Re: [OpenSIPS-Users] Transparent TLS
Anycast can in my opinion only work in IP6. Op ma 11 jan. 2021 om 09:35 schreef Giovanni Maruzzelli : > Hi Yavari, > > On Sat, Jan 9, 2021 at 8:03 AM H Yavari via Users < > users@lists.opensips.org> wrote: > >> Clients must have TLS connection and we have an OpenSIPS cluster on the >> front of Asterisk servers. So in this case, if client's connection with one >> SIP proxy node goes down, it should be re-establish with other node in >> cluster? or as all cluster nodes are using shared DB and they talk to each >> other via BIN, client connection remains? thanks. >> >> > I do not think there is a way to have TCP (TLS, WebRTC, etc) connection to > survive a server failover. > > You may want to have the clients to re-connect (reregister and reinvite) > in case of failover. > > Or, maybe clustering OpenSIPSs in active-active via anycast. > > -giovanni > > -- > Sincerely, > > Giovanni Maruzzelli > OpenTelecom.IT > cell: +39 347 266 56 18 > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Transparent TLS
Hi Yavari, On Sat, Jan 9, 2021 at 8:03 AM H Yavari via Users wrote: > Clients must have TLS connection and we have an OpenSIPS cluster on the > front of Asterisk servers. So in this case, if client's connection with one > SIP proxy node goes down, it should be re-establish with other node in > cluster? or as all cluster nodes are using shared DB and they talk to each > other via BIN, client connection remains? thanks. > > I do not think there is a way to have TCP (TLS, WebRTC, etc) connection to survive a server failover. You may want to have the clients to re-connect (reregister and reinvite) in case of failover. Or, maybe clustering OpenSIPSs in active-active via anycast. -giovanni -- Sincerely, Giovanni Maruzzelli OpenTelecom.IT cell: +39 347 266 56 18 ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Transparent TLS
Hi Razvan, Thanks for reply. But let me describe the scenario better:Clients must have TLS connection and we have an OpenSIPS cluster on the front of Asterisk servers. So in this case, if client's connection with one SIP proxy node goes down, it should be re-establish with other node in cluster? or as all cluster nodes are using shared DB and they talk to each other via BIN, client connection remains? thanks. Regards. On Monday, January 4, 2021, 01:04:34 AM PST, Răzvan Crainea wrote: Hi, Yavari! Happy new year! No, this is not possible - OpenSIPS is only able to route packages based on SIP packets - if you create an end-to-end connection between the client and media servers, OpenSIPS will not be able to decrypt the packages to know where to send what. OpenSIPS (and the entire SIP stack, by specifications) is not connection oriented, so packets can't be routed based on a previously established connection, only by SIP headers. Best regards, Răzvan Crainea OpenSIPS Core Developer http://www.opensips-solutions.com On 12/31/20 2:57 AM, H Yavari via Users wrote: > Hi to all, > > Happy holidays. > > In a distributed scenario, is it possible to have a TLS transparent with > Opensips? > I mean clients make TLS connection with the nodes behind the proxy > server/load balancer and next time they can connect to the other nodes > but TLS connection is end to end between client and media server (AS/FS > etc.). > Please advise. > > Regards, > HYavari > > > > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Transparent TLS
Hi, Yavari! Happy new year! No, this is not possible - OpenSIPS is only able to route packages based on SIP packets - if you create an end-to-end connection between the client and media servers, OpenSIPS will not be able to decrypt the packages to know where to send what. OpenSIPS (and the entire SIP stack, by specifications) is not connection oriented, so packets can't be routed based on a previously established connection, only by SIP headers. Best regards, Răzvan Crainea OpenSIPS Core Developer http://www.opensips-solutions.com On 12/31/20 2:57 AM, H Yavari via Users wrote: Hi to all, Happy holidays. In a distributed scenario, is it possible to have a TLS transparent with Opensips? I mean clients make TLS connection with the nodes behind the proxy server/load balancer and next time they can connect to the other nodes but TLS connection is end to end between client and media server (AS/FS etc.). Please advise. Regards, HYavari ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Transparent TLS
Hi to all, Happy holidays. In a distributed scenario, is it possible to have a TLS transparent with Opensips?I mean clients make TLS connection with the nodes behind the proxy server/load balancer and next time they can connect to the other nodes but TLS connection is end to end between client and media server (AS/FS etc.).Please advise. Regards,HYavari ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users