Skip to content

feat!: native F5 VPN backend; remove openconnect (v2.0.0)#19

Merged
vcwild merged 3 commits into
mainfrom
feat/native-f5-backend-v2
Jun 21, 2026
Merged

feat!: native F5 VPN backend; remove openconnect (v2.0.0)#19
vcwild merged 3 commits into
mainfrom
feat/native-f5-backend-v2

Conversation

@vcwild

@vcwild vcwild commented Jun 21, 2026

Copy link
Copy Markdown
Owner

Summary

Breaking change (major, v2.0.0). akon becomes a native, in-process F5 BIG-IP SSL VPN client written in pure Rust. The openconnect delegation is removed entirely — no external VPN binary, no sudo-spawned child, no FFI.

See docs/adr/0002-remove-openconnect-native-f5-is-the-only-backend.md and CHANGELOG.md.

What changed

Native backend (specs 005 + 006)

  • F5 protocol stack behind the backend-agnostic VpnBackend boundary: framing (encap + HDLC/FCS16), PPP (LCP/IPCP/IP6CP) negotiation, HTTP auth + XML config, TLS transport, and orchestration.
  • Built test-first against an in-memory test-actors framework + byte-exact wire vectors; cross-backend equivalence vs. a SimulatedBackend oracle.
  • Production-proven: control plane + data plane validated against a real F5 appliance (connect, full-tunnel, real internal traffic, clean restore).

Rootless runtime

  • All TUN/address/route configuration via in-process netlink (no ip/sysctl children) — ADR 0001.
  • akon runs as the user with a cap_net_admin+ep file capability. No sudo. Validated in a container as a non-root user.

Safety

  • akon vpn off reconciles all host changes (tun, server-pin route, rp_filter, DNS) from a persisted plan — idempotent, works even after a SIGKILL.
  • Tests that touch host networking refuse to run outside an isolated netns/container; DNS revert only scheduled when a host-mutating applier actually applied DNS.

Removed

  • openconnect_backend, cli_connector, output_parser, openconnect process, connection_event, system_effects, the spawned reconnection daemon.
  • The native_backend config flag; openconnect-only error variants.
  • Dependencies: which, bindgen, daemonize (+ regex from akon-core).

Tests & CI

  • Deleted openconnect-specific suites; coverage moved to native equivalents (lifecycle, auth/tunnel failure, teardown no-op/idempotency, parse helpers).
  • CI updated to match the runtime: runs pure + offline native suites with --features test-actors; privileged/online (real-TUN, netns, podman, production sign-off) and real-keyring tests self-skip on runners. clippy now lints the gated test code. continue-on-error removed.

Docs & packaging

  • README, Makefile, debian/postinst, rpm/post-install.sh, and release CI updated to the setcap (no-sudo) model.
  • All internal ETG domains/IPs sanitized to documentation placeholders (example.com, RFC5737/private ranges); local capture logs purged.

Migration

  1. Update akon (or make install).
  2. sudo setcap cap_net_admin+ep "$(command -v akon)" (done by packaging/make install).
  3. Remove any native_backend = … from config (ignored now); uninstall openconnect.
  4. Run without sudo: akon vpn on.

Verification (local, CI-equivalent)

  • cargo fmt --check, cargo clippy --workspace --all-targets --features test-actors -D warnings, release build — all clean.
  • Full CI-equivalent run (CI=true, no D-Bus, --features test-actors): 36 test binaries, 0 failures.
  • ✅ Zero ETG identifiers in any committed file.

vcwild added 2 commits June 21, 2026 21:25
BREAKING CHANGE: akon is now a native, in-process F5 BIG-IP SSL VPN client
(pure Rust). The openconnect delegation is removed entirely.

- Native F5 protocol stack behind a backend-agnostic VpnBackend boundary:
  framing (encap + HDLC/FCS16), PPP (LCP/IPCP/IP6CP), HTTP auth + XML config,
  TLS transport, and orchestration — validated test-first against an in-memory
  test-actors framework and byte-exact wire vectors (specs 005 + 006).
- Rootless runtime: in-process netlink for TUN/address/route setup; akon runs
  as the user with a `cap_net_admin+ep` file capability (no sudo, no child ip).
- Guaranteed host restore: `akon vpn off` replays a persisted teardown plan
  (tun, server-pin route, rp_filter, DNS), idempotent even after a crash.
- In-process health-checked reconnection; data-plane pump TUN <-> F5/PPP.
- Production-proven (control plane + data plane) and validated in containers.

Removed: openconnect backend/connector/parser/process/daemon, the
`native_backend` flag, openconnect-only error variants, and the deps
`which`/`bindgen`/`daemonize` (+ `regex` from akon-core).

Tests: deleted openconnect-specific suites; coverage moved to native equivalents
(lifecycle, auth/tunnel failure, teardown no-op/idempotency). CI now runs the
pure + offline native suites with `--features test-actors`; privileged/online and
real-keyring tests self-skip on the runner.

Docs/packaging: README, Makefile, debian/rpm post-install, and CI updated to the
setcap (no-sudo) model. All internal ETG domains/IPs sanitized to documentation
placeholders. ADR 0001 (netlink) and ADR 0002 (openconnect removal) added.
@vcwild vcwild closed this Jun 21, 2026
@vcwild vcwild reopened this Jun 21, 2026
@vcwild vcwild merged commit 2fa0a9c into main Jun 21, 2026
9 checks passed
@vcwild vcwild deleted the feat/native-f5-backend-v2 branch June 21, 2026 20:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant