powered by Jive Software

Akonix L7 and Wildfire 3.2.2?

Hi,

I dealing with a third party proxy solution that will be delivering a couple hundred users to my wildfire box. Unfortunately, the only way for this proxy solution to work is for my wildfire server to disable TSL and Old SSL on port 5222, which sucks

So, would it be possible to configure another c2s port, say 5224, with those disabled settings and then via Linux iptables route all of that unencrypted traffic from the proxy IP to that 5224 port?

Or anybody have other ideas? Unfortunately, the 3rd party vendor does not support open-source Jabber servers

thanks!

daryl

Message was edited by: akrherz

Hi Daryl,

maybe a Connection Manager could help you there - run it on another server or make sure it uses other ip adresses or ports than Wildfire - it’'s just like a xmpp proxy and there you should be able to configure 5222-plain.

LG

Hi,

Well the third party proxy is the Akonix L7 and I notice this page:

which lists the L7 directly. Working with the Akonix folks, they mention that the open source wildfire server is not a supported configuration. Does anybody have it working and wish to share how?

Thanks for the connection manager trick, we are testing that now.

daryl

The connection manager doesn’'t seem to quite be what we are looking for, since it still passes the server capability that it can do TLS and SSL. The only way the L7 works is if the server turns off SSL and TLS on port 5222.

We’'re trying to debug more further here. Hopefully we figure out how to make it work

daryl

Hi,

would it help you if you could overwrite the server settings with special settings in manager.xml? Such a patch should be very easy to implement.

“Old SSL” should never be a problem as it runs on another port.

LG

Hey daryl,

Some time ago I tested Akonix with Wildfire and it worked fine except for some minor issues. Akonix will open a socket to Wildfire for each connected user. StartTLS was not supported with the version that I tested so if you want to use encrypted connections then traffic from Akonix should go to the old SSL port (5223).

There is no need to use something between Wildfire and Akonix to use SSL. Wildfire uses TLS (startTLS) on port 5222 and the old SSL method on port 5223. You just need to instruct Akonix that secure connections made to akonix should go to port 5223 of Wildfire.

Regards,

– Gato

Hi Gato,

Thanks again! At least I know now that it is possible. Did you happen to take notes on what you did?

hehe. We’'ll keep trying!

daryl

Hey daryl,

Not really since the setup was quite simple once I understood how things work in Akonix. So Akonix acts as a proxy that filters traffic and forwards valid traffic to Wildfire (or the XMPP server that you happen to use). For each connected client Akonix will create a new connection to Wildfire. Stream compression and StartTLS are not available in Akonix when integrated with an XMPP server (at least with the version I was using). IIRC, all I had to do was configure Akonix with the hostname and port to use for unencrypted (port 5222) and encrypted (port 5223) connections.

Regards,

– Gato

IIRC, all I had to do was configure Akonix with the hostname and port to use for unencrypted (port 5222) and

encrypted (port 5223) connections.

Thanks Gato. There doesn’'t appear to be any mechanism to specify those numbers via the Management Console. Will bug the akonix folks again in the morning and see what they say.

thanks!

daryl

We’'ve contacted the Jive Software folks hoping they can consult with us to provide a working configuration.

One would hope that it works, since the Jive Software website says it does

daryl

Hi Gato,

Are there any updates on this issue? I notice the jivesoftware page no longer lists Akonix, so I suspect there isn’'t much that can be done.

thanks,

daryl

Hey daryl,

Asterisk-IM is now listed in the plugins beta page. We have been using it at jivesoftware.com and it is working fine for us. The presence issue seems to be gone with the new beta version.

– Gato

Hi Gato,

Many thanks for the continued responses, but I fail to see how Asterisk is related to Akonix A6000 L7 ?

sorry,

daryl

Hey daryl,

LOL

That happens when you are working on something else and misread a message. On the Akonix front there are no news. We got in contact with Akonix and it seems that we would need to build a custom integration. For now, I think that you may have more luck with Facetime.

Regards,

– Gato

Hi Gato,

Any good news on the Akonix front?

daryl

Hey daryl,

Unfortunately there are no news on this front. The contact with them never took off so I don’t see it happen in the near future.

Sorry about that.

– Gato