Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
matthewc3
New Contributor

"invalid length of value -1" error when creating VPN tunnel

I am attempting to create a second VPN tunnel on our Fortigate. I have followed the wizard, but I cannot finish creating the tunnel: all I receive is a pop up stating "invalid length of value -1".

 

This occurs when I use a template from the VPN wizard, or when I do a custom tunnel, filling out all the information.

 

I have also tried creating a tunnel using a different interface than the one the first tunnel is on, but I still get the same error.

 

This is on 7.0.14, but I have also tried on another Fortigate (7.4.3), and I receive the same error.

 

The error seems to indicate to me I have not filled something out, but I am positive I have selected every possible value. What am I doing wrong?

 

3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

Provide more detail what kind of VPN you're trying to create with IPSec Wizard. It has 4 steps. Like step1: site-to-site with FGT, step2:IP address with PSK, step3:local subnet/remote subnet (don't need to know the subnet but the mask might be the key). Then got the error after stop4?

We probably need the info for the existing VPN config as well if it's conflicting with the new one. Easiest way is to go to cli and "config vpn ipsec phase1-interface" then "show", and "config vpn ipsec phase2-interface" then "show". You can mask gateway/subnet info.


Toshi

matthewc3
New Contributor

Thank you for responding: going through to provide the information provided me with the solution.

 

I had to disable "Allow Endpoint Registration" in the VPN Wizard for it to work -- using Endpoint Registration would result in an error.

 

For creating a custom tunnel, when selecting the Authentication Type, Peer Options MUST BE "Accept Any Peer ID" when using IKE 2 -- selecting a local group consistently resulted in an error.

kmohan
Staff
Staff

Hi Matthew3

 

1. Check the input values for the secondary VPN tunnel configuration to ensure they are within the specified length limits and properly formatted.

2. Verify that there are no special characters or spaces in the configuration that could be causing the error.

3. Double-check the settings for the secondary tunnel, including the tunnel name, IP addresses, and authentication details.

4. Ensure that the configuration complies with Fortinet's guidelines and requirements for VPN tunnels.

5. Test the secondary VPN tunnel in a controlled environment to identify any potential issues.

 

If the error persists, consider reviewing the configuration details thoroughly or reaching out to Fortinet support for further assistance.

Karthick
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors