TLS-based VPN are increasingly used to establish a secure communication channel between VPN clients and server. However, they are not designed to handle the mobility VPN clients in efficient manner. OpenVPN, a widely deployed TLS VPN, binds VPN sessions with the clients and server IP addresses. A vertical handover will require an inactivity timeout to be triggered and full TLS handshake thereafter for the mobile client to resume the VPN session. Moreover, A VPN server that changes its IP address frequently as part of an MTD strategy will require the VPN clients to reconnect after their inactivity timeouts trigger with yet full TLS handshake. In this work, we developed and evaluated a lightweight VPN session resumption protocol that allows a VPN client or server to request an IP address update on-demand, maintaining the original TLS/VPN session. We implemented our protocol as part of MobiVPN which is a variation of OpenVPN. Our evaluation shows that VPN sessions can be maintained and resumed after an IP address change with an average of 97.19% decrease in time required to resume the VPN session in MobiVPN compared to the original OpenVPN.

Original languageEnglish (US)
Title of host publication2018 IEEE International Conference on Communications, ICC 2018 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Print)9781538631805
StatePublished - Jul 27 2018
Event2018 IEEE International Conference on Communications, ICC 2018 - Kansas City, United States
Duration: May 20 2018May 24 2018

Publication series

NameIEEE International Conference on Communications
ISSN (Print)1550-3607


Other2018 IEEE International Conference on Communications, ICC 2018
Country/TerritoryUnited States
CityKansas City


  • Availability
  • MTD
  • Mobile VPN
  • Mobility
  • OpenVPN
  • Security
  • VPN

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering


Dive into the research topics of 'Prompt lightweight VPN session resumption for rapid client mobility and MTD enablement for VPN servers'. Together they form a unique fingerprint.

Cite this