For the requested stack, zero or more records are returned representing manual IP tunnels. Tunnels are presented in an unordered sequence. Each record returned contains two sections:

• The NMsecIPTunnel section describes the basic properties of an IP tunnel. This section contains the following data.
  Note: This structure is reused for dynamic tunnels, so some possible field values are applicable only to dynamic tunnels.

  Table 1. NMsecIPTunnel structure

  Field	Offset	Length	Format	Description
  NMsIPTunID	0	48 bytes	EBCDIC	Tunnel ID
  NMsIPTunVPNAction	48	48 bytes	EBCDIC	Tunnel VPN action name
  NMsIPTunFlagIPv6	96, bit 0	1 bit	Binary	IPv6 indicator. If set, security endpoint and data endpoint addresses are IPv6; otherwise they are IPv4
  NMsIPTunFIPS140	96, bit 1	1 bit	Binary	FIPS 140 mode indicator. If this field is set, cryptographic operations for this tunnel are performed using cryptographic algorithms and modules that are designed to meet the FIPS 140 requirements; otherwise, cryptographic algorithms and modules that do not meet the FIPS 140 requirements might be used.
  NMsIPTunRsvd1	96, bit 2	30 bits	Binary	Reserved bits.
  NMsIPTunType	100	1 byte	Binary	Tunnel type. The field can have one of the following values: NMsec_IPTUN_MANUAL (1) Manual IP tunnel NMsec_IPTUN_STACK (2) Dynamic IP tunnel, as known to the TCP/IP stack NMsec_IPTUN_IKE (3) Dynamic IP tunnel, as known to IKE
  NMsIPTunState	101	1 byte	Binary	Tunnel state. The field can have one of the following values: NMsec_SASTATE_INACTIVE (1) Manual tunnel inactive NMsec_SASTATE_PENDING (2) Dynamic tunnel is awaiting negotiation NMsec_SASTATE_INCOMPLETE (3) Dynamic tunnel is in negotiation NMsec_SASTATE_ACTIVE (4) Manual or dynamic tunnel is active NMsec_SASTATE_EXPIRED (5) Dynamic tunnel is expired NMsec_SASTATE_HALF_CLOSED (6) Dynamic tunnel is no longer being used by the local endpoint but the delete process has not been acknowledged by the remote endpoint. Applies to IKEv2 tunnels only.
  NMsIPTunRsvd2	102	2 bytes	Binary	Reserved
  NMsIPTunLclEndpt4	104	4 bytes	Binary	If this is an IPv4 tunnel, this field is the local security endpoint address
  NMsIPTunLclEndpt6	104	16 bytes	Binary	If this is an IPv6 tunnel, this field is the local security endpoint address
  NMsIPTunRmtEndpt4	120	4 bytes	Binary	If this is an IPv4 tunnel, this field is the remote security endpoint address
  NMsIPTunRmtEndpt6	120	16 bytes	Binary	If this is an IPv6 tunnel, this field is the remote security endpoint address
  NMsIPTunEncapMode	136	1 byte	Binary	Tunnel encapsulation mode. The field can have one of the following values: NMsec_IPTUN_TUNNELMODE (1) NMsec_IPTUN_TRANSPORTMODE (2) This field is not defined if the tunnel state is NMsec_SASTATE_PENDING or NMsec_SASTATE_INCOMPLETE.
  NMsIPTunAuthProto	137	1 byte	Binary	Tunnel authentication protocol. The field can have one of the following values: IPPROTO_AH (51) IPPROTO_ESP (50) This field is not defined if the tunnel state is NMsec_SASTATE_PENDING or NMsec_SASTATE_INCOMPLETE.
  NMsIPTunAuthAlg	138	1 byte	Binary	Tunnel authentication algorithm. This field is not defined if the tunnel state is NMsec_SASTATE_PENDING or NMsec_SASTATE_INCOMPLETE. The NMsIPTunAuthAlg field can have one of the following values: NMsec_AUTH_NULL (0) The tunnel uses NULL authentication, or obtains authentication using a combined-mode encryption algorithm. Also see the definition of the NMsIPTunEncryptAlg field. NMsec_AUTH_HMAC_MD5 (38) The tunnel uses HMAC-MD5 authentication with Integrity Check Value (ICV) truncation to 96 bits. NMsec_AUTH_HMAC_SHA1 (39) The tunnel uses HMAC-SHA1 authentication with ICV truncation to 96 bits. NMsec_AUTH_HMAC_SHA2_256_128 (7) The tunnel uses HMAC-SHA2-256 authentication with ICV truncation to 128 bits. NMsec_AUTH_HMAC_SHA2_384_192 (13) The tunnel uses HMAC-SHA2-384 authentication with ICV truncation to 192 bits. NMsec_AUTH_HMAC_SHA2_512_256 (14) The tunnel uses HMAC-SHA2-512 authentication with ICV truncation to 256 bits. NMsec_AUTH_AES128_XCBC_96 (9) The tunnel uses AES128-XCBC authentication with ICV truncation to 96 bits. NMsec_AUTH_AES_GMAC_128 (4) The tunnel uses AES-GMAC authentication with a key length of 128 bits. NMsec_AUTH_AES_GMAC_256 (6) The tunnel uses AES-GMAC authentication with a key length of 256 bits.
  NMsIPTunEncryptAlg	139	1 byte	Binary	Tunnel encryption algorithm. This field is not defined if the tunnel state is NMsec_SASTATE_PENDING or NMsec_SASTATE_INCOMPLETE. The NMsIPTunEncryptAlg field can have one of the following values: NMsec_ENCR_NONE (0) NMsec_ENCR_NULL (11) NMsec_ENCR_DES (18) NMsec_ENCR_3DES (3) NMsec_ENCR_AES_CBC (12) AES encryption algorithm in Cipher Block Chaining (CBC) mode. Also see the definition of the NMsIPTunEncryptKeyLength field, which identifies the key length in use. NMsec_ENCR_AES_GCM_16 (20) AES encryption algorithm in Galois/Counter Mode (GCM) using a 16-octet IV. Also see the definition of the NMsIPTunEncryptKeyLength field, which identifies the key length in use.
  NMsIPTunInbAuthSPI	140	4 bytes	Binary	Tunnel inbound authentication SPI. This field is not defined if the tunnel state is NMsec_SASTATE_PENDING or NMsec_SASTATE_INCOMPLETE.
  NMsIPTunOutbAuthSPI	144	4 bytes	Binary	Tunnel outbound authentication SPI. This field is not defined if the tunnel state is NMsec_SASTATE_PENDING or NMsec_SASTATE_INCOMPLETE.
  NMsIPTunInbEncryptSPI	148	4 bytes	Binary	Tunnel inbound encryption SPI. This field is not defined if the tunnel state is NMsec_SASTATE_PENDING or NMsec_SASTATE_INCOMPLETE.
  NMsIPTunOutbEncryptSPI	152	4 bytes	Binary	Tunnel outbound encryption SPI. This field is not defined if the tunnel state is NMsec_SASTATE_PENDING or NMsec_SASTATE_INCOMPLETE.
  NMsIPTunStartTime	156	4 bytes	Binary	Tunnel start time. Indicates the time at which the tunnel was activated or refreshed, in UNIX format.
  NMsIPTunEncryptKeyLength	160	4 bytes	Binary	Encryption key length, in bits for variable-length algorithms. This value is 0 for encryption algorithms that have a fixed key length, such as DES and 3DES, and is a nonzero value for encryption algorithms that have a variable key length, such as AES-CBC and AES-GCM. Result: Example values are 128 and 256.

