GTalk federation

Whokay, what’‘s up with Google’‘s latest announcement and Wildfire? Anything on the server side I need to know? How do we set this up properly? My prime interest in WF isn’‘t federation, but if someone could direct me to point at GTalk I’'d be glad of it.

TIA

Hey Scott,

Interaction between the Wildfire and GoogleTalk servers is just like any other server-2-server communication. Google is not using TLS+SASL for s2s so the following steps should be enough to have things working:

  1. Start Wildfire and log into the admin console

  2. Click on “Server to Server” and enable the service. Leave port 5269 as the default value.

  3. Make sure that your firewall is not filtering port 5269

  4. Make sure that your server name (go to the main page of your admin console to check your server name) is resolvable by a DNS server

With those 4 steps your servers should be able to communicate. Google is only allowing to exchange messages with the contacts that appear in the contact list. Follow these steps to test that 2 clients can communicate fine:

  1. Connect a client to wildfire (e.g. user1@mywildfire.com)

  2. Connect a client to gmail (e.g. user2@gmail.com)

  3. user1@mywildfire.com adds user2@gmail.com to his roster

  4. After a moment user2@gmail.com should get a presence subscription request which you must accept

  5. user1@mywildfire.com will now receive a presence subscription request from user2@gmail.com which you must accept

  6. Now both users should be able to chat

Regards,

– Gato

Gato-

In step 4 (server name resolvable by a name server) - if the server is on a local LAN with a local DNS server, then the name does get resolved correctly. Do you mean ‘‘server name is resolvable by a PUBLIC nameserver’’?

In other words, for a Wildfire server running on a private NAT’'ed network, does there need to be a fixed public IP which maps port 5269 back to the NATed wildfire server? Something like this-

wildfire server ip - 192.168.1.10

192.168.1.10:5269 -> 1.2.3.4:5269

nslookup 1.2.3.4 -> wildfire.mydomain.com

Is that correct? Or can a wildfire server that is on a NAT’'ed LAN but has outbound port 5269 open at the firewall establish a session with the GoogleTalk server?

Thanks-

Or can a wildfire server that is on a NAT’'ed LAN but has outbound port 5269 open at the firewall establish a session with the GoogleTalk server?[/i]

Yeah, we got that working. Just added a public.

Okay. so just to be clear:

You got this to work by setting up a one-to-one port address translation between a private (rfc1918) ip address and a public ip address, such that the firewall allows incoming traffic to port 5269 on the public ip - and maps it over to 5269 on the private ip.

Yessir, that’'s right. And we publish the public DNS on an internal zone in the same namespace.

That was said badly – I mean we publish the public namespace in an internal zone as well – im.companyname.com on both internet and intranet.

I’'ve still been unable to connect server-to-server via GoogleTalk. In the debug logs, I see this:


at org.jivesoftware.wildfire.server.OutgoingSessionPromise.createSessionAndSendPac ket(OutgoingSessionPromise.java:139)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise.access$300(OutgoingSess ionPromise.java:37)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise$1$1.run(OutgoingSession Promise.java:91)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

2006.01.24 20:10:26 OS - Trying to connect to gmail.com:5269

2006.01.24 20:10:37 OS - Connection to talk.google.com:5269 successful

2006.01.24 20:10:37 OS - Sent dialback key to host: talk.google.com id: 6F2527ED9602332A from domain: im.mycompany.com

2006.01.24 20:10:37 OS - Unexpected answer in validation from: talk.google.com id: 6F2527ED9602332A for domain: im.mycompany.com answer:

java.lang.Exception: Failed to create connection to remote server


I’'m using Psi as my client, logged in as ‘‘eggroll@im.mycompany.com’’ and trying to add user ‘‘bobdole@gmail.com’’ to my contact list. This error repeats endlessly through the debug logs.

I’'d appreciate it if anyone has any insight on this problem.

