< Knowledge Base

Dead Peer Detection (DPD) for IPsec

Published On: Oct 07, 2015 

Dead Peer Detection (DPD) is the method to detect the aliveness of an IPsec connection. During IPsec tunnel creation, VPN peers will negotiate to decide whether to use DPD or not. When DPD is in use, the router will send DPD packet R_U_THERE to the VPN peer and wait for peer's ACK. If there is no feedback from the peer, it will disconnect the IPsec tunnel.

All Vigor VPN Routers support IPsec DPD feature. For DrayOS models, DPD is enabled by default and cannot be turned off. When detecting no traffic over the IPsec tunnel, the router will send DPD packets every 15 seconds. If the peer doesn't respond for two times, the router will then disconnect the IPsec tunnel.

Model Vigor2960 and Vigor3900 support changing the Delay and Timeout Settings in the Advanced tab of IPsec profiles.

a screenshot of Vigor3900's IPsec profile

Was this helpful?     


Related Articles