Definitely it does not work getting the keys from redis. Also, until not long ago, trying to failover from REDIS in tls calls was crashing rtpengine.
I believe it can work on DTLS if we start with a "pristine" reinvite, doing ICE and all things again, like it was a first invite. Something like storing the first invite at dialog beginning, and using it as a base for reinvite if failover happens. This is on my TODO list, so I have no working system, but I would like to check it, and definitely I'd like to read about others' experiences and thoughts. On Thu, Nov 7, 2019 at 2:20 PM Karsten Horsmann <[email protected]> wrote: > Hi Giovanni, > > i have an SRTP and WebRTC DTLS setup with pacemaker/corosync and failover > works for SRTP (with REINVITES). > I use rtpengine with redis backend. On DTLS side, i dont got it working > with REINVITES. > AFAIK the session keys are not stored like SRTP in SIP Signaling. > > So i thought, that calls are lost. > > Cheers Karsten > > Am Do., 7. Nov. 2019 um 13:59 Uhr schrieb Giovanni Maruzzelli < > [email protected]>: > >> ( but yes, it works on DTLS, I had not really read you were talking about >> DTLS. You must reinvite reusing the original SDP peers sent to you) >> >> >> >> On Thu, Nov 7, 2019 at 1:54 PM Giovanni Maruzzelli <[email protected]> >> wrote: >> >>> I believe the problem is that there is no more tcp connection. >>> >>> Eg, if you generate a reinvite over udp, it works (with due care, you >>> can have the keys renegotiated as per beginning) >>> >>> But... you have no more tcp (tls is tcp) connection to send the reinvite >>> to >>> >>> So, it works on udp, but udp is no secure because it sends the keys in >>> signaling... >>> >>> So, end of story: you cannot failover TLS calls, at least not with these >>> simple techniques... >>> >>> Any other opinions? I am extremely interested! >>> >>> -giovanni >>> >>> >>> >>> On Thu, Nov 7, 2019 at 10:14 AM Karsten Horsmann <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> AFAIK the keys of an DTLS session are not restorable so after failover >>>> will come with an stale DTLS call. >>>> Only SRTP can recovered with RE-INVITES if you use some kind session >>>> storage. >>>> >>>> >>>> Am Di., 30. Okt. 2018 um 12:07 Uhr schrieb Жан Базаров < >>>> [email protected]>: >>>> >>>>> I need to send re-invite after pacemaker fails over on new rtpengine >>>>> server. Because new rtpengine dont participate in DTLS handshake and i >>>>> hear >>>>> nothing, but silence. I think, may me its would be work. Do you have any >>>>> idea on this issue? >>>>> _______________________________________________ >>>>> Kamailio (SER) - Users Mailing List >>>>> [email protected] >>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>> >>>> >>>> >>>> -- >>>> Mit freundlichen Grüßen >>>> *Karsten Horsmann* >>>> _______________________________________________ >>>> Kamailio (SER) - Users Mailing List >>>> [email protected] >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> >>> >>> -- >>> Sincerely, >>> >>> Giovanni Maruzzelli >>> OpenTelecom.IT >>> cell: +39 347 266 56 18 >>> >>> >> >> -- >> Sincerely, >> >> Giovanni Maruzzelli >> OpenTelecom.IT >> cell: +39 347 266 56 18 >> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> [email protected] >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > > > -- > Mit freundlichen Grüßen > *Karsten Horsmann* > -- Sincerely, Giovanni Maruzzelli OpenTelecom.IT cell: +39 347 266 56 18
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
