Connection manager sims not to work

Openfire Openfire Support
1

Hello everybody

I’'ve just installed and configured a Wildfire 3.0.0 server in one PC and a connection manager in another one. When i run this last in the shell i get the following message:

Connection Manager 3.0.0

so i think it’'s working. Moreover, qhen i type in the shell:

telnet localhost 5222 or telnet localhost 5223, it starts a telnet session , so tose ports are listening for ingoing connections.

I’'ve got a bind server installed in the same pc where Wildifere is allocated.

I made two zones:

jabber.miempresa.com for the wildfireserver

cm.miempresa.com for the connection manager

I configured the connection manager as shown in the install guide. In the manager.xml i configured the xmmp.domain (jabber.miempresa.com), the xmmp.port (5262) and the password (in plain text).

However, when i try to login to the connection manager, it don’'t works. I configure the client with the following data:

server: cm.miempresa.com

port: 5222 or 5223

user: a user that is registeren in the wildfire server.

Can anybody help me? Is there in the Internet an complet guide for connection manager? Is somebody running well a connection manager?

Thank you very much.

2

More troubles…

I’'ve just configured the SSL settings, and now i get this message:

Error starting SSL XMPP listener on port 5223: null

Connection Manager 3.0.0

3

Hi,

it may be cool to handle here just one question, so I’'ll skip the SSL things. There is http://www.jivesoftware.org/builds/wildfire/docs/latest/documentation/ssl-guide. html available how to do it and here in the forum are also some examples.

LG

4

Hi,

you should use the xmpp.domain for the Connection Managers. They share as far as I know the same name as the Wildfire server itself.

So your manager.xml should look like:

<?xml version="1.0" encoding="UTF-8"?>
<jive>
  <network>
    <interface>10.1.2.3</interface>
  </network>
    <xmpp>
        <!-- Name of the server to connect. This property is required. -->
        <domain>jabber.miempresa.com</domain>
        <!-- TCP port to connect to the XMPP server on. -->
        <port>5262</port>
        <!-- Secret use ...

And your clients should always connect to jabber.miempresa.com, so change the DNS entry that they connect to your CM and not to Wildfire.

LG

I wonder why you are using jabber.miempresa.com and not miempresa.com as the xmpp.domain. You should use SRV records to do this, but for a quick test normal A recoreds are fine.

5

Here is my manager.xml file:

As you can see, the xmpp.domain property was alredy configured with my jabber server domain name.

If i change the connection manager domain “cm.miempresa.com” for

jabber.miempresa.com”, how do i specify at manager.xml who is the

server? with its ip? Moreover, i’'ve got two certificates: one for the

connection manager (registered with the domain name

‘‘cn.miempresa.com’’), and another one in the server (registered with the

domain name ‘‘jabber.miempresa.com’’).

I don’'t know too much about bind and DNS. would it help to you if i post here mu bind config files?

Message was edited by: daviar

6

Hi,

I did look up again my configuration. To make it work I did add “IP-of-wildfire jabber.miempresa.com” in the /etc/hosts file of the connection manager. Currently this seems to be a little bit of not documented, I wonder if one can use the IP address, but then the SSL certificates will have a problem as the server name (=IP) does not match the certificate name.

On the CM server:

“nslookup jabber.miempresa.com” should return the IP address of the CM

“ping jabber.miempresa.com” should return the IP address of Wildfire

LG

7

I did what you propossed. I also copyed my kestore and truststore from the wildfire server to my CM /resorces/security/ directory. Now i don’'t get any errors when i run cmanager.sh.

Instead of, when i try to login with a client (i’'ve tried gaim, psi ans gabber) from another pc in my lan to the connection manager, i get the following error:

XMPP Stream Error: Server is sutting down.

Any idea?? Thanks.

I think there may be another way to resolve the IP of the server and the CM. Maybe balanced load options in DNS service or with IPtables (i don’'t know how to configure this).

Here i let some info about my system:

nslookup jabber.miempresa.com

=============================

server: 10.0.0.128

Address: 10.0.0.128#53 (#53!!??)

Name: jabber.miempresa.com

Address: 10.0.0.5

/etc/hosts

============================

127.0.0.1 localhost.localdomain localhost kepler

10.0.0.5 kepler

10.0.0.128 jabber.miempresa.com

  1. The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback

fe00::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts

ping jabber.miempresa.com (from the CM host)

==========================

PING jabber.miempresa.com (10.0.0.128) 56(84) bytes of data.

10.0.0.128 is the server IP.

ping jabber.miempresa.com (from the Server host)

==========================

PING jabber.miempresa.com (10.0.0.5) 56(84) bytes of data.

