Goodbye, IKEv2. Hello, OpenConnect.

VPN options via Mobile Device Management (MDM) are surprisingly limited/fragmented. Since my VPN use case requires MDM, native options were my first choice so I really wanted IKEv2 to work (especially considering L2TP and PPTP are insecure).

IKEv2 has so many things going for it: native support on all major platforms, fast network switching (MOBIKE), strong & fast encryption cipher support, NAT traversal, etc. but the sad reality is vendor implementations are mostly buggy and frustrating.

In terms of alternatives, the official WireGuard app doesn't support MDM for Android; neither do TailScale, NetBird, Outline, StrongSwan, Firezone, or OpenVPN.

In the end, my remaining MDM-compatible options were Cloudflare WARP (WireGuard protocol) or Cisco AnyConnect (SSL/TLS protocol). Both are popular but also proprietary [1][2] and feel a bit "corporate big-brother". 

Enter: OpenConnect.

OpenConnect is a group that produces a number of open source VPN technologies, including ocserv, a fast, AnyConnect-compatible open source VPN server. Installation is a bit complex, but once set up it works like a charm. Bonus: it supports X.509 certificate authentication.