Up to Discussions in IM Gateway

This Question is Possibly Answered

1 "correct" answer available (10 pts) 2 "helpful" answers available (5 pts)
64 Replies Last post: Sep 10, 2007 9:53 AM by LG  
Gaurav Bronze
Gaurav
15 posts since
Aug 27, 2007
Currently Being Moderated

Sep 3, 2007 11:51 PM

Openfire behind proxy

Hi, I have read other discussion threads related to proxy issue with IM Gateway plugin. I am still not sure if that functionality is supported yet or not.

 

I installed openfire behind socks / http proxy (corporate firewall) and I have transport

plugins (for yahoo, msn etc ) installed on the server. Does the

transport provision through proxy settings to go outside the firewall ?

 

 

 

Basically, I am looking for :

 

 

 

client (psi/spark) ->openfire (with transport plugins) -> FIREWALL -> XMPP server , Yahoo , MSN

 

 

Something like this would be useful in restricted corporate environments that would support for NTLM based HTTP proxies.

 

 

  My question is does anything like this exist currently ?

 

 

Tags: gateway-plugin, proxy
Daniel Henninger Jiver
Daniel Henninger
2,904 posts since
Aug 10, 2005
Currently Being Moderated
Sep 4, 2007 7:06 AM in response to: Gaurav
Re: Openfire behind proxy

The plugin doesn't support proxy at all at this time: GATE-130

 

However, I think I've seen a couple of folk have some success with some other solution they've put together.  I don't know how much luck you'd have searching the threads some more as it looks like you already have.  Perhaps someone who's tried before might have something to say?

Report Abuse
cgravier Bronze
cgravier
57 posts since
Feb 15, 2006
Currently Being Moderated
Sep 4, 2007 8:53 AM in response to: Daniel Henninger
Re: Openfire behind proxy

 

Hi,

 

 

See http://www.igniterealtime.org/community/thread/26697

 

 

I have clients (psi)  <-> openfire server <-> proxy & FW <-> outside world

 

 

Sometimes I also have clients in the outside world too.

 

 

Whatever the situation, the IM plugin does not work.

 

 

 

 

Of course, please not that setting 

update.proxy.host and

update.proxy.port in server properties will only let you be noticed about updates of openfire (could be usefull in your case but won't fix that issue).

 

 

Report Abuse
Daniel Henninger Jiver
Daniel Henninger
2,904 posts since
Aug 10, 2005
Currently Being Moderated
Sep 4, 2007 9:18 AM in response to: cgravier
Re: Openfire behind proxy

Correct, the plugin does not support proxies.  I think someone worked out some "magic" to get Yahoo working once.  Not sure.

Report Abuse
cgravier Bronze
cgravier
57 posts since
Feb 15, 2006
Currently Being Moderated
Sep 4, 2007 10:04 AM in response to: Daniel Henninger
Re: Openfire behind proxy

I think yahoo gateway is working out of the box behind a proxy here ... I'll ask people using it and give back results

Report Abuse
Gaurav Bronze
Gaurav
15 posts since
Aug 27, 2007
Currently Being Moderated
Sep 4, 2007 10:10 AM in response to: cgravier
Re: Openfire behind proxy

Thanks, really appreciate a reply on how to connect to yahoo through proxy.

Report Abuse
Todd Getz KeyContributor
Todd Getz
1,960 posts since
Apr 2, 2007
Currently Being Moderated
Sep 4, 2007 10:47 AM in response to: Gaurav
Re: Openfire behind proxy

I would suggest that you add an exception for your chat server to your proxy.  It is (I assume) an approved server for a specific purpose.  It woould not neet to be proxied.  Deny all not chat related ports for the server so it can not be used for inappropriate surfing.

Report Abuse
cgravier Bronze
cgravier
57 posts since
Feb 15, 2006
Currently Being Moderated
Sep 4, 2007 1:36 PM in response to: Todd Getz
Re: Openfire behind proxy

 

You are perfectly right !

 

 

Unfortunately, I think I already opened all the required ports, hence I don't see what is missing in my configuration.

 

 

btw, the thread is nearly the same as http://www.igniterealtime.org/community/message/155163#155163

 

 

Regards,

 

 

cgravier

 

 

Report Abuse
Todd Getz KeyContributor
Todd Getz
1,960 posts since
Apr 2, 2007
Currently Being Moderated
Sep 4, 2007 2:34 PM in response to: cgravier
Re: Openfire behind proxy

 

Make sure that the proxy server or firewall (i.e. pix box) is not inherrently blocking the following ports and addresses:

 

 

AOL:   5190    login.oscar.aol.com

 

 

IRC:   7000   irc.freenode.net

 

 

MSN:   1863   messenger.hotmail.com

 

 

Yahoo:   5050   scs.msg.yahoo.com

 

 

Gtalk:   5222   talk.google.com

 

 

 

 

I used to block all the ports but since switching to spark there is no need, since I use the permissions to regulate who accesses what.

