Moved Openfire to new IP, now cannot connect

R-A · March 7, 2024, 2:03pm

I had Openfire 4.8.1 installed on a server on my local LAN on 172.10.1.53 , with port forwarding setup to allow connecting from the internet. Users could connect to user@mydomain.tld. and mydomain.tld pointed to my fiber IP address, which then routed to Openfire on 172.10.1.53

Last night, I setup a Debian server on the internet with a public IP address, 156.38.y.z, and updated the DNS zone record to point mydomain.tld to 156.38.y.z.

In openfire settings, both “XMPP Domain Name” and “Server Host Name (FQDN)” is setup as mydomain.tld

Yet, I cannot connect to http://mydomain.tld:9090 but have to connect to http://156.38.x.y:9090 and Conversations cannot connect to “user@mydomain.tld” anymore.

In Conversations, on my android mobile phone, I just get a “server not found” error when trying to connect to user@mydomain.tld.

This worked when I pointed the domain to my LAN server

Am I missing a setting?

Polarian · March 8, 2024, 9:53am

This is likely due to propagation of DNS records not yet being completed.

It takes time for your registrar to distribute the new IP address to its authoritative DNS servers, and then recursive DNS servers (such as your ISP) cache IP addresses for a period of time, this cache needs to expire before it will fetch the new IP address. (Set a lower TTL (Time To Live) to speed this up)

If you give me the domain name I can attempt a s2s connection to your server to see if I can reach it from my server?

Its been 20 hours, DNS propagation should have finished.

Hope this helps!

R-A · March 8, 2024, 10:07am

No. It’s not DNS propagation. The DNS TTL is set to 600 seconds, and have propagated long ago. Even if I add the public and hostname to my local /etc/hosts folder, and connect to the correct IP address, Openfire still doesn’t work.

guus · March 8, 2024, 10:13am

This looks like a networking error, not an Openfire configuration error. You could try to verify this by doing packet inspection on the server that’s running Openfire, to see if it receives any data at all.

My guess is that there’s something wrong with your DNS records. Maybe you have added A records, but have lingering old records?

Note that by default, Openfire 4.8.0 and later won’t let you connect to the admin console (9090/9091) from anywhere but the localhost. That limitation obviously does not exist for the regular client ports (5222 et al).

R-A · March 8, 2024, 10:30am

how?

I can SSH to the hostname. And I can access a Wordpress website hosted on the same server, via the same hostname.

And, yes. I have allowed remote access to OpenFire Admin console, as I can access it via http://156.38.x.y:9090

guus · March 8, 2024, 10:53am

Without you providing the actual domain name, I can only guess.

R-A · March 8, 2024, 11:05am

I can send it to you in private, but for now I had to revert back to the old server so the people can use it.

The problem is, the old server, on my LAN isn’t available 24/7

Polarian · March 8, 2024, 11:09am

If you want to speak to people privately best to join the XMPP channel no?

xmpp:open_chat@conference.igniterealtime.org?join

Openfire should bind to whatever IP address(es) on the ports specified in the configuration, it is not IP specific.

Maybe check firewalls to ensure you aren’t dropping the packets?

EDIT: Just realised that discourse can do private messages, and I assume you already messaged Guus so I will cease my responses.