refactor(rust): introduce libs/ directory (#10964)

The current Rust workspace isn't as consistent as it could be. To make navigation a bit easier, we move a few crates around. Generally, we follow the idea that entry-points should be at the top-level. `rust/` now looks like this (directories only): ``` . ├── cli # Firezone CLI ├── client-ffi # Entry point for Apple & Android ├── gateway # Gateway ├── gui-client # GUI client ├── headless-client # Headless client ├── libs # Library crates ├── relay # Relay ├── target # Compile artifacts ├── tests # Crates for testing └── tools # Local tools ``` To further enforce this structure, we also drop the `firezone-` prefix from all crates that are not top-level binary crates.
2026-01-27 02:18:47 +00:00 · 2025-11-25 21:59:11 +11:00
parent 4e26f9943b
commit b7dc897eea
239 changed files with 482 additions and 670 deletions
--- a/.github/actions/setup-rust/action.yml
+++ b/.github/actions/setup-rust/action.yml
@@ -15,7 +15,7 @@ outputs:
    value: ${{
      (runner.os == 'Linux' && '--help') ||
      (runner.os == 'macOS' && '--help') ||
-      (runner.os == 'Windows' && '-p firezone-bin-shared') }}
+      (runner.os == 'Windows' && '-p bin-shared') }}
  compile-packages:
    description: Compilable packages for the current OS
    value: ${{
@@ -26,7 +26,7 @@ outputs:
    description: Testable packages for the current OS
    value: ${{
      (runner.os == 'Linux' && '--workspace') ||
-      (runner.os == 'macOS' && '--workspace --exclude firezone-bin-shared --exclude firezone-gui-client') ||
+      (runner.os == 'macOS' && '--workspace --exclude bin-shared --exclude firezone-gui-client') ||
      (runner.os == 'Windows' && '--workspace --exclude client-ffi') }}
  nightly_version:
    description: The nightly version of Rust
--- a/.github/workflows/_rust.yml
+++ b/.github/workflows/_rust.yml
@@ -142,7 +142,7 @@ jobs:
          PROPTEST_VERBOSE: 0 # Otherwise the output is very long.
          PROPTEST_CASES: ${{ runner.os == 'Windows' && '0' || '256' }} # Default is only 256. Windows is very slow in GitHub Actions, so only run the regression cases there.
          CARGO_PROFILE_TEST_OPT_LEVEL: 1 # Otherwise the tests take forever.
-          TESTCASES_DIR: "connlib/tunnel/testcases"
+          TESTCASES_DIR: "libs/connlib/tunnel/testcases"

  fuzz:
    name: fuzz
--- a/docs/AGENT.md
+++ b/docs/AGENT.md
@@ -8,16 +8,16 @@ The control plane components are built in Elixir and reside in `elixir/`.

 ## Data plane architecture

-At the core of the data plane resides a shared library called [`connlib`](../rust/connlib).
+At the core of the data plane resides a shared library called [`connlib`](../rust/libs/connlib).
 It combines ICE (using the `str0m` library) and WireGuard (using the `boringtun` library) to establish on-the-fly tunnels between Clients and Gateways.
-The entry-point for the data plane is [`Tunnel`](../rust/connlib/tunnel) which acts as a big event-loop combining three components:
+The entry-point for the data plane is [`Tunnel`](../rust/libs/connlib/tunnel) which acts as a big event-loop combining three components:

 - A platform-specific TUN device
 - A sans-IO state component representing either the Client or the Gateway
 - A platform-specific UDP socket

 Packets from IO sources (TUN device and UDP socket) are passed to the state component, resulting in a UDP or IP packet.
-The state component also manages ICE through the [`snownet`](../rust/connlib/snownet) library, so some UDP traffic is handled internally and does not yield an IP packet.
+The state component also manages ICE through the [`snownet`](../rust/libs/connlib/snownet) library, so some UDP traffic is handled internally and does not yield an IP packet.

 These three components are split into multiple threads and connected via bounded channels:

--- a/rust/Cargo.lock
+++ b/rust/Cargo.lock
@@ -829,6 +829,59 @@ version = "0.6.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "230c5f1ca6a325a32553f8640d31ac9b49f2411e901e427570154868b46da4f7"

+[[package]]
+name = "bin-shared"
+version = "0.1.0"
+dependencies = [
+ "anyhow-ext",
+ "atomicwrites",
+ "axum",
+ "bufferpool",
+ "bytes",
+ "clap",
+ "dashmap",
+ "dirs",
+ "dns-types",
+ "futures",
+ "gat-lending-iterator",
+ "hex",
+ "hex-literal",
+ "hmac",
+ "ip-packet",
+ "ip_network",
+ "ipconfig",
+ "itertools 0.14.0",
+ "known-folders",
+ "libc",
+ "logging",
+ "mutants",
+ "netlink-packet-core",
+ "netlink-packet-route",
+ "nix 0.30.1",
+ "resolv-conf",
+ "ring",
+ "rtnetlink",
+ "serde",
+ "serde_json",
+ "sha2",
+ "smbios-lib",
+ "socket-factory",
+ "telemetry",
+ "tempfile",
+ "thiserror 2.0.17",
+ "tokio",
+ "tokio-util",
+ "tracing",
+ "tun",
+ "uuid",
+ "windows",
+ "windows-core",
+ "windows-implement",
+ "winreg 0.55.0",
+ "wintun",
+ "zbus 5.12.0",
+]
+
 [[package]]
 name = "bit-set"
 version = "0.8.0"
@@ -1306,20 +1359,20 @@ dependencies = [
 "client-shared",
 "connlib-model",
 "dns-types",
- "firezone-logging",
- "firezone-telemetry",
 "flume",
 "futures",
 "ip-packet",
 "ip_network",
 "libc",
 "log",
+ "logging",
 "oslog",
 "phoenix-channel",
 "rustls",
 "secrecy",
 "serde_json",
 "socket-factory",
+ "telemetry",
 "thiserror 2.0.17",
 "tokio",
 "tokio-util",
@@ -1341,12 +1394,11 @@ dependencies = [
 "chrono",
 "connlib-model",
 "dns-types",
- "firezone-logging",
- "firezone-tunnel",
 "futures",
 "ip_network",
 "l4-udp-dns-client",
 "libc",
+ "logging",
 "parking_lot",
 "phoenix-channel",
 "secrecy",
@@ -1360,6 +1412,7 @@ dependencies = [
 "tokio-stream",
 "tracing",
 "tun",
+ "tunnel",
 "url",
 ]

