Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kcheng
Staff
Staff

Created on ‎04-04-2022 12:10 AM Edited on ‎04-04-2022 01:31 AM By Community Manager

Article Id 208365

Technical Tip: Unable to receive VPN tunnel IP address (-30) despite IP pool is free

Description This article describes that it is not possible to to receive VPN tunnel IP address (-30) despite IP pool is free.
Scope FortiGate, SSL-VPN.
Solution

Sometimes, it is difficutl to connect to SSLVPN and being thrown an error of 'Unable to receive VPN tunnel IP address (-30)'.

 

It is possible to check if there is any exhaustion of SSL-VPN IP pool by checking on the SSL-VPN user list with the following command:


# get vpn ssl monitor

 

get vpn ssl monitor.png

 

 

 

Enable the debug of SSLVPN and ask the user to connect to the SSL-VPN:

 

# diag deb app sslvpn -1
# diag deb en

 

It is possible to find that there is no user connected to SSL-VPN and the following error is shown in the debug log:


ssvpn_reserve_dynip:1103 failed to get dynamic IP

 

error.png

 

To resolve that, proceed to restart SSL-VPN service with the following command:


fnsysctl killall sslvpnd

 

The user should be able to connect to SSL-VPN and obtain an IP successfully. 
4247
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.