diff --git a/src/config.c b/src/config.c
index adeb1bb7..2507b78b 100644
--- a/src/config.c
+++ b/src/config.c
@@ -127,6 +127,7 @@ unsigned j;
 	READ_NUMERIC("tcp-port", config->port, 1);
 	READ_NUMERIC("udp-port", config->udp_port, 0);
 	READ_NUMERIC("keepalive", config->keepalive, 0);
+	READ_NUMERIC("dpd", config->dpd, 0);
 
 	READ_STRING("server-cert", config->cert, 1);
 	READ_STRING("server-key", config->key, 1);
@@ -201,7 +202,10 @@ static void check_cfg( struct cfg_st *config)
 	}
 	
 	if (config->keepalive == 0)
-		config->keepalive = 30;
+		config->keepalive = 3600;
+
+	if (config->dpd == 0)
+		config->keepalive = 60;
 
 	if (config->udp_port == 0)
 		config->udp_port = config->port;
diff --git a/src/main.c b/src/main.c
index d6a7e469..207ca928 100644
--- a/src/main.c
+++ b/src/main.c
@@ -414,7 +414,10 @@ int connected = 0;
 		goto fail;
 
 	/* check version */
-	if (buffer[1] != 254 && (buffer[1] != 1 && buffer[2] != 0)) {
+	mslog(s, NULL, LOG_DEBUG, "DTLS record version: %u.%u", (unsigned int)buffer[1], (unsigned int)buffer[2]);
+	mslog(s, NULL, LOG_DEBUG, "DTLS hello version: %u.%u", (unsigned int)buffer[RECORD_PAYLOAD_POS], (unsigned int)buffer[RECORD_PAYLOAD_POS+1]);
+	if (buffer[1] != 254 && (buffer[1] != 1 && buffer[2] != 0) &&
+		buffer[RECORD_PAYLOAD_POS] != 254 && (buffer[RECORD_PAYLOAD_POS] != 0 && buffer[RECORD_PAYLOAD_POS+1] != 0)) {
 		mslog(s, NULL, LOG_INFO, "Unknown DTLS version: %u.%u", (unsigned)buffer[1], (unsigned)buffer[2]);
 		goto fail;
 	}
@@ -422,8 +425,6 @@ int connected = 0;
 		mslog(s, NULL, LOG_INFO, "Unexpected DTLS content type: %u", (unsigned int)buffer[0]);
 		goto fail;
 	}
-	mslog(s, NULL, LOG_DEBUG, "DTLS record version: %u.%u", (unsigned int)buffer[1], (unsigned int)buffer[2]);
-	mslog(s, NULL, LOG_DEBUG, "DTLS hello version: %u.%u", (unsigned int)buffer[RECORD_PAYLOAD_POS], (unsigned int)buffer[RECORD_PAYLOAD_POS+1]);
 
 	/* read session_id */
 	session_id_size = buffer[RECORD_PAYLOAD_POS+HANDSHAKE_SESSION_ID_POS];
diff --git a/src/ocserv-args.c b/src/ocserv-args.c
index f09df211..b48d4a50 100644
--- a/src/ocserv-args.c
+++ b/src/ocserv-args.c
@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (ocserv-args.c)
  *  
- *  It has been AutoGen-ed  February  8, 2013 at 10:02:15 AM by AutoGen 5.16
+ *  It has been AutoGen-ed  February  8, 2013 at 09:35:09 PM by AutoGen 5.16
  *  From the definitions    ocserv-args.def
  *  and the template file   options
  *
diff --git a/src/ocserv-args.def b/src/ocserv-args.def
index f4b17a47..74edee0d 100644
--- a/src/ocserv-args.def
+++ b/src/ocserv-args.def
@@ -78,6 +78,12 @@ max-clients = 16
 tcp-port = 3333
 udp-port = 3333
 
+# Keepalive in seconds
+keepalive = 3600
+
+# Dead peer detection in seconds
+dpd = 60
+
 # The key and the certificates of the server
 # The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11)
 server-cert = /path/to/cert.pem
diff --git a/src/ocserv-args.h b/src/ocserv-args.h
index b2cc36f1..03fadcea 100644
--- a/src/ocserv-args.h
+++ b/src/ocserv-args.h
@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (ocserv-args.h)
  *  
- *  It has been AutoGen-ed  February  8, 2013 at 10:02:15 AM by AutoGen 5.16
+ *  It has been AutoGen-ed  February  8, 2013 at 09:35:09 PM by AutoGen 5.16
  *  From the definitions    ocserv-args.def
  *  and the template file   options
  *
diff --git a/src/sample.config b/src/sample.config
index 88bab4f6..612d15a1 100644
--- a/src/sample.config
+++ b/src/sample.config
@@ -23,7 +23,10 @@ tcp-port = 3333
 udp-port = 3333
 
 # Keepalive in seconds
-keepalive = 90
+keepalive = 60
+
+# Dead peer detection in seconds
+dpd = 30
 
 # The key and the certificates of the server
 # The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11)
diff --git a/src/vpn.h b/src/vpn.h
index 8afbd5d2..16f08451 100644
--- a/src/vpn.h
+++ b/src/vpn.h
@@ -67,6 +67,7 @@ struct cfg_st {
 	time_t cookie_validity;	/* in seconds */
 	unsigned auth_timeout; /* timeout of HTTP auth */
 	unsigned keepalive;
+	unsigned dpd;
 	unsigned foreground;
 	unsigned tls_debug;
 	unsigned debug;
diff --git a/src/worker-vpn.c b/src/worker-vpn.c
index 5917a978..34c63144 100644
--- a/src/worker-vpn.c
+++ b/src/worker-vpn.c
@@ -563,7 +563,7 @@ unsigned mtu_overhead, dtls_mtu = 0, tls_mtu = 0;
 	ret = tls_puts(ws->session, "X-CSTP-Version: 1\r\n");
 	SEND_ERR(ret);
 
