FwpmIPsecTunnelAdd1 function

The FwpmIPsecTunnelAdd1 function adds a new Internet Protocol Security (IPsec) tunnel mode policy to the system.

Note  FwpmIPsecTunnelAdd1 is the specific implementation of FwpmIPsecTunnelAdd used in Windows 7. See WFP Version-Independent Names and Targeting Specific Versions of Windows for more information. For Windows Vista, FwpmIPsecTunnelAdd0 is available. For Windows 8, FwpmIPsecTunnelAdd2 is available.
 

Syntax

DWORD FwpmIPsecTunnelAdd1(
  HANDLE                       engineHandle,
  UINT32                       flags,
  const FWPM_PROVIDER_CONTEXT1 *mainModePolicy,
  const FWPM_PROVIDER_CONTEXT1 *tunnelPolicy,
  UINT32                       numFilterConditions,
  const FWPM_FILTER_CONDITION0 *filterConditions,
  const GUID                   *keyModKey,
  PSECURITY_DESCRIPTOR         sd
);

Parameters

engineHandle

Type: HANDLE

A handle for an open session to the filter engine. Call FwpmEngineOpen0 to open a session to the filter engine.

flags

Type: UINT32

Possible values:

IPsec tunnel flag Meaning
FWPM_TUNNEL_FLAG_POINT_TO_POINT
Adds a point-to-point tunnel to the system.
FWPM_TUNNEL_FLAG_ENABLE_VIRTUAL_IF_TUNNELING
Enables virtual interface-based IPsec tunnel mode.

mainModePolicy

Type: const FWPM_PROVIDER_CONTEXT1*

The Main Mode policy for the IPsec tunnel.

tunnelPolicy

Type: const FWPM_PROVIDER_CONTEXT1*

The Quick Mode policy for the IPsec tunnel.

numFilterConditions

Type: UINT32

Number of filter conditions present in the filterConditions parameter.

filterConditions

Type: const FWPM_FILTER_CONDITION0*

Array of filter conditions that describe the traffic which should be tunneled by IPsec.

keyModKey

Type: const GUID*

Pointer to a GUID that uniquely identifies the keying module key.

If the caller supplies this parameter, only that keying module will be used for the tunnel. Otherwise, the default keying policy applies.

sd

Type: PSECURITY_DESCRIPTOR

The security information associated with the IPsec tunnel.

Return Value

Type: DWORD

Return code/value Description
ERROR_SUCCESS
0
The IPsec tunnel mode policy was successfully added.
FWP_E_INVALID_PARAMETER
0x80320035
FWPM_TUNNEL_FLAG_POINT_TO_POINT was not set and conditions other than local/remote address were specified.
FWP_E_* error code
0x80320001—0x80320039
A Windows Filtering Platform (WFP) specific error. See WFP Error Codes for details.
RPC_* error code
0x80010001—0x80010122
Failure to communicate with the remote or local firewall engine.

Remarks

This function cannot be called from within a read-only transaction. It will fail with FWP_E_INCOMPATIBLE_TXN. See Object Management for more information about transactions.

Requirements

   
Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Target Platform Windows
Header fwpmu.h
Library Fwpuclnt.lib
DLL Fwpuclnt.dll

See Also

FWPM_FILTER_CONDITION0

FWPM_PROVIDER_CONTEXT1