 

 

Report Abuse
cgravier Bronze
cgravier
57 posts since
Feb 15, 2006
Currently Being Moderated
Sep 4, 2007 3:09 PM in response to: Todd Getz
Re: Openfire behind proxy

 

Thanks for the exhausted list !

 

 

I  can, however, telnet all those servers through my corp firewall:

 

 

 

 

MSN:

 

 

telnet messenger.hotmail.com 1863

Trying 65.54.239.80...

Connected to dp.msnmessenger.akadns.net.

Escape character is '^]'.

 

 

 

 

IRC:

 

 

telnet irc.freenode.net 7000

Trying 209.177.146.34...

Connected to chat.freenode.net.

Escape character is '^]'.

NOTICE AUTH :*** Looking up your hostname...

NOTICE AUTH :*** Found your hostname, welcome back

NOTICE AUTH :*** Checking ident

 

 

 

 

AOL: not allowed

(i don't want)

 

 

 

 

Yahoo:

 

 

telnet scs.msg.yahoo.com 5050

Trying 216.155.193.128...

Connected to scs-dcna.msg.yahoo.com.

Escape character is '^]'.

 

 

 

 

Gtalk:

 

 

telnet talk.google.com 5222

Trying 209.85.137.125...

Connected to talk.l.google.com.

Escape character is '^]'.

 

 

 

Am not that sure now that this is a network issue ... but I am out of test to perform. If you have any idea, let's tell me i'll give it a try.

 

 

Report Abuse
Todd Getz KeyContributor
Todd Getz
1,960 posts since
Apr 2, 2007
Currently Being Moderated
Sep 4, 2007 3:53 PM in response to: cgravier
Re: Openfire behind proxy

Do you have any debug logs from Openfire and Spark we can see. I recommend you clear out the logs just befor you attempt to connect to narrow the logs as much as possible.

 

 

 

 

Also what is the flavor of your proxy/firewall.

Report Abuse
cgravier Bronze
cgravier
57 posts since
Feb 15, 2006
Currently Being Moderated
Sep 5, 2007 3:02 AM in response to: Todd Getz
Re: Openfire behind proxy

I am using psi as client, but it is ok for me to test with spark if the following clues are not enough:

 

Here is the debug log when I connect to my jabber server:

 

2007.09.05 10:02:04 A new session has come online: me@jabber.mydomain.com/Psi

2007.09.05 10:02:04 Created msn session for me@jabber.mydomain.com/Psi as '-----@yahoo.fr'

2007.09.05 10:02:04 Creating MSN session for xxxxxxxx@yahoo.fr

2007.09.05 10:02:04 Logging in to MSN session for xxxxxxxx@yahoo.fr

2007.09.05 10:02:04 Received presence packet: <presence type="probe" from="me@jabber.mydomain.com/Psi" to="msn.jabber.mydomain.com

"/>

2007.09.05 10:02:04 session 13 established

2007.09.05 10:02:04 MSN: Session established for xxxxxxxx@yahoo.fr

2007.09.05 10:02:04 session 13 sent message VER 1 MSNP11 CVR0

 

2007.09.05 10:02:04 MSN: Session messageSent for xxxxxxxx@yahoo.fr : VER 1 MSNP11 CVR0

 

2007.09.05 10:02:04 session 13 sent message CVR 2 0x0409 winnt 5.1 i386 MSNMSGR 8.1.0178 MSMSGS xxxxxxxx@yahoo.fr

 

2007.09.05 10:02:04 MSN: Session messageSent for xxxxxxxx@yahoo.fr : CVR 2 0x0409 winnt 5.1 i386 MSNMSGR 8.1.0178 MSMSGS xxxxxxxx@yahoo.fr

 

2007.09.05 10:02:04 session 13 sent message USR 3 TWN I xxxxxxxx@yahoo.fr

 

2007.09.05 10:02:04 MSN: Session messageSent for xxxxxxxx@yahoo.fr : USR 3 TWN I xxxxxxxx@yahoo.fr

 

2007.09.05 10:02:04 session 13 received message VER 1 MSNP11 CVR0

 

2007.09.05 10:02:04 MSN: Session messageReceived for xxxxxxxx@yahoo.fr : VER 1 MSNP11 CVR0

 

