how does ipsec dpd work?
I have a regular Mikrotik with a L2TP\ipsec server enabled. and when clients on Windows or iPhone lose connection, or the connection is unstable, I see that there are still many active peer connections and installed SAs
installed SAs are closed by a timer in 1 hour, along with policies, but active peers can be on the list for up to 24 hours
maybe DPD only works with tunnel mode? or does it only work with other Mikrotiks?
DPD is fully part of the standard. You’re strongly encouraged to use it, especially for mobile (roaming, road warrior, etc.) peers.
I tried to connect to Mikrotik from my iPhone, mobile operator, and I see that in this scenario DPD works, I see DPD requests on Mikrotik RU-ASK, but with the client mac os or windows 10 it does not work.
Today I want to try to replace Mikrotik with StrongSwan and check whether this is a Windows problem or not.
https://www.strongswan.org/testing/testresults/ikev1/net2net-psk/