powered by Jive Software

Problem connecting to gtalk

I am new to the transports, so I am probably missing something easy, but here goes.

I am trying to setup a transport to google (not the normal jabber federation, but using an im gateway).

I installed the gateway plugin , turned on the gtalk transport and ran the test for gtalk (connect to the server), that worked fine. I didn’t do any other setup.

I then tried to register using the spark client (using the icon at the top).

I eventually got back an error that said I had an invalid usernmae/password.

I then traced the calls from my openfire server to talk.google.com and here is what I see.

First my server (which is behind a firewall and has port 5222 open to talk.google.com) , connects to google and trasmints these packets:

<stream:stream to=“gmail.com” xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams” version=“1.0”>

<?xml version=“1.0” encoding=“UTF-8”?><stream:stream from=“gmail.com” id=“FF8F2C2CDA58DB07” version=“1.0” xmlns:stream=“http://etherx.jabber.org/streams” xmlns=“jabber:client”>

(So far so good)

Google then responds with:

<stream:features><starttls xmlns=“urn:ietf:params:xml:ns:xmpp-tls”><required/></starttls>&l t;mechanisms xmlns=“urn:ietf:params:xml:ns:xmpp-sasl”><mechanism>X-GOOGLE-TOKEN< /mechanism></mechanisms></stream:features>

Then my openfire server sends:

<starttls xmlns=“urn:ietf:params:xml:ns:xmpp-tls”/>

After that google tears down the connection (sends 2 RST packets)

Does anyone know what I need to setup or do to get this working?

Should I giveup this route and go with jabber federation?

Thanks in advance


The gateway plugin does not allow you to create new accounts on the services. You must have an existing account with the service (ie Gtalk).

I already have an existing gtalk account.

From the trace I’ve seen, it looks like we don’t even get to the point where it attempts authentication.

It looks like it’s kicking me out when it tries to go into ssl.

I solved my problem (sort of).

After not having any luck connecting to google using the normal gateway, I tried directly from the spark client. I got the same results when trying to go over port 5222 and letting tls get negotiated. I could connect going over port 5223 and assuming ssl when making the connection (old style ssl).

Some google docs seem to back this up (like http://www.google.com/support/talk/bin/answer.py?hl=en&answer=24076)

So what I did was borrow the port 5223 support from the spark client:

(everything i did was in src/plugins/gateway/src/java/org/jivesoftware/openfire/gateway/protocols/xmpp/)

First I copied the spark DummySSLSocketFactory to XMPPSSLFactory (I didn’t think openfire using a spark class was a good idea, but neither is having 2 copies of the same class)

Then I edited XMPPSession.java and in it’s constructor, added this:

if (getTransport().getType().equals(TransportType.gtalk)) {

config.setSocketFactory(new XMPPSSLFactory());


(I also changed the gtalk prt to 5223 in the admin console.

Compiled,deployed and everything worked.

This sort of seems like a hack

My knowledge of openfire is a pretty weak, so that is probably the limit of what I can do, but it seems to me that:

  1. The old style ssl connections should be supported in all xmpp gateways (as an option).

  2. The default gtalk gateway should use this new option (and default to port 5223).

  3. The dummySSLSocketFactory should probably get refactored into the smack libaray, so it’s available to both openfire and spark.

Am I way out there with this, or does this seem the correct way to go. I could probably do the work, but it would take me some time…


Just FYI, i can successfully login to GTalk with my Spark through the IM Gateway. Openfire security settings are all disabled. When registering with gtalk transport i specify my username (only the part before @) and password.


That sounds exactly like my settings, but google keeps kicking me out when I use port 5222 (it just does not like trying to start tls). (I’m not sure if I mentioned it, but I am using the out of the box 3.4.5 version).

The spark client got the same results trying togodirectly to 5222 (spark worked fine going to 5223), so I don’t think it’s the gateway itself.

I’m really stumped now, but it’s working, so I guess it’s good enough for now.


Not sure if this can be related, but can you check in Admin Console - Server > Security settings page? I think i have changed those all to Not Available long ago.

On that page, there is client connection and server connection options.

Both are set to “optional”.


Hi Kevin,

Use following configuration

connection port: 443

connection host : talk.google.com

server: gmail.com

use old ssl method

This will work.