• The NMsecIPManualTunnel section describes the attributes that are specific to a manual IP tunnel. This section contains the following data.

  Table 2. NMsecIPManualTunnel structure

  Field	Offset	Length	Format	Description
  NMsIPManTunOutPkt	0	8 bytes	Binary	Outbound packet count for this tunnel
  NMsIPManTunInPkt	8	8 bytes	Binary	Inbound packet count for this tunnel
  NMsIPManTunOutBytes	16	8 bytes	Binary	Outbound byte count for this tunnel, representing the number of outbound data bytes protected by the tunnel
  NMsIPManTunInBytes	24	8 bytes	Binary	Inbound byte count for this tunnel, representing the number of inbound data bytes protected by the tunnel
  NMsIPManTunClearDF	32, bit 0	1 bit	Binary	Don't-fragment bit clear indicator. If this bit is set, the IPv4 tunnel mode tunnel clears the DF bit in the outer IP header. If neither the NMsIPManTunClearDF or NMsIPManTunSetDF value is set, the IPv4 tunnel mode tunnel passes through the DF bit from the inner IP header to the outer IP header. This field is not applicable and is always 0 for IPv6 or transport mode tunnels.
  NMsIPManTunSetDF	32, bit 1	1 bit	Binary	Don't-fragment bit set indicator. If this bit is set, IPv4 the tunnel mode tunnel sets the DF bit in the outer IP header. If neither the NMsIPManTunClearDF or NMsIPManTunSetDF value is set, the IPv4 tunnel mode tunnel passes the DF bit through from the inner IP header to the outer IP header. This field is not applicable and is always 0 for IPv6 or transport mode tunnels.
  NMsIPManTunClearDSCP	32, bit 2	1 bit	Binary	DSCP clear indicator. If this bit is set, tunnel mode tunnel clears the DSCP bit in the outer IP header. If the value of this bit is 0, the tunnel mode tunnel copies the DSCP field from the inner IP header to the outer IP header. This field is not applicable is always 0 for transport mode tunnels.
  NMsIPManTunRsvd1	32, bit 3	29 bits	Binary	Reserved bits