terraform-provider-fortios icon indicating copy to clipboard operation
terraform-provider-fortios copied to clipboard

Published 20 hours ago verified publisher icon fortinetdev

Problem: Creating Redundant VPN Tunnel with the same Remote Gateway IP

Open dbhagen opened this issue 1 year ago • 2 comments

Trying to create an additional (redundant) tunnel via Terraform but the CLI errors saying it's a duplicate:

Error: Error creating VpnIpsecPhase1 resource: Internal Server Error - Internal error when processing the request (500)
│ Cli response: 
│ The remote gateway is a duplicate of another IPsec gateway entry (AZ-ISP1-VPN)
│ object check operator error, -34, discard the setting
│ Command fail. Return code -34
│ 
│ 
│   with fortios_vpnipsec_phase1.AZ-ISP2-VPN,
│   on ctx-fortigate.tf line 143, in resource "fortios_vpnipsec_phase1" "AZ-ISP2-VPN":
│  143: resource "fortios_vpnipsec_phase1" "AZ-ISP2-VPN" {

The config is:

resource "fortios_vpnipsec_phase1" "AZ-ISP2-VPN" {
  name              = "AZ-ISP2-VPN"
  interface         = "ISP2-INT"
  ike_version       = 2
  local_gw          = "****"
  keylife           = 28800
  peertype          = "any"
  proposal          = "aes256-sha256"
  dpd               = "on-idle"
  dhgrp             = 2
  nattraversal      = "disable"
  remote_gw         = "****"  <-- matches an existing phase 1 for another tunnel via another ISP link
  psksecret         = "****"
  dpd_retryinterval = 10

dbhagen avatar May 04 '23 02:05 dbhagen