Multi-platform zero-trust client networking
A large enterprise security provider needed ongoing development across its Windows, macOS, and iOS clients for a software-defined perimeter product. Joya Systems became the team for kernel networking, VPN integration, DNS and UDP fixes, IPSec implementation, and platform updates.
Platforms
- Windows
- macOS
- iOS
Services
- Windows kernel networking
- macOS networking
- iOS Network Extension
- VPN integration
The challenge
The client had to enforce secure access across several operating systems while coexisting with VPN modes, DNS behavior, and platform-specific networking rules. Small defects in this layer can look like random connectivity failures to enterprise users. And because the product shipped continuously across Windows, macOS, and iOS, every change had to land in production without destabilizing the platforms it did not touch.
What we built
On Windows, we worked in the kernel networking path and built client-side IPSec tunnel-mode support for IPv4 and IPv6. The implementation had to fit into the existing client architecture rather than stand alone as a lab feature.
On macOS, we fixed DNS and UDP injection behavior under full-tunnel and split-tunnel VPN configurations. Those cases matter because enterprise customers often run several network security products on the same endpoint.
We also handled SoftEther VPN integration and iOS Network Extension updates as Apple platform requirements changed. The work combined protocol detail with practical release engineering across product versions.
Project outcome
- Kept a production zero-trust client moving forward on Windows, macOS, and iOS through multiple platform releases.
- Resolved the DNS, UDP, and tunnel-coexistence defects that surface as 'random' connectivity failures on real enterprise endpoints.
- Added client-side IPSec (IPv4 and IPv6) integrated into the shipping endpoint client rather than bolted on beside it.
Technical takeaway
Cross-platform security clients fail at the edges: DNS, tunnels, split routing, and platform updates. Those edges need engineers who understand the OS network stack, not just the protocol spec.
Working on something similar?
If your team is building in this area — a driver, kernel module, packet path, file system filter, security sensor, or certification plan — start with a technical conversation, not a sales call. Contact Joya Systems and describe the product, platform, and current state of the code.
Related consulting work
Related case studies
- Kernel network monitoring for an endpoint security sensor
- Cross-platform kernel enforcement for application control
Frequently asked questions
Why do cross-platform VPN and zero-trust clients tend to break on DNS and split tunneling?
Because each OS resolves DNS and routes UDP differently, and enterprise endpoints often run several network products at once. A client that works in the lab can fail when full-tunnel, split-tunnel, and a third-party VPN all touch the same stack. Fixing it means working inside each platform's networking path, which is where we focused.
Can client-side IPSec be added to an existing Windows zero-trust client without a rewrite?
Yes. We added IPSec tunnel-mode support for IPv4 and IPv6 inside the client's existing kernel networking architecture, so it shipped as part of the current product rather than as a separate stack the team had to integrate later.
Case Studies
What our customers say about us?
Read our customer testimonials to find out why our clients keep returning for their projects.
View Testimonials