diff --git a/doc/API/API-Docs.md b/doc/API/API-Docs.md
index b23339ee84..55e28c5db8 100644
--- a/doc/API/API-Docs.md
+++ b/doc/API/API-Docs.md
@@ -30,6 +30,7 @@
- [`get_devices_by_group`](#api-route-get_devices_by_group)
- [`routing`](#api-routing)
- [`list_bgp`](#api-route-1)
+ - [`list_ipsec`](#list_ipsec)
- [`switching`](#api-switching)
- [`get_vlans`](#api-route-4)
- [`alerts`](#api-alerts)
@@ -866,6 +867,43 @@ Output:
}
```
+### Function: `list_ipsec` [`top`](#top)
+
+List the current IPSec tunnels which are active.
+
+Route: /api/v0/routing/ipsec/data/:hostname
+
+- hostname can be either the device hostname or id
+
+Input:
+
+ -
+
+Example:
+```curl
+curl -H 'X-Auth-Token: YOURAPITOKENHERE' https://librenms.org/api/v0/routing/ipsec/data/localhost
+```
+
+Output:
+```text
+{
+ "status": "ok",
+ "err-msg": "",
+ "count": 0,
+ "ipsec": [
+ "tunnel_id": "1",
+ "device_id": "1",
+ "peer_port": "0",
+ "peer_addr": "127.0.0.1",
+ "local_addr": "127.0.0.2",
+ "local_port": "0",
+ "tunnel_name": "",
+ "tunnel_status": "active"
+ ]
+}
+```
+> Please note, this will only show active VPN sessions not all configured.
+
## `Switching` [`top`](#top)
### Function: `get_vlans` [`top`](#top)
diff --git a/html/api_v0.php b/html/api_v0.php
index 3ca6dc0ad4..021cbb327c 100644
--- a/html/api_v0.php
+++ b/html/api_v0.php
@@ -128,6 +128,19 @@ $app->group(
}
);
// End Inventory
+ // Routing section
+ $app->group(
+ '/routing',
+ function () use ($app) {
+ $app->group(
+ '/ipsec',
+ function () use ($app) {
+ $app->get('/data/:hostname', 'authToken', 'list_ipsec')->name('list_ipsec');
+ }
+ );
+ }
+ );
+ // End Routing
}
);
$app->get('/v0', 'authToken', 'show_endpoints');
diff --git a/html/includes/api_functions.inc.php b/html/includes/api_functions.inc.php
index 9a26298909..40c64a9bca 100644
--- a/html/includes/api_functions.inc.php
+++ b/html/includes/api_functions.inc.php
@@ -1288,3 +1288,33 @@ function get_devices_by_group() {
echo _json_encode($output);
}
+
+function list_ipsec() {
+ $app = \Slim\Slim::getInstance();
+ $router = $app->router()->getCurrentRoute()->getParams();
+ $status = 'error';
+ $code = 404;
+ $message = '';
+ $hostname = $router['hostname'];
+ // use hostname as device_id if it's all digits
+ $device_id = ctype_digit($hostname) ? $hostname : getidbyname($hostname);
+ if (!is_numeric($device_id)) {
+ $message = "No valid hostname or device ID provided";
+ }
+ else {
+ $ipsec = dbFetchRows("SELECT `D`.`hostname`, `I`.* FROM `ipsec_tunnels` AS `I`, `devices` AS `D` WHERE `I`.`device_id`=? `D`.`device_id` = `I`.`device_id`", array($device_id));
+ $total = count($ipsec);
+ $status = 'ok';
+ $code = 200;
+ }
+
+ $output = array(
+ 'status' => $status,
+ 'err-msg' => $message,
+ 'count' => $total,
+ 'ipsec' => $ipsec,
+ );
+ $app->response->setStatus($code);
+ $app->response->headers->set('Content-Type', 'application/json');
+ echo _json_encode($output);
+}