Do not allow DPD to be disabled.

Doing so would prevent the server from dropping inactive
connections. If the dpd values are not configured, set some
reasonable defaults.

src/config.c

@@ -323,7 +323,13 @@ unsigned force_cert_auth;
 	READ_NUMERIC("udp-port", config->udp_port);
 	READ_NUMERIC("keepalive", config->keepalive);
 	READ_NUMERIC("dpd", config->dpd);
+	if (config->dpd == 0)
+		config->dpd = DEFAULT_DPD_TIME;
+
 	READ_NUMERIC("mobile-dpd", config->mobile_dpd);
+	if (config->mobile_dpd == 0)
+		config->mobile_dpd = DEFAULT_MOBILE_DPD_TIME;
+
 	READ_NUMERIC("rate-limit-ms", config->rate_limit_ms);
 
 	READ_STRING("ocsp-response", config->ocsp_response);

src/ocserv-args.def

@@ -110,14 +110,12 @@ udp-port = 3333
 # Keepalive in seconds
 keepalive = 32400
 
-# Dead peer detection in seconds. Set to zero
-# to disable.
+# Dead peer detection in seconds.
 dpd = 240
 
 # Dead peer detection for mobile clients. The needs to
-# be much higher (or even disabled by setting to zero),
-# to prevent such clients being awaken too often by the DPD
-# messages, and save battery.
+# be much higher to prevent such clients being awaken too 
+# often by the DPD messages, and save battery.
 # (clients that send the X-AnyConnect-Identifier-DeviceType)
 mobile-dpd = 1800
 

src/vpn.h

@@ -49,6 +49,9 @@
 #define DEBUG_TRANSFERRED 3
 #define DEBUG_TLS   4
 
+#define DEFAULT_DPD_TIME 600
+#define DEFAULT_MOBILE_DPD_TIME 1800
+
 #define AC_PKT_DATA             0	/* Uncompressed data */
 #define AC_PKT_DPD_OUT          3	/* Dead Peer Detection */
 #define AC_PKT_DPD_RESP         4	/* DPD response */