2007.09.05 10:02:04 session 13 received message CVR 2 8.1.0178 8.1.0178 8.0.0787 http://msgr.dlservice.microsoft.com/download/1/A/4/1A4FEB1A-18E0-423A-B898-F

697402E4F7F/Install_Messenger.exe http://get.live.com

 

2007.09.05 10:02:04 MSN: Session messageReceived for xxxxxxxx@yahoo.fr : CVR 2 8.1.0178 8.1.0178 8.0.0787 http://msgr.dlservice.microsoft.com/download/1/A

/4/1A4FEB1A-18E0-423A-B898-F697402E4F7F/Install_Messenger.exe http://get.live.com

 

2007.09.05 10:02:04 session 13 received message XFR 3 NS 207.46.107.87:1863 0 207.46.96.153:1863

 

2007.09.05 10:02:04 session 13 closed

2007.09.05 10:02:04 MSN: Session closed for xxxxxxxx@yahoo.fr

2007.09.05 10:02:04 MSN: Session messageReceived for xxxxxxxx@yahoo.fr : XFR 3 NS 207.46.107.87:1863 0 207.46.96.153:1863

 

2007.09.05 10:02:04 session 14 established

2007.09.05 10:02:04 MSN: Session established for xxxxxxxx@yahoo.fr

2007.09.05 10:02:04 session 14 sent message VER 1 MSNP11 CVR0

2007.09.05 10:02:04 MSN: Session messageSent for xxxxxxxx@yahoo.fr : VER 1 MSNP11 CVR0

 

2007.09.05 10:02:04 session 14 sent message CVR 2 0x0409 winnt 5.1 i386 MSNMSGR 8.1.0178 MSMSGS xxxxxxxx@yahoo.fr

 

2007.09.05 10:02:04 MSN: Session messageSent for xxxxxxxx@yahoo.fr : CVR 2 0x0409 winnt 5.1 i386 MSNMSGR 8.1.0178 MSMSGS xxxxxxxx@yahoo.fr

 

2007.09.05 10:02:04 session 14 sent message USR 3 TWN I xxxxxxxx@yahoo.fr

 

2007.09.05 10:02:04 MSN: Session messageSent for xxxxxxxx@yahoo.fr : USR 3 TWN I xxxxxxxx@yahoo.fr

 

2007.09.05 10:02:04 session 14 received message VER 1 MSNP11 CVR0

 

2007.09.05 10:02:04 MSN: Session messageReceived for xxxxxxxx@yahoo.fr : VER 1 MSNP11 CVR0

 

2007.09.05 10:02:05 session 14 received message CVR 2 8.1.0178 8.1.0178 8.0.0787 http://msgr.dlservice.microsoft.com/download/1/A/4/1A4FEB1A-18E0-423A-B898-F

697402E4F7F/Install_Messenger.exe http://get.live.com

 

2007.09.05 10:02:05 MSN: Session messageReceived for xxxxxxxx@yahoo.fr : CVR 2 8.1.0178 8.1.0178 8.0.0787 http://msgr.dlservice.microsoft.com/download/1/A

/4/1A4FEB1A-18E0-423A-B898-F697402E4F7F/Install_Messenger.exe http://get.live.com

 

2007.09.05 10:02:05 session 14 received message USR 3 TWN S lc=1033,id=507,tw=40,ru=http%3A%2F%2Fmessenger%2Emsn%2Ecom,ct=1188978605,kpp=1, kv=9,ver=2.1.6000.

1,rn=Rir4B3zT,tpf=091935cb39d27dbe68a3c66f9f49d984

 

2007.09.05 10:02:05 MSN: Session messageReceived for xxxxxxxx@yahoo.fr : USR 3 TWN S lc=1033,id=507,tw=40,ru=http%3A%2F%2Fmessenger%2Emsn%2Ecom,ct=1188978

605,kpp=1,kv=9,ver=2.1.6000.1,rn=Rir4B3zT,tpf=091935cb39d27dbe68a3c66f9f49d984

 

2007.09.05 10:02:10 Received presence packet: <presence to="msn.jabber.istase.com" from="me@jabber.mydomain.com/Psi">

<priority>5</priority>

</presence>

2007.09.05 10:02:10 An existing resource has changed status: me@jabber.mydomain.com/Psi

