Question

Hi,

What is Dead Peer Detection in IPSEC (advanced Settings) ? is it used for Keeping alive the tunnel ?

RUTX11 is a Dialup Client with Fortinet on other side .

The tunnel goes down after 2-3 days but i want it to be alive always .

Kindly assist.

Answer 1

Hello,

Dead Peer Detection (DPD, RFC 3706) is used for the other side peer detection where R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. It is recommended to configure it at least on the client side in order to make sure these periodic messages check whether the other peer is "alive" (online). In case of DPD failure any specified action would be taken (restart/hold/clear/none). 

In your case it'd be recommended to configure some specific DPD time value with restart action in case of a failure in order for the IPsec tunnel to (attempt) come back up if it ever goes down. 

More information about this functionality can be found in the following articles:

https://wiki.teltonika-networks.com/view/RUTX11_VPN#Advanced_settings_2 - page about IPsec functionality on any device running the RUTOS firmware.

https://wiki.strongswan.org/projects/strongswan/wiki/connsection - page about the IPsec (strongswan) package and brief description of each option.

Best regards,

Tomas.