powered by Jive Software

Question about IPv6 and proxy

In the logs of an IM client, I can see that one of streamhosts uses an IPv6 address and hostname that begins with proxy. My confusion is due to IPv6 being completely disabled on that host and its name proxy not being set up by me anywhere in OpenFire server or on DNS.

(10:49:38) jabber: Sending (ssl) (memberA@somewhere.com/af3Wdw3): <iq type='set' id='purple3b3a48c1' to='memberB@somewhere.com/1snpiaqj2n'><query xmlns='http://jabber.org/protocol/bytestreams' sid='purple3b3a48c0'><streamhost jid='memberA@somewhere.com/af3Wdw3' host='xxx.xxx.xxx.xxx' port='8010'/><streamhost jid='memberA@somewhere.com/af3Wdw3' host='yyy.yyy.yyy.yyy' port='8010'/><streamhost jid='proxy.somewhere.com' host='fe80:0:0:0:0:5efe:c0a8:3801%net6' port='7777'/></query></iq>

I was told that it is OpenFire server that informs the IM client that it can be found at proxy.somewhere.com and at the corresponding IPv6 address. Why does it do it, and how can I turn both off?

If proxy cannot be changed, do I need to create an A DNS record for proxy? I am reluctant because we may have to use this name for a real SOCKS proxy very soon. I’d rather OF server identify itself under a different name.

Thank you for your help!

Do any developers know how the disabled IPv6 slips in?

Many thanks!

You can hardcode the address of the host by setting the xmpp.proxy.externalip property in the Openfire admin console. If that property is not set, then Openfire will iterate over all network interfaces of the server (or the one that is defined in openfire.xml under <network><interface>), and add their addresses.

Thanks for the tip! It is only unclear to me which IP I should put in there: the LAN IP or the WAN IP. If I put the WAN IP then how are LAN clients going to find it?

So, it sounds like the server includes disabled by default Microsoft ISATAP adapters in the search, and they supply their IPv6 even though all enabled interfaces have IPv6 disabled on them. This is confusing and counter-intuitive. Probably consider excluding disabled interfaces from the search. I uninstalled them for now, and the IPv6 address disappeared from logs.

You can only configure one IP address, if you are explicitly setting it through that optional property, that’s a limitation of that override.

I agree that Openfire should not advertise IP addresses that cannot be used. I have created a new issue tracker for this: [OF-2544] - Ignite Realtime Jira