Edit

FwpmIPsecTunnelAdd2 function (fwpmu.h)

  • Article

The FwpmIPsecTunnelAdd2 function adds a new Internet Protocol Security (IPsec) tunnel mode policy to the system.

Note  FwpmIPsecTunnelAdd2 is the specific implementation of FwpmIPsecTunnelAdd used in Windows 8. See WFP Version-Independent Names and Targeting Specific Versions of Windows for more information. For Windows 7, FwpmIPsecTunnelAdd1 is available. For Windows Vista, FwpmIPsecTunnelAdd0 is available.
 

Syntax

DWORD FwpmIPsecTunnelAdd2(
  [in]           HANDLE                       engineHandle,
  [in]           UINT32                       flags,
  [in, optional] const FWPM_PROVIDER_CONTEXT2 *mainModePolicy,
  [in]           const FWPM_PROVIDER_CONTEXT2 *tunnelPolicy,
  [in]           UINT32                       numFilterConditions,
  [in]           const FWPM_FILTER_CONDITION0 *filterConditions,
  [in, optional] const GUID                   *keyModKey,
  [in, optional] PSECURITY_DESCRIPTOR         sd
);

Parameters

[in] engineHandle

Type: HANDLE

A handle for an open session to the filter engine. Call FwpmEngineOpen0 to open a session to the filter engine.

[in] flags

Type: UINT32

Possible values:

IPsec tunnel flag Meaning
FWPM_TUNNEL_FLAG_POINT_TO_POINT
 Adds a point-to-point tunnel to the system.
FWPM_TUNNEL_FLAG_ENABLE_VIRTUAL_IF_TUNNELING
 Enables virtual interface-based IPsec tunnel mode.

[in, optional] mainModePolicy

Type: FWPM_PROVIDER_CONTEXT2*

The Main Mode policy for the IPsec tunnel.

[in] tunnelPolicy

Type: FWPM_PROVIDER_CONTEXT2*

The Quick Mode policy for the IPsec tunnel.

[in] numFilterConditions

Type: UINT32

Number of filter conditions present in the filterConditions parameter.

[in] filterConditions

Type: FWPM_FILTER_CONDITION0*

Array of filter conditions that describe the traffic which should be tunneled by IPsec.

[in, optional] keyModKey

Type: const GUID*

Pointer to a GUID that uniquely identifies the keying module key.

If the caller supplies this parameter, only that keying module will be used for the tunnel. Otherwise, the default keying policy applies.

[in, optional] sd

Type: PSECURITY_DESCRIPTOR

The security information associated with the IPsec tunnel.

Return value

Type: DWORD

Return code/value Description
ERROR_SUCCESS
0
 The IPsec tunnel mode policy was successfully added.
FWP_E_INVALID_PARAMETER
0x80320035
 FWPM_TUNNEL_FLAG_POINT_TO_POINT was not set and conditions other than local/remote address were specified.
FWP_E_* error code
0x80320001—0x80320039
 A Windows Filtering Platform (WFP) specific error. See WFP Error Codes for details.
RPC_* error code
0x80010001—0x80010122
 Failure to communicate with the remote or local firewall engine.

Remarks

This function cannot be called from within a read-only transaction. It will fail with FWP_E_INCOMPATIBLE_TXN. See Object Management for more information about transactions.

Requirements

Requirement Value
Minimum supported client Windows 8 [desktop apps only]
Minimum supported server Windows Server 2012 [desktop apps only]
Target Platform Windows
Header fwpmu.h
Library Fwpuclnt.lib
DLL Fwpuclnt.dll

See also

FWPM_FILTER_CONDITION0

FWPM_PROVIDER_CONTEXT2

WFP Functions

Windows Filtering Platform API Reference