Computer networks

How to organize symmetric TCP/IP encryption?

Greetings!
There is a certain device - the server which listens to TCP port. And there is a certain client that connects to this server. The client and the server exchange information using a certain protocol, like a modem - with ASCII control characters and other charms. The task is set as follows - a 3DES or RSA key is uploaded to the server and the client, and encryption of the network connection is organized. It must be transparent for the client and server software, that is, they must receive already decrypted data, since the process of receiving messages relies on STX, ETX bytes, etc., so receiving garbage and decrypting it using the software itself is not an option. Nothing but a VPN comes to my mind, since I am not familiar with other methods. Perhaps someone will tell how to organize exactly symmetric encryption with pre-issued network connection keys so that it does not affect the operation of the server and client software. Maybe I'm just not familiar with some technology. And yet - it will be cross-platform. The server and client can run on almost any operating system. that is, this encryption should, as it were, supplement the description of the data exchange protocol itself. Something like this. I ask the help of the competent community!