3 files changed, 20 insertions, 3 deletions

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index fbe125987..98d636fe1 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -670,7 +670,14 @@ METHOD(ike_sa_t, set_state, void,
 				/* start DPD checks */
 				if (this->peer_cfg->get_dpd(this->peer_cfg))
 				{
-					send_dpd(this);
+					if (supports_extension(this, EXT_DPD))
+					{
+						send_dpd(this);
+					}
+					else
+					{
+						DBG1(DBG_IKE, "DPD not supported by peer, disabled");
+					}
 				}
 			}
 			break;
@@ -2037,6 +2044,11 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
 									"charon.flush_auth_cfg", FALSE),
 	);
 
+	if (version == IKEV2)
+	{	/* always supported with IKEv2 */
+		enable_extension(this, EXT_DPD);
+	}
+
 	this->task_manager = task_manager_create(&this->public);
 	this->my_host->set_port(this->my_host, IKEV2_UDP_PORT);
 
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index b7c96fdfb..3fc0a7be2 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -108,6 +108,11 @@ enum ike_extension_t {
 	 * peer supports XAuth authentication, draft-ietf-ipsec-isakmp-xauth-06
 	 */
 	EXT_XAUTH = (1<<7),
+
+	/**
+	 * peer supports DPD detection, RFC 3706 (or IKEv2)
+	 */
+	EXT_DPD = (1<<8),
 };
 
 /**
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index 8b5776dda..ea0dff5e0 100755
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -69,8 +69,8 @@ static struct {
 	{ "NAT-T (RFC 3947)", EXT_NATT, TRUE, 16,
 	  "\x4a\x13\x1c\x81\x07\x03\x58\x45\x5c\x57\x28\xf2\x0e\x95\x45\x2f"},
 
-	/* draft-ietf-ipsec-dpd-00 */
-	{ "DPD", 0, TRUE, 16,
+	/* Dead peer detection, RFC 3706 */
+	{ "DPD", EXT_DPD, TRUE, 16,
 	  "\xaf\xca\xd7\x13\x68\xa1\xf1\xc9\x6b\x86\x96\xfc\x77\x57\x01\x00"},
 
 	{ "draft-stenberg-ipsec-nat-traversal-01", 0, FALSE, 16,