Multiple users may connect if they originate from different networks. Investigating w/ netcat shows
no response to TCP-SYN if that SYN originates from the same LAN as the openfire-server and there is an existing
‘Active Client Session’ also on the same LAN as openfire. nc -zvw 10 <xmpp_hostname> 5222, wireshark dump:
If there is NO existing ‘Active Client Session’ from the same LAN as openfire or the connection comes from a different network
than that of openfire, the connection is accept nominally. Simulating external connection w/ netcat by routing via tor: nc -zvw 10 -x 127.0.0.1:9050 <xmpp_hostname> 5222, wireshark dump:
Tests performed w/ stock setup (Embedded DB, Default Profile-Settings) and SSL-cert from letsencrypt using docker OCI nasqueron/openfire:4.8.1 and ./Dockerfile in repo source. Equivalent results.
expected functionality
I should be able to connect multiple clients on the same LAN as openfire w/o having to route them through tor to appear as
though they are from an external network.
Openfire uses the TCP stack that is implemented by the Java virtual machine itself;
Openfire is used for inter-office communication in thousands of organisations;
in my home-office setup, I regularly connect with multiple accounts at the same time to the same Openfire instance for testing and development
I cannot believe that this issue (“only one user on the same LAN can connect to Openfire at the same time”) is a generic issue with Openfire. I suspect that something specific to your environment.
I was equally confused given the project uses netty which abstracts the lower-level TCP stuff, as you mentioned – to the JVM socket impl., and the fact openfire has been around for forever, hence the issue. This is just what I observed.
No error in logs. As mentioned, it’s a stock config, running the nasqueron/openfire:4.8.1 OCI on kernel v6.1.64. It should be easily reproducible. I have other services running on this same server which also use TCP sockets and work fine locally (gitea, nginx, influxdb, socks5-proxy, plex, etc.), and openfire itself works fine if I connect to it from my phone over LTE w/ another client connected locally; I just can’t have 2+ clients connected locally at the same time.
If it’s not openfire or the OCI, I’m not sure what else it could be. Can someone try to reproduce this?
Hi, i just like Guus, also do run multiple clients connected to the same acc on the same network. the clients generate a resource to each connection XMPP Resources - XMPP WIKI.
BTW what client are you using ?
I don’t think you quite understood the issue @zoidberg, client was clearly irrelevant.
Thanks @guus though, ended up stopping openfire and double-checking my router config using socat: docker run --rm -it -p 5222:5222 alpine sh -c "apk add socat; socat - TCP-LISTEN:5222,fork,reuseaddr"
to see if the issue persisted, and it did (retrospect should have done that before reporting).
It appears my router rejects multiple open sockets from LAN addresses to the WAN-IP on specific ports (weird router bug maybe?, it’s the ISP provided one, not many options for configuration, they don’t even have an option to change DNS servers, can’t change routers because I share it w/ others and they don’t want that).
Regardless, possible workarounds are: choose a different port or connect to openfire directly over the LAN IP if you are local. (not an openfire issue specifically)