Filezilla GnuTLS error -15: An unexpected TLS packet was received and VsFTP


sudo /usr/sbin/setsebool -P ftp_home_dir 1

Long(er) story

I ran into “interesting” problem on CentOS while trying to setup VsFTP with FTPS. I was using FileZilla to connect to the server. The VsFTPd version that comes with my CentOS version seems to be rather old, 2.2.2. The setup however was smooth. But then the problems started. The main issue I hit was FileZilla complaining about “GnuTLS error -15: An unexpected TLS packet was received” after the connection was established (NOTE: GnuTLS error -12 indicates a different problem, and a common solution is to add ssl_ciphers=HIGH to vsftpd.conf)

To an untrained eye this might indicate there is something wrong with the encryption. But no – apparently the “GnuTLS error -15” on FileZilla can be also caused by other issues which have nothing to do with the encryption. The way to find the solution was to take a step back, enable regular FTP and try to connect with that one. The regular connection attempt showed an interesting error message: “500 OOPS: cannot change directory:/home/myaccount”. Since I had already checked the permissions on the directory, the problem started to sound like some issue with SELinux. And indeed, that was the case. FTP daemon could not access the home directory of the user due to missing permissions.

Some googling revealed that “sudo /usr/sbin/setsebool -P ftp_home_dir 1” was the correct thing to do. And indeed, after that command both FTP and FTP-S started working.

Lessons learned: very the unencrypted stuff works before sprinkling security to your solution.

Some resources: