Vsftpd issue with connection in OpenWrt 21.02

Hi, After upgrade OpenWrt from 19.07.8 to 21.02.1 I cannot connect to ftp server (vsftpd package) Is there any new special configuration for version 21.02 ?

background=YES
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
check_shell=NO
local_root=/mnt/
#dirmessage_enable=YES
ftpd_banner=Hello
session_support=NO
syslog_enable=YES

Thank you wery much for support

define this, and provide details

Usually I connet via TotalCommander of FilleZilla where I have configuration to connection directly to OpenWrt server. After oprgrade to 21.02 it is not possible to connect to ftp server error 10054.
If I downgrade to 19.07.8 using same configuration files there is no issue and all OK.

connecting from where ?
LAN ? WAN ?
PORT mode ? PASV mode ?
FTP ? FTPS ?

LAN, FTP protocol

Is the server listening?
netstat -lnp | grep vsftp

it show this :

tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 30054/vsftpd

and what user is used ? root ?
and what does dmesg say about the issue ?

YES I used root user
log shows nothing (dmesg) about ftp

then check if the default config for vsftp have changed, and it doesn't allow root any more.
and the /mnt/ permissions

Since FTP is unencrypted, maybe we can see something in the packets.
opkg update; opkg install tcpdump; tcpdump -evn portrange 20-21

it shows this :

tcpdump: listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 b                                ytes
15:22:20.402642 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 128, id 38690, offset 0, flags [DF], proto TCP (6), len                                gth 52)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [S], cksum 0xab83 (correct), seq                                 4032848757, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
15:22:20.402822 00:e5:5e:68:13:64 > 7c:67:a2:a9:60:eb, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 5                                2)
    192.168.1.1.21 > 192.168.1.101.61689: Flags [S.], cksum 0x83dd (incorrect ->                                 0x2ec4), seq 4027681949, ack 4032848758, win 64240, options [mss 1460,nop,nop,s                                ackOK,nop,wscale 7], length 0
15:22:20.402642 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 127, id 38690, offset 0, flags [DF], proto TCP (6), len                                gth 52)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [S], cksum 0xab83 (correct), seq                                 4032848757, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
15:22:20.402916 00:e5:5e:68:13:64 > 7c:67:a2:a9:60:eb, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 5                                2)
    192.168.1.1.21 > 192.168.1.101.61689: Flags [S.], cksum 0x83dd (incorrect ->                                 0x2ec4), seq 4027681949, ack 4032848758, win 64240, options [mss 1460,nop,nop,s                                ackOK,nop,wscale 7], length 0
15:22:20.405551 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 128, id 38691, offset 0, flags [DF], proto TCP (6), len                                gth 52)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [.], cksum 0x390f (correct), ack                                 1, win 513, options [nop,nop,sack 1 {0:1}], length 0
15:22:20.405551 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 128, id 38692, offset 0, flags [DF], proto TCP (6), len                                gth 52)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [.], cksum 0x390f (correct), ack                                 1, win 513, options [nop,nop,sack 1 {0:1}], length 0
15:22:20.405552 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 128, id 38693, offset 0, flags [DF], proto TCP (6), len                                gth 52)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [.], cksum 0x390f (correct), ack                                 1, win 513, options [nop,nop,sack 1 {0:1}], length 0
15:22:20.405552 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 127, id 38691, offset 0, flags [DF], proto TCP (6), len                                gth 52)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [.], cksum 0x390f (correct), ack                                 1, win 513, options [nop,nop,sack 1 {0:1}], length 0
15:22:20.405552 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 127, id 38692, offset 0, flags [DF], proto TCP (6), len                                gth 52)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [.], cksum 0x390f (correct), ack                                 1, win 513, options [nop,nop,sack 1 {0:1}], length 0
15:22:20.405552 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 127, id 38693, offset 0, flags [DF], proto TCP (6), len                                gth 52)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [.], cksum 0x390f (correct), ack                                 1, win 513, options [nop,nop,sack 1 {0:1}], length 0
15:22:20.410586 00:e5:5e:68:13:64 > 7c:67:a2:a9:60:eb, ethertype IPv4 (0x0800),                                 length 64: (tos 0x0, ttl 64, id 13106, offset 0, flags [DF], proto TCP (6), leng                                th 50)
    192.168.1.1.21 > 192.168.1.101.61689: Flags [P.], cksum 0x83db (incorrect ->                                 0x296c), seq 1:11, ack 1, win 502, length 10: FTP, length: 10
        500 OOPS: [!ftp]
15:22:20.410641 00:e5:5e:68:13:64 > 7c:67:a2:a9:60:eb, ethertype IPv4 (0x0800),                                 length 71: (tos 0x0, ttl 64, id 13107, offset 0, flags [DF], proto TCP (6), leng                                th 57)
    192.168.1.1.21 > 192.168.1.101.61689: Flags [P.], cksum 0x83e2 (incorrect ->                                 0xb11c), seq 11:28, ack 1, win 502, length 17: FTP, length: 17
        priv_sock_get_cmd[!ftp]
15:22:20.410722 00:e5:5e:68:13:64 > 7c:67:a2:a9:60:eb, ethertype IPv4 (0x0800),                                 length 56: (tos 0x0, ttl 64, id 13108, offset 0, flags [DF], proto TCP (6), leng                                th 42)
    192.168.1.1.21 > 192.168.1.101.61689: Flags [P.], cksum 0x83d3 (incorrect ->                                 0x5b62), seq 28:30, ack 1, win 502, length 2: FTP, length: 2

