Lookip Plugin


The lookip (lookup by IP) plugin provides a fast and simple interface to query specific information about tunnels by the remote peers inner address (virtual IP). This allows a gateway administrator to get client information of an IP acting in the protected network.

The plugin is disabled by default and can be enabled by adding

to the ./configure options.


If the plugin is enabled, it collects information about each virtual IP in a fast data structure.

A UNIX socket allows to query the data structure and receive additional information to this IP, such as outer IP, peer identity and connection name.


The plugin is configured using the following strongswan.conf options:

Key Default Description
charon.plugins.lookip.socket unix://${piddir}/charon.lkp Socket provided by the lookip plugin

Query tool

The lookip ipsec utility, invoked by

ipsec lookip
can be used to query the virtual IP database. It can take multiple arguments to run multiple queries. If invoked without arguments, it runs interactively.

Argument Description
--dump Dump all active virtual IPs with associated data
--lookup Query an entry for a specific virtual IP
--listen-up Listen for new virtual IP entries
--listen-down Listen for virtual IP entries disappearing

If one or more of the listen arguments is used, the tool blocks and prints out notifications for the registered events.

Socket interface

The Socket interface format is defined source:src/libcharon/plugins/lookip/lookip_msg.h. The lookip CLI utility at source:src/libcharon/plugins/lookip/lookip.c is a good starting point to integrate queries in a more comprehensive application.