@@ -2052,13 +2105,13 @@ name = "dns-over-tcp"
 version = "0.1.0"
 dependencies = [
 "anyhow-ext",
+ "bin-shared",
 "dns-types",
- "firezone-bin-shared",
- "firezone-logging",
 "futures",
 "ip-packet",
 "ip_network",
 "l3-tcp",
+ "logging",
 "rand 0.8.5",
 "tokio",
 "tracing",
@@ -2356,59 +2409,6 @@ dependencies = [
 "winapi",
 ]

-[[package]]
-name = "firezone-bin-shared"
-version = "0.1.0"
-dependencies = [
- "anyhow-ext",
- "atomicwrites",
- "axum",
- "bufferpool",
- "bytes",
- "clap",
- "dashmap",
- "dirs",
- "dns-types",
- "firezone-logging",
- "firezone-telemetry",
- "futures",
- "gat-lending-iterator",
- "hex",
- "hex-literal",
- "hmac",
- "ip-packet",
- "ip_network",
- "ipconfig",
- "itertools 0.14.0",
- "known-folders",
- "libc",
- "mutants",
- "netlink-packet-core",
- "netlink-packet-route",
- "nix 0.30.1",
- "resolv-conf",
- "ring",
- "rtnetlink",
- "serde",
- "serde_json",
- "sha2",
- "smbios-lib",
- "socket-factory",
- "tempfile",
- "thiserror 2.0.17",
- "tokio",
- "tokio-util",
- "tracing",
- "tun",
- "uuid",
- "windows",
- "windows-core",
- "windows-implement",
- "winreg 0.55.0",
- "wintun",
- "zbus 5.12.0",
-]
-
 [[package]]
 name = "firezone-cli"
 version = "1.0.0"
@@ -2428,6 +2428,7 @@ version = "1.4.19"
 dependencies = [
 "anyhow-ext",
 "backoff",
+ "bin-shared",
 "boringtun",
 "caps",
 "chrono",
@@ -2436,16 +2437,13 @@ dependencies = [
 "dns-lookup",
 "dns-types",
 "either",
- "firezone-bin-shared",
- "firezone-logging",
- "firezone-telemetry",
- "firezone-tunnel",
 "futures",
 "futures-bounded",
 "hickory-resolver",
 "ip-packet",
 "ip_network",
 "libc",
+ "logging",
 "moka",
 "nix 0.30.1",
 "opentelemetry",
@@ -2461,12 +2459,14 @@ dependencies = [
 "snownet",
 "socket-factory",
 "static_assertions",
+ "telemetry",
 "tempfile",
 "thiserror 2.0.17",
 "tokio",
 "tracing",
 "tracing-subscriber",
 "tun",
+ "tunnel",
 "url",
 "uuid",
 ]
@@ -2480,20 +2480,19 @@ dependencies = [
 "arboard",
 "atomicwrites",
 "backoff",
+ "bin-shared",
 "chrono",
 "clap",
 "client-shared",
 "connlib-model",
 "derive_more 2.0.1",
 "dirs",
- "firezone-bin-shared",
- "firezone-logging",
- "firezone-telemetry",
 "futures",
 "hex",
 "humantime",
 "ip-packet",
 "keyring",
+ "logging",
 "native-dialog",
 "nix 0.30.1",
 "output_vt100",
@@ -2523,6 +2522,7 @@ dependencies = [
 "tauri-specta",
 "tauri-utils",
 "tauri-winrt-notification",
+ "telemetry",
 "tempfile",
 "thiserror 2.0.17",
 "tokio",
@@ -2546,18 +2546,17 @@ version = "1.5.5"
 dependencies = [
 "anyhow-ext",
 "backoff",
+ "bin-shared",
 "clap",
 "client-shared",
 "connlib-model",
 "dns-types",
- "firezone-bin-shared",
- "firezone-logging",
- "firezone-telemetry",
 "futures",
 "humantime",
 "ip-packet",
 "known-folders",
 "libc",
+ "logging",
 "nix 0.30.1",
 "opentelemetry",
 "opentelemetry-otlp",
@@ -2568,6 +2567,7 @@ dependencies = [
 "sd-notify",
 "secrecy",
 "socket-factory",
+ "telemetry",
 "tokio",
 "tokio-stream",
 "tracing",
@@ -2575,26 +2575,6 @@ dependencies = [
 "url",
 ]

-[[package]]
-name = "firezone-logging"
-version = "0.1.0"
-dependencies = [
- "anyhow-ext",
- "firezone-telemetry",
- "nu-ansi-term",
- "output_vt100",
- "parking_lot",
- "sentry-tracing",
- "supports-color",
- "tempfile",
- "thiserror 2.0.17",
- "time",
- "tracing",
- "tracing-appender",
- "tracing-log",
- "tracing-subscriber",
-]
-
 [[package]]
 name = "firezone-relay"
 version = "0.1.0"
@@ -2606,18 +2586,17 @@ dependencies = [
 "aya-log",
 "backoff",
 "base64 0.22.1",
+ "bin-shared",
 "bytecodec",
 "bytes",
 "clap",
 "derive_more 2.0.1",
 "difference",
 "ebpf-shared",
- "firezone-bin-shared",
- "firezone-logging",
- "firezone-telemetry",
 "futures",
 "hex",
 "hex-display",
+ "logging",
 "mio",
 "once_cell",
 "opentelemetry",
@@ -2634,6 +2613,7 @@ dependencies = [
 "socket-factory",
 "socket2 0.6.1",
 "stun_codec",
+ "telemetry",
 "test-strategy",
 "thiserror 2.0.17",
 "tokio",
@@ -2647,93 +2627,6 @@ dependencies = [
 "uuid",
 ]

-[[package]]
-name = "firezone-telemetry"
-version = "0.1.0"
-dependencies = [
- "anyhow-ext",
- "flume",
- "futures",
- "hex",
- "ip-packet",
- "moka",
- "opentelemetry",
- "opentelemetry_sdk",
- "parking_lot",
- "reqwest",
- "sentry",
- "serde",
- "serde_json",
- "sha2",
- "thiserror 2.0.17",
- "tokio",
- "tracing",
- "tracing-subscriber",
- "uuid",
-]
-
-[[package]]
-name = "firezone-tunnel"
-version = "0.1.0"
-dependencies = [
- "anyhow-ext",
- "base64 0.22.1",
- "bimap",
- "boringtun",
- "bufferpool",
- "bytes",
- "chrono",
- "connlib-model",
- "derive_more 2.0.1",
- "divan",
- "dns-over-tcp",
- "dns-types",
- "firezone-logging",
- "firezone-relay",
- "firezone-telemetry",
- "flume",
- "futures",
- "futures-bounded",
- "gat-lending-iterator",
- "glob",
- "hex",
- "http-client",
- "ip-packet",
- "ip_network",
- "ip_network_table",
- "itertools 0.14.0",
- "l3-tcp",
- "l3-udp-dns-client",
- "l4-tcp-dns-server",
- "l4-udp-dns-client",
- "l4-udp-dns-server",
- "lru",
- "opentelemetry",
- "proptest",
- "proptest-state-machine",
- "rand 0.8.5",
- "rangemap",
- "ringbuffer",
- "secrecy",
- "serde",
- "serde_json",
- "serde_with",
- "sha2",
- "snownet",
- "socket-factory",
- "socket2 0.6.1",
- "test-case",
- "test-strategy",
- "thiserror 2.0.17",
- "tokio",
- "tokio-util",
- "tracing",
- "tracing-subscriber",
- "tun",
- "url",
- "uuid",
-]
-
 [[package]]
 name = "flate2"
 version = "1.1.1"
@@ -4373,6 +4266,26 @@ version = "0.4.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432"

