Using ejabberd on the server for a vpn (openvpn).
Running f-10 + ejabberd-2.0.5-3.fc10.i386 on the vpn server.
Running f-10 + pidgin-2.5.6-1.fc10 on the vpn clients.
Both firewalls are turned off at this time for testing.
In ejabberd.cfg,
%%% ================
%%% SERVED HOSTNAMES
%%
%% hosts: Domains served by ejabberd.
%% You can define one or several, for example:
%% {hosts, ["example.net", "example.com", "example.org"]}.
%%
{hosts, ["hub"]}.
%%
%% route_subdomains: Delegate subdomains to other Jabber server.
%% For example, if this ejabberd serves example.org and you want
%% to allow communication with a Jabber server called im.example.org.
%%
%%{route_subdomains, s2s}.
%%% ===============
%%% LISTENING PORTS
%%
%% listen: Which ports will ejabberd listen, which service handles it
%% and what options to start it with.
%%
{listen,
[
{5222, ejabberd_c2s, [
%%
%% If TLS is compiled and you installed a SSL
%% certificate, put the correct path to the
%% file and uncomment this line:
%%
%%{certfile, "/path/t/etc/ejabberd/ejabberd.pem"}, starttls,
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536}
]},
%%
%% To enable the old SSL connection method in port 5223:
%%
%%{5223, ejabberd_c2s, [
%% {access, c2s},
%% {shaper, c2s_shaper},
%% {certfile, "/path/t/etc/ejabberd/ejabberd.pem"}, tls,
%% {max_stanza_size, 65536}
%% ]},
%%{5269, ejabberd_s2s_in, [
%% {shaper, s2s_shaper},
%% {max_stanza_size, 131072}
%% ]},
%%
%% ejabberd_service: Interact with external components (transports...)
%%
%%{8888, ejabberd_service, [
%% {access, all},
%% {shaper_rule, fast},
%% {ip, {127, 0, 0, 1}},
%% {hosts, ["icq.example.org", "sms.example.org"],
%% [{password, "secret"}]
%% }
%% ]},
{5280, ejabberd_http, [
http_poll,
web_admin
]}
]}.
NOTE: hub is set to ip on private subnet in host file (172.16.1.1). Ports 5223,5269 and 8888 disabled. I do not want any external interactions.
This works fine but when I enable mod_proxy65 for transferring files with:
{mod_proxy65, [
{host,"hub"},
{name, "File Transfer Proxy"},
{ip, {172, 16, 1, 1}},
{port,7777},
{auth_type, plain}
]},
not only does the file transfer not work but ejabberd drops clients every few seconds requiring them to reconnect. The clients never seem to be fully connected and seeing the server.
This is a very simple configuration but I seem to be missing something.
Thanks
Set a good Jabber ID for Proxy65 sevice.
In ejabberd.cfg,
{hosts, ["hub"]}.
Ok, then your Jabber service will be available in the Jabber ID: hub
I enable mod_proxy65 for transferring files with:
{mod_proxy65, [
{host,"hub"},
{name, "File Transfer Proxy"},
{ip, {172, 16, 1, 1}},
{port,7777},
{auth_type, plain}
]},
not only does the file transfer not work but ejabberd drops clients every few seconds requiring them to reconnect. The clients never seem to be fully connected and seeing the server.
There are two reasons that configuration may not work:
1. Remember that mod_proxy65 is an ejabberd module, so you must define it in the 'modules' section of ejabberd.cfg, not in the 'listen' section:
{modules, [ {mod_proxy65, [ ... ]}, ... ]}.2. You configured the Proxy65 service to have as Jabber ID "hub". That Jabber ID is already assigned for the Jabber server itself, so you are provoking a problem of unknown consequences.
Instead of
{mod_proxy65, [ {host,"hub"}, ...you better put:
{mod_proxy65, [ {host,"proxy65.hub"}, ...Fixed problem but back to earlier problem
Thanks,
mod_proxy65 was in the modules section.
Changing the proxy host name to another (pointing to the same ip) fixed the reported problem.
Which brings me back to an earlier (unreported) problem that doesn't have to do with Ejabberd:
I am running Pidgin-2.5.6-1.fc10 as the client. After digging through their support files I find that there is limited file transfer support for the Jabber protocol. They state that it will work if the machines can see each other without a firewall in the middle. My configuration is that both clients are behind separate firewalls but connected to the server by a vpn. Indeed I find that if I remove the firewalls, file transfer does work but using the public subnet not the vpn subnet. I have tried various configuration attempts in Pidgin but it still seems to only use the public subnet for file transfers.
My question is: is it possible to use Pidgin to use the file transfer proxy in Ejabberd or should I look for another client? If the later, can you recommend another client?
Thanks again
Try Psi, Gajim, Tkabber and Jabbim
My question is: is it possible to use Pidgin to use the file transfer proxy in Ejabberd or should I look for another client? If the later, can you recommend another client?
I haven't try file transfer proxy. You could try Psi, Gajim, Tkabber and Jabbim. They are multiplatform and I imagine some of them implement proxied file transfer.
Re: Fixed problem but back to earlier problem
You should not touch auth_type option until you completely sure your clients support SOCKS5 authentication.