This article provides information on how to disable Dead Peer Detection (DPD) using Kerio Control internal files.
Dead Peer Detection (DPD) is a method of detecting a dead (unavailable) VPN endpoint. When a dead endpoint is detected, it triggers either a failover or re-negotiation. Because of some third-party firewall specifications, DPD may fail for a VPN IPSec tunnel that otherwise works. In these cases, it becomes necessary to disable DPD using modification through the SSH console. It can be done for each VPN IPsec configuration, including the VPN server.
Access to Kerio Control Administration
Process for Disabling DPD
Log in via SSH to your Kerio Control console.
Make the system read-writable by running the command:
mount -o rw,remount /.
/opt/kerio/winroute/winroute.cfgusing Vim or Nano editor.
Use Ctrl + W to search for
<variable name="DpdAction">none</variable>as shown in the example below.
Save the changes by entering Ctrl + O and Yes to confirm.Note: The DPD can also be disabled in the IPsec VPN server. The default value (clear) can be changed to none.
You should be able to re-establish the IPsec tunnel connection and check DPD status.
Adjusting Lifetime Values for IPSec VPN: This article provides information about IPSec VPN settings and describes the process of changing its lifetime values using Kerio Control.