Wierd… so ‘‘pandion.be’’ works fine, but ‘‘talk.google.com’’ does not.


at org.jivesoftware.wildfire.server.OutgoingSessionPromise.createSessionAndSendPac ket(OutgoingSessionPromise.java:139)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise.access$300(OutgoingSess ionPromise.java:37)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise$1$1.run(OutgoingSession Promise.java:91)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

2006.01.24 21:11:06 OS - Trying to connect to pandion.be:5269

2006.01.24 21:11:36 OS - Plain connection to pandion.be:5269 successful

2006.01.24 21:11:37 OS - Error, was not received

2006.01.24 21:11:37 OS - Going to try connecting using server dialback

2006.01.24 21:11:37 OS - Trying to connect to pandion.be:5269

2006.01.24 21:12:07 OS - Connection to pandion.be:5269 successful

2006.01.24 21:12:07 OS - Sent dialback key to host: pandion.be id: iajmc8ckic0khsz2bjfedb4tih1ffm2yxllauxuc from domain: im.mycompany.com

2006.01.24 21:12:08 Connect Socket[addr=/217.97.162.67,port=47295,localport=5269]

2006.01.24 21:12:08 RS - Received dialback key from host: pandion.be to: im.mycompany.com

2006.01.24 21:12:27 OS - Time out waiting for answer in validation from: pandion.be id: iajmc8ckic0khsz2bjfedb4tih1ffm2yxllauxuc for domain: im.mycompany.com

2006.01.24 21:12:27 Finishing Outgoing Server Reader. No session to close.

java.net.SocketException: Socket closed

at java.net.SocketInputStream.socketRead0(Native Method)

at java.net.SocketInputStream.read(Unknown Source)

at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)

at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)

at sun.nio.cs.StreamDecoder.read(Unknown Source)

at java.io.InputStreamReader.read(Unknown Source)

at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2971)

at org.xmlpull.mxp1.MXParser.more(MXParser.java:3025)

at org.jivesoftware.wildfire.net.MXParser.nextImpl(MXParser.java:75)

at org.xmlpull.mxp1.MXParser.nextToken(MXParser.java:1100)

at org.dom4j.io.XMPPPacketReader.parseDocument(XMPPPacketReader.java:290)

at org.jivesoftware.wildfire.server.OutgoingServerSocketReader$1.run(OutgoingServe rSocketReader.java:91)

2006.01.24 21:12:27 OS - Trying to connect to be:5269

2006.01.24 21:12:38 RS - Trying to connect to Authoritative Server: pandion.be:5269

2006.01.24 21:12:38 RS - Connection to AS: pandion.be:5269 successful

2006.01.24 21:12:38 RS - Asking AS to verify dialback key for id7051798e

2006.01.24 21:12:38 RS - Key was VERIFIED by the Authoritative Server for: pandion.be

2006.01.24 21:12:38 RS - Closing connection to Authoritative Server: pandion.be

2006.01.24 21:12:38 RS - Sending key verification result to OS: pandion.be

2006.01.24 21:12:38 AS - Verifying key for host: pandion.be id: iajmc8ckic0khsz2bjfedb4tih1ffm2yxllauxuc

2006.01.24 21:12:38 AS - Key was: VALID for host: pandion.be id: iajmc8ckic0khsz2bjfedb4tih1ffm2yxllauxuc

2006.01.24 21:12:58 Logging off pandion.be on org.jivesoftware.wildfire.net.SocketConnection@929ba3 socket: Socket[addr=/217.97.162.67,port=47295,localport=5269] session: org.jivesoftware.wildfire.server.IncomingServerSession@86d597 status: 1 address: pandion.be id: 7051798e


So what is different with GoogleTalk?

DNS resolves fine, and 5269 is open to all incoming.

Hey Max,

Remote users that belong to the gmail server should have their domain as “gmail.com”. In other words, when trying to add a new gmail contact to your roster or send him a message the JID should be of the form @gmail.com.

