Forum Discussion
sistemaspcs_851
Nimbostratus
Nimbostratusvirtual command not working
Hello,
I hope you could help me (I'm sorry if my question is too simple, i am a begginer in F5 world):
I am trying to make it work the solution offered by Colin in this topic:
ftps-offload-via...
sistemaspcs_851Nimbostratus
NimbostratusAfter changing my config to a Standard virtual server for the second one, and even modifying my wildcard from digicert to the default self-signed certificate like you, given that it could seem like a certificate error, now the config is almost the same than yours:
ltm virtual VS-PRE-FTPS_1 {
destination 10.10.0.235:ftp
ip-protocol tcp
mask 255.255.255.255
persist {
source_addr_FTPS {
default yes
}
}
profiles {
clientssl {
context clientside
}
ftp { }
tcp { }
}
rules {
irule_FTPS_1
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 44
}
ltm virtual VS-PRE-FTPS_2 {
destination any:any
ip-protocol tcp
mask 255.255.255.255
persist {
source_addr_FTPS {
default yes
}
}
pool pool-preweb-ftp2
profiles {
tcp { }
}
rules {
irule_FTPS_2
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address disabled
translate-port disabled
vlans-enabled
vs-index 43
}
But I still have the same error. If run the same curl command that you ran i get the following:
curl -vk --ftp-ssl ftp://10.10.0.235
* About to connect() to 10.10.0.235 port 21
* Trying 10.10.0.235... connected
* Connected to 10.10.0.235 (10.10.0.235) port 21
< 220 My ftp server
> AUTH SSL
< 234 AUTH TLS Successful
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using AES256-SHA
* Server certificate:
* subject: /C=US/ST=WA/L=Seattle/O=MyCompany/OU=IT/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
* start date: 2010-10-15 17:07:28 GMT
* expire date: 2020-10-12 17:07:28 GMT
* common name: localhost.localdomain (does not match '10.10.0.235')
* issuer: /C=US/ST=WA/L=Seattle/O=MyCompany/OU=IT/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* SSL_write() returned SYSCALL, errno = 104
* Closing connection 0
curl: (55) SSL_write() returned SYSCALL, errno = 104
And the log indicates that the second iRule is still not being run:
tail -f /var/log/ltm
May 26 11:05:04 Balanceador1 info tmm1[9724]: Rule /Common/irule_FTPS_1 : client accepted
May 26 11:05:04 Balanceador1 info tmm1[9724]: Rule /Common/irule_FTPS_1 : client data
May 26 11:05:04 Balanceador1 info tmm1[9724]: Rule /Common/irule_FTPS_1 : virtual VS-PRE-FTPS_2
May 26 11:05:04 Balanceador1 info tmm1[9724]: Rule /Common/irule_FTPS_1 : TCP Release Completed
I am confused about if the SSL handshake error is because of the fail calling second VS from the first one, or conversely is the SSL handshake error what is causing the second iRule never be reached
IanBEmployee
The line "SSL_write() returned SYSCALL, errno = 104" indicates that curl was sent a TCP reset (errno 104), so you should be seeing a corresponding reset in the ltm log, as long as reset cause logging is enabled.
