Spark issues across a VPN tunnel

Hi all,

I just setup an Openfire server (v. 3.6.2) on a test server, and I am having some trouble with Spark connecting from across a VPN Tunnel.

My server is setup in our main office, and clients can connect and chat with spark with no issues.

However, our branch office no clients can connect. They try to connect with spark, and all that happens is Spark will sit at “Authenticating” for about a minute, then come back with “Invalid username or password”

I have verified that the branch office can reach the remote server & port, and it can resolve the name without issues.

The users are populated from our Active Directory, so they are valid.

The user accounts (a few test accounts) are able to login from the main office.

The debug log on the server only shows:

2008.11.25 15:16:57 JettyLog: EXCEPTION An existing connection was forcibly closed by the remote host
at Method)
at Source)
at Source)
at Source)
at Source)
at org.mortbay.jetty.HttpParser.parseNext(
at org.mortbay.jetty.HttpParser.parseAvailable(
at org.mortbay.jetty.HttpConnection.handle(
at org.mortbay.thread.QueuedThreadPool$

On the client side, only the Warn.log gets anything:

Nov 25, 2008 3:11:59 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Exception in Login:
Connection failed. No response from server.:
at org.jivesoftware.smack.PacketReader.startup(
at org.jivesoftware.smack.XMPPConnection.initConnection(
at org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection. java:834)
at org.jivesoftware.smack.XMPPConnection.connect(
at org.jivesoftware.LoginDialog$LoginPanel.login(
at org.jivesoftware.LoginDialog$LoginPanel.access$400(
at org.jivesoftware.LoginDialog$LoginPanel$1.construct(
at org.jivesoftware.spark.util.SwingWorker$
at Source)

I have the server to Require TLS, and old SSL is available…

The odd thing is that a connection can be established using the Old SSL method (which i’d rather not use)

Any ideas on what might be the issue, or anything I can do to try and further debug what’s happening?

So I tracked down the issue to the intrusion prevention service on the firewall at the main site.

I added the OpenFire server as an exception and now I can connect from the branch office.

Now I have to complain to my firewall vendor why their intrusion prevention component is applied to a supposed “fully open” VPN tunnel