The farp plugin fakes ARP responses for requests to e.g. a virtual IP address assigned to a peer.
To enable the plugin, add
--enable-farpto the ./configure options.
It is available since 4.4.0.
With the plugin enabled the IKEv2 daemon responds to ARP requests for IP addresses in the remote traffic selectors (e.g. virtual IP addresses that were handed out to clients, but could be complete subnets) with its own MAC address.
In combination with the dhcp plugin this plugin lets a road-warrior act as a client on the local LAN of the responder.
Since 5.9.2, the plugin also works on macOS and FreeBSD. That wasn't the case for previous versions due to the implementation relying on
AF/PF_PACKET sockets only. If you use such a version or don't have the plugin available for other reasons, ARP proxying for virtual IP addresses an be achieved via
arp(8) utility and a vici or updown script.