Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TheJaeene
Contributor

Created on ‎03-20-2015 02:29 AM

HINT: FOS 5.2 IPSec Dialup-Tunnel Naming / Concurrent Users

 Hello Forum,

 

just a little hint on naming Dialup-VPN Tunnels regarding the maximun concurrent Users.

Since established IPSec Dialup Tunnel Interfaces will be distinguished by adding a Sequence Number (eg. tunnel_0 , tunnel_1)

and a VPN Interface Name is limited to 15 characters, the maximum concurrent Users will be limited accordingly.

 

Just take look at the attached screenshots (max. Concurrent Users) and you may get the clue!

 

 

Regards,

Jan  

 

 

 

 

 

Preview file
155 KB
11437
0 Kudos
1 Solution
ede_pfau
SuperUser
SuperUser

Created on ‎03-20-2015 05:03 AM

The name length limit is an inherent limit, valid for all versions of FortiOS. It is not configurable and thus, not in the config file.

Please have a look at this:

Technical Tip: IPSec VPN phase1 interface name characters limitation best practice

Ede Kernel panic: Aiee, killing interrupt handler!

View solution in original post

Ede Kernel panic: Aiee, killing interrupt handler!
2388
0 Kudos
5 REPLIES 5
emnoc
Esteemed Contributor III

Created on ‎03-20-2015 03:07 AM

I seen that also, but where in the cfg is the  max concurrent user set? I believe this is a bug.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2349
0 Kudos
TheJaeene
Contributor

Created on ‎03-20-2015 03:13 AM

The  Tunnel Name length is the Limit for the max concurrent Users!

2349
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎03-20-2015 03:25 AM

Okay so where is that included in the config file? That what's I talking about. I could never find exactly what/where this was populated in the configuration. If you make name length longer or shorter it indicates different concurrent values but this value is nowhere in the configuration from what I seen.

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2349
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎03-20-2015 05:03 AM

The name length limit is an inherent limit, valid for all versions of FortiOS. It is not configurable and thus, not in the config file.

Please have a look at this:

Technical Tip: IPSec VPN phase1 interface name characters limitation best practice

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
2389
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎03-23-2015 01:01 AM

Okay thanks for the reference URL

 

I was looking for something in the cfg that set the actual limit,hence the confusion. Never seen that URL KB page before , kinda interesting. Here's an example of the different name lengths.

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Preview file
33 KB
2349
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.