D-Link Forums

The Graveyard - Products No Longer Supported => D-Link Storage => DNS-323 => Topic started by: junkmail on December 10, 2009, 12:27:32 PM

Title: How to setup secure connection
Post by: junkmail on December 10, 2009, 12:27:32 PM

Is there a way to setup a secure connection to DNS-323 when accessing from an external location, say through my firewall?  WinScp??

Title: Re: How to setup secure connection
Post by: fordem on December 10, 2009, 04:30:19 PM

What type of secure connection are you trying to setup?

With the latest beta firmware the unit supports https & ftps - for SMB/CIFS you'll probably need a VPN.

Title: Re: How to setup secure connection
Post by: gunrunnerjohn on December 10, 2009, 06:02:23 PM

FWIW, I've tried to use the secure FTP, but it fails to connect when I connect through my router.

Has anyone successfully used the secure FTP, and how did you configure it?  What ports did you have to forward to get it working?

Title: Re: How to setup secure connection
Post by: junkmail on December 11, 2009, 08:01:15 AM

I did finally get it to work.  I used free version of WInSCP and chose "FTP" for the protocol.  Set encyrption to TLS Explicit encryption.  Seems to work, but not sure the encrypton level.

I was able to get it to pass through my Linksys. 

Title: Re: How to setup secure connection
Post by: gunrunnerjohn on December 11, 2009, 08:13:42 AM

I can login locally using encryption, but I can't get someone logging in remotely.  I've enabled port forwarding for ports 21 and 990, and I use active FTP (passive didn't work), and Explicit encryption.  I'm using FileZilla client, and so is the remote user.

I've even gotten it to function using the NAT loopback of the router so I "appear" to be coming in remotely, but obviously something is different for real remote connections.

Title: Re: How to setup secure connection
Post by: lizzi555 on December 11, 2009, 11:22:49 AM

Very strange behavior of my ftp:

(http://lizzi555.dyndns.org/PICS_ETC/ftps.PNG)

After secure authentication it falls back  to a clear data channel:

Quote

Connect to: (11.12.2009 20:10:47)
hostname=lizzi556.dyndns.org:40
username=ftp_test
startdir=
lizzi556.dyndns.org=188.192.204.190
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 1 of 10 allowed.
220-Local time is now 20:10. Server port: 21.
220-This server supports FXP transfers
220 You will be disconnected after 2 minutes of inactivity.
AUTH TLS
234 AUTH TLS OK.
Cert subject: /C=US/ST=California/L=Fountain Valley/CN=172.22.222.202
Cert issuer: /C=US/ST=California/L=Fountain Valley/CN=172.22.222.202
USER ftp_test
331 User ftp_test OK. Password required
PASS ***********
230 OK. Current restricted directory is /
SYST
215 UNIX Type: L8
FEAT
211-Extensions supported:
 EPRT
 IDLE
 MDTM
 SIZE
 REST STREAM
 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
 MLSD
 ESTP
 PASV
 EPSV
 SPSV
 ESTA
 AUTH TLS
 PBSZ
 PROT
211 End.
PBSZ 0
200 PBSZ=0
PROT P
534 Fallback to [C]
OPTS UTF8 ON
500 Unknown command
Connect ok!
PWD
257 "/" is your current location
Get directory
TYPE A
200 TYPE is now ASCII
PASV
227 Entering Passive Mode (172,22,222,202,217,65)
Server reports local IP -> Redirect to: 188.192.204.190
LIST
150 Accepted data connection
Download
Waiting for server...
226-Options: -l
226 5 matches total
TYPE I
200 TYPE is now 8-bit binary
PASV
227 Entering Passive Mode (172,22,222,202,217,63)
Server reports local IP -> Redirect to: 188.192.204.190
RETR Websitezugriffe.xls
150-Accepted data connection
150 65.5 kbytes to download
Download
Waiting for server...
226-File successfully transferred
226 0.002 seconds (measured here), 27.39 Mbytes per second
Copied (11.12.2009 20:10:58): ftps://lizzi556.dyndns.org:40//Websitezugriffe.xls -> c:\Websitezugriffe.xls 67.072 bytes, 4093 kbytes/s
QUIT
221-Goodbye. You uploaded 0 and downloaded 66 kbytes.
221 Logout.

Also interisting - the client recognizes that the server reports its internal IP.
I used Total Commander with open SSL extension.