+[[package]]
+name = "logging"
+version = "0.1.0"
+dependencies = [
+ "anyhow-ext",
+ "nu-ansi-term",
+ "output_vt100",
+ "parking_lot",
+ "sentry-tracing",
+ "supports-color",
+ "telemetry",
+ "tempfile",
+ "thiserror 2.0.17",
+ "time",
+ "tracing",
+ "tracing-appender",
+ "tracing-log",
+ "tracing-subscriber",
+]
+
 [[package]]
 name = "lru"
 version = "0.16.2"
@@ -5503,12 +5416,12 @@ dependencies = [
 "anyhow-ext",
 "backoff",
 "base64 0.22.1",
- "firezone-logging",
 "futures",
 "hex",
 "hostname",
 "itertools 0.14.0",
 "libc",
+ "logging",
 "os_info",
 "rand_core 0.6.4",
 "secrecy",
@@ -7087,18 +7000,18 @@ dependencies = [
 "bytecodec",
 "bytes",
 "derive_more 2.0.1",
- "firezone-logging",
- "firezone-telemetry",
 "hex",
 "hex-display",
 "ip-packet",
 "itertools 0.14.0",
+ "logging",
 "once_cell",
 "rand 0.8.5",
 "ringbuffer",
 "sha2",
 "str0m",
 "stun_codec",
+ "telemetry",
 "thiserror 2.0.17",
 "tracing",
 ]
@@ -7111,13 +7024,13 @@ dependencies = [
 "bufferpool",
 "bytes",
 "derive_more 2.0.1",
- "firezone-telemetry",
 "gat-lending-iterator",
 "ip-packet",
 "libc",
 "opentelemetry",
 "quinn-udp",
 "socket2 0.6.1",
+ "telemetry",
 "tokio",
 "tracing",
 ]
@@ -7895,6 +7808,31 @@ dependencies = [
 "windows-version",
 ]

+[[package]]
+name = "telemetry"
+version = "0.1.0"
+dependencies = [
+ "anyhow-ext",
+ "flume",
+ "futures",
+ "hex",
+ "ip-packet",
+ "moka",
+ "opentelemetry",
+ "opentelemetry_sdk",
+ "parking_lot",
+ "reqwest",
+ "sentry",
+ "serde",
+ "serde_json",
+ "sha2",
+ "thiserror 2.0.17",
+ "tokio",
+ "tracing",
+ "tracing-subscriber",
+ "uuid",
+]
+
 [[package]]
 name = "tempfile"
 version = "3.23.0"
@@ -8567,6 +8505,68 @@ dependencies = [
 "utf-8",
 ]

+[[package]]
+name = "tunnel"
+version = "0.1.0"
+dependencies = [
+ "anyhow-ext",
+ "base64 0.22.1",
+ "bimap",
+ "boringtun",
+ "bufferpool",
+ "bytes",
+ "chrono",
+ "connlib-model",
+ "derive_more 2.0.1",
+ "divan",
+ "dns-over-tcp",
+ "dns-types",
+ "firezone-relay",
+ "flume",
+ "futures",
+ "futures-bounded",
+ "gat-lending-iterator",
+ "glob",
+ "hex",
+ "http-client",
+ "ip-packet",
+ "ip_network",
+ "ip_network_table",
+ "itertools 0.14.0",
+ "l3-tcp",
+ "l3-udp-dns-client",
+ "l4-tcp-dns-server",
+ "l4-udp-dns-client",
+ "l4-udp-dns-server",
+ "logging",
+ "lru",
+ "opentelemetry",
+ "proptest",
+ "proptest-state-machine",
+ "rand 0.8.5",
+ "rangemap",
+ "ringbuffer",
+ "secrecy",
+ "serde",
+ "serde_json",
+ "serde_with",
+ "sha2",
+ "snownet",
+ "socket-factory",
+ "socket2 0.6.1",
+ "telemetry",
+ "test-case",
+ "test-strategy",
+ "thiserror 2.0.17",
+ "tokio",
+ "tokio-util",
+ "tracing",
+ "tracing-subscriber",
+ "tun",
+ "url",
+ "uuid",
+]
+
 [[package]]
 name = "typeid"
 version = "1.0.3"
--- a/rust/Cargo.toml
+++ b/rust/Cargo.toml
@@ -1,36 +1,36 @@
 [workspace]
 members = [
-    "anyhow-ext",
-    "bin-shared",
    "cli",
    "client-ffi",
-    "client-shared",
-    "connlib/bufferpool",
-    "connlib/dns-over-tcp",
-    "connlib/dns-types",
-    "connlib/etherparse-ext",
-    "connlib/http-client",
-    "connlib/ip-packet",
-    "connlib/l3-tcp",
-    "connlib/l3-udp-dns-client",
-    "connlib/l4-tcp-dns-server",
-    "connlib/l4-udp-dns-client",
-    "connlib/l4-udp-dns-server",
-    "connlib/model",
-    "connlib/phoenix-channel",
-    "connlib/snownet",
-    "connlib/socket-factory",
-    "connlib/tun",
-    "connlib/tunnel",
    "gateway",
    "gui-client/src-admx-macro",
    "gui-client/src-tauri",
    "headless-client",
-    "logging",
+    "libs/anyhow-ext",
+    "libs/bin-shared",
+    "libs/client-shared",
+    "libs/connlib/bufferpool",
+    "libs/connlib/dns-over-tcp",
+    "libs/connlib/dns-types",
+    "libs/connlib/etherparse-ext",
+    "libs/connlib/ip-packet",
+    "libs/connlib/l3-tcp",
+    "libs/connlib/l3-udp-dns-client",
+    "libs/connlib/l4-tcp-dns-server",
+    "libs/connlib/l4-udp-dns-client",
+    "libs/connlib/l4-udp-dns-server",
+    "libs/connlib/model",
+    "libs/connlib/phoenix-channel",
+    "libs/connlib/snownet",
+    "libs/connlib/socket-factory",
+    "libs/connlib/tun",
+    "libs/connlib/tunnel",
+    "libs/http-client",
+    "libs/logging",
+    "libs/telemetry",
    "relay/ebpf-shared",
    "relay/ebpf-turn-router",
    "relay/server",
-    "telemetry",
    "tests/fuzz",
    "tests/gui-smoke-test",
    "tests/http-test-server",
@@ -45,7 +45,7 @@ edition = "2024"

