The farp plugin fakes ARP responses for requests to e.g. a virtual IP address assigned to a peer.
To enable the plugin, add
--enable-farpto the ./configure options.
It is available since 4.4.0.
With the plugin enabled the IKEv2 daemon responds to ARP requests for IP addresses in the remote traffic selectors (e.g. virtual IP addresses that were handed out to clients, but could be complete subnets) with its own MAC address.
In combination with the dhcp plugin this plugin lets a road-warrior act as a client on the local LAN of the responder.
The plugin currently only works on Linux (due to its use of
AF/PF_PACKET sockets, see #3498). On other platforms (e.g. FreeBSD or macOS), ARP proxying for virtual IP addresses an be achieved via
arp(8) utility and a vici or updown script.