diff --git a/doc/API/API-Docs.md b/doc/API/API-Docs.md
index b23339ee84..55e28c5db8 100644
--- a/doc/API/API-Docs.md
+++ b/doc/API/API-Docs.md
@@ -30,6 +30,7 @@
         - [`get_devices_by_group`](#api-route-get_devices_by_group)
     - [`routing`](#api-routing)
         - [`list_bgp`](#api-route-1)
+        - [`list_ipsec`](#list_ipsec)
     - [`switching`](#api-switching)
         - [`get_vlans`](#api-route-4)
     - [`alerts`](#api-alerts)
@@ -866,6 +867,43 @@ Output:
 }
 ```
 
+### <a name="list_ipsec">Function: `list_ipsec`</a> [`top`](#top)
+
+List the current IPSec tunnels which are active.
+
+Route: /api/v0/routing/ipsec/data/:hostname
+
+- hostname can be either the device hostname or id
+
+Input:
+
+ -
+
+Example:
+```curl
+curl -H 'X-Auth-Token: YOURAPITOKENHERE' https://librenms.org/api/v0/routing/ipsec/data/localhost
+```
+
+Output:
+```text
+{
+    "status": "ok",
+    "err-msg": "",
+    "count": 0,
+    "ipsec": [
+        "tunnel_id": "1",
+        "device_id": "1",
+        "peer_port": "0",
+        "peer_addr": "127.0.0.1",
+        "local_addr": "127.0.0.2",
+        "local_port": "0",
+        "tunnel_name": "",
+        "tunnel_status": "active"
+    ]
+}
+```
+> Please note, this will only show active VPN sessions not all configured.
+
 ## <a name="api-switching">`Switching`</a> [`top`](#top)
 
 ### <a name="api-route-4">Function: `get_vlans`</a> [`top`](#top)
diff --git a/html/api_v0.php b/html/api_v0.php
index 3ca6dc0ad4..021cbb327c 100644
--- a/html/api_v0.php
+++ b/html/api_v0.php
@@ -128,6 +128,19 @@ $app->group(
                     }
                 );
                 // End Inventory
+                // Routing section
+                $app->group(
+                    '/routing',
+                    function () use ($app) {
+                        $app->group(
+                            '/ipsec',
+                            function () use ($app) {
+                                $app->get('/data/:hostname', 'authToken', 'list_ipsec')->name('list_ipsec');
+                            }
+                        );
+                    }
+                );
+		// End Routing
             }
         );
         $app->get('/v0', 'authToken', 'show_endpoints');
diff --git a/html/includes/api_functions.inc.php b/html/includes/api_functions.inc.php
index 9a26298909..40c64a9bca 100644
--- a/html/includes/api_functions.inc.php
+++ b/html/includes/api_functions.inc.php
@@ -1288,3 +1288,33 @@ function get_devices_by_group() {
     echo _json_encode($output);
 
 }
+
+function list_ipsec() {
+    $app      = \Slim\Slim::getInstance();
+    $router   = $app->router()->getCurrentRoute()->getParams();
+    $status   = 'error';
+    $code     = 404;
+    $message  = '';
+    $hostname = $router['hostname'];
+    // use hostname as device_id if it's all digits
+    $device_id = ctype_digit($hostname) ? $hostname : getidbyname($hostname);
+    if (!is_numeric($device_id)) {
+        $message = "No valid hostname or device ID provided";
+    }
+    else {
+        $ipsec  = dbFetchRows("SELECT `D`.`hostname`, `I`.* FROM `ipsec_tunnels` AS `I`, `devices` AS `D` WHERE `I`.`device_id`=? `D`.`device_id` = `I`.`device_id`", array($device_id));
+        $total  = count($ipsec);
+        $status = 'ok';
+        $code   = 200;
+    }
+
+    $output  = array(
+        'status'  => $status,
+        'err-msg' => $message,
+        'count'   => $total,
+        'ipsec'  => $ipsec,
+    );
+    $app->response->setStatus($code);
+    $app->response->headers->set('Content-Type', 'application/json');
+    echo _json_encode($output);
+}