in multiple errors in communication, any one of which would cause the communication to fail. The auth.log was not helpful because all of the errors generated the same message. The result was, if you correct the first error, the second error in sequence generated the same error message so you are stuck thinking you haven’t fixed the first error. Wireshark capture of the packet exchange makes clear what’s going on by showing full error messages in context.

The client did not have any encryption or security function whatsoever. It took a few tries before I realized this and configured the server to expect an unencrypted login. However, this did not fix the login problem so I fired up Wireshark to see what was on the wire.

First problem, the client was not passing a correct password to the server. Here it was fortunate that there was no encryption. Turns out that the client did not properly parse the input, choked and spat out random garbage if a $ was included in the password. It may have problems with other special characters but I didn’t check those. I had used a different account with the Windows FTP and no special characters were included. Password indicated in the figure was not what was entered thru the keyboard.

The next problem was the client would only work in passive mode. Not much of a problem but it required the IP address of the client to be included in the /etc/vsftpd.conf file on the server. This was missed in online example configuration files I was using as a guide. It did not have this problem with the Windows FTP server.
pasv_address=192.168.10.230

Final problem. The client ignored the local_root setting in VSFTPD.CONF for the working file directory. It had to be entered on the client side. Windows FTP was OK with the default from the client but VSFTPD was not.
Shown in figure. The password has been accepted and communication switched to passive mode but the STOR command fails because the directory requested is not the directory configured by VSFTPD. The auth.log records the same error message as for the first 2 failures. It is an authorization failure but at a different point in the process.

Summary. Just because a well known and widely used software system has an FTP client module, you cannot assume the FTP client is well written.

Unifi EdgeRouter X VPN

20 April 2021

Well covered in several YouTube videos but there are a lot to choose from and many aren’t quite what is needed. Save search time. This one is the best of many I’ve watched and actually was able to use the instructions to configure and it worked the first time. Instructions for the firewall changes start at 7:30. The command line instructions are in the notes immediately under the video on the YouTube page. Config-tree GUI is good for updating the configuration when you add users.

Allowing VPN connection thru a router/modem.

The provider modem can be a problem if the network you want to connect to is behind another router downstream. Some have the option to set a passthru for VPN but not all. You can configure the modem as a bridge which disables the modem as a network controller. This may work for some cases but needs careful planning if you have an existing network using the default modem governed network. I’ve found both Verizon and Comcast routers have a DMZ option which exposes one internal machine to the public network and this works to put the router on the external network interface.

The best option I’ve found is to allow ports 500 and 4500 forwarding to the internal Edge X router. I found these using Wireshark. I’m sure they are documented somewhere. Only port 500 is used when connecting directly to the Edgerouter but forwarding thru the Comcast modem/router in between has the conversation shift to port 4500 after initial contact. Forwarding eliminates a killer conflict between T-Mobil and Comcast modems when using the Comcast option to expose an internal machine.

Win 10 VPN setup problems.

The wizard in the settings panel will setup the basic VPN connection but it omits an important setting that is accessed thru the control panel. However, the same setup on an Android device works immediately. There are 2 sites covering the same information. The YouTube is longer but explains more on how to access the setting. The web page is simple and to the point but has the additional registry change that is needed if you are behind a firewall at another location.

Web Page. https://superuser.com/questions/1298513/l2tp-ipsec-vpn-fails-to-connect-on-windows-10-works-fine-on-ios

The second problem is that UDP responses aren’t handled properly in Windows 10. The result is the connection hesitates, locks up or slows down to the point of being useless. There is a registry edit to fix the issue.
REG ADD “HKLM\software\policies\microsoft\windows nt\Terminal Services\Client” /v fClientDisableUDP /d 1 /t REG_DWORD
This is covered in more detail in another post.

Windows specific network configuration fix

Summary of modifications for Windows native VPN client to work are posted at https://jmwoccassionalnotes.blog/2022/10/09/configure-win10-11-client-for-native-vpn-connection/