DPD settings

Started by dcol, March 13, 2023, 11:14:00 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 13, 2023, 11:14:00 PM Last Edit: March 13, 2023, 11:28:20 PM by dcol
Read many posts over the past week on this with a lot of different answers. Some say use DPD, some not use.
I noticed, when DPD enabled, it is polled every 30 seconds in the VPN log.

Question
What is the optimal setting for DPD Delay, Retries, Action, and Keyingtries for a 24/7 tunnel?

One more thing to clarify. I am using Windows 10 native client and IPsec IKEv2

Thanks for looking.
March 14, 2023, 04:10:21 PM #1
No one.....
I guess these settings really are a mystery.

I just tested my VPN still running after 24 hours. My DPD settings used are as follows
45 seconds - 5 retries - Restart the tunnel - 10 Keyingtries

Any comments?
May 28, 2025, 07:40:06 AM #2
Quote from: dcol on March 14, 2023, 04:10:21 PMNo one.....
I guess these settings really are a mystery.

I just tested my VPN still running after 24 hours. My DPD settings used are as follows
45 seconds - 5 retries - Restart the tunnel - 10 Keyingtries

Any comments?

Guessing you are using legacy tunnels?

I have a lot of clients with always-on tunnels over a less-reliable ISP (Shaw/Rogers Cable). They generally use a live booking/Client information database app at a central location, and satellite office access it via the tunnel.  I have long (> 7 years) set my DPD to numbers like 31s and 59 retries with "restart the tunnel" as the DPD action.

I'm actually looking to translate these into the new connections settings, and I'm pretty frustrated by the extremely low quality of documentation I've been able to find.
Print
Go Up Pages1
User actions