Openfire + Spark + Xabber configuration

Hi everybody. At first I want to say “Thank you so much!” to developers of Openfire and Spark.

The second I want to ask community about help with my task.

I need to install and configure XMPP server as corporative chat for my company so I decided to pick Openfire and Spark combination. In addition there are is a couple workers with Android smartphones which should be connected to XMPP server to via 3G\4G.

I’ve done such steeps:

-installed Linux server

-installed Openfire

-went to admin console and configured mysql and local hostname and fqdn names. They were the same as server’s hostname. Name was something like “lin-test”.

All works fine (server, logs, plug-ins, encryption) inside local network but when I tried to connect clients with Android devices (Xabber) problems started. I forwarded 5222 port through my router and tried to configure mobile xmpp client for using my DDNS address. But it’s was impossible to connect from outside using mobile client. There was a record in log file:

Will not route: Remote domain myddns.afraid.org is not accessible according to our configuration

When I tried co connect from outside using Spark it was successfully connection except I have to remove checkbox * “Disable certificate hostname verification” *in Spark configuration.

After that I reconfigured my Openfire server from the beginning and used my DDNS record instead of Linux server hostname. After such manipulations I’ve got reverse problem: it’s becomes possible to connect via Xabber (but encryption should be disabled) from Internet. But clients from local network can’t connect without removing checkbox * “Disable certificate hostname verification”.*

So I have 2 questions:

How to force Xabber work with encryption?

And how should I configure my router and_or Openfire properly?

When you reconfigured Openfire, was it a clean install? If not, you might still have old certificates for the old domain name. Check it in TLS/SSL Certificates menu and press on any Manage Store Contents link. If it shows certificates with old domain (hostname of a server), then delete them and generate new ones.

Xabber connects with encryption for me.

Wroot, thank you for answer.

No, it wasn’t clean install in second time, I reconfigured one file for initial Openfire reconfiguration.

As you told me I checked Certificate storage and deleted old with the name of my server. But close to it were new certificates

*myddns.afraid.org_rsa and *myddns.afraid.org_dsa. *They were generated during second initial reconfiguration.
*

I decided how to solve half of my problem and I want to share with others, maybe it will be helpful for someone.

When I did initial configuration (database, server domain) I used DDNS name. So external clients (except mobile) can connect without problems, but internal clients (they in one LAN with Openfire server) can’t. The problem with routing appeared. It was impossible for local clients to reach myddns.afraid.org. So I added static DNS record to my router and and linked name myddns.afraid.org with my local server IP. And it helps! Local clients can use my ddns name and chat works great.

But there are is last problem I can’t force Xabber to work! Nor from WAN, nor from LAN! Any ideas?

It work only with disabled encryption on server side.

You can check Openfire logs for related entries when Xabber fails. In Xabber you can also enable debug log (Settings > Debug settings) and then check the logs for some hints.

I didn’t find anything in Openfire logs about Xabber connections.

But xabber show me such error:

When I enabled Xabber logging I got long log file.

-----start log 2017-08-28_10-38-03 Xabber Dev 2.0.1 Android 6.0.1 SDK 23 Battery - Pastebin.com

I suggest showing these logs to Xabber developers by creating an Issue on Xabber’s Github page.

Thank you fir your quick response, I’ve done that and I hope that someone will advice something.

Xabber developers (or developer) were fairly active recently moving Xabber to use Smack library, so maybe they will notice you request (Problem with · Issue #760 · redsolution/xabber-android · GitHub )

As you can see, the problem was in certificates generation and it’s not Xabber issue.

Deadline has come, so I have to install Openfire without mobile devices support. But I don’t refuse from that idea and I hope that I’ll implement it on a time.

**Wroot, **thank you for your help and advices.

I have yet one question. How can I make a history synchronisation on various devices for one user account? For example one employee using chat on PC, on the next day there is need to move him to subsidiary (there will be another PC or laptop). And in a three days hi will return to head office.

Thanks for following up. I have filed [OF-1377] Openfire’s self-signed certificates cause troubles in Android clients - IgniteRealtime JIRA but as it works for me with Xabber on my local server i’m not sure this is only Openfire related issue.

Don’t ask unrelated questions in the same thread, it makes it hard to follow. You can read this on history synchronization (in short, there are no easy and ideal option) Explanation: message synchronization between clients