Skip to main content
ojacinto
Staff
ojacinto
Staff
September 27, 2024

Troubleshooting Tip: Error message 'unregister_netdevice: waiting for Dialup_VPN_Name to become free. Usage count = 1'

  • September 27, 2024
  • 0 replies
  • 3655 views
Description This article describes an issue where error message'unregister_netdevice: waiting for <Dialup_VPN_Name> to become free. Usage count = 1'is shown on comlog or console output, potentially causing device inaccessibility and VPN tunnel disruptions.
Scope FortiGate v7.2.8, v7.2.9, v7.2.10, v7.4.4.
Solution

When the error message is shown on the comlog output, for example:

 

FW-HUB-01 # diag debug comlog read
Disabling the comlog feature...
OK
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

--- COMLOG TIME: 2024-04-10 11:00:00 ---

--- COMLOG TIME: 2024-04-10 12:00:00 ---

--- COMLOG TIME: 2024-04-10 13:00:00 ---

--- COMLOG TIME: 2024-04-10 14:00:00 ---
unregister_netdevice: waiting for VPN_BRANCH_0 to become free. Usage count = 1
unregister_netdevice: waiting for VPN_BRANCH_0 to become free. Usage count = 1
unregister_netdevice: waiting for VPN_BRANCH_0 to become free. Usage count = 1
unregister_netdevice: waiting for VPN_BRANCH_0 to become free. Usage count = 1
unregister_netdevice: waiting for VPN_BRANCH_0 to become free. Usage count = 1
unregister_netdevice: waiting for VPN_BRANCH_0 to become free. Usage count = 1
unregister_netdevice: waiting for VPN_BRANCH_0 to become free. Usage count = 1
unregister_netdevice: waiting for VPN_BRANCH_0 to become free. Usage count = 1
unregister_netdevice: waiting for VPN_BRANCH_0 to become free. Usage count = 1
unregister_netdevice: waiting for VPN_BRANCH_0 to become free. Usage count = 1
unregister_netdevice: waiting for VPN_BRANCH_0 to become free. Usage count = 1
unregister_netdevice: waiting for VPN_BRANCH_0 to become free. Usage count = 1
unregister_netdevice: waiting for VPN_BRANCH_0 to become free. Usage count = 1
unregister_netdevice: waiting for VPN_BRANCH_0 to become free. Usage count = 1

This can lead to the iked process remaining in D status and httpsd daemon has multiple parallel processes in D status causing some GUI pages to not load (in some cases FortiGate is inaccessible) and VPN tunnels to stop working.

The workaround for this behavior is to disable the option 'net-device' on the VPN phase1 settings for the reported VPN tunnel and all Dynamic tunnels on the Fortigate (HUB side, due to net-device is not necessary on the ADVPN HUB side).

config vpn ipsec phase1-interface

      edit VPN_BRANCH
           set net-device disable <-----

      end

end

 

For a detailed understanding of the net-device functionality, refer to this related KB article: Technical Tip: Understanding the net-device feature in FortiGate ADVPN Implementation 

 

This issue has been resolved in v7.2.11, v7.4.5 and v7.6.0.

 

Related document:

Resolved issues-7.4.5
Resolved-issues-7.6.0 
Resolved-issues-7.2.11 
Terms & ConditionsAccessibility statement