15:22:20.412347 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 60: (tos 0x0, ttl 128, id 38694, offset 0, flags [DF], proto TCP (6), len                                gth 40)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [.], cksum 0x6869 (correct), ack                                 30, win 513, length 0
15:22:20.412348 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 128, id 38695, offset 0, flags [DF], proto TCP (6), len                                gth 52)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [.], cksum 0x38e7 (correct), ack                                 30, win 513, options [nop,nop,sack 1 {1:11}], length 0
15:22:20.412348 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 128, id 38696, offset 0, flags [DF], proto TCP (6), len                                gth 52)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [.], cksum 0x38cc (correct), ack                                 30, win 513, options [nop,nop,sack 1 {11:28}], length 0
15:22:20.414059 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 128, id 38697, offset 0, flags [DF], proto TCP (6), len                                gth 52)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [.], cksum 0x38b9 (correct), ack                                 30, win 513, options [nop,nop,sack 1 {28:30}], length 0
15:22:20.414060 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 60: (tos 0x0, ttl 127, id 38694, offset 0, flags [DF], proto TCP (6), len                                gth 40)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [.], cksum 0x6869 (correct), ack                                 30, win 513, length 0
15:22:20.414060 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 127, id 38695, offset 0, flags [DF], proto TCP (6), len                                gth 52)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [.], cksum 0x38e7 (correct), ack                                 30, win 513, options [nop,nop,sack 1 {1:11}], length 0
15:22:20.414060 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 127, id 38696, offset 0, flags [DF], proto TCP (6), len                                gth 52)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [.], cksum 0x38cc (correct), ack                                 30, win 513, options [nop,nop,sack 1 {11:28}], length 0
15:22:20.414060 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 127, id 38697, offset 0, flags [DF], proto TCP (6), len                                gth 52)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [.], cksum 0x38b9 (correct), ack                                 30, win 513, options [nop,nop,sack 1 {28:30}], length 0
15:22:20.419772 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 65: (tos 0x0, ttl 128, id 38698, offset 0, flags [DF], proto TCP (6), len                                gth 51)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [P.], cksum 0xbfc1 (correct), se                                q 1:12, ack 30, win 513, length 11: FTP, length: 11
        USER root
15:22:20.419892 00:e5:5e:68:13:64 > 7c:67:a2:a9:60:eb, ethertype IPv4 (0x0800),                                 length 54: (tos 0x0, ttl 64, id 13109, offset 0, flags [DF], proto TCP (6), leng                                th 40)
    192.168.1.1.21 > 192.168.1.101.61689: Flags [.], cksum 0x83d1 (incorrect ->                                 0x6869), ack 12, win 502, length 0
15:22:20.420035 7c:67:a2:a9:60:eb > 00:e5:5e:68:13:64, ethertype IPv4 (0x0800),                                 length 65: (tos 0x0, ttl 127, id 38698, offset 0, flags [DF], proto TCP (6), len                                gth 51)
    192.168.1.101.61689 > 192.168.1.1.21: Flags [P.], cksum 0xbfc1 (correct), se                                q 1:12, ack 30, win 513, length 11: FTP, length: 11
        USER root
15:22:20.420056 00:e5:5e:68:13:64 > 7c:67:a2:a9:60:eb, ethertype IPv4 (0x0800),                                 length 66: (tos 0x0, ttl 64, id 13110, offset 0, flags [DF], proto TCP (6), leng                                th 52)
    192.168.1.1.21 > 192.168.1.101.61689: Flags [.], cksum 0x83dd (incorrect ->                                 0x8a98), ack 12, win 502, options [nop,nop,sack 1 {1:12}], length 0
15:22:20.430365 00:e5:5e:68:13:64 > 7c:67:a2:a9:60:eb, ethertype IPv4 (0x0800),                                 length 54: (tos 0x0, ttl 64, id 13111, offset 0, flags [DF], proto TCP (6), leng                                th 40)
    192.168.1.1.21 > 192.168.1.101.61689: Flags [R.], cksum 0x83d1 (incorrect ->                                 0x6865), seq 30, ack 12, win 502, length 0

Please fix the output above and put it inside preformatted text. (the </> button)
You have a 500 OOPS from the server.

unfortunately even after the above modification it is not possible to connect to the ftp server.
I made an attempt and run Opemwrt 19.07 on a virtual machine. the ftp server was running fine. after upgrading to 21.02 it is not possible to connect again.

Not sure if this is doable, but for the fun of it, try installing the 21.02 vsftp on the 19.07 fw, and see if you can still connect.

Yes this option I also trayed. Same result

Then it's probably a vsftp issue...

Try running the daemon in foreground, see that it tells you when you attempt a log on.

500 OOPS: priv_sock_get_cmd

Try adding these two options in /etc/vsftpd.conf

seccomp_sandbox=NO
isolate_network=NO
3 Likes

Yes It help, thank you very much...

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.