<div dir="ltr">Hi Giovanni,<div><br></div><div>i have an SRTP and WebRTC DTLS setup with pacemaker/corosync and failover works for SRTP (with REINVITES).</div><div>I use rtpengine with redis backend. On DTLS side, i dont got it working with REINVITES. </div><div>AFAIK the session keys are not stored like SRTP in SIP Signaling.</div><div><br></div><div>So i thought, that calls are lost.</div><div><br></div><div>Cheers Karsten</div><div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Am Do., 7. Nov. 2019 um 13:59 Uhr schrieb Giovanni Maruzzelli <<a href="mailto:gmaruzz@gmail.com">gmaruzz@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">( but yes, it works on DTLS, I had not really read you were talking about DTLS. You must reinvite reusing the original SDP peers sent to you)<br><br><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Nov 7, 2019 at 1:54 PM Giovanni Maruzzelli <<a href="mailto:gmaruzz@gmail.com" target="_blank">gmaruzz@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>I believe the problem is that there is no more tcp connection.</div><div><br></div><div>Eg, if you generate a reinvite over udp, it works (with due care, you can have the keys renegotiated as per beginning)</div><div><br></div><div>But... you have no more tcp (tls is tcp) connection to send the reinvite to</div><div><br></div><div>So, it works on udp, but udp is no secure because it sends the keys in signaling...</div><div><br></div><div>So, end of story: you cannot failover TLS calls, at least not with these simple techniques...</div><div><br></div><div>Any other opinions? I am extremely interested!</div><div><br></div><div>-giovanni</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Nov 7, 2019 at 10:14 AM Karsten Horsmann <<a href="mailto:khorsmann@gmail.com" target="_blank">khorsmann@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>AFAIK the keys of an DTLS session are not restorable so after failover will come with an stale DTLS call.</div><div>Only SRTP can recovered with RE-INVITES if you use some kind session storage.</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Am Di., 30. Okt. 2018 um 12:07 Uhr schrieb Жан Базаров <<a href="mailto:chiefkeeft@gmail.com" target="_blank">chiefkeeft@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I need to send re-invite after pacemaker fails over on new rtpengine server. Because new rtpengine dont participate in DTLS handshake and i hear nothing, but silence. I think, may me its would be work. Do you have any idea on this issue? </div>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr">Mit freundlichen Grüßen<br>*Karsten Horsmann*<br></div>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr">Sincerely,<br><br>Giovanni Maruzzelli<br>OpenTelecom.IT<br>cell: +39 347 266 56 18<br><br></div>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr">Sincerely,<br><br>Giovanni Maruzzelli<br>OpenTelecom.IT<br>cell: +39 347 266 56 18<br><br></div>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">Mit freundlichen Grüßen<br>*Karsten Horsmann*<br></div>