diff --git a/crypto/dist/ipsec-tools/src/racoon/handler.h b/crypto/dist/ipsec-tools/src/racoon/handler.h
index 0411f46608b3..6f21b926a377 100644
--- a/crypto/dist/ipsec-tools/src/racoon/handler.h
+++ b/crypto/dist/ipsec-tools/src/racoon/handler.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: handler.h,v 1.23 2010/10/21 06:04:33 tteras Exp $	*/
+/*	$NetBSD: handler.h,v 1.24 2010/11/12 09:09:47 tteras Exp $	*/
 
 /* Id: handler.h,v 1.19 2006/02/25 08:25:12 manubsd Exp */
 
@@ -202,7 +202,8 @@ struct ph1handle {
 
 #ifdef ENABLE_DPD
 	int		dpd_support;	/* Does remote supports DPD ? */
-	u_int16_t	dpd_seq;		/* DPD seq number to receive */
+	u_int32_t	dpd_last_ack;
+	u_int32_t	dpd_seq;		/* DPD seq number to receive */
 	u_int8_t	dpd_fails;		/* number of failures */
 	struct sched	dpd_r_u;
 #endif
diff --git a/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c b/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
index 35a27709afe8..e313451e3987 100644
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp_inf.c,v 1.42 2010/06/22 09:41:33 vanhu Exp $	*/
+/*	$NetBSD: isakmp_inf.c,v 1.43 2010/11/12 09:09:47 tteras Exp $	*/
 
 /* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
 
@@ -1450,17 +1450,16 @@ isakmp_info_recv_r_u_ack (iph1, ru, msgid)
 	struct isakmp_pl_ru *ru;
 	u_int32_t msgid;
 {
+	u_int32_t seq;
 
 	plog(LLV_DEBUG, LOCATION, iph1->remote,
 		 "DPD R-U-There-Ack received\n");
 
-	/* XXX Maintain window of acceptable sequence numbers ?
-	 * => ru->data <= iph2->dpd_seq &&
-	 *    ru->data >= iph2->dpd_seq - iph2->dpd_fails ? */
-	if (ntohl(ru->data) != iph1->dpd_seq-1) {
+	seq = ntohl(ru->data);
+	if (seq <= iph1->dpd_last_ack || seq > iph1->dpd_seq) {
 		plog(LLV_ERROR, LOCATION, iph1->remote,
-			 "Wrong DPD sequence number (%d, %d expected).\n", 
-			 ntohl(ru->data), iph1->dpd_seq-1);
+			 "Wrong DPD sequence number (%d; last_ack=%d, seq=%d).\n", 
+			 seq, iph1->dpd_last_ack, iph1->dpd_seq);
 		return 0;
 	}
 
@@ -1472,6 +1471,7 @@ isakmp_info_recv_r_u_ack (iph1, ru, msgid)
 	}
 
 	iph1->dpd_fails = 0;
+	iph1->dpd_last_ack = seq;
 	sched_cancel(&iph1->dpd_r_u);
 	isakmp_sched_r_u(iph1, 0);
 
@@ -1536,12 +1536,13 @@ isakmp_info_send_r_u(sc)
 	memcpy(ru->i_ck, iph1->index.i_ck, sizeof(cookie_t));
 	memcpy(ru->r_ck, iph1->index.r_ck, sizeof(cookie_t));
 
-	if (iph1->dpd_seq == 0){
+	if (iph1->dpd_seq == 0) {
 		/* generate a random seq which is not too big */
-		srand(time(NULL));
-		iph1->dpd_seq = rand() & 0x0fff;
+		iph1->dpd_seq = iph1->dpd_last_ack = rand() & 0x0fff;
 	}
 
+	iph1->dpd_seq++;
+	iph1->dpd_fails++;
 	ru->data = htonl(iph1->dpd_seq);
 
 	error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, 0);
@@ -1550,12 +1551,6 @@ isakmp_info_send_r_u(sc)
 	plog(LLV_DEBUG, LOCATION, iph1->remote,
 		 "DPD R-U-There sent (%d)\n", error);
 
-	/* will be decreased if ACK received... */
-	iph1->dpd_fails++;
-
-	/* XXX should be increased only when ACKed ? */
-	iph1->dpd_seq++;
-
 	/* Reschedule the r_u_there with a short delay,
 	 * will be deleted/rescheduled if ACK received before */
 	isakmp_sched_r_u(iph1, 1);