server.lua: client 178.21.23.139:clientport read error: closed

26 views
Skip to first unread message

Iván Ávalos

unread,
Apr 16, 2021, 5:35:29 AM4/16/21
to prosod...@googlegroups.com
Hello, everyone!

I need help with this error I'm getting in Prosody 0.11.2-1 in Debian
10. Prosody is hosted in a Raspberry Pi 4 at home, connected to my
WireGuard VPN hosted in my AWS EC2 VPS. XMPP ports are routed through my
EC2 using iptables. c2s connections seem to work fine, but I'm having
trouble with s2s connections. I did a lot of research, I even went
through the code (net/server_select.lua), and couldn't figure it out.

Here's the error when trying to send or receive a message (or pretty
much anything that involves c2s) between my server (avalos.me) and
disroot.org:

Apr 16 02:09:52 s2soutaaaac027eba0 debug Beginning new connection
attempt to disroot.org ([178.21.23.139]:5269)
Apr 16 02:09:52 s2soutaaaac027eba0 debug Connection attempt in progress...
Apr 16 02:09:52 s2soutaaaac027eba0 debug Sending[s2sout_unauthed]: <?xml
version='1.0'?>
Apr 16 02:09:52 s2soutaaaac027eba0 debug Sending[s2sout_unauthed]:
<stream:stream xmlns:db='jabber:server:dialback' version='1.0'
to='disroot.org' from='avalos.me' xml:lang='en'
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server'>
Apr 16 02:09:52 runnerNR26jJ9Q debug creating new coroutine
Apr 16 02:09:52 s2soutaaaac027eba0 debug Received[s2sout_unauthed]:
<features xmlns='http://etherx.jabber.org/streams'>
Apr 16 02:09:52 avalos.me:tls debug Received features element
Apr 16 02:09:52 avalos.me:tls debug disroot.org is offering TLS, taking
up the offer...
Apr 16 02:09:52 s2soutaaaac027eba0 debug Sending[s2sout_unauthed]:
<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
Apr 16 02:09:52 s2soutaaaac027eba0 debug Received[s2sout_unauthed]:
<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
Apr 16 02:09:52 avalos.me:tls debug Proceeding with TLS on s2sout...
Apr 16 02:09:52 socket debug server.lua: attempting to start tls on
tcp{client}: 0xaaaac0155ec8
Apr 16 02:09:52 socket debug server.lua: ssl handshake done
Apr 16 02:09:52 s2soutaaaac027eba0 debug Sending stream header...
Apr 16 02:09:52 s2soutaaaac027eba0 debug Sending[s2sout_unauthed]: <?xml
version='1.0'?>
Apr 16 02:09:52 s2soutaaaac027eba0 debug Sending[s2sout_unauthed]:
<stream:stream xmlns:db='jabber:server:dialback' version='1.0'
to='disroot.org' from='avalos.me' xml:lang='en'
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server'>
Apr 16 02:09:53 socket debug server.lua: client 178.21.23.139:clientport
read error: closed
Apr 16 02:09:53 s2soutaaaac027eba0 debug s2s connection attempt failed:
closed
Apr 16 02:09:53 s2soutaaaac027eba0 debug Out of IP addresses, trying
next SRV record (if any)
Apr 16 02:09:53 s2soutaaaac027eba0 info Failed in all attempts to
connect to disroot.org
Apr 16 02:09:53 s2soutaaaac027eba0 debug No other records to try for
disroot.org - destroying
Apr 16 02:09:53 s2soutaaaac027eba0 debug Destroying outgoing session
avalos.me->disroot.org: Connecting failed: closed
Apr 16 02:09:53 s2soutaaaac027eba0 info Sending error replies for 1
queued stanzas because of failed outgoing connection to disroot.org
Apr 16 02:09:53 stanzarouter debug Received[s2sin]: <message
from='ava...@disroot.org' to='iv...@avalos.me/chatsecure20079' type='error'>
Apr 16 02:09:53 c2saaaac0162b00 debug Sending[c2s]: <message
from='ava...@disroot.org' to='iv...@avalos.me/chatsecure20079' type='error'>
Apr 16 02:09:53 s2soutaaaac027eba0 debug s2s disconnected: <nil>-><nil>
(closed)
Apr 16 02:09:53 socket debug server.lua: closed client handler and
removed socket from list

---

As you can see, it indeed establishes a TLS handshake both servers
communicate for a while, but then, after trying to send the stream
header over s2sout, the connection closes. When sending stuff, it says
(notice the `clientport` instead of the actual port):

client 178.21.23.139:clientport read error: closed

When trying to receive stuff, this is what I get (notice the VPN
server's IP instead of disroot.org's IP, notice the port):

client 192.168.2.1:50064 read error: closed

It seems weird to me. I would appreciate some help.

:3

--
Iván Ávalos
Matrix: @avalos:cybre.space
Website: https://avalos.me/

Iván Ávalos

unread,
Apr 19, 2021, 10:56:46 AM4/19/21
to prosod...@googlegroups.com
Nevermind, I found the issue. The remote instance I was trying to
connect to (disroot.org) showed the error message clearly. The remote
server (mine) had a self-signed TLS cert, so disroot.org didn't accept
it and closed the connection. I installed a Let's Encrypt certificate
and it worked.
Reply all
Reply to author
Forward
0 new messages