Description
This article explains the 'unable to get VPN tunnel IP address (-30)' error and the solution while using Forticlient SSL VPN as the tool.
Solution
- Find the pictures below: two hosts and using FortiClient to establish the SSL VPN.
- From the above images, the first computer can connect to the FortiClient while the second computer gets an error 'unable to obtain an IP address for VPN tunnel (-30)'.
- Find the debug error below.
2020-04-16 07:09:55 [319:root:41]sslvpn_reserve_dynip:1128 failed to get dynamic IP
2020-04-16 07:09:55 [319:root:41]rmt_fortisslvpn_xml_cb_handler:2398 no more IP address available.
2020-04-16 07:09:55 [319:root:41]req: /FortiClientSslvpnClearCacheUrl/for/Wini
2020-04-16 07:09:55 [319:root:41]def: (nil) /FortiClientSslvpnClearCacheUrl/for/WininetLibrary/1/2/3/4/5/6/7/8/9/0/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t
2020-04-16 07:10:15 [319:root:41]Timeout for connection 0x7f6c36488000.
- In order to get rid of this error, check the address range configured under SSL VPN settings.
-
The above picture shows that there is only 1 IP for FortiClient users and this is why there is this error.
-
Increasing the address range fixes this problem.