When using @gmail.com the debug log will look like this:

2006.01.25 12:01:02 OS - Trying to connect to gmail.com:5269

2006.01.25 12:01:03 OS - Plain connection to gmail.com:5269 successful

2006.01.25 12:01:03 OS - Going to try connecting using server dialback

2006.01.25 12:01:03 OS - Trying to connect to gmail.com:5269

2006.01.25 12:01:04 OS - Connection to gmail.com:5269 successful

2006.01.25 12:01:04 OS - Sent dialback key to host: gmail.com id: 7E2CE9A22E99A4DB from domain: gato.dyndns.org

2006.01.25 12:01:06 RS - Received dialback key from host: gmail.com to: gato.dyndns.org

2006.01.25 12:01:06 RS - Trying to connect to Authoritative Server: gmail.com:5269

2006.01.25 12:01:06 RS - Connection to AS: gmail.com:5269 successful

2006.01.25 12:01:06 RS - Asking AS to verify dialback key for id57a4a162

2006.01.25 12:01:06 RS - Key was VERIFIED by the Authoritative Server for: gmail.com

2006.01.25 12:01:06 RS - Closing connection to Authoritative Server: gmail.com

2006.01.25 12:01:06 RS - Sending key verification result to OS: gmail.com

2006.01.25 12:01:06 AS - Verifying key for host: gmail.com id: 7E2CE9A22E99A4DB

2006.01.25 12:01:06 AS - Key was: VALID for host: gmail.com id: 7E2CE9A22E99A4DB

2006.01.25 12:01:07 OS - Validation GRANTED from: gmail.com id: 7E2CE9A22E99A4DB for domain: gato.dyndns.org

Note that the “OS - Sent dialback key to host:” value is different in your case than in mine.

Hope that helps,

– Gato

I have all off that working, but none of this happens:

  1. After a moment user2@gmail.com should get a presence subscription request which you must accept

  2. user1@mywildfire.com will now receive a presence subscription request from user2@gmail.com which you must accept

However, THIS happens just dandy:

  1. Now both users should be able to chat

No indication at either client (Spark or GTalk) about whether the other user is on-line.

People can chat, but can’'t see each others presence. But now requests are evident anywhere.

Gato:

See my first debug log posted above for gmail.com - I specified that I was trying to add the user ‘‘bobdole@gmail.com’’ - if this is what you are suggesting, I’'ve already tried that; which is what generated the debug log above.

I’'ve tried the opposite method- logging into a native GoogleTalk client and trying to add ‘‘username@im.mycompany.com’’ as a contact. When I try that, here is the debug log:


2006.01.25 16:19:10 Connect Socket[addr=/64.233.166.129,port=39176,localport=5269]

2006.01.25 16:19:10 Error creating session

java.io.EOFException: input contained no data

at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2982)

at org.xmlpull.mxp1.MXParser.more(MXParser.java:3025)

at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1410)

at org.jivesoftware.wildfire.net.MXParser.nextImpl(MXParser.java:330)

at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093)

at org.jivesoftware.wildfire.net.SocketReader.createSession(SocketReader.java:572)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:110)

at java.lang.Thread.run(Unknown Source)

2006.01.25 16:19:10 Connect Socket[addr=/64.233.166.129,port=39177,localport=5269]

2006.01.25 16:19:10 RS - Received dialback key from host: gmail.com to: im.mycompany.com

2006.01.25 16:19:40 RS - Trying to connect to Authoritative Server: gmail.com:5269

2006.01.25 16:20:00 Error delivering raw text

org.jivesoftware.wildfire.net.SocketConnection@191eb90 socket: Socket[addr=/64.233.166.129,port=39177,localport=5269] session: null

java.net.SocketException: Broken pipe

at java.net.SocketOutputStream.socketWrite0(Native Method)

at java.net.SocketOutputStream.socketWrite(Unknown Source)

at java.net.SocketOutputStream.write(Unknown Source)

at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(Unknown Source)

at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(Unknown Source)

at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(Unknown Source)

at sun.nio.cs.StreamEncoder.flush(Unknown Source)

at java.io.OutputStreamWriter.flush(Unknown Source)

at java.io.BufferedWriter.flush(Unknown Source)


Any suggestions?

I’‘ve verified that the port 5269 is available, and that DNS name ‘‘im.mycompany.com’’ is resolvable by external nameservers. I’'ve also verified that ‘‘im.mycompany.com’’ can telnet to port 5269 on talk.google.com


telnet talk.google.com 5269

Trying 64.233.167.125…

Connected to talk.google.com (64.233.167.125).

Escape character is ‘’^]’’.

^]

telnet> quit

Connection closed.


