[SOLVED] vsftpd cannot get to work with ftps

[addw]

I have vsftpd working normally listening on port 21, I was asked to get it going using SSL - ie ftps on port 990.

This involves creating another config file /etc/vsftpd/vsftpd_s.conf, this starts a second instance of vsftpd.
I also generated a private key and a digital certificate.

I have followed guides like: [url=http://www.brennan.id.au/14-FTP_Server.html]http://www.brennan.id.au/14-FTP_Server.html[/url]

When I try to connect it hangs at the login stage; even if I try from localhost (ie firewall rules are not a problem).

$ lftp -uaddw,SECRET -d -e "set use-feat off" ftps://localhost
lftp addw@localhost:~> dir
---- Connecting to localhost (::1) port 990
**** Socket error (Connection refused) - reconnecting
---- Closing control socket
---- Connecting to localhost (127.0.0.1) port 990
**** Timeout - reconnecting
---- Closing control socket

Filezilla ''Connection established, initializing TLS...'' before timing out

This should be simple ... please, can anyone offer any clues ? Thanks!


The contents of my vsftpd_s.conf are:
implicit_ssl=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
listen_port=990
ftp_data_port=989
# What follows is from vsftp.conf
anonymous_enable=NO
local_enable=YES
write_enable=NO
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to the XXXXXXXX FTP service.
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
listen=YES
userlist_deny=NO
userlist_file=/etc/vsftpd/user_list

[addw]

The missing incantation was:

ssl_enable=YES

Also, since it is encrypted the kernel module nf_nat_ftp cannot help to temporarily punch holes in the firewall, thus I needed to add
pasv_min_port=41200
pasv_max_port=41300
and allow those ports in through the firewall.

[AlanBartlett]

Thank you for posting the solution ultimately used.

On your behalf (and for posterity) this thread is now marked [SOLVED].