Access from outside of the network

My question is: what should I be entering into (for example) spark to access my openfire server from outside of the domain?

After going through every article I can find on the subject, I’m still unable to figure out how to access our openfire server from outside of our network. So here is the lowdown:

All necessary ports open in firewall per articles on ports

Windows server using built-in database

LDAP user access control (LDAP domain myinternaldomain.org)

server domain: mydomain.org (set up as this in configuration)

internal and external DNS entries of jabber.mydomain.org to reach the server

Everything works fine internally by logging in with:

Username: myusername (no domain necessary)

Server: jabber.mydomain.org

What format should I be putting in my username? I’m assuming server should be fine at jabber.mydomain.org.

I’ve tried username@jabber.mydomain.org

username@xmpp.jabber.mydomain.org

username@mydomain.org

username@myinternaldomain.org

None of these work. I always get bad username or password.

Thoughts?

Your domain should match whatever your xmpp.domain system property is set to. Hopefully this is a domain which you control externally so you can manage DNS for it.

What does openfire log when you get a incorrect user/pass error? Are you explicitly pointing your XMPP client to your Openfire server, or using DNS SRV records? Are hitting your Openfire server directly. or going through a proxy?

Thank you for the reply, David. Here is some more information.

No proxy is involved.

External DNS entries:

A: jabber.mydomain.org - pointing to the external address of the firewall which has an entry pointing it to the IP address of the server on port 5222. * I’m not sure if this is necessary*

**SRV: **_jabber._tcp.mydomain.org on port 5222

SRV: _jabber._tcp.jabber.mydomain.org on port 5222

I’m not sure which of these is the correct format (just the domain, or the server name before the domain. both entries are currently listed on external dns

Client Settings:

userid:

server: jabber.mydomain.org

Automatically detect host and port (assuming ths is good because of the SRV records)

Error log:

SEVERE: connection error

XMPPError connecting to jabber.mydomain.org:5222.: remote-server-error(502) XMPPError connecting to jabber.mydomain.org:5222.

– caused by: java.net.ConnectException: Connection timed out: connect

at org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection. java:524)

at org.jivesoftware.smack.XMPPConnection.connect(XMPPConnection.java:953)

at org.jivesoftware.LoginDialog$LoginPanel$5.run(LoginDialog.java:1000)

at java.awt.event.InvocationEvent.dispatch(Unknown Source)

at java.awt.EventQueue.dispatchEvent(Unknown Source)

at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)

at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)

at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)

at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

at java.awt.EventDispatchThread.run(Unknown Source)

Nested Exception:

java.net.ConnectException: Connection timed out: connect

at java.net.PlainSocketImpl.socketConnect(Native Method)

at java.net.PlainSocketImpl.doConnect(Unknown Source)

at java.net.PlainSocketImpl.connectToAddress(Unknown Source)

at java.net.PlainSocketImpl.connect(Unknown Source)

at java.net.Socket.connect(Unknown Source)

at java.net.Socket.connect(Unknown Source)

at org.jivesoftware.smack.proxy.DirectSocketFactory.createSocket(DirectSocketFacto ry.java:28)

at org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection. java:512)

at org.jivesoftware.smack.XMPPConnection.connect(XMPPConnection.java:953)

at org.jivesoftware.LoginDialog$LoginPanel$5.run(LoginDialog.java:1000)

at java.awt.event.InvocationEvent.dispatch(Unknown Source)

at java.awt.EventQueue.dispatchEvent(Unknown Source)

at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)

at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)

at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)

at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

at java.awt.EventDispatchThread.run(Unknown Source)

Ok, i put a packet sniffer on the server. I can see that the packets are getting to it from outside machines when I point the spark client to jabber.mydomain.org. This means that the format of my username is wrong, or more than port 5222 needs to be open for clients to connect.

HALP!

What error do you get in Spark? Your server needs not only to receive connections on 5222 port but to be able to talk to the Internet on any outgoing port.

Try this,

1] Try to telnet to your live address for port 5222

2] If that goes check your DNS entries

dig @8.8.8.8 _xmpp-client._tcp.example.com SRV

3] You Need to add SRV records in DNS like this

_xmpp-client._tcp.example.com IN SRV 0 0 5222 eim.example.com

And should have A record for eim.example.com

eim.example.com IN A 20.20.20.20

I had added openfire to windows firewall as being allowed to communicate. In addition, as part of testing, I turned off the firewall. The server is able to talk out.

If I try to telnet in over 5222, it times out.

Firewall is currently turned off on the server. External DNS entries are correct. There is an A entry pointing to a network interface that uses a static route to route it to the jabber.my.org. In addition there is a SRV entry _xmpp-client._tcp.my.org on 5222 that points to jabber.my.org.

If I do an nslookup and then set type=SRV and do a lookup on _xmpp.-client._tcp.my.org it returns port 5222 and jabber.my.org, so this all looks ok.

I am running PRTG on the server and I have a packet sniffer on 5222. It shows the attempts to get to the server from the outside, so the packets are getting there. Its as if once they get there the server doesn’t know what to do with them.

With error logging on the Spark client, the gui says invalid uid or pass, but the error logs says remote server error connection timed out.

hmm…now since it times out that means there is a problem in network or rotue. BTW have you verified on the server itself if the application is listening on that perticular port. run ss -tln and see if 5222 is listening.

You entry should be in spark like

e.g. blason@example.com

user-: blason

Password

Server: example.com

And shoudl have SRV record example.com not for server.example.com

Also, is there any iptables running on box if installed on Linux?

It is a windows server… there is no ss command. Again, I can connect to the server from inside of the domain no issue. Therefore port 5222 is listening. The only issue is connecting from outside of the domain.

Also, regarding the SRV records, a SRV record requires a host above the domain, so you MUST but in a server name. This is not optional.

I put a packet sniffer on the server and I can see packets hitting the server from 5222 when I’m on a machine that is outside of the domain… so firewall appears to NOT be an issue.

OK - Now it looks like a natting issue or firewall issue. Since you are not able to telnet to the port 5222 from outside but the same works from Inside then have a look at your firewalls logs see the traffic is getting natted properly.

Else if you can provide me your real domain name and server hostname I can probably help you. Can send me me private message.

Login like you normally would on the network, just your regular username.

hi Carl,

looks like dial up vpn?

  1. check your vpn server if port 5222 is forwarded properly.

  2. use IP address(192.168.0.XXX) to the server textbox field

instead of HostName(jabber or jabber.example.local) when

you’re outside your network.

  1. if #2 works then config your DNS to resolve your HostName.

-kikigak