2007.09.05 10:02:15 session 14 closed

2007.09.05 10:02:15 MSN: Session closed for xxxxxxxx@yahoo.fr

2007.09.05 10:02:43 EXCEPTION

java.net.SocketTimeoutException: Read timed out

at java.net.SocketInputStream.socketRead0(Native Method)

at java.net.SocketInputStream.read(SocketInputStream.java:129)

at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)

at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:722)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:67 9)

at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)

at org.mortbay.io.ByteArrayBuffer.readFrom(ByteArrayBuffer.java:168)

at org.mortbay.io.bio.StreamEndPoint.fill(StreamEndPoint.java:99)

at org.mortbay.jetty.bio.SocketConnector$Connection.fill(SocketConnector.java:190)

at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:277)

at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:203)

at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:357)

at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:217)

at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:475)

2007.09.05 10:02:43 EOF

2007.09.05 10:02:44 EXCEPTION

 

(and the same SocketTimeoutConnection is raised over and over)

 

 

 

I think this point the line in the code which try to connect to "something". I just need that something to allow it

 

The proxy used in my corp. is squid and i can only guess that we used shorewall (hence classical iptables) as FW. The FW allows outgoing traffic.

 

 

 

HTH !

 

Let me know if you know what is the serviuce that my server cannot connect to please.

 

Regards,

 

cgravier.

 

 

 

 

 

 

EDIT: replace my contacts name in logs in order to avoid robot indexing (spam)  (you should have th e full log with the email notice if you use that)

Report Abuse
Daniel Henninger Jiver
Daniel Henninger
2,904 posts since
Aug 10, 2005
Currently Being Moderated
Sep 5, 2007 6:51 AM in response to: cgravier
Re: Openfire behind proxy

That exception is interesting, I don't recall having seen it before!  (might have just looked past it)

 

Ok, so what is happening at the point you are at in that log is...  well lets back up.

 

First, you connect to the server and port listed in the admin interface options.  (typically messenger.hotmail.com port 1863)

 

Most of the time that server tells you "no no  go here instead" (the XFR command).  your first session is immediately closed and JML connects you to the new location.  that part is succeeding just fine.

 

Then you get down to "tweener" authentication. (the USR/TWN type command)

 

******

 

This involves connecting via HTTP to a Nexus server, via https, "https://nexus.passport.com/rdr/pprdr.asp"

 

This nexus server points you at an auth server you -should- be connecting to. (typically something like https://loginnet.passport.com/login2.srf)

 

We then connect to that URL and complete the process of getting a login ticket.

 

******

 

Once we get that login ticket, we send it as a response to the USR/TWN command to authenticate with MSN itself.

 

 

Note that we're not getting to that last step.  I put the ******'s around the part that's failing.  We don't know exactly what part of that is failing based off the logs though, but based off the error message it looks like an https connection is failing.  Actually it looks like it's establishing the connection and getting no data back, which is awefully strange.

 

 

I'd like to ask you to try, just to see if it works, gateway.messenger.hotmail.com port 80 in your admin console options.  I found some documentation about it and I don't know if it works "out of the box" or if JML would need to be coded to support it.

 

BTW, this site: http://www.hypothetic.org/docs/msn/

is extremely useful for figuring out what MSN is doing.  One of the specific docs I looked at while investigating this is:

http://www.hypothetic.org/docs/msn/notification/authentication.php

Report Abuse
cgravier Bronze
cgravier
57 posts since
Feb 15, 2006
Currently Being Moderated
Sep 5, 2007 7:04 AM in response to: Daniel Henninger
Re: Openfire behind proxy

 

Hello,

 

 

Using gateway.messenger.hotmail.com port 80 is not working out of the box. The test failed in admin console and I have in debug log:

 

DWREngine._handleResponse('7513_1188993504565', s0);

 

             &n bsp; 2007.09.05 14:10:16 Returning: id[4866_1188993504200] assign[s0] xhr[true]

             &n bsp; 2007.09.05 14:10:16 var s0=false;

             &n bsp; DWREngine._handleResponse('4866_1188993504200', s0);

 

             &n bsp; 2007.09.05 14:10:19 EOF

             &n bsp; 2007.09.05 14:10:19 Exec[0]: ConnectionTester.testConnection()

             &n bsp; 2007.09.05 14:10:19

             &n bsp; --Object created, not stored. Call params

             &n bsp; (string:gateway.messenger.hotmail.com, string:80)

             &n bsp; id=6593_1188993527925. Using (XHR,POST)

             &n bsp; 2007.09.05 14:10:19 Returning: id[6593_1188993527925] assign[s0] xhr[true]

             &n bsp; 2007.09.05 14:10:19 var s0=false;

             &n bsp; DWREngine._handleResponse('6593_1188993527925', s0);

 

 

 

With a web browser behind the proxy/FW, I can point to https://nexus.passport.com/rdr/pprdr.asp

(the page is empty but I can see in status bar that the loading is finished). The source code of the paper is however empty too if I check for HTML source.

