I believe the problem is that there is no more tcp connection.

Eg, if you generate a reinvite over udp, it works (with due care, you can have the keys renegotiated as per beginning)

But... you have no more tcp (tls is tcp) connection to send the reinvite to

So, it works on udp, but udp is no secure because it sends the keys in signaling...

So, end of story: you cannot failover TLS calls, at least not with these simple techniques...

Any other opinions? I am extremely interested!

-giovanni



On Thu, Nov 7, 2019 at 10:14 AM Karsten Horsmann <khorsmann@gmail.com> wrote:
Hi,

AFAIK the keys of an DTLS session are not restorable so after failover will come with an stale DTLS call.
Only SRTP can recovered with RE-INVITES if you use some kind session storage.


Am Di., 30. Okt. 2018 um 12:07 Uhr schrieb Жан Базаров <chiefkeeft@gmail.com>:
I need to send re-invite after pacemaker fails over on new rtpengine server. Because new rtpengine dont participate in DTLS handshake and i hear nothing, but silence. I think, may me its would be work.  Do you have any idea on this issue? 
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users


--
Mit freundlichen Grüßen
*Karsten Horsmann*
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users


--
Sincerely,

Giovanni Maruzzelli
OpenTelecom.IT
cell: +39 347 266 56 18