The kernel-iph plugin is a networking backend for the Windows platform using the IPHelper API family. It provides address and routing lookup functionality and installs routes for IPsec traffic.
The plugin is disabled by default and can be enabled for Windows builds by adding
--enable-kernel-iphto the ./configure options.
The plugin has been introduced in strongSwan 5.2.0.
When installing routes for IPsec policies, the backend implicitly enables IP forwarding in the Windows kernel.
As of 5.2.0, the backend does not support installation of virtual IPs for IPsec clients. Further, routes get installed to the main routing table, hence IPsec routes can not be excluded from routing lookups for IKE traffic.