HI, We faced an issue where the NEAppProxyProvider based per-app VPN fails to connect when device is enrolled in the User Enrollment mode. This occurs as NEAppProxyProvider can not lookup the client TLS identity based on the persistence reference passed in VPN profile. We are using following code to get the client identity and certificate from the VPN configuration persistence reference and the lookup fails with "-25300" status.
NSDictionary *dict = @{
(__bridge id)kSecClass: (__bridge id)kSecClassIdentity,
(__bridge id)kSecReturnRef: (id)kCFBooleanTrue,
(__bridge id)kSecValuePersistentRef: persistantIdentityRef
};
CFTypeRef identityRef = NULL;
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)dict, &identityRef);
Same logic works fine in Device Enrollment mode.
Anyone faced the similar issue or is this bug on iOS side?