IPSec VPN can't create tunnel

Grumman · ‎08-11-2015

Hello,

I am experiencing an issue when I am trying to create an IPSec VPN tunnel.

I have tried this on both Fortigate 60D and 200D with v5.2.3,build670 (GA) firmware.

When trying to create a tunnel using the GUI wizard, at the final step just before creating the tunnel, I receive the error: "Empty Values Not Allowed" and the tunnel is not created.

All fields are filled in and I really do not know what the problem is.

I have tried to restart the units as well as to backup the config and restore it to another fortigate unit but I receive the same error...

Any help would be much appreciated!

Thanasis

ede_pfau · ‎08-11-2015

hi,

just try to create the tunnel in CLI (console window or ssh):

conf vpn ipsec phase1-interface

edit new_vpn

...

conf vpn ipsec phase2-interface

edit new_tunnel

...

Any existing VPN should give you the idea which parameters are mandatory (interface, proposal,...) and which are not.

Which kind of tunnel are you going to create: main mode, dynamic or static remote gateway,...?

Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

ede_pfau · ‎08-11-2015

Glad it works for you now.

There's 2 ways to see this:

1 - you really want to understand why and how

2 - you need a result

If you want to go way 1, just open the wizard on the newly created tunnel definition and start deleting one value after the other, until the GUI stops you. Even then, sometimes it's a browser issue, or will not happen if the Fortigate is freshly rebooted. Or some of the parameters used have funny characters, or spaces where the GUI won't accept it (but the CLI will).

And somehow you very often go way 2.

Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

Grumman · ‎07-13-2016

Ops_Tech wrote:
Hi Thanasis,
I am having the same issue, did you ever find a resolution?
Thanks

Hello,

I found out that if you copy-paste any of the values, it will not work...

Also, if you have strange characters in the tunnel's password like [^&%")(] the wizard will give you that error as it looks like it brakes the command the FortiGate is running...

Hope this helps.

Regards,

Thanasis

View solution in original post

ede_pfau · ‎08-11-2015

hi,

just try to create the tunnel in CLI (console window or ssh):

conf vpn ipsec phase1-interface

edit new_vpn

...

conf vpn ipsec phase2-interface

edit new_tunnel

...

Any existing VPN should give you the idea which parameters are mandatory (interface, proposal,...) and which are not.

Which kind of tunnel are you going to create: main mode, dynamic or static remote gateway,...?

Ede

"Kernel panic: Aiee, killing interrupt handler!"

Grumman · ‎08-11-2015

Thank you very much for your help!

I created the tunnel through CLI but i do not understand what the issue with the GUI is...

The tunnel i am trying to create is a static remote gateway.

Thanasis

ede_pfau · ‎08-11-2015

Glad it works for you now.

There's 2 ways to see this:

1 - you really want to understand why and how

2 - you need a result

If you want to go way 1, just open the wizard on the newly created tunnel definition and start deleting one value after the other, until the GUI stops you. Even then, sometimes it's a browser issue, or will not happen if the Fortigate is freshly rebooted. Or some of the parameters used have funny characters, or spaces where the GUI won't accept it (but the CLI will).

And somehow you very often go way 2.

Ede

"Kernel panic: Aiee, killing interrupt handler!"

Ops_Tech · ‎07-12-2016

Hi Thanasis,

I am having the same issue, did you ever find a resolution?

Thanks

Grumman · ‎07-13-2016

Ops_Tech wrote:
Hi Thanasis,
I am having the same issue, did you ever find a resolution?
Thanks

Hello,

I found out that if you copy-paste any of the values, it will not work...

Also, if you have strange characters in the tunnel's password like [^&%")(] the wizard will give you that error as it looks like it brakes the command the FortiGate is running...

Hope this helps.

Regards,

Thanasis

ianbeyer · ‎11-02-2017

Ops_Tech wrote:

I found out that if you copy-paste any of the values, it will not work...
Also, if you have strange characters in the tunnel's password like [^&%")(] the wizard will give you that error as it looks like it brakes the command the FortiGate is running...

How is it that this glaring bug has STILL not been fixed?

nojeffrey · ‎11-08-2017

This is also happening for me on 5.6.2, tried removing all spaces from the names I'm using, even without copy/pasting I still get the error:

"-56: Empty values are not allowed." After trying for I think the seventh time, I finally got no error, but then the OK button did nothing... I navigated back to IPSEC tunnels page thinking maybe it's done and I just didn't get redirected, nope not in the list.

Another bug: I'll be halfway through entering data into the fields for a new custom IPSEC tunnel and it just reverts back to some template called forticisco(I tunnel I tried to create months ago) - EDIT: this seems to be a caching issue - Login to the Fortigate with Chrome in Incognito mode and this behaviour stops.

I've come to accept that bugs are fairly normal for Fortigates, but hey as long as the dashboards look good and work well!