When NEVPNProtocol property is updated by the server such that the username & password isn't valid anymore, is there a way we can handle this?
Lets say if we turn on onDemandEnabled flag for NEVPNManager, and when the server invalidates the credential (since the user has been blacklisted), is there a way we can toggle this programmatically? From the end user's experience perspective, the user would wait for a long time to fail webpage loading. Background fetch using a timer might not work if the app is killed.
Other than using push notifications, is there a better way to solve this issue?
I didn't try it myself, but what you should do is when you configure your VPN and set the onDemandEnabled, you need to define the onDemandRules.
There you have NEOnDemandRuleDisconnect, which will prevent your VPN from starting, and will disconnect it if it's already active.
This way even if your VPN is active, you will use it only when the rules still applies.
Edit: you can also use onDemandRule - probeURL . With this, before any activation of your VPN, it will send a request to a server of your choice. The server will return an answer if you should use your VPN or not.