10.0.0.5 is the server IP.

db.miempresa (from my bind server allocated in 10.0.0.128

============

$TTL 604800

@ IN SOA miempresa.com. admin.miempresa.com. (

2006010101;

604800;

86400;

2419200;

604800);

;

IN NS miempresa.com.

jabber IN A 10.0.0.5

8

Ok, i ve resolved some problems:

I removed from /etc/resolv.conf the entry of my dns server, so now, when i do nsloopback jabber.miempresa.com i get my wildfire server’'s ip (the one i specified in /etc/hosts)

This is the debug.log file of my CM. It happends when i try to connect to the server trough the CM:

CM - debug

=====================================================

2006.09.01 18:48:45 CM - Trying to connect to jabber.miempresa.com:5262(DNS lookup: jabber.miempresa.com:5262)

2006.09.01 18:48:45 CM - Plain connection to jabber.miempresa.com:5262 successful

2006.09.01 18:48:46 CM - Indicating we want TLS to jabber.miempresa.com

2006.09.01 18:48:46 CM - Negotiating TLS with jabber.miempresa.com

2006.09.01 18:50:44 Connect Socket[addr=/10.0.0.64,port=32788,localport=5222]

2006.09.01 18:51:14 CM - Trying to connect to jabber.miempresa.com:5262(DNS lookup: jabber.miempresa.com:5262)

2006.09.01 18:51:14 CM - Plain connection to jabber.miempresa.com:5262 successful

2006.09.01 18:51:14 CM - Indicating we want TLS to jabber.miempresa.com

2006.09.01 18:51:14 CM - Negotiating TLS with jabber.miempresa.com

2006.09.01 18:51:44 CM - Trying to connect to jabber.miempresa.com:5262(DNS lookup: jabber.miempresa.com:5262)

2006.09.01 18:51:44 CM - Plain connection to jabber.miempresa.com:5262 successful

2006.09.01 18:51:44 CM - Indicating we want TLS to jabber.miempresa.com

2006.09.01 18:51:44 CM - Negotiating TLS with jabber.miempresa.com

2006.09.01 18:51:44 Logging off org.jivesoftware.multiplexer.net.SocketConnection@1742700 socket: Socket[addr=/10.0.0.64,port=32788,localport=5222]

2006.09.01 18:56:16 Connect Socket[addr=/10.0.0.64,port=32789,localport=5222]

2006.09.01 18:56:46 CM - Trying to connect to jabber.miempresa.com:5262(DNS lookup: jabber.miempresa.com:5262)

2006.09.01 18:56:46 CM - Plain connection to jabber.miempresa.com:5262 successful

2006.09.01 18:56:46 CM - Indicating we want TLS to jabber.miempresa.com

2006.09.01 18:56:46 CM - Negotiating TLS with jabber.miempresa.com

2006.09.01 18:57:17 CM - Trying to connect to jabber.miempresa.com:5262(DNS lookup: jabber.miempresa.com:5262)

2006.09.01 18:57:17 CM - Plain connection to jabber.miempresa.com:5262 successful

2006.09.01 18:57:17 CM - Indicating we want TLS to jabber.miempresa.com

2006.09.01 18:57:17 CM - Negotiating TLS with jabber.miempresa.com

Any error is shown in the error log.

In the errors log of my wildfire server i get:

wildfire error.log

================================================

2006.09.01 19:42:53 org.jivesoftware.wildfire.net.BlockingReadingMode.run(BlockingReadingMode.java:1 04) Se cerró la conexión antes de establecer la sesión

Socket[addr=/10.0.0.5,port=32874,localport=5262]

2006.09.01 19:43:23 org.jivesoftware.wildfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode.j ava:75) Error while negotiating TLS

javax.net.ssl.SSLException: Unsupported record version Unknown-47.115

at com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(Unknown Source)

at javax.net.ssl.SSLEngine.unwrap(Unknown Source)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:277)

at org.jivesoftware.wildfire.net.TLSStreamHandler.start(TLSStreamHandler.java:223)

at org.jivesoftware.wildfire.net.SocketConnection.startTLS(SocketConnection.java:1 73)

at org.jivesoftware.wildfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:72)

at org.jivesoftware.wildfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:126)

at org.jivesoftware.wildfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 62)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:123)

at java.lang.Thread.run(Unknown Source)

Can anybody help me with authenticating to server?

9

Hola daviar,

Are you using self-signed certificates? If you do then you will need to set the property server.certificate.verify to false in manager.xml and restart the CM. The problem I see in the logs is when trying to secure the connection between the CM and Wildfire using TLS. BTW, for the next release we modified Wildfire to not use TLS by default when connecting to CMs. TLS adds unneeded overhead when both servers are already behind a protected LAN.

If you want to manually disable TLS for CM then log into the admin console and set the system property xmpp.multiplex.tls.policy to disabled. Restart Wildfire and CM after making that change.

Saludos,

– Gato

10

Ok. It really works. Now i wonder how to do it work using some kind of encryptatrion. It could be very interesting for expanding the jabber network over the internet.

Thank you al very much.

David Vila. (saludos para Gato desde Alicante-España)