FTP connections keep dropping

[kenneth-vkd]

Hi
We have recently started to get reports of issues with FTP connections to our WHM/cPanel servers
We use the default pureFTPd that is with cPanel.


cpanel_and_whm: 11.86.0.21
operating_system_name: centos
operating_system_version: '7.8'


In the FTP console of Filezilla we get this when connecting:


220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 2 of 50 allowed.
220-Local time is now 08:46. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.


Then it transfers some files for around 5 minutes and then suddenly stops and keeps reconnecting, then failing with "Connection got timeout after 20 seconds of inactivity".
If you then pause the transfers (same for upload and download), wait 5-10 minutes, you can start the transfer again for around 5 minutes
We have tried to increase the number of allowed connections per IP and number of connections in total. But still gives the same behavior
The behavior is also reproduced from multiple IP-addresses to the same servers.

Have there been any changes during the lifetime of version 86 that could explain this new issue and how do we get it fixed?

 

[cPanelLauren]

We updated pure-ftpd in January 86 Change Log | cPanel & WHM Documentation otherwise, no changes have been made as far as what's listed in the changelogs

What's the Maximum idle time set to? You can find this at WHM>>Service Configuration>>FTP Server Configuration.

 

[kenneth-vkd]

We updated pure-ftpd in January 86 Change Log | cPanel & WHM Documentation otherwise, no changes have been made as far as what's listed in the changelogs

What's the Maximum idle time set to? You can find this at WHM>>Service Configuration>>FTP Server Configuration.

Idle time is set to 2 minutes
Attached is a screenshot of the full configuration

 

[cPanelLauren]

The standard idle time for pureftpd is 15 minutes is there a specific reason why it's set to 2 minutes?

 

[kenneth-vkd]

Hi
It has always been at 2 minutes. But this installation is also a few years old, so maybe the 2 minutes as a limit was the default some time ago.
I will increase the limit and see if it makes any difference

 

[santrix]

We are also seeing reports of this behaviour. Typically, we are seeing ECONNABORTED in the client logs. For example:

19:06:58    Status:    Starting upload of [redacted]
19:06:58    Command:    PASV
19:06:58    Response:    227 Entering Passive Mode ([redacted],208,151)
19:06:58    Trace:    Binding data connection source IP to control connection source IP 192.168.1.59
19:06:58    Trace:    Trying to resume existing TLS session.
19:06:58    Command:    STOR [redacted].jpg
19:06:58    Response:    150 Accepted data connection
19:06:58    Trace:    TLS Handshake successful
19:06:58    Trace:    TLS Session resumed
19:06:58    Trace:    Protocol: TLS1.2, Key exchange: ECDHE-SECP256R1, Cipher: AES-256-GCM, MAC: AEAD
19:06:58    Response:    226-File successfully transferred
19:06:58    Error:    Disconnected from server: ECONNABORTED - Connection aborted
19:06:58    Error:    File transfer failed
19:06:58    Status:    Resolving address of [redacted].co.uk
19:06:58    Status:    Connecting to [redacted]:21...
19:06:58    Status:    Connection established, waiting for welcome message...
19:06:58    Response:    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
19:06:58    Response:    220-You are user number 3 of 50 allowed.
19:06:58    Response:    220-Local time is now 19:06. Server port: 21.
19:06:58    Response:    220-This is a private system - No anonymous login
19:06:58    Response:    220-IPv6 connections are also welcome on this server.
19:06:58    Response:    220 You will be disconnected after 15 minutes of inactivity.
19:07:08    Error:    Connection timed out after 20 seconds of inactivity
19:07:08    Error:    File transfer failed

This started to happen around the start of June when we upgraded our shared network to v86. There appears to be sporadic RST packets coming back to the client in the DATA connections, but also on the control port - I have eliminated this being due to our network devices. The issue only manifests with TLS connections. It also seems to affect FileZilla and WinSCP on Windows, but not Mac OSX apps like Transmit, Filezilla.