我自己的OBi200也有几天无法外拨,上OBiTalk看了要update firrmware,可我明明是设置了自动update firmware。OBi200 update firmware后就好了。
我也不知道Google Voice究竟变动了什么造成所有(!)OBi设备不能用。下面是几段信息:
SteveInWA:
OBi devices act as Google "Chat" (XMPP) clients, that can receive calls forwarded from a Google Voice inbound phone number. To do that, the OBi device needs to connect to a XMPP server in Google's pool of servers. Since this is a secure connection, the device needs a valid SSL/TLS certificate to connect. Google is changing their server certificates. This is causing some, but not all, OBi<-->Google XMPP connection attempts to be rejected by the server, when attempting to connect to one of their servers with a new certificate installed. Since the server pool is load-balanced, some users are affected, and others not.
Google is rolling out the new certificates, and so eventually, all OBi devices will fail to connect.
OBiHai 寄给我的广告email:
OUT WITH THE OLD AND IN WITH THE NEW!
As you may have already known, in August of 2016 we notified customers that the OBi1 Series Devices (OBi100 & OBi110) had reached their EOL (end of life) and would no longer be supported by Obihai. Unfortunately, a recent google Voice server security requirement has caused the OBi1 Series to no longer be compatible with Google Voice. Thankfully, Obihai has a solution and it starts with the OBi2 series (OBi200 & OBi202). Both devices are fully supported and capable of using Google Voice as a service. If you are concerned about the transition, don't worry, we posted aBLOG showing how simple it is to move your Google Voice and, if you have one, an Anveo E911 account to your new OBi2 Series device.
关于 SSL/TSL certificate 验证,据我所知,有3个 party 牵涉其中。限于我们所讨论的问题,第一是Server,也就是Google XPMM server;第二是client, 也就是 OBi devices;第三是trusted CA (certificate agent), 比如 VeriSign。Certificate 是server 做的,但要去CA sign 一下,client 用SSL/TSL 去连 server, server 就发个 certificate 给 client。Client 粗粗检查,如果没什么问题,就看看是那个 CA signed certificate,如果这个CA 在client's trusted CA list 那就去找那个 CA 再验证一下,无误后同意链接,否则拒绝连接。注意同意或拒绝连接是 client 的决定,不是server的决定。
有些server 为了省钱不找其他CA sign,自己就signe了。如果 client 与server 互相认识那client 也可以认可 server self-signed certificate,同意连接。
我猜测两种可能情况:
1. Google Voice rolls out many self-signed certificates, OBi devices refuse to connect to servers with non-CA signed certificate, causing "backing off". Google Voice then fixed the issue, rolled out CA-signed certificate, and all OBi devices are happy.
2. Google Voice rolls out many CA-signed certificates but those CAs are not in OBi devices' trusted CA list.
我觉得第一种情况可能性比较大,因为许多OBi100设备后来又都能用了。如果Google Voice 为了省钱今后只用 self-signed certificate,那些能用的OBi100只是没碰到 server with new certificate, 那 OBi100 慢慢就彻底完了。
关于firmware update,如是情况1 那OBi new firmware needs to accept self-signed certificate。如是情况2,那OBi new firmware needs to add new CA into trusted list.