 [workspace.dependencies]
 admx-macro = { path = "gui-client/src-admx-macro" }
-anyhow = { package = "anyhow-ext", path = "anyhow-ext" }
+anyhow = { package = "anyhow-ext", path = "libs/anyhow-ext" }
 arbitrary = "1.4.2"
 arboard = { version = "3.6.1", default-features = false }
 async-trait = { version = "0.1", default-features = false }
@@ -59,16 +59,17 @@ aya-log-ebpf = { git = "https://github.com/aya-rs/aya" }
 backoff = { version = "0.4", features = ["tokio"] }
 base64 = { version = "0.22.1", default-features = false }
 bimap = "0.6"
+bin-shared = { path = "libs/bin-shared" }
 bnum = "0.13.0"
 boringtun = { version = "0.6", default-features = false }
-bufferpool = { path = "connlib/bufferpool" }
+bufferpool = { path = "libs/connlib/bufferpool" }
 bytecodec = "0.5.0"
 bytes = { version = "1.9.0", default-features = false }
 caps = "0.5.6"
 chrono = { version = "0.4", default-features = false, features = ["std", "clock", "oldtime", "serde"] }
 clap = "4.5.50"
-client-shared = { path = "client-shared" }
-connlib-model = { path = "connlib/model" }
+client-shared = { path = "libs/client-shared" }
+connlib-model = { path = "libs/connlib/model" }
 crossbeam-queue = "0.3.12"
 dashmap = "6.1.0"
 derive_more = { version = "2.0.1", default-features = false }
@@ -76,18 +77,14 @@ difference = "2.0.0"
 dirs = "6.0.0"
 divan = "0.1.21"
 dns-lookup = "3.0"
-dns-over-tcp = { path = "connlib/dns-over-tcp" }
-dns-types = { path = "connlib/dns-types" }
+dns-over-tcp = { path = "libs/connlib/dns-over-tcp" }
+dns-types = { path = "libs/connlib/dns-types" }
 ebpf-shared = { path = "relay/ebpf-shared" }
 either = "1"
 etherparse = { version = "0.19", default-features = false }
-etherparse-ext = { path = "connlib/etherparse-ext" }
-firezone-bin-shared = { path = "bin-shared" }
+etherparse-ext = { path = "libs/connlib/etherparse-ext" }
 firezone-headless-client = { path = "headless-client" }
-firezone-logging = { path = "logging" }
 firezone-relay = { path = "relay/server" }
-firezone-telemetry = { path = "telemetry" }
-firezone-tunnel = { path = "connlib/tunnel" }
 flume = { version = "0.11.1", features = ["async"] }
 futures = { version = "0.3.31" }
 futures-bounded = "0.3.0"
@@ -100,25 +97,26 @@ hickory-resolver = "0.25.2"
 hmac = "0.12.1"
 http = "1.3.1"
 http-body-util = "0.1.3"
-http-client = { path = "connlib/http-client" }
+http-client = { path = "libs/http-client" }
 humantime = "2.3"
 hyper = "1.7.0"
 hyper-util = "0.1.17"
-ip-packet = { path = "connlib/ip-packet" }
+ip-packet = { path = "libs/connlib/ip-packet" }
 ip_network = { version = "0.4", default-features = false }
 ip_network_table = { version = "0.2", default-features = false }
 itertools = "0.14"
 jni = "0.21.1"
 keyring = "3.6.3"
 known-folders = "1.4.0"
-l3-tcp = { path = "connlib/l3-tcp" }
-l3-udp-dns-client = { path = "connlib/l3-udp-dns-client" }
-l4-tcp-dns-server = { path = "connlib/l4-tcp-dns-server" }
-l4-udp-dns-client = { path = "connlib/l4-udp-dns-client" }
-l4-udp-dns-server = { path = "connlib/l4-udp-dns-server" }
+l3-tcp = { path = "libs/connlib/l3-tcp" }
+l3-udp-dns-client = { path = "libs/connlib/l3-udp-dns-client" }
+l4-tcp-dns-server = { path = "libs/connlib/l4-tcp-dns-server" }
+l4-udp-dns-client = { path = "libs/connlib/l4-udp-dns-client" }
+l4-udp-dns-server = { path = "libs/connlib/l4-udp-dns-server" }
 libc = "0.2.176"
 libfuzzer-sys = "0.4"
 log = "0.4"
+logging = { path = "libs/logging" }
 lru = "0.16.1"
 mio = "1.1.0"
 moka = "0.12.11"
@@ -137,7 +135,7 @@ opentelemetry_sdk = "0.30.0"
 os_info = { version = "3", default-features = false }
 output_vt100 = "0.1"
 parking_lot = "0.12.5"
-phoenix-channel = { path = "connlib/phoenix-channel" }
+phoenix-channel = { path = "libs/connlib/phoenix-channel" }
 png = "0.17.16"
 proc-macro2 = "1.0"
 proptest = "1.9.0"
@@ -169,8 +167,8 @@ sha2 = "0.10.9"
 smallvec = "1.15.1"
 smbios-lib = "0.9.2"
 smoltcp = { version = "0.12", default-features = false }
-snownet = { path = "connlib/snownet" }
-socket-factory = { path = "connlib/socket-factory" }
+snownet = { path = "libs/connlib/snownet" }
+socket-factory = { path = "libs/connlib/socket-factory" }
 socket2 = { version = "0.6" }
 specta = "=2.0.0-rc.22"
 specta-typescript = "0.0.9"
@@ -193,6 +191,7 @@ tauri-plugin-shell = "2.3.1"
 tauri-runtime = "2.7.1"
 tauri-specta = { version = "=2.0.0-rc.21", features = ["derive", "typescript"] }
 tauri-utils = "2.2.0"
+telemetry = { path = "libs/telemetry" }
 tempfile = "3.23.0"
 test-case = "3.3.1"
 test-strategy = "0.4.3"
@@ -213,7 +212,8 @@ tracing-opentelemetry = "0.31.0"
 tracing-stackdriver = "0.12.0"
 tracing-subscriber = { version = "0.3.20", features = ["parking_lot"] }
 trackable = "1.3.0"
-tun = { path = "connlib/tun" }
+tun = { path = "libs/connlib/tun" }
+tunnel = { path = "libs/connlib/tunnel" }
 uniffi = "0.29.4"
 url = "2.5.2"
 uuid = "1.18.1"
--- a/rust/client-ffi/Cargo.toml
+++ b/rust/client-ffi/Cargo.toml
@@ -15,19 +15,19 @@ backoff = { workspace = true }
 client-shared = { workspace = true }
 connlib-model = { workspace = true }
 dns-types = { workspace = true }
-firezone-logging = { workspace = true }
-firezone-telemetry = { workspace = true }
 flume = { workspace = true }
 futures = { workspace = true }
 ip-packet = { workspace = true }
 ip_network = { workspace = true }
 libc = { workspace = true }
 log = { workspace = true }
+logging = { workspace = true }
 phoenix-channel = { workspace = true }
 rustls = { workspace = true }
 secrecy = { workspace = true }
 serde_json = { workspace = true }
 socket-factory = { workspace = true }
+telemetry = { workspace = true }
 thiserror = { workspace = true }
 tokio = { workspace = true, features = ["rt-multi-thread", "sync"] }
 tokio-util = { workspace = true }
--- a/rust/client-ffi/src/lib.rs
+++ b/rust/client-ffi/src/lib.rs
@@ -10,12 +10,12 @@ use std::{

