kernel-iph Plugin

The kernel-iph plugin for libcharon is a networking backend for the Windows platform using the IPHelper API family. It provides address and routing lookup functionality and installs routes for IPsec traffic.

The plugin is disabled by default and can be enabled with the ./configure option

When installing routes for IPsec policies, the backend implicitly enables IP forwarding in the Windows kernel.

The backend does not support installation of virtual IP addresses for IPsec clients. Further, routes get installed to the main routing table, hence IPsec routes can not be excluded from routing lookups for IKE traffic.