FwpmIPsecTunnelAdd3 function (fwpmu.h)

  • Article

Adds a new Internet Protocol Security (IPsec) tunnel mode policy to the system.

Syntax

DWORD FwpmIPsecTunnelAdd3(
  HANDLE                       engineHandle,
  UINT32                       flags,
  const FWPM_PROVIDER_CONTEXT3 *mainModePolicy,
  const FWPM_PROVIDER_CONTEXT3 *tunnelPolicy,
  UINT32                       numFilterConditions,
  const FWPM_FILTER_CONDITION0 *filterConditions,
  const GUID                   *keyModKey,
  PSECURITY_DESCRIPTOR         sd
);

Parameters

engineHandle

Type: _In_ HANDLE

A handle to an open session with the filter engine. To open a session with the filter engine, call FwpmEngineOpen0.

flags

Type: _In_ UINT32

Possible values:

IPsec tunnel flag Meaning
FWPM_TUNNEL_FLAG_POINT_TO_POINT Adds a point-to-point tunnel to the system.
FWPM_TUNNEL_FLAG_ENABLE_VIRTUAL_IF_TUNNELING Enables virtual interface-based IPsec tunnel mode.

mainModePolicy

Type: _In_opt_ const FWPM_PROVIDER_CONTEXT3*

An optional Main Mode policy for the IPsec tunnel.

tunnelPolicy

Type: _In_ const FWPM_PROVIDER_CONTEXT3*

The Quick Mode policy for the IPsec tunnel.

numFilterConditions

Type: _In_ UINT32

The number of filter conditions present in filterConditions.

filterConditions

Type: _In_reads_(numFilterConditions) const FWPM_FILTER_CONDITION0*

An array of filter conditions that describe the traffic that should be tunneled by IPsec.

keyModKey

Type: _In_opt_ const GUID*

An optional pointer to a GUID that uniquely identifies the keying module key. If you supply this parameter, then only that keying module will be used for the tunnel. Otherwise, the default keying policy applies.

sd

Type: _In_opt_ PSECURITY_DESCRIPTOR

The security information associated with the IPsec tunnel.

Return value

Type: DWORD

Return code/value Description
ERROR_SUCCESS
0		 The IPsec tunnel mode policy was successfully added.
FWP_E_INVALID_PARAMETER
0x80320035		 FWPM_TUNNEL_FLAG_POINT_TO_POINT wasn't set, and conditions other than local/remote address were specified.
FWP_E_* error code
0x80320001—0x80320039		 A Windows Filtering Platform (WFP)-specific error. For details, see WFP error codes.
RPC_* error code
0x80010001—0x80010122		 Failure to communicate with the remote or local firewall engine.

Remarks

You can't call this function within a read-only transaction. It will fail with FWP_E_INCOMPATIBLE_TXN. For more info about transactions, see Object management.

Requirements

Requirement Value
Header fwpmu.h
Library Fwpuclnt.lib
DLL Fwpuclnt.dll