I did it!
You can not believe the simple little errors you pick up when you start checking every last number that is generated. My seq+ack formula was correct but it turns out the ntohl (uint32) function I used was bogus. .NET has NetworkToHostOrder functions but they dont work with UINT types (VB.NET) so I had to use a custom bit swap function to do the job. That function was all wrong!
All of this works 100% in listen mode now. I can reset server to which request was sent and display custom page.
Now all I need is to figure out why it does not work in tunnel mode. I have an idea about this though. I think in tunnel mode the packet is stopped before syn ack ack handshaking so server can’t respond to reset request.
Any ideas?