Hi Matt,I'm implementing a VPN client for the OpenConnect VPN server. The protocol requires creating a TCP connection for the initial handshake and configuration and a secondary UDP connection for sending packets. The client receives an id from the TCP connection and is required to set it as the TLS session id on the UDP connection. The server uses this to associate the two connections as being from the same client.If there's no way to set the TLS session id using the Network framework, I'm going to have to resort to using OpenSSL and sockets :-(. I'd much rather rely on Apple's DTLS implementation than using a third party which may have bugs and/or security vulnerabilities. Thank you.

Unfortunately that's not an option for us. The OpenConnect VPN server is open source so although it is technically possible to create a custom version of the server, the client needs to work with the out-of-the-box OpenConnect server.Thank you.

Hi Matt, Yes. I'm using our Packet Tunnel Provider with MDM to assign the VPN to specific apps. We want to have some traffic in that app go over the VPN, and other traffic to go directly to the internet. I have tried setting includedRoutes and/or excludedRoutes but all traffic is going over the VPN. Using the same routes with device wide VPN works. Thanks

Hi Matt, I this is what I tried: 1) Device wide VPN with no includedRoutes or excludeRoutes set. All traffic goes over the VPN as expected. 2) Device wide VPN with a single IP address in includedRoutes. Only traffic for that single IP address does over the VPN as expected. 3) Per-app VPN with no includedRoutes or excludeRoutes set. All traffic for the targeted app goes over the VPN as expected. 4) Per-app VPN with a single IP address in includedRoutes. All traffic for the targeted app goes over the VPN. This is not expected. Thanks.