locked
Problem Adding IPSEC Tunnel RRS feed

  • Question

  • When I call FwpmIPsecTunnelAdd1, it returns FWP_E_OUT_OF_BOUNDS. I am not sure which integer value could be out of bounds. Below are the contents of the arguments being passed to it.

    engineHandle = some valid handle

    flags = FWPM_TUNNEL_FLAG_POINT_TO_POINT

    mainModePolicy =

        FWPM_PROVIDER_CONTEXT1_ *
     -providerContextKey {GUID_NULL} _GUID
     -displayData FWPM_DISPLAY_DATA0_
      -name 0x00c04074 "IKE CONTEXT" unsigned short *
      -description 0x00000000 <Bad Ptr> unsigned short *
     -flags 0x00000000
     -providerKey 0x00c041b0 ProviderKey {AABBCCDD-EEFF-AABB-CCDD-EEFFAABBCC00} _GUID *
     -providerData FWP_BYTE_BLOB_
      -size 0x00000000 unsigned int
      -data 0x00000000 <Bad Ptr> unsigned char *
     -type FWPM_IPSEC_IKE_MM_CONTEXT FWPM_PROVIDER_CONTEXT_TYPE_
     -authIpMmPolicy  IKEEXT_POLICY1_*
      -softExpirationTime 0x00000000 unsigned int
      -numAuthenticationMethods 0x00000001 unsigned int
      -authenticationMethods 
       -authenticationMethodType IKEEXT_PRESHARED_KEY IKEEXT_AUTHENTICATION_METHOD_TYPE_
       -presharedKeyAuthentication
        -presharedKey 
         -size 0x0000000e unsigned int
         -data 0x00370434 "NÀ¢-þÓòoS-,'S" unsigned char *
        -flags 0x00000000 unsigned int
      -initiatorImpersonationType IKEEXT_IMPERSONATION_NONE IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE_
      -numIkeProposals 0x00000001 unsigned int
      -ikeProposals  IKEEXT_PROPOSAL0_*
       -cipherAlgorithm
        -algoIdentifier IKEEXT_CIPHER_AES_128 IKEEXT_CIPHER_TYPE_
        -keyLen 0x00000000 unsigned int
        -rounds 0x00000000 unsigned int
       -integrityAlgorithm
        -algoIdentifier IKEEXT_INTEGRITY_SHA1 IKEEXT_INTEGRITY_TYPE_
       -maxLifetimeSeconds 0x00000000 unsigned int
       -dhGroup IKEEXT_DH_GROUP_2 IKEEXT_DH_GROUP_
       -quickModeLimit 0x00000000 unsigned int
       -flags 0x00000000 unsigned int
       -maxDynamicFilters 0x00000000 unsigned int
       -retransmitDurationSecs 0x00000078 unsigned int
     -providerContextId 0x0000000000000000 unsigned __int64

    tunnelPolicy=

        FWPM_PROVIDER_CONTEXT1_*
     -providerContextKey {GUID_NULL} _GUID
     -displayData FWPM_DISPLAY_DATA0_
      -name 0x00c0409c "IPSEC CONTEXT" unsigned short *
      -description 0x00000000 <Bad Ptr> unsigned short *
     -flags 0x00000000 unsigned int
     -providerKey 0x00c041b0 ProviderKey {AABBCCDD-EEFF-AABB-CCDD-EEFFAABBCC00} _GUID *
     -providerData FWP_BYTE_BLOB_
      -size 0x00000000 unsigned int
      -data 0x00000000 <Bad Ptr> unsigned char *
     -type FWPM_IPSEC_IKE_QM_TUNNEL_CONTEXT FWPM_PROVIDER_CONTEXT_TYPE_
     -ikeQmTunnelPolicy IPSEC_TUNNEL_POLICY1_ *
      -flags 0x00000000 unsigned int
      -numIpsecProposals 0x00000001 unsigned int
      -ipsecProposals  IPSEC_PROPOSAL0_ *
       -lifetime {lifetimeSeconds=0xffffffff lifetimeKilobytes=0x000186a0 lifetimePackets=0x7fffffff } IPSEC_SA_LIFETIME0_
       -numSaTransforms 0x00000001 unsigned int
       -saTransforms 0x00ff39c8 {ipsecTransformType=IPSEC_TRANSFORM_ESP_AUTH_AND_CIPHER ahTransform=0x00ff3dd0 espAuthTransform=0x00ff3dd0 ...} IPSEC_SA_TRANSFORM0_ *
        -ipsecTransformType IPSEC_TRANSFORM_ESP_AUTH_AND_CIPHER IPSEC_TRANSFORM_TYPE_
        -espAuthAndCipherTransform IPSEC_AUTH_AND_CIPHER_TRANSFORM0_ *
         -authTransform IPSEC_AUTH_TRANSFORM0_
          -authTransformId {authType=IPSEC_AUTH_SHA_1 authConfig='' } IPSEC_AUTH_TRANSFORM_ID0_
          -cryptoModuleId 0x00000000 {????????-????-????-????-????????????} _GUID *
         -cipherTransform IPSEC_CIPHER_TRANSFORM0_
          -cipherTransformId {cipherType=IPSEC_CIPHER_TYPE_AES_128 cipherConfig='' } IPSEC_CIPHER_TRANSFORM_ID0_
          -cryptoModuleId 0x00000000 {????????-????-????-????-????????????} _GUID *
      -tunnelEndpoints IPSEC_TUNNEL_ENDPOINTS1_
       -ipVersion FWP_IP_VERSION_V4 FWP_IP_VERSION_
       -localV4Address 0xd8b12997 unsigned int
       -remoteV4Address 0xfefefe00 unsigned int
       -localIfLuid 0x0000000000000000 unsigned __int64
      -saIdleTimeout {idleTimeoutSeconds=0x0000012c idleTimeoutSecondsFailOver=0x0000003c } IPSEC_SA_IDLE_TIMEOUT0_
      -emPolicy 0x00000000 {numAuthenticationMethods=??? authenticationMethods=??? initiatorImpersonationType=??? } IKEEXT_EM_POLICY1_ *
     -providerContextId 0x0000000000000000 unsigned __int64

    numFilterConditions = 2

    filterConditions =

        FWPM_FILTER_CONDITION0_ [2]
     -[0x0] FWPM_FILTER_CONDITION0_
      -fieldKey {D9EE00DE-C1EF-4617-BFE3-FFD8F5A08957} _GUID
      -matchType FWP_MATCH_EQUAL FWP_MATCH_TYPE_
      -conditionValue FWP_CONDITION_VALUE0_
       -type FWP_UINT32 FWP_DATA_TYPE_
       -uint32 0xd8b12997 unsigned int
     -[0x1] FWPM_FILTER_CONDITION0_
      -fieldKey {B235AE9A-1D64-49B8-A44C-5FF3D9095045} _GUID
      -matchType FWP_MATCH_EQUAL FWP_MATCH_TYPE_
      -conditionValue FWP_CONDITION_VALUE0_
       -type FWP_UINT32 FWP_DATA_TYPE_
       -uint32 0xfefefe00 unsigned int

    keyModKey = NULL
    sd = NULL

    Friday, February 24, 2012 5:18 PM

Answers

  • maxLifetimeSeconds  needs to be between 1 - 172799

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Saturday, February 25, 2012 12:49 AM
    Moderator