 use anyhow::{Context as _, Result, anyhow};
 use backoff::ExponentialBackoffBuilder;
-use firezone_logging::sentry_layer;
-use firezone_telemetry::{Telemetry, analytics};
+use logging::sentry_layer;
 use phoenix_channel::{LoginUrl, PhoenixChannel, get_user_agent};
 use platform::RELEASE;
 use secrecy::{SecretBox, SecretString};
 use socket_factory::{SocketFactory, TcpSocket, UdpSocket};
+use telemetry::{Telemetry, analytics};
 use tokio::sync::Mutex;
 use tracing_subscriber::{Layer, layer::SubscriberExt as _};

@@ -526,10 +526,8 @@ fn connect(
    })
 }

-static LOGGER_STATE: OnceLock<(
-    firezone_logging::file::Handle,
-    firezone_logging::FilterReloadHandle,
-)> = OnceLock::new();
+static LOGGER_STATE: OnceLock<(logging::file::Handle, logging::FilterReloadHandle)> =
+    OnceLock::new();

 fn init_logging(log_dir: &Path, log_filter: String) -> Result<()> {
    if let Some((_, reload_handle)) = LOGGER_STATE.get() {
@@ -539,20 +537,16 @@ fn init_logging(log_dir: &Path, log_filter: String) -> Result<()> {
        return Ok(());
    }

-    let (file_log_filter, file_reload_handle) = firezone_logging::try_filter(&log_filter)?;
-    let (platform_log_filter, platform_reload_handle) = firezone_logging::try_filter(&log_filter)?;
-    let (file_layer, handle) = firezone_logging::file::layer(log_dir, "connlib");
+    let (file_log_filter, file_reload_handle) = logging::try_filter(&log_filter)?;
+    let (platform_log_filter, platform_reload_handle) = logging::try_filter(&log_filter)?;
+    let (file_layer, handle) = logging::file::layer(log_dir, "connlib");

    let subscriber = tracing_subscriber::registry()
        .with(file_layer.with_filter(file_log_filter))
        .with(
            tracing_subscriber::fmt::layer()
                .with_ansi(false)
-                .event_format(
-                    firezone_logging::Format::new()
-                        .without_timestamp()
-                        .without_level(),
-                )
+                .event_format(logging::Format::new().without_timestamp().without_level())
                .with_writer(platform::MakeWriter::default())
                .with_filter(platform_log_filter),
        )
@@ -560,7 +554,7 @@ fn init_logging(log_dir: &Path, log_filter: String) -> Result<()> {

    let reload_handle = file_reload_handle.merge(platform_reload_handle);

-    firezone_logging::init(subscriber)?;
+    logging::init(subscriber)?;

    LOGGER_STATE
        .set((handle, reload_handle))
--- a/rust/client-ffi/src/platform/android.rs
+++ b/rust/client-ffi/src/platform/android.rs
@@ -1,5 +1,5 @@
-use firezone_telemetry::Dsn;
 use std::time::Duration;
+use telemetry::Dsn;

 mod make_writer;
 mod tun;
@@ -14,7 +14,7 @@ pub const COMPONENT: &str = "android-client";
 /// (IoT devices, point-of-sale devices, etc), so try to reconnect for 30 days.
 pub const MAX_PARTITION_TIME: Duration = Duration::from_secs(60 * 60 * 24 * 30);

-pub const DSN: Dsn = firezone_telemetry::ANDROID_DSN;
+pub const DSN: Dsn = telemetry::ANDROID_DSN;

 pub(crate) use make_writer::MakeWriter;
 pub(crate) use tun::Tun;
--- a/rust/client-ffi/src/platform/android/tun.rs
+++ b/rust/client-ffi/src/platform/android/tun.rs
@@ -1,9 +1,9 @@
-use firezone_telemetry::otel;
 use futures::SinkExt as _;
 use ip_packet::{IpPacket, IpPacketBuf};
 use std::os::fd::{FromRawFd, OwnedFd};
 use std::task::{Context, Poll};
 use std::{io, os::fd::RawFd};
+use telemetry::otel;
 use tokio::sync::mpsc;
 use tokio_util::sync::PollSender;
 use tun::ioctl;
@@ -78,7 +78,7 @@ impl Tun {
        std::thread::Builder::new()
            .name("TUN send".to_owned())
            .spawn(move || {
-                firezone_logging::unwrap_or_warn!(
+                logging::unwrap_or_warn!(
                    tun::unix::tun_send(fd, outbound_rx, write),
                    "Failed to send to TUN device: {}"
                )
@@ -87,7 +87,7 @@ impl Tun {
        std::thread::Builder::new()
            .name("TUN recv".to_owned())
            .spawn(move || {
-                firezone_logging::unwrap_or_warn!(
+                logging::unwrap_or_warn!(
                    tun::unix::tun_recv(fd, inbound_tx, read),
                    "Failed to recv from TUN device: {}"
                )
--- a/rust/client-ffi/src/platform/apple.rs
+++ b/rust/client-ffi/src/platform/apple.rs
@@ -1,5 +1,5 @@
-use firezone_telemetry::Dsn;
 use std::time::Duration;
+use telemetry::Dsn;

 mod make_writer;
 mod tun;
@@ -22,7 +22,7 @@ pub const COMPONENT: &str = "apple-client";
 /// Hopefully we aren't down for more than 24 hours.
 pub const MAX_PARTITION_TIME: Duration = Duration::from_secs(60 * 60 * 24);

