Overview
This article provides information on how to disable Dead Peer Detection (DPD) using Kerio Control internal files.
Background Information
Dead Peer Detection (DPD) is a method of detecting a dead (unavailable) VPN endpoint. When a dead endpoint is detected, it triggers either a failover or re-negotiation. Because of some third-party firewall specifications, DPD may fail for a VPN IPSec tunnel that otherwise works. In these cases, it becomes necessary to disable DPD using modification through the SSH console. It can be done for each VPN IPsec configuration, including the VPN server.
Preconditions
Access to Kerio Control Administration
Process for Disabling DPD
-
Log in via SSH to your Kerio Control console.
-
Make the system read-writable by running the command:
mount -o rw,remount /
. -
Open
/opt/kerio/winroute/winroute.cfg
using Vim or Nano editor. -
Use Ctrl + W to search for
DPD
. -
Modify the
DpdAction
variable tonone
using<variable name="DpdAction">none</variable>
as shown in the example below. -
Save the changes by entering Ctrl + O and Yes to confirm.
Note: The DPD can also be disabled in the IPsec VPN server. The default value (clear) can be changed to none.
Verification
You should be able to re-establish the IPsec tunnel connection and check DPD status.
Related Articles
Adjusting Lifetime Values for IPSec VPN: This article provides information about IPSec VPN settings and describes the process of changing its lifetime values using Kerio Control.