feat!: native F5 VPN backend; remove openconnect (v2.0.0)#19
Merged
Conversation
BREAKING CHANGE: akon is now a native, in-process F5 BIG-IP SSL VPN client (pure Rust). The openconnect delegation is removed entirely. - Native F5 protocol stack behind a backend-agnostic VpnBackend boundary: framing (encap + HDLC/FCS16), PPP (LCP/IPCP/IP6CP), HTTP auth + XML config, TLS transport, and orchestration — validated test-first against an in-memory test-actors framework and byte-exact wire vectors (specs 005 + 006). - Rootless runtime: in-process netlink for TUN/address/route setup; akon runs as the user with a `cap_net_admin+ep` file capability (no sudo, no child ip). - Guaranteed host restore: `akon vpn off` replays a persisted teardown plan (tun, server-pin route, rp_filter, DNS), idempotent even after a crash. - In-process health-checked reconnection; data-plane pump TUN <-> F5/PPP. - Production-proven (control plane + data plane) and validated in containers. Removed: openconnect backend/connector/parser/process/daemon, the `native_backend` flag, openconnect-only error variants, and the deps `which`/`bindgen`/`daemonize` (+ `regex` from akon-core). Tests: deleted openconnect-specific suites; coverage moved to native equivalents (lifecycle, auth/tunnel failure, teardown no-op/idempotency). CI now runs the pure + offline native suites with `--features test-actors`; privileged/online and real-keyring tests self-skip on the runner. Docs/packaging: README, Makefile, debian/rpm post-install, and CI updated to the setcap (no-sudo) model. All internal ETG domains/IPs sanitized to documentation placeholders. ADR 0001 (netlink) and ADR 0002 (openconnect removal) added.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Breaking change (major, v2.0.0). akon becomes a native, in-process F5 BIG-IP SSL VPN client written in pure Rust. The
openconnectdelegation is removed entirely — no external VPN binary, nosudo-spawned child, no FFI.See
docs/adr/0002-remove-openconnect-native-f5-is-the-only-backend.mdandCHANGELOG.md.What changed
Native backend (specs 005 + 006)
VpnBackendboundary: framing (encap + HDLC/FCS16), PPP (LCP/IPCP/IP6CP) negotiation, HTTP auth + XML config, TLS transport, and orchestration.SimulatedBackendoracle.Rootless runtime
ip/sysctlchildren) — ADR 0001.cap_net_admin+epfile capability. Nosudo. Validated in a container as a non-root user.Safety
akon vpn offreconciles all host changes (tun, server-pin route,rp_filter, DNS) from a persisted plan — idempotent, works even after a SIGKILL.Removed
openconnect_backend,cli_connector,output_parser, openconnectprocess,connection_event,system_effects, the spawned reconnection daemon.native_backendconfig flag; openconnect-only error variants.which,bindgen,daemonize(+regexfrom akon-core).Tests & CI
--features test-actors; privileged/online (real-TUN, netns, podman, production sign-off) and real-keyring tests self-skip on runners. clippy now lints the gated test code.continue-on-errorremoved.Docs & packaging
debian/postinst,rpm/post-install.sh, and release CI updated to the setcap (no-sudo) model.example.com, RFC5737/private ranges); local capture logs purged.Migration
make install).sudo setcap cap_net_admin+ep "$(command -v akon)"(done by packaging/make install).native_backend = …from config (ignored now); uninstallopenconnect.akon vpn on.Verification (local, CI-equivalent)
cargo fmt --check,cargo clippy --workspace --all-targets --features test-actors -D warnings, release build — all clean.CI=true, no D-Bus,--features test-actors): 36 test binaries, 0 failures.