-pub const DSN: Dsn = firezone_telemetry::APPLE_DSN;
+pub const DSN: Dsn = telemetry::APPLE_DSN;

 pub(crate) use make_writer::MakeWriter;
 pub(crate) use tun::Tun;
--- a/rust/client-ffi/src/platform/apple/tun.rs
+++ b/rust/client-ffi/src/platform/apple/tun.rs
@@ -1,4 +1,3 @@
-use firezone_telemetry::otel;
 use futures::SinkExt as _;
 use ip_packet::{IpPacket, IpPacketBuf, IpVersion};
 use libc::{AF_INET, AF_INET6, F_GETFL, F_SETFL, O_NONBLOCK, fcntl, iovec, msghdr, recvmsg};
@@ -7,6 +6,7 @@ use std::{
    io,
    os::fd::{AsRawFd as _, RawFd},
 };
+use telemetry::otel;
 use tokio::sync::mpsc;
 use tokio_util::sync::PollSender;

@@ -62,7 +62,7 @@ impl Tun {
        std::thread::Builder::new()
            .name("TUN send".to_owned())
            .spawn(move || {
-                firezone_logging::unwrap_or_warn!(
+                logging::unwrap_or_warn!(
                    tun::unix::tun_send(fd, outbound_rx, write),
                    "Failed to send to TUN device: {}"
                )
@@ -71,7 +71,7 @@ impl Tun {
        std::thread::Builder::new()
            .name("TUN recv".to_owned())
            .spawn(move || {
-                firezone_logging::unwrap_or_warn!(
+                logging::unwrap_or_warn!(
                    tun::unix::tun_recv(fd, inbound_tx, read),
                    "Failed to recv from TUN device: {}"
                )
--- a/rust/client-ffi/src/platform/fallback.rs
+++ b/rust/client-ffi/src/platform/fallback.rs
@@ -1,12 +1,12 @@
 use std::{io, os::fd::RawFd, time::Duration};

-use firezone_telemetry::Dsn;
+use telemetry::Dsn;

 pub const RELEASE: &str = "";
 pub const VERSION: &str = "";
 pub const COMPONENT: &str = "";

-pub const DSN: Dsn = firezone_telemetry::TESTING;
+pub const DSN: Dsn = telemetry::TESTING;

 pub const MAX_PARTITION_TIME: Duration = Duration::ZERO;

--- a/rust/connlib/.gitignore
+++ b/rust/connlib/.gitignore
@@ -1,173 +0,0 @@
-### Android ###
-# Gradle files
-.gradle/
-build/
-
-# Local configuration file (sdk path, etc)
-local.properties
-
-# Log/OS Files
-*.log
-
-# Android Studio generated files and folders
-captures/
-.externalNativeBuild/
-.cxx/
-*.apk
-output.json
-
-# IntelliJ
-*.iml
-.idea/
-misc.xml
-deploymentTargetDropDown.xml
-render.experimental.xml
-
-# Keystore files
-*.jks
-*.keystore
-
-# Google Services (e.g. APIs or Firebase)
-google-services.json
-
-# Android Profiling
-*.hprof
-
-### Android Patch ###
-gen-external-apklibs
-
-# Replacement of .externalNativeBuild directories introduced
-# with Android Studio 3.5.
-
-### Kotlin ###
-# Compiled class file
-*.class
-
-# Log file
-
-# BlueJ files
-*.ctxt
-
-# Mobile Tools for Java (J2ME)
-.mtj.tmp/
-
-# Package Files #
-*.jar
-*.war
-*.nar
-*.ear
-*.zip
-*.tar.gz
-*.rar
-
-# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
-hs_err_pid*
-replay_pid*
-
-### AndroidStudio ###
-# Covers files to be ignored for android development using Android Studio.
-
-# Built application files
-*.ap_
-*.aab
-
-# Files for the ART/Dalvik VM
-*.dex
-
-# Java class files
-
-# Generated files
-bin/
-gen/
-out/
-
-# Gradle files
-.gradle
-
-# Signing files
-.signing/
-
-# Local configuration file (sdk path, etc)
-
-# Proguard folder generated by Eclipse
-proguard/
-
-# Log Files
-
-# Android Studio
-build/
-/*/local.properties
-out/
-production/
-.navigation/
-*.ipr
-*~
-*.swp
-
-# Keystore files
-
-# Google Services (e.g. APIs or Firebase)
-# google-services.json
-
-# Android Patch
-
-# External native build folder generated in Android Studio 2.2 and later
-.externalNativeBuild
-
-# NDK
-obj/
-
-# IntelliJ IDEA
-*.iws
-
-# User-specific configurations
-.idea/caches/
-.idea/libraries/
-.idea/shelf/
-.idea/workspace.xml
-.idea/tasks.xml
-.idea/.name
-.idea/compiler.xml
-.idea/copyright/profiles_settings.xml
-.idea/encodings.xml
-.idea/misc.xml
-.idea/modules.xml
-.idea/scopes/scope_settings.xml
-.idea/dictionaries
-.idea/vcs.xml
-.idea/jsLibraryMappings.xml
-.idea/datasources.xml
-.idea/dataSources.ids
-.idea/sqlDataSources.xml
-.idea/dynamic.xml
-.idea/uiDesigner.xml
-.idea/assetWizardSettings.xml
-.idea/gradle.xml
-.idea/jarRepositories.xml
-.idea/navEditor.xml
-
-## Plugin-specific files:
-
-# mpeltonen/sbt-idea plugin
-.idea_modules/
-
-# Crashlytics plugin (for Android Studio and IntelliJ)
-com_crashlytics_export_strings.xml
-crashlytics.properties
-crashlytics-build.properties
-fabric.properties
-
-### AndroidStudio Patch ###
-
-!clients/android/gradle/wrapper/gradle-wrapper.jar
-
-### JNI
-jniLibs/
-
-### Apple ###
-.build/
-DerivedData/
-xcuserdata/
-*.xcuserstate
-
-Firezone/Developer.xcconfig
--- a/rust/connlib/tunnel/benches/divan.rs
+++ b/rust/connlib/tunnel/benches/divan.rs
@@ -1,5 +0,0 @@
-extern crate firezone_tunnel; // Ensure benchmarks aren't optimised out.
-
-fn main() {
-    divan::main()
-}
--- a/rust/gateway/Cargo.toml
+++ b/rust/gateway/Cargo.toml
@@ -26,22 +26,20 @@ depends = 'iptables,systemd'
 [dependencies]
 anyhow = { workspace = true }
 backoff = { workspace = true }
+bin-shared = { workspace = true }
 boringtun = { workspace = true }
 chrono = { workspace = true }
 clap = { workspace = true }
 connlib-model = { workspace = true }
 dns-types = { workspace = true }
 either = { workspace = true }
-firezone-bin-shared = { workspace = true }
-firezone-logging = { workspace = true }
-firezone-telemetry = { workspace = true }
-firezone-tunnel = { workspace = true }
 futures = { workspace = true }
 futures-bounded = { workspace = true }
 hickory-resolver = { workspace = true }
 ip-packet = { workspace = true }
 ip_network = { workspace = true }
 libc = { workspace = true, features = ["std", "const-extern-fn", "extra_traits"] }
+logging = { workspace = true }
 moka = { workspace = true, features = ["future"] }
 opentelemetry = { workspace = true, features = ["metrics"] }
 opentelemetry-otlp = { workspace = true, features = ["metrics", "grpc-tonic"] }
@@ -55,11 +53,13 @@ serde = { workspace = true, features = ["std", "derive"] }
 snownet = { workspace = true }
 socket-factory = { workspace = true }
 static_assertions = { workspace = true }
+telemetry = { workspace = true }
 thiserror = { workspace = true }
 tokio = { workspace = true, features = ["sync", "macros", "fs", "signal", "rt"] }
 tracing = { workspace = true }
 tracing-subscriber = { workspace = true }
 tun = { workspace = true }
+tunnel = { workspace = true }
 url = { workspace = true }
 uuid = { workspace = true, features = ["v4"] }