 

 

This tends to go in the same observation that ""Actually it looks like it's establishing the connection and getting no data back". What do yu get if you point your browser to https://nexus.passport.com/rdr/pprdr.asp actually ?

 

 

 

 

cgravier

 

 

 

 

Report Abuse
cgravier Bronze
cgravier
57 posts since
Feb 15, 2006
Currently Being Moderated
Sep 5, 2007 7:39 AM in response to: cgravier
Re: Openfire behind proxy

 

Moreover, I re-re-restarted my openfire.

 

 

Example of the debug log when I connect:

 

 

  2007.09.05 14:39:58 A new session has come online: my.login@jabber.mydomain.com/Psi

2007.09.05 14:39:58 Created msn session for my.login@jabber.mydomain.com/Psi as 'xxxxxxxx@yahoo.fr'

2007.09.05 14:39:58 Creating MSN session for xxxxxxxx@yahoo.fr

2007.09.05 14:39:58 Logging in to MSN session for xxxxxxxx@yahoo.fr

2007.09.05 14:39:59 Received presence packet: <presence type="probe" from="my.login@jabber.mydomain.com/Psi" to="msn.jabber.mydomain.com"/>

2007.09.05 14:40:00 session 3 established

2007.09.05 14:40:00 MSN: Session established for xxxxxxxx@yahoo.fr

2007.09.05 14:40:00 session 3 sent message VER 1 MSNP11 CVR0

 

2007.09.05 14:40:00 MSN: Session messageSent for xxxxxxxx@yahoo.fr : VER 1 MSNP11 CVR0

 

2007.09.05 14:40:00 session 3 sent message CVR 2 0x0409 winnt 5.1 i386 MSNMSGR 8.1.0178 MSMSGS xxxxxxxx@yahoo.fr

 

2007.09.05 14:40:00 MSN: Session messageSent for xxxxxxxx@yahoo.fr : CVR 2 0x0409 winnt 5.1 i386 MSNMSGR 8.1.0178 MSMSGS xxxxxxxx@yahoo.fr

 

2007.09.05 14:40:00 session 3 sent message USR 3 TWN I xxxxxxxx@yahoo.fr

 

2007.09.05 14:40:00 MSN: Session messageSent for xxxxxxxx@yahoo.fr : USR 3 TWN I xxxxxxxx@yahoo.fr

 

2007.09.05 14:40:00 session 3 received message VER 1 MSNP11 CVR0

 

2007.09.05 14:40:00 MSN: Session messageReceived for xxxxxxxx@yahoo.fr : VER 1 MSNP11 CVR0

 

2007.09.05 14:40:00 session 3 received message CVR 2 8.1.0178 8.1.0178 8.0.0787 http://msgr.dlservice.microsoft.com/download/1/A/4/1A4FEB1A-18E0-423A-B898-F6

97402E4F7F/Install_Messenger.exe http://get.live.com

 

2007.09.05 14:40:00 MSN: Session messageReceived for xxxxxxxx@yahoo.fr : CVR 2 8.1.0178 8.1.0178 8.0.0787 http://msgr.dlservice.microsoft.com/download/1/A

/4/1A4FEB1A-18E0-423A-B898-F697402E4F7F/Install_Messenger.exe http://get.live.com

 

2007.09.05 14:40:00 session 3 received message XFR 3 NS 207.46.107.66:1863 0 65.54.239.20:1863

 

2007.09.05 14:40:00 session 3 closed

2007.09.05 14:40:00 MSN: Session closed for xxxxxxxx@yahoo.fr

2007.09.05 14:40:00 MSN: Session messageReceived for xxxxxxxx@yahoo.fr : XFR 3 NS 207.46.107.66:1863 0 65.54.239.20:1863

 

2007.09.05 14:40:00 session 4 established

2007.09.05 14:40:00 MSN: Session established for xxxxxxxx@yahoo.fr

2007.09.05 14:40:00 session 4 sent message VER 1 MSNP11 CVR0

 

2007.09.05 14:40:00 MSN: Session messageSent for xxxxxxxx@yahoo.fr : VER 1 MSNP11 CVR0

 

2007.09.05 14:40:00 session 4 sent message CVR 2 0x0409 winnt 5.1 i386 MSNMSGR 8.1.0178 MSMSGS xxxxxxxx@yahoo.fr

 

2007.09.05 14:40:00 MSN: Session messageSent for xxxxxxxx@yahoo.fr : CVR 2 0x0409 winnt 5.1 i386 MSNMSGR 8.1.0178 MSMSGS xxx