FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains the 'unable to get VPN tunnel IP address (-30)' error and the solution while using Forticlient SSL VPN as the tool.
Find the pictures below: two hosts and using FortiClient to establish the SSL VPN.
From the above images, the first computer can connect to the FortiClient while the second computer gets an error 'unable to obtain an IP address for VPN tunnel (-30)'.
Find the debug error below. 2020-04-16 07:09:55 [319:root:41]sslvpn_reserve_dynip:1128 failed to get dynamic IP 2020-04-16 07:09:55 [319:root:41]rmt_fortisslvpn_xml_cb_handler:2398 no more IP address available. 2020-04-16 07:09:55 [319:root:41]req: /FortiClientSslvpnClearCacheUrl/for/Wini 2020-04-16 07:09:55 [319:root:41]def: (nil) /FortiClientSslvpnClearCacheUrl/for/WininetLibrary/1/2/3/4/5/6/7/8/9/0/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t 2020-04-16 07:10:15 [319:root:41]Timeout for connection 0x7f6c36488000.
In order to get rid of this error, check the address range configured under SSL VPN settings.
The above picture shows that there is only 1 IP for FortiClient users and this is why there is this error.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.