Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

Download PDF
Copy Link

DPD example

This section provides an example of a non-default IPsec VPN configuration. You can use this configuration if both of the following symptoms occur:

  • FortiClient fails to connect to IPsec VPN
  • When you view the FortiGate IKE debug log, you see that FortiOS sends R_U_THERE to FortiClient, but there is no reply, and it times out.

In this case, you can increase the FortiGate DPD wait time and/or enable FortiClient IPsec multithread mode. However, it is recommended not to enable FortiClient IPsec multithread mode if it is not necessary. You must make changes to the FortiGate and FortiClient configurations.

To configure the FortiGate:

Increase the FortiGate DPD wait time using the following FortiOS CLI commands:

config vpn ipsec phase1-interface

edit <your IPsec VPN>

set dpd-retrycount <configure a higher number>

set dpd-retryinterval <configure a higher number>

To configure FortiClient:

Enable multithread mode on FortiClient using the following XML configuration:

<ipsecvpn>

<connections>

<connection>

<name>your IPsec VPN</name>

<ike_settings>

<xauth>

<use_otp>1</use_otp>

DPD example

This section provides an example of a non-default IPsec VPN configuration. You can use this configuration if both of the following symptoms occur:

  • FortiClient fails to connect to IPsec VPN
  • When you view the FortiGate IKE debug log, you see that FortiOS sends R_U_THERE to FortiClient, but there is no reply, and it times out.

In this case, you can increase the FortiGate DPD wait time and/or enable FortiClient IPsec multithread mode. However, it is recommended not to enable FortiClient IPsec multithread mode if it is not necessary. You must make changes to the FortiGate and FortiClient configurations.

To configure the FortiGate:

Increase the FortiGate DPD wait time using the following FortiOS CLI commands:

config vpn ipsec phase1-interface

edit <your IPsec VPN>

set dpd-retrycount <configure a higher number>

set dpd-retryinterval <configure a higher number>

To configure FortiClient:

Enable multithread mode on FortiClient using the following XML configuration:

<ipsecvpn>

<connections>

<connection>

<name>your IPsec VPN</name>

<ike_settings>

<xauth>

<use_otp>1</use_otp>