lookip Plugin


The lookip (lookup by IP) plugin for libcharon provides a fast and simple interface to query specific information about tunnels by the remote peer’s virtual IP address. This allows a gateway administrator to get client information of an IP acting in the protected network.

The plugin is disabled by default and can be enabled with the ./configure option



If the plugin is enabled, it collects information about each virtual IP in a fast data structure.

A UNIX socket allows to query the data structure and receive additional information to this IP, such as outer IP, peer identity and connection name.


The lookip plugin is configured using the following options in the charon.plugins.lookip section of strongswan.conf:

Key Default Description



Socket provided by the lookip plugin. [unix://${piddir}/charon.lkp]

Query Tool

The lookip ipsec utility usually invoked by

/usr/libexec/ipsec/lookip ...

can be used to query the virtual IP database. It can take multiple arguments to run multiple queries. If invoked without arguments, it runs interactively.

Command Description

lookip --dump

Dump all active virtual IPs with associated data

lookip --lookup

Query an entry for a specific virtual IP

lookup --listen-up

Listen for new virtual IP entries

lookup --listen-down

Listen for virtual IP entries disappearing

If one or more of the `listen arguments is used, the tool blocks and prints out notifications for the registered events.

Socket interface

The lookip socket interface definition can be found here: src/libcharon/plugins/lookip/lookip_msg.h.

The lookip tool demonstrating how the interface can be used: src/libcharon/plugins/lookip/lookip.c