-	ret = tls_puts(ws->session, "X-CSTP-DPD: 60\r\n");
+	ret = tls_printf(ws->session, "X-CSTP-DPD: %u\r\n", ws->config->dpd);
 	SEND_ERR(ret);
 
 	ws->udp_state = UP_DISABLED;
@@ -631,10 +631,13 @@ unsigned mtu_overhead, dtls_mtu = 0, tls_mtu = 0;
 		ret = tls_printf(ws->session, "X-DTLS-Session-ID: %s\r\n", buffer);
 		SEND_ERR(ret);
 
+		ret = tls_printf(ws->session, "X-DTLS-DPD: %u\r\n", ws->config->dpd);
+		SEND_ERR(ret);
+
 		ret = tls_printf(ws->session, "X-DTLS-Port: %u\r\n", ws->config->udp_port);
 		SEND_ERR(ret);
 
-		ret = tls_puts(ws->session, "X-DTLS-ReKey-Time: 86400\r\n");
+		ret = tls_puts(ws->session, "X-DTLS-Rekey-Time: 86400\r\n");
 		SEND_ERR(ret);
 
 		ret = tls_printf(ws->session, "X-DTLS-Keepalive: %u\r\n", ws->config->keepalive);
@@ -690,9 +693,11 @@ unsigned mtu_overhead, dtls_mtu = 0, tls_mtu = 0;
 
 		if (terminate != 0) {
 			if (ws->udp_state == UP_ACTIVE) {
-				buffer[7] = AC_PKT_DISCONN;
+				buffer[0] = AC_PKT_TERM_SERVER;
+				
+				oclog(ws, LOG_DEBUG, "Sending disconnect message in DTLS channel");
 
-				ret = tls_send(ws->dtls_session, buffer + 7, 1);
+				ret = tls_send(ws->dtls_session, buffer, 1);
 				GNUTLS_FATAL_ERR(ret);
 			}
 
@@ -702,12 +707,13 @@ unsigned mtu_overhead, dtls_mtu = 0, tls_mtu = 0;
 			buffer[3] = 1;
 			buffer[4] = 0;
 			buffer[5] = 0;
-			buffer[6] = AC_PKT_DISCONN;
+			buffer[6] = AC_PKT_TERM_SERVER;
 			buffer[7] = 0;
 
+			oclog(ws, LOG_DEBUG, "Sending disconnect message in TLS channel");
 			ret = tls_send(ws->session, buffer, 8);
 			GNUTLS_FATAL_ERR(ret);
-			
+
 			goto exit;
 		}
 
@@ -898,8 +904,11 @@ hsk_restart:
 
 exit:
 	tls_close(ws->session);
-	if (ws->udp_state == UP_ACTIVE && ws->dtls_session)
+	/*gnutls_deinit(ws->session);*/
+	if (ws->udp_state == UP_ACTIVE && ws->dtls_session) {
 		tls_close(ws->dtls_session);
+		/*gnutls_deinit(ws->dtls_session);*/
+	}
 exit_nomsg:
 	closelog();
 	exit(1);
@@ -1002,31 +1011,35 @@ int ret, e;
 
 	switch (head) {
 		case AC_PKT_DPD_RESP:
-		case AC_PKT_KEEPALIVE:
+			oclog(ws, LOG_INFO, "received DPD response");
+			break;
+		case AC_PKT_KEEPALIVE:
+			oclog(ws, LOG_INFO, "received keepalive");
 			break;
-
 		case AC_PKT_DPD_OUT:
-			oclog(ws, LOG_DEBUG, "Sending STF8\n");
+			oclog(ws, LOG_DEBUG, "received DPD; sending response");
 			ret =
 			    tls_send(ts, "STF\x01\x00\x00\x04\x00", 8);
 			if (ret < 0) {
-				oclog(ws, LOG_ERR, "Could not send TLS data: %s", gnutls_strerror(ret));
+				oclog(ws, LOG_ERR, "could not send TLS data: %s", gnutls_strerror(ret));
 				return -1;
 			}
 			break;
 		case AC_PKT_DISCONN:
-			oclog(ws, LOG_INFO, "Received BYE packet\n");
+			oclog(ws, LOG_INFO, "received BYE packet");
 			break;
 		case AC_PKT_DATA:
-			oclog(ws, LOG_DEBUG, "Writing %d bytes to TUN\n", (int)buf_size);
+			oclog(ws, LOG_DEBUG, "writing %d bytes to TUN", (int)buf_size);
 			ret = tun_write(ws->tun_fd, buf, buf_size);
 			if (ret == -1) {
 				e = errno;
-				oclog(ws, LOG_ERR, "Could not write data to tun: %s", strerror(e));
+				oclog(ws, LOG_ERR, "could not write data to tun: %s", strerror(e));
 				return -1;
 			}
 
 			break;
+		default:
+			oclog(ws, LOG_DEBUG, "received unknown packet %u", (unsigned)head);
 	}
 	
 	return head;