--- a/rust/gateway/src/eventloop.rs
+++ b/rust/gateway/src/eventloop.rs
@@ -1,21 +1,11 @@
-use anyhow::{Context as _, ErrorExt, Result};
+use anyhow::{Context as _, ErrorExt as _, Result};
+use bin_shared::{TunDeviceManager, signals};
 use boringtun::x25519::PublicKey;
 #[cfg(not(target_os = "windows"))]
 use dns_lookup::{AddrInfoHints, AddrInfoIter, LookupError};
 use dns_types::DomainName;
-use firezone_bin_shared::{TunDeviceManager, signals};
-use firezone_telemetry::{Telemetry, analytics};
+use telemetry::{Telemetry, analytics};

-use firezone_tunnel::messages::gateway::{
-    AccessAuthorizationExpiryUpdated, AllowAccess, Authorization, ClientIceCandidates,
-    ClientsIceCandidates, ConnectionReady, EgressMessages, IngressMessages, InitGateway,
-    RejectAccess, RequestConnection,
-};
-use firezone_tunnel::messages::{ConnectionAccepted, GatewayResponse, RelaysPresence};
-use firezone_tunnel::{
-    DnsResourceNatEntry, GatewayEvent, GatewayTunnel, IPV4_TUNNEL, IPV6_TUNNEL, IpConfig,
-    ResolveDnsRequest, TunnelError,
-};
 use futures::{FutureExt as _, TryFutureExt};
 use hickory_resolver::TokioResolver;
 use phoenix_channel::{PhoenixChannel, PublicKeyParam};
@@ -29,6 +19,16 @@ use std::task::{Context, Poll};
 use std::time::{Duration, Instant};
 use std::{io, iter, mem};
 use tokio::sync::mpsc;
+use tunnel::messages::gateway::{
+    AccessAuthorizationExpiryUpdated, AllowAccess, Authorization, ClientIceCandidates,
+    ClientsIceCandidates, ConnectionReady, EgressMessages, IngressMessages, InitGateway,
+    RejectAccess, RequestConnection,
+};
+use tunnel::messages::{ConnectionAccepted, GatewayResponse, RelaysPresence};
+use tunnel::{
+    DnsResourceNatEntry, GatewayEvent, GatewayTunnel, IPV4_TUNNEL, IPV6_TUNNEL, IpConfig,
+    ResolveDnsRequest, TunnelError,
+};

 use crate::RELEASE;

@@ -240,9 +240,9 @@ impl Eventloop {
        Ok(())
    }

-    async fn handle_tunnel_event(&mut self, event: firezone_tunnel::GatewayEvent) -> Result<()> {
+    async fn handle_tunnel_event(&mut self, event: tunnel::GatewayEvent) -> Result<()> {
        match event {
-            firezone_tunnel::GatewayEvent::AddedIceCandidates {
+            tunnel::GatewayEvent::AddedIceCandidates {
                conn_id: client,
                candidates,
            } => {
@@ -255,7 +255,7 @@ impl Eventloop {
                    )))
                    .await?;
            }
-            firezone_tunnel::GatewayEvent::RemovedIceCandidates {
+            tunnel::GatewayEvent::RemovedIceCandidates {
                conn_id: client,
                candidates,
            } => {
@@ -268,7 +268,7 @@ impl Eventloop {
                    ))
                    .await?;
            }
-            firezone_tunnel::GatewayEvent::ResolveDns(setup_nat) => {
+            tunnel::GatewayEvent::ResolveDns(setup_nat) => {
                if self
                    .resolve_tasks
                    .try_push(
@@ -321,12 +321,12 @@ impl Eventloop {
                continue;
            }

-            if let Some(e) = e.any_downcast_ref::<firezone_tunnel::UnroutablePacket>() {
+            if let Some(e) = e.any_downcast_ref::<tunnel::UnroutablePacket>() {
                tracing::debug!(src = %e.source(), dst = %e.destination(), proto = %e.proto(), "{e:#}");
                continue;
            }

-            if e.any_is::<firezone_tunnel::UdpSocketThreadStopped>() {
+            if e.any_is::<tunnel::UdpSocketThreadStopped>() {
                return Err(e);
            }

@@ -434,7 +434,7 @@ impl Eventloop {
                connected,
            }) => tunnel.state_mut().update_relays(
                BTreeSet::from_iter(disconnected_ids),
-                firezone_tunnel::turn(&connected),
+                tunnel::turn(&connected),
                Instant::now(),
            ),
            IngressMessages::Init(InitGateway {
@@ -452,7 +452,7 @@ impl Eventloop {

                tunnel.state_mut().update_relays(
                    BTreeSet::default(),
-                    firezone_tunnel::turn(&relays),
+                    tunnel::turn(&relays),
                    Instant::now(),
                );
                tunnel.state_mut().update_tun_device(IpConfig {
@@ -644,7 +644,7 @@ impl Eventloop {
        &self,
        domain: DomainName,
    ) -> impl Future<Output = Result<Vec<IpAddr>, Arc<anyhow::Error>>> + use<> {
-        if firezone_telemetry::feature_flags::gateway_userspace_dns_a_aaaa_records() {
+        if telemetry::feature_flags::gateway_userspace_dns_a_aaaa_records() {
            let resolver = self.resolver.clone();

            async move {
--- a/rust/gateway/src/main.rs
+++ b/rust/gateway/src/main.rs
@@ -3,22 +3,22 @@
 use crate::eventloop::{Eventloop, PHOENIX_TOPIC};
 use anyhow::{Context, Result, bail};
 use backoff::ExponentialBackoffBuilder;
-use clap::Parser;
-use firezone_bin_shared::{
+use bin_shared::{
    TunDeviceManager, device_id, http_health_check,
    platform::{UdpSocketFactory, tcp_socket_factory},
 };
+use clap::Parser;

