FwpmIPsecTunnelAdd2 function (fwpmk.h)

  • Article

The FwpmIPsecTunnelAdd2 function adds a new Internet Protocol Security (IPsec) tunnel mode policy to the system.

Syntax

NTSTATUS FwpmIPsecTunnelAdd2(
  [in]           HANDLE                       engineHandle,
  [in]           UINT32                       flags,
  [in, optional] const FWPM_PROVIDER_CONTEXT2 *mainModePolicy,
  [in]           const FWPM_PROVIDER_CONTEXT2 *tunnelPolicy,
  [in]           UINT32                       numFilterConditions,
  [in]           const FWPM_FILTER_CONDITION0 *filterConditions,
  [in, optional] const GUID                   *keyModKey,
  [in, optional] PSECURITY_DESCRIPTOR         sd
);

Parameters

[in] engineHandle

Handle for an open session to the filter engine. Call FwpmEngineOpen0 to open a session to the filter engine.

[in] flags

Possible values:

IPsec tunnel flag Meaning
FWPM_TUNNEL_FLAG_POINT_TO_POINT Adds a point-to-point tunnel to the system.
FWPM_TUNNEL_FLAG_ENABLE_VIRTUAL_IF_TUNNELING Enables virtual interface-based IPsec tunnel mode.

[in, optional] mainModePolicy

The Main Mode policy for the IPsec tunnel.

[in] tunnelPolicy

The Quick Mode policy for the IPsec tunnel.

[in] numFilterConditions

Number of filter conditions present in the filterConditions parameter.

[in] filterConditions

Array of filter conditions that describe the traffic which should be tunneled by IPsec.

[in, optional] keyModKey

Pointer to a GUID that uniquely identifies the keying module key.

If the caller supplies this parameter, only that keying module will be used for the tunnel. Otherwise, the default keying policy applies.

[in, optional] sd

The security information associated with the IPsec tunnel.

Return value

Return code/value Description
ERROR_SUCCESS
0		 The IPsec tunnel mode policy was successfully added.
FWP_E_INVALID_PARAMETER
0x80320035		 FWPM_TUNNEL_FLAG_POINT_TO_POINT was not set and conditions other than local/remote address were specified.
FWP_E_* error code
0x80320001—0x80320039		 A Windows Filtering Platform (WFP) specific error. See WFP Error Codes for details.
RPC_* error code
0x80010001—0x80010122		 Failure to communicate with the remote or local firewall engine.
Other NTSTATUS codes An error occurred.

Remarks

This function cannot be called from within a read-only transaction, it fails with FWP_E_INCOMPATIBLE_TXN. See Object Management for more information about transactions.

FwpmIPsecTunnelAdd2 is a specific implementation of FwpmIPsecTunnelAdd. See WFP Version-Independent Names and Targeting Specific Versions of Windows for more information.

Requirements

Requirement Value
Minimum supported client Available starting with Windows Vista.
Target Platform Universal
Header fwpmk.h
Library fwpkclnt.lib
IRQL <= PASSIVE_LEVEL

See also