Session Resumption

From Libreswan
Revision as of 03:56, 31 August 2020 by Nupur Agarwal (Talk | contribs)

Jump to: navigation, search


RFC 5723 proposes an extension to IKEv2 (Internet Key Exchange v2) that allows a client to re-establish an IKE Security Association with a gateway in a highly efficient manner, utilizing a previously established IKE SA.

This tries to solve the problem of re-establishing IKE SAs between IPSEC peers after a failure at the end of a VPN gateway which usually requires a lot of computational and communication overhead with respect to the number of round trips required and the cryptographic operations involved.


To allow the use of Redirect Mechanism in IKEv2, the following main changes were made:

  • Two new source code files were created: programs/pluto/ikev2_resume.{h,c} which defines the ticket by value structure and other helper functions for handling the ticket.
  • Added code in programs/pluto/ikev2_parent.c which deals with sending and processing of IKEv2 TICKET* Notify payloads.
  • New state transitions were added in programs/pluto/ikev2.c to support the session Resumption Exchange.
  • A new connection option session-resumption=yes was added that allows or disallows the session resumption.
  • A new whack command was introduced which delete states and stores information required for resumption in connection.
ipsec whack --suspend --name <connection name>
  • New test case was added.

Issues encountered

  • The auth exchange is slightly different from the normal one. A new kind of PRF was created as described by the rfc which still has some issues.
  • As the ticket does not has fixed length and proper structure, there were some problems while dealing with the handling of the ticket.
  • There was a lot of discussion done on how to deal with suspension of the connection A mail regarding same was then sent to ietf.

Current issues

  • Auth exchange followed by session resumption exchange is not successfully done yet.
  • Debug the test case.

Future Work

  • In ticket by value implementation we need to encrypt the ticket at the responder side before sending it to initiator inorder to protect the keys and other sensitive data present inside it.
  • Test with elvis.

Source Code

Code commit :

Test commit :

The implementation of this feature is done by Nupur Agrawal ( under the mentorship of Paul Wouters, Sahana Prasad and Tuomo Soini and sponsored by Google as part of Google Summer of Code 2020 Program. The code is not merged yet as it is a POC (proof of concept).