I believe the problem is that there is no more tcp connection.
Eg, if you generate a reinvite over udp, it works (with due care, you can
have the keys renegotiated as per beginning)
But... you have no more tcp (tls is tcp) connection to send the reinvite to
So, it works on udp, but udp is no secure because it sends the keys in
signaling...
So, end of story: you cannot failover TLS calls, at least not with these
simple techniques...
Any other opinions? I am extremely interested!
-giovanni
On Thu, Nov 7, 2019 at 10:14 AM Karsten Horsmann <khorsmann(a)gmail.com>
wrote:
Hi,
AFAIK the keys of an DTLS session are not restorable so after failover
will come with an stale DTLS call.
Only SRTP can recovered with RE-INVITES if you use some kind session
storage.
Am Di., 30. Okt. 2018 um 12:07 Uhr schrieb Жан Базаров <
chiefkeeft(a)gmail.com>gt;:
I need to send re-invite after pacemaker fails
over on new rtpengine
server. Because new rtpengine dont participate in DTLS handshake and i hear
nothing, but silence. I think, may me its would be work. Do you have any
idea on this issue?
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Mit freundlichen Grüßen
*Karsten Horsmann*
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Sincerely,
Giovanni Maruzzelli
OpenTelecom.IT
cell: +39 347 266 56 18