Fix for OBI100, 110 Backing off: TCP connection failure
SteveInWA:
Quote from: MikeGJ on November 14, 2017, 11:49:45 am
@ SteveinWA - regarding your response #10 I presume it was to my #9 reply - sorry if I wasn't clear - I'd already read those and was aware that its Google certificates and EOL of the 110 that are the problem. I was just wondering why it started working again - and has been up since - if the GV servers that I usually connect to (and I'm not sure how those get chosen) had already switched to new certs and my connections were timing out consistently for a few days, why it suddenly came back online. Somehow switched back to a server still using an old cert? Just technically speaking.
I'm assuming that eventually it will go offline again at some point.
Just asking anyone if they can come up with an explanation of why it went out for a few days and then came back and is still up.
thanks
No idea. But, it's not going to last.
Steve99:
Yes this work for me. (OBI100)
Call ***4 on phone to get your IP address
Type IP in browser
hit system management
network settings
change dnsserver1 to 8.26.56.26
change dnsserver2 to 8.20.247.20
hit save
hit reboot
SteveInWA:
Quote from: Steve99 on November 14, 2017, 04:13:01 pm
Yes this work for me. (OBI100)
Call ***4 on phone to get your IP address
Type IP in browser
hit system management
network settings
change dnsserver1 to 8.26.56.26
change dnsserver2 to 8.20.247.20
hit save
hit reboot
For chrissake. This has been answered dozens of times already. NO. Changing your DNS servers is not a long-term fix.
JoeThePlumber:
I have a theory that how those dead OBi100s come back to life.
Those (new) certificates are generated by Google Voice XMPP servers and they need to be registered on some CAs (certificate authorities).
When a client (OBi devices) tries to connect to a server (GV), the server will send back a certificate to the client. The client will first check roughly if it looks OK (i.e., expiration date, etc) and then turn to the stated CA in the certificate to check further. The CA must be in the trusted CA list the client has. If the CA says everything is fine then the connection happen. If any of the steps are not OK then the client will be "backing off".
So what could be wrong in the process? Could it be true that is GV's mistake that all those new certificates were "self-signed" and not went through the CA? Or GV regists those new certificate with a new CA that is not in the client's trusted CA list? Or some CA has DNS issue at the time of connection?
As long as the client (OBi device) stores a list of trusted CA, it doesn't seem the error from the client, rather the error from the server (GV server) or the CA. Once the error in the (GV) server or CA are corrected away, the client (OBi device) should connect to the server again without any software updates.
Say GV made a mistake by sending self-signed certificate to clients causing clients to "back off", OBiHai probably jumped in to change the firmware to accomodate the change by allowing self-signed certificate specifically from GV. That only happened to OBi2xx and above, not to OBi1xx.
Read about SSL/TLS below:
https://www.techrepublic.com/blog/data-center/ssl-tls-certificates-what-you-need-to-know/
@SteveInWA could you ask GV and OBiHai what exactly happened?
SteveInWA:
Sorry, but they are not going to release any details.
Navigation
[0] Message Index
[*] Previous page