After changing my config to a Standard virtual server for the second one, and even modifying my wildcard from digicert to the default self-signed certificate like you, given that it could seem like a certificate error, now the config is almost the same than yours:
ltm virtual VS-PRE-FTPS_1 {
destination 10.10.0.235:ftp
ip-protocol tcp
mask 255.255.255.255
persist {
source_addr_FTPS {
default yes
}
}
profiles {
clientssl {
context clientside
}
ftp { }
tcp { }
}
rules {
irule_FTPS_1
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 44
}
ltm virtual VS-PRE-FTPS_2 {
destination any:any
ip-protocol tcp
mask 255.255.255.255
persist {
source_addr_FTPS {
default yes
}
}
pool pool-preweb-ftp2
profiles {
tcp { }
}
rules {
irule_FTPS_2
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address disabled
translate-port disabled
vlans-enabled
vs-index 43
}
But I still have the same error. If run the same curl command that you ran i get the following:
curl -vk --ftp-ssl ftp://10.10.0.235
* About to connect() to 10.10.0.235 port 21
* Trying 10.10.0.235... connected
* Connected to 10.10.0.235 (10.10.0.235) port 21
< 220 My ftp server
> AUTH SSL
< 234 AUTH TLS Successful
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using AES256-SHA
* Server certificate:
* subject: /C=US/ST=WA/L=Seattle/O=MyCompany/OU=IT/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
* start date: 2010-10-15 17:07:28 GMT
* expire date: 2020-10-12 17:07:28 GMT
* common name: localhost.localdomain (does not match '10.10.0.235')
* issuer: /C=US/ST=WA/L=Seattle/O=MyCompany/OU=IT/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* SSL_write() returned SYSCALL, errno = 104
* Closing connection 0
curl: (55) SSL_write() returned SYSCALL, errno = 104
And the log indicates that the second iRule is still not being run:
tail -f /var/log/ltm
May 26 11:05:04 Balanceador1 info tmm1[9724]: Rule /Common/irule_FTPS_1 : client accepted
May 26 11:05:04 Balanceador1 info tmm1[9724]: Rule /Common/irule_FTPS_1 : client data
May 26 11:05:04 Balanceador1 info tmm1[9724]: Rule /Common/irule_FTPS_1 : virtual VS-PRE-FTPS_2
May 26 11:05:04 Balanceador1 info tmm1[9724]: Rule /Common/irule_FTPS_1 : TCP Release Completed
I am confused about if the SSL handshake error is because of the fail calling second VS from the first one, or conversely is the SSL handshake error what is causing the second iRule never be reached