From 3849bb961a64bd042468f6b098e3474c6faf8b75 Mon Sep 17 00:00:00 2001
From: Dallas Brooks <47010213+dallasbrooks@users.noreply.github.com>
Date: Wed, 5 Nov 2025 11:02:25 -0800
Subject: [PATCH] add ipsec P2S flag

Added 'IPSEC_POLICY_FLAG_POINT_TO_SITE_TUNNEL' keyword and updated keywords list.
---
 .../ns-ipsectypes-ipsec_tunnel_policy2.md          | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/sdk-api-src/content/ipsectypes/ns-ipsectypes-ipsec_tunnel_policy2.md b/sdk-api-src/content/ipsectypes/ns-ipsectypes-ipsec_tunnel_policy2.md
index 1a9005ccd60b..d566121417b9 100644
--- a/sdk-api-src/content/ipsectypes/ns-ipsectypes-ipsec_tunnel_policy2.md
+++ b/sdk-api-src/content/ipsectypes/ns-ipsectypes-ipsec_tunnel_policy2.md
@@ -2,12 +2,12 @@
 UID: NS:ipsectypes.IPSEC_TUNNEL_POLICY2_
 title: IPSEC_TUNNEL_POLICY2 (ipsectypes.h)
 description: Stores the quick mode negotiation policy for tunnel mode IPsec. (IPSEC_TUNNEL_POLICY2)
-helpviewer_keywords: ["IPSEC_POLICY_FLAG_CLEAR_DF_ON_TUNNEL","IPSEC_POLICY_FLAG_DONT_NEGOTIATE_BYTE_LIFETIME","IPSEC_POLICY_FLAG_DONT_NEGOTIATE_SECOND_LIFETIME","IPSEC_POLICY_FLAG_ENABLE_SERVER_ADDR_ASSIGNMENT","IPSEC_POLICY_FLAG_ENABLE_V6_IN_V4_TUNNELING","IPSEC_POLICY_FLAG_KEY_MANAGER_ALLOW_DICTATE_KEY","IPSEC_POLICY_FLAG_KEY_MANAGER_ALLOW_NOTIFY_KEY","IPSEC_POLICY_FLAG_ND_BOUNDARY","IPSEC_POLICY_FLAG_ND_SECURE","IPSEC_POLICY_FLAG_TUNNEL_ALLOW_OUTBOUND_CLEAR_CONNECTION","IPSEC_POLICY_FLAG_TUNNEL_BYPASS_ALREADY_SECURE_CONNECTION","IPSEC_POLICY_FLAG_TUNNEL_BYPASS_ICMPV6","IPSEC_TUNNEL_POLICY2","IPSEC_TUNNEL_POLICY2 structure [Filtering]","fwp.ipsec_tunnel_policy2","ipsectypes/IPSEC_TUNNEL_POLICY2"]
+helpviewer_keywords: ["IPSEC_POLICY_FLAG_CLEAR_DF_ON_TUNNEL","IPSEC_POLICY_FLAG_DONT_NEGOTIATE_BYTE_LIFETIME","IPSEC_POLICY_FLAG_DONT_NEGOTIATE_SECOND_LIFETIME","IPSEC_POLICY_FLAG_ENABLE_SERVER_ADDR_ASSIGNMENT","IPSEC_POLICY_FLAG_ENABLE_V6_IN_V4_TUNNELING","IPSEC_POLICY_FLAG_KEY_MANAGER_ALLOW_DICTATE_KEY","IPSEC_POLICY_FLAG_KEY_MANAGER_ALLOW_NOTIFY_KEY","IPSEC_POLICY_FLAG_ND_BOUNDARY","IPSEC_POLICY_FLAG_ND_SECURE","IPSEC_POLICY_FLAG_TUNNEL_ALLOW_OUTBOUND_CLEAR_CONNECTION","IPSEC_POLICY_FLAG_TUNNEL_BYPASS_ALREADY_SECURE_CONNECTION","IPSEC_POLICY_FLAG_TUNNEL_BYPASS_ICMPV6","IPSEC_TUNNEL_POLICY2","IPSEC_TUNNEL_POLICY2 structure [Filtering]","fwp.ipsec_tunnel_policy2","ipsectypes/IPSEC_TUNNEL_POLICY2","IPSEC_POLICY_FLAG_POINT_TO_SITE_TUNNEL"]
