Edit

Share via

FwpmIPsecTunnelAdd3 function (fwpmk.h)

  • Article

The FwpmIPsecTunnelAdd3 function adds a new Internet Protocol Security (IPsec) tunnel mode policy to the system.

Syntax

NTSTATUS FwpmIPsecTunnelAdd3(
  [in]                             HANDLE                       engineHandle,
  [in]                             UINT32                       flags,
  [in, optional]                   const FWPM_PROVIDER_CONTEXT3 *mainModePolicy,
  [in]                             const FWPM_PROVIDER_CONTEXT3 *tunnelPolicy,
  [in]                             UINT32                       numFilterConditions,
  [in, reads(numFilterConditions)] const FWPM_FILTER_CONDITION0 *filterConditions,
  [in, optional]                   const GUID                   *keyModKey,
  [in, optional]                   PSECURITY_DESCRIPTOR         sd
);

Parameters

[in] engineHandle

Handle for an open session to the filter engine. Call FwpmEngineOpen0 to open a session to the filter engine.

[in] flags

Possible values:

IPsec tunnel flag Meaning
FWPM_TUNNEL_FLAG_POINT_TO_POINT Adds a point-to-point tunnel to the system.
FWPM_TUNNEL_FLAG_ENABLE_VIRTUAL_IF_TUNNELING Enables virtual interface-based IPsec tunnel mode.

[in, optional] mainModePolicy

An optional Main Mode policy for the IPsec tunnel.

[in] tunnelPolicy

The Quick Mode policy for the IPsec tunnel.

[in] numFilterConditions

The number of filter conditions present in filterConditions.

[in, reads(numFilterConditions)] filterConditions

An array of filter conditions that describe the traffic that should be tunneled by IPsec.

[in, optional] keyModKey

An optional pointer to a GUID that uniquely identifies the keying module key. If you supply this parameter, then only that keying module will be used for the tunnel. Otherwise, the default keying policy applies.

[in, optional] sd

The security information associated with the IPsec tunnel.

Return value

Return code/value Description
ERROR_SUCCESS
0		 The IPsec tunnel mode policy was successfully added.
FWP_E_INVALID_PARAMETER
0x80320035		 FWPM_TUNNEL_FLAG_POINT_TO_POINT wasn't set, and conditions other than local/remote address were specified.
FWP_E_* error code
0x80320001—0x80320039		 A Windows Filtering Platform (WFP)-specific error. For details, see WFP error codes.
RPC_* error code
0x80010001—0x80010122		 Failure to communicate with the remote or local firewall engine.
Other NTSTATUS codes An error occurred.

Remarks

You can't call this function within a read-only transaction, it fails with FWP_E_INCOMPATIBLE_TXN. For more info about transactions, see Object Management.

Requirements

Requirement Value
Minimum supported client Available starting with Windows Vista.
Target Platform Universal
Header fwpmk.h
Library fwpkclnt.lib
IRQL <= PASSIVE_LEVEL

See also