I dealing with a third party proxy solution that will be delivering a couple hundred users to my wildfire box. Unfortunately, the only way for this proxy solution to work is for my wildfire server to disable TSL and Old SSL on port 5222, which sucks
So, would it be possible to configure another c2s port, say 5224, with those disabled settings and then via Linux iptables route all of that unencrypted traffic from the proxy IP to that 5224 port?
Or anybody have other ideas? Unfortunately, the 3rd party vendor does not support open-source Jabber servers
maybe a Connection Manager could help you there - run it on another server or make sure it uses other ip adresses or ports than Wildfire - it’'s just like a xmpp proxy and there you should be able to configure 5222-plain.
Well the third party proxy is the Akonix L7 and I notice this page:
which lists the L7 directly. Working with the Akonix folks, they mention that the open source wildfire server is not a supported configuration. Does anybody have it working and wish to share how?
Thanks for the connection manager trick, we are testing that now.
The connection manager doesn’'t seem to quite be what we are looking for, since it still passes the server capability that it can do TLS and SSL. The only way the L7 works is if the server turns off SSL and TLS on port 5222.
We’'re trying to debug more further here. Hopefully we figure out how to make it work
Some time ago I tested Akonix with Wildfire and it worked fine except for some minor issues. Akonix will open a socket to Wildfire for each connected user. StartTLS was not supported with the version that I tested so if you want to use encrypted connections then traffic from Akonix should go to the old SSL port (5223).
There is no need to use something between Wildfire and Akonix to use SSL. Wildfire uses TLS (startTLS) on port 5222 and the old SSL method on port 5223. You just need to instruct Akonix that secure connections made to akonix should go to port 5223 of Wildfire.
Not really since the setup was quite simple once I understood how things work in Akonix. So Akonix acts as a proxy that filters traffic and forwards valid traffic to Wildfire (or the XMPP server that you happen to use). For each connected client Akonix will create a new connection to Wildfire. Stream compression and StartTLS are not available in Akonix when integrated with an XMPP server (at least with the version I was using). IIRC, all I had to do was configure Akonix with the hostname and port to use for unencrypted (port 5222) and encrypted (port 5223) connections.
IIRC, all I had to do was configure Akonix with the hostname and port to use for unencrypted (port 5222) and
encrypted (port 5223) connections.
Thanks Gato. There doesn’'t appear to be any mechanism to specify those numbers via the Management Console. Will bug the akonix folks again in the morning and see what they say.
Asterisk-IM is now listed in the plugins beta page. We have been using it at jivesoftware.com and it is working fine for us. The presence issue seems to be gone with the new beta version.
That happens when you are working on something else and misread a message. On the Akonix front there are no news. We got in contact with Akonix and it seems that we would need to build a custom integration. For now, I think that you may have more luck with Facetime.