Failed to retrieve directory listing from encrypted FTP server

I've changed the configuration of FTP on my Synology NAS from unencrypted to encrypted.
When I now attempt to connect using Filezilla the directory listing never appears:
Status:	Connecting to XXX.XXX.XXX.XXX:21...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Logged in
Status:	Retrieving directory listing of "/My_Remote_Directory"...
Command:	CWD /My_Remote_Directory
Response:	250 CWD command successful.
Command:	TYPE I
Response:	200 Type set to I.
Command:	PASV
Response:	227 Entering Passive Mode (XXX,XXX,XXX,XXX,XXX,242)
Command:	MLSD
Error:	Connection timed out after 20 seconds of inactivity
Error:	Failed to retrieve directory listing

Open in new window

I've set Filezilla to use Passive transfer mode

My NAS settings are NAS Settings
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
FTP requires 2 connections: 1 command stream and 1 data stream.
To allow the datastream along a firewall the command stream needs to be unencrypted... ergo FTP across firewalls is a pain.
Either insecure because passwords are not encrypted or secure and impossible to get data accross.
So your best bet would be to use SCP/SFTP based on SSH tunnels.  or have Site-Site connection using IPSEC and have a flat network that is secure as well.

SSH tooling for windows can use WinSCP (and Putty for shell access). For Unix/Linux just ssh has all the components to be used.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ClintonKAuthor Commented:
The VPN option sounds like a runner.
Both locations have a fixed IP address  so I guess that helps. I have two Draytek routers; one in the Office and one at Home.
Do I just configure the Home router as a VPN Server and the Office as a VPN Client and then use unencrypted FTP at the Office  with the LAN address of the NAS server at Home?
All other traffic from the Office that doesn't use a Home LAN IP address will just go off out to the Internet as it does now?
nociSoftware EngineerCommented:
You choose one to be VPN server, the other VPN client.
Use AES & SHA 256 if possible. 3DES/MD5 is more or less obsolete now.
With draytec it is a fairly straight forward  fill out  forms exercise.
Yes only a route to the remote address range for the tunnel will be created.
ClintonKAuthor Commented:
Managed to configure Draytek VPN server on 2860.
Rather messed up configuring VPN Client on 2960 -  managed to knock out the local LAN. Currently arranging another out of hours session to have another attempt.
Will report back.
ClintonKAuthor Commented:
I've configured a site to site tunnel and reverted back to ordinary FTP.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.