Skip to content

fix(vpn-status): reconcile against live TUN interface; replace PID-as-truth (spec 007)#20

Merged
vcwild merged 1 commit into
mainfrom
007-fix-vpn-status
Jun 22, 2026
Merged

fix(vpn-status): reconcile against live TUN interface; replace PID-as-truth (spec 007)#20
vcwild merged 1 commit into
mainfrom
007-fix-vpn-status

Conversation

@vcwild

@vcwild vcwild commented Jun 22, 2026

Copy link
Copy Markdown
Owner

Summary

akon vpn status was misreporting the connection state. The status command inherited the openconnect-era PID model — it checked whether a recorded PID was alive to decide "connected". In the native backend the akon process is the VPN client, so a stale/dead/mismatched PID made status report "stale" even with a live tunnel.

Root cause

The state file's pid field was the sole liveness signal. It could be dead (a previous session crashed, the binary was upgraded, or the VPN was started by an older binary) while tun0 was very much alive.

Fix

The TUN interface is now the ground truth for connection status. Changes:

  • Added privilege-free interface_exists() and interface_ipv4() to netlink.rs (via if_nametoindex/getifaddrs) — no root, no sudo.
  • Introduced a pure evaluate_status(record, interface_present, live_ip) → StatusVerdict function. The PID is not an input to the verdict — it is only shown as an advisory note.
  • run_vpn_status reconciles the persisted state-machine snapshot against the live interface. The displayed IP is read live from the interface (recorded IP as fallback).

Tests

  • 6 unit tests for evaluate_status covering Connected / Stale / NotConnected and PID-independence
  • 2 adapter tests (interface_exists("lo") / interface_ipv4("lo")) — no root, no hang

Spec: specs/007-fix-vpn-status/

…-truth (spec 007)

The status command now uses the tunnel interface existence as the authoritative
'connected' signal instead of a recorded PID, which was an openconnect-era
artifact.

- Add privilege-free interface_exists() + interface_ipv4() to netlink.rs
- Introduce pure evaluate_status() + StatusVerdict (PID is not an input)
- Rewrite run_vpn_status(): Connected/Stale/NotConnected from interface truth
- Live IP read from the interface; recorded IP as fallback
- PID shown as advisory '(not running)' when owner is gone
- 6 unit tests (incl. PID-independence) + 2 adapter tests (loopback)
- Non-Linux: graceful no-op; corrupt state: clear error, no panic

Spec: specs/007-fix-vpn-status/

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@vcwild vcwild merged commit 0189cca into main Jun 22, 2026
4 of 5 checks passed
@vcwild vcwild deleted the 007-fix-vpn-status branch June 22, 2026 16:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants