Thanks Quinn, We will submit enhancement request, but in the mean time we don't want to just wait and let this business opportunity slip through. We see similar enhancement request pending for years without any major progress. Such limitation only exists on iOS platform, which put us in an awkward position where other platforms has the feature ready but we can't deliver them because iOS doesn't support this scenario. So we'd like to further investigate on what we can do based on available APIs. Seems Network Extension is the only way to go, can you help explain what the NEProxySettings of NETunnelNetworkSettings is for? More specifically, if a proxy is configured in NEProxySettings, is it used to proxy VPN traffic? Or it is a proxy inside the private network that traffics are sent to after received by the VPN server?