If you’re ever working with vsftpd, and filezilla dumps out this error:
GnuTLS error -8: A record packet with illegal version was received
You’re not finding any relevant error messages in your vsftpd log file, nor in the xferlog, nor in /var/log/messages ?
Well, vsftpd seems to be horribly un-verbose. The cause of this error is not because of some obscure TLS problem. What’s causing it is vsftpd dumping out a plain-text error in the middle of the encrypted data stream, causing the ftp client to pop out this error.
The only way to debug this was by packet sniffing the actual connection with wireshark. Following the TCP stream with wireshark, the error I was looking for in the log files, was clearly visible at the end of the TLS encrypted data, before the connection dropped.
dvU2@:M.&.X=:-A*4aUm3:)!)y5Kt$'&"ZQN:'v%X500 OOPS: Cannot change directory: /foo
It turned out to be a simple permissions issue… .
Why vsftpd isn’t logging these to it’s own log file, or even syslogd, who knows. At the most verbose configuration, it is logging all sorts of things, except the actual error causing the problem!
Had encryption not been enabled in vsftpd, the error would have been visible in the FTP client.
So to any one encountering this, I would recommend either temporarily disabling encryption in vsftpd in order to see the error, or if that is not an option, use a packet sniffer to view the error.
I figured I would post this since google didn’t bring up much useful as I was debugging this. :)