Stephen J. Bevan writes: > If you only need DPD on one end and OpenBSD will send a DPD Vendor ID > without trying to send a DPD (I haven't checked) then you can leave > DPD enabled on the FortiGate and disable it OpenBSD.
Sorry, brainfart. That won't work. You'll need ... > If that won't work or isn't acceptable (won't work too well if the > FortiGate is configured with a dynamic connection) then to get > FortiGate and OpenBSD DPD to interoperate you'll need to get one or > both of FortiGate and OpenBSD to change their code. For FortiGate, > send email to their customer support. In the case of OpenBSD maybe it > is as simple as copying over the DPD message parsing from > src/sbin/isakmpd/ipsec.c:ipsec_responder and put it in > src/sbin/isakmpd/isakmpd_doi.c:isakmp_responder.