 old-location: fwp\ipsec_tunnel_policy2.htm
 tech.root: fwp
 ms.assetid: a633505d-86ec-42ba-bb4c-3f61e8768eab
 ms.date: 12/05/2018
-ms.keywords: IPSEC_POLICY_FLAG_CLEAR_DF_ON_TUNNEL, IPSEC_POLICY_FLAG_DONT_NEGOTIATE_BYTE_LIFETIME, IPSEC_POLICY_FLAG_DONT_NEGOTIATE_SECOND_LIFETIME, IPSEC_POLICY_FLAG_ENABLE_SERVER_ADDR_ASSIGNMENT, IPSEC_POLICY_FLAG_ENABLE_V6_IN_V4_TUNNELING, IPSEC_POLICY_FLAG_KEY_MANAGER_ALLOW_DICTATE_KEY, IPSEC_POLICY_FLAG_KEY_MANAGER_ALLOW_NOTIFY_KEY, IPSEC_POLICY_FLAG_ND_BOUNDARY, IPSEC_POLICY_FLAG_ND_SECURE, IPSEC_POLICY_FLAG_TUNNEL_ALLOW_OUTBOUND_CLEAR_CONNECTION, IPSEC_POLICY_FLAG_TUNNEL_BYPASS_ALREADY_SECURE_CONNECTION, IPSEC_POLICY_FLAG_TUNNEL_BYPASS_ICMPV6, IPSEC_TUNNEL_POLICY2, IPSEC_TUNNEL_POLICY2 structure [Filtering], fwp.ipsec_tunnel_policy2, ipsectypes/IPSEC_TUNNEL_POLICY2
+ms.keywords: IPSEC_POLICY_FLAG_CLEAR_DF_ON_TUNNEL, IPSEC_POLICY_FLAG_DONT_NEGOTIATE_BYTE_LIFETIME, IPSEC_POLICY_FLAG_DONT_NEGOTIATE_SECOND_LIFETIME, IPSEC_POLICY_FLAG_ENABLE_SERVER_ADDR_ASSIGNMENT, IPSEC_POLICY_FLAG_ENABLE_V6_IN_V4_TUNNELING, IPSEC_POLICY_FLAG_KEY_MANAGER_ALLOW_DICTATE_KEY, IPSEC_POLICY_FLAG_KEY_MANAGER_ALLOW_NOTIFY_KEY, IPSEC_POLICY_FLAG_ND_BOUNDARY, IPSEC_POLICY_FLAG_ND_SECURE, IPSEC_POLICY_FLAG_TUNNEL_ALLOW_OUTBOUND_CLEAR_CONNECTION, IPSEC_POLICY_FLAG_TUNNEL_BYPASS_ALREADY_SECURE_CONNECTION, IPSEC_POLICY_FLAG_TUNNEL_BYPASS_ICMPV6, IPSEC_TUNNEL_POLICY2, IPSEC_TUNNEL_POLICY2 structure [Filtering], fwp.ipsec_tunnel_policy2, ipsectypes/IPSEC_TUNNEL_POLICY2, IPSEC_POLICY_FLAG_POINT_TO_SITE_TUNNEL
 req.header: ipsectypes.h
 req.include-header: 
 req.target-type: Windows
@@ -188,6 +188,16 @@ Allow key dictation for quick mode policy. Applicable only for AuthIP policy.
 <td width="60%">
 Allow key notification for quick mode policy. Applicable for AuthIP/IKE/IKEv2 policy.
 
+</td>
+</tr></tr>
+<tr>
+<td width="40%"><a id="IPSEC_POLICY_FLAG_POINT_TO_SITE_TUNNEL"></a><a id="ipsec_policy_flag_point_to_site_tunnel"></a><dl>
+<dt><b>IPSEC_POLICY_FLAG_POINT_TO_SITE_TUNNEL</b></dt>
+</dl>
+</td>
+<td width="60%">
+Specifies that the IPsec policy is for Point-to-Site VPN tunnels, used by individual clients connecting to a virtual network.
+
 </td>
 </tr>
 </table>