But when I try to telnet to 5269 on ‘‘gmail.com’’ I get no response (as is expected)


telnet gmail.com 5269

Trying 64.233.161.107…


So my questions…

  1. In the debug log above, why does it say ‘‘connecting to authoritative server gmail.com:5269’’? Shouldn’‘t it be trying to talk to talk.google.com:5269? And if that assumption is correct, how does it know to break down ‘‘username@gmail.com’’ -> ‘‘username’’ and ‘‘talk.google.com’’? Won’'t my ‘‘im.mycompany.com’’ always see the connections as coming from gmail.com:5269?

  2. I’'ve tried this with Psi, Pandion, Spark… and none of them seem to be able to cause an S2S connection to be established. What client have you gotten this working with? Do I have to do anything more complicated than these steps: (In Psi)

  • add a contact

  • jabberID: user@gmail.com

  • click ‘‘add’’

  • click ‘‘ok’’ when it says ‘‘success: user added to your roster’’

  1. Are there any tests I can run other than the ones I’'ve tried above (telnet, debug log) to figure out what is going on?

Thanks-

–Maxx

Okay, here’'s the latest debug.log


2006.01.25 20:14:33 OS - Trying to connect to gmail.com:5269

2006.01.25 20:15:23 Error sending packet to remote server:

java.lang.Exception: Failed to create connection to remote server

at org.jivesoftware.wildfire.server.OutgoingSessionPromise.createSessionAndSendPac ket(OutgoingSessionPromise.java:139)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise.access$300(OutgoingSess ionPromise.java:37)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise$1$1.run(OutgoingSession Promise.java:91)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)


And for jabber.org (just for comparison)


2006.01.25 20:18:37 OS - Trying to connect to jabber.org:5269

2006.01.25 20:19:07 OS - Plain connection to jabber.org:5269 successful

2006.01.25 20:19:07 OS - Error,

java.lang.Exception: Failed to create connection to remote server

at org.jivesoftware.wildfire.server.OutgoingSessionPromise.createSessionAndSendPac ket(OutgoingSessionPromise.java:139)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise.access$300(OutgoingSess ionPromise.java:37)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise$1$1.run(OutgoingSession Promise.java:91)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

And finally, using the ‘‘Service Discovery’’ option is Psi to browse for ‘‘talk.google.com’’


2006.01.25 20:23:20 OS - Trying to connect to talk.google.com:5269

2006.01.25 20:23:50 OS - Plain connection to talk.google.com:5269 successful

2006.01.25 20:23:50 OS - Going to try connecting using server dialback

2006.01.25 20:23:50 OS - Trying to connect to talk.google.com:5269

2006.01.25 20:24:20 OS - Connection to talk.google.com:5269 successful

2006.01.25 20:24:20 OS - Sent dialback key to host: talk.google.com id: 50E4AA25F5ED5134 from domain: mycompany.com

2006.01.25 20:24:20 OS - Unexpected answer in validation from: talk.google.com id: 50E4AA25F5ED5134 for domain: mycompany.com answer:<stream:error xmlns:stream=“http://etherx.jabber.org/streams”></stream:error>

2006.01.25 20:24:20 Finishing Outgoing Server Reader. No session to close.

java.net.SocketException: Socket closed

at java.net.SocketInputStream.socketRead0(Native Method)

at java.net.SocketInputStream.read(Unknown Source)

at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)

at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)

at sun.nio.cs.StreamDecoder.read(Unknown Source)

at java.io.InputStreamReader.read(Unknown Source)

at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2971)

at org.xmlpull.mxp1.MXParser.more(MXParser.java:3025)

at org.jivesoftware.wildfire.net.MXParser.nextImpl(MXParser.java:75)

at org.xmlpull.mxp1.MXParser.nextToken(MXParser.java:1100)

at org.dom4j.io.XMPPPacketReader.parseDocument(XMPPPacketReader.java:290)

at org.jivesoftware.wildfire.server.OutgoingServerSocketReader$1.run(OutgoingServe rSocketReader.java:91)


Try adding “gmail.com” as the google server, not “talk.google.com

I tried that, and now it’'s working like a charm.