-use firezone_telemetry::{
-    MaybePushMetricsExporter, NoopPushMetricsExporter, Telemetry, feature_flags, otel,
-};
-use firezone_tunnel::GatewayTunnel;
 use hickory_resolver::config::ResolveHosts;
 use ip_packet::IpPacket;
 use opentelemetry_otlp::WithExportConfig;
 use opentelemetry_sdk::metrics::SdkMeterProvider;
 use phoenix_channel::LoginUrl;
 use phoenix_channel::get_user_agent;
+use telemetry::{
+    MaybePushMetricsExporter, NoopPushMetricsExporter, Telemetry, feature_flags, otel,
+};
+use tunnel::GatewayTunnel;

 use phoenix_channel::PhoenixChannel;
 use secrecy::{ExposeSecret, SecretBox, SecretString};
@@ -90,7 +90,7 @@ fn has_necessary_permissions() -> bool {
 }

 async fn try_main(cli: Cli, telemetry: &mut Telemetry) -> Result<()> {
-    firezone_logging::setup_global_subscriber(
+    logging::setup_global_subscriber(
        layer::Identity::default(),
        match cli.log_format {
            LogFormat::Json => true,
@@ -103,7 +103,7 @@ async fn try_main(cli: Cli, telemetry: &mut Telemetry) -> Result<()> {
        arch = std::env::consts::ARCH,
        os = std::env::consts::OS,
        version = env!("CARGO_PKG_VERSION"),
-        system_uptime = firezone_bin_shared::uptime::get().map(tracing::field::debug),
+        system_uptime = bin_shared::uptime::get().map(tracing::field::debug),
        "`gateway` started logging"
    );

@@ -138,7 +138,7 @@ async fn try_main(cli: Cli, telemetry: &mut Telemetry) -> Result<()> {
            .start(
                cli.api_url.as_str(),
                RELEASE,
-                firezone_telemetry::GATEWAY_DSN,
+                telemetry::GATEWAY_DSN,
                firezone_id.clone(),
            )
            .await;
--- a/rust/gui-client/src-tauri/Cargo.toml
+++ b/rust/gui-client/src-tauri/Cargo.toml
@@ -23,19 +23,18 @@ anyhow = { workspace = true }
 arboard = { workspace = true }
 atomicwrites = { workspace = true }
 backoff = { workspace = true }
+bin-shared = { workspace = true }
 chrono = { workspace = true }
 clap = { workspace = true, features = ["derive", "env"] }
 client-shared = { workspace = true }
 connlib-model = { workspace = true }
 derive_more = { workspace = true, features = ["debug"] }
-firezone-bin-shared = { workspace = true }
-firezone-logging = { workspace = true }
-firezone-telemetry = { workspace = true }
 futures = { workspace = true }
 hex = { workspace = true }
 humantime = { workspace = true }
 ip-packet = { workspace = true }
 keyring = { workspace = true, features = ["crypto-rust", "sync-secret-service", "windows-native"] }
+logging = { workspace = true }
 native-dialog = { workspace = true }
 output_vt100 = { workspace = true }
 phoenix-channel = { workspace = true }
@@ -61,6 +60,7 @@ tauri-plugin-shell = { workspace = true }
 tauri-runtime = { workspace = true }
 tauri-specta = { workspace = true }
 tauri-utils = { workspace = true }
+telemetry = { workspace = true }
 thiserror = { workspace = true }
 tokio = { workspace = true, features = ["signal", "time", "macros", "rt", "rt-multi-thread"] }
 tokio-stream = { workspace = true }
--- a/rust/gui-client/src-tauri/src/auth.rs
+++ b/rust/gui-client/src-tauri/src/auth.rs
@@ -1,8 +1,8 @@
 //! Fulfills <https://github.com/firezone/firezone/issues/2823>

 use anyhow::{Context, Result};
-use firezone_bin_shared::known_dirs;
-use firezone_logging::err_with_src;
+use bin_shared::known_dirs;
+use logging::err_with_src;
 use rand::{RngCore, thread_rng};
 use secrecy::{ExposeSecret, SecretString};
 use serde::{Deserialize, Serialize};
--- a/rust/gui-client/src-tauri/src/bin/firezone-client-tunnel.rs
+++ b/rust/gui-client/src-tauri/src/bin/firezone-client-tunnel.rs
@@ -1,8 +1,8 @@
 #![cfg_attr(test, allow(clippy::unwrap_used))]

 use anyhow::anyhow;
+use bin_shared::{DnsControlMethod, TOKEN_ENV_KEY};
 use clap::Parser as _;
-use firezone_bin_shared::{DnsControlMethod, TOKEN_ENV_KEY};
 use firezone_gui_client::service;
 use std::path::PathBuf;

--- a/rust/gui-client/src-tauri/src/bin/firezone-gui-client.rs
+++ b/rust/gui-client/src-tauri/src/bin/firezone-gui-client.rs
@@ -10,15 +10,15 @@ use anyhow::{Context as _, ErrorExt, Result, bail};
 use clap::{Args, Parser};
 use controller::Failure;
 use firezone_gui_client::{controller, deep_link, elevation, gui, logging, settings};
-use firezone_telemetry::Telemetry;
 use settings::AdvancedSettingsLegacy;
+use telemetry::Telemetry;
 use tokio::runtime::Runtime;
 use tracing::subscriber::DefaultGuard;
 use tracing_subscriber::EnvFilter;

 fn main() -> ExitCode {
    let mut bootstrap_log_guard =
-        Some(firezone_logging::setup_bootstrap().expect("Failed to setup bootstrap logger"));
+        Some(logging::setup_bootstrap().expect("Failed to setup bootstrap logger"));

    let cli = Cli::parse();

@@ -79,13 +79,13 @@ fn try_main(

    // Get the device ID before starting Tokio, so that all the worker threads will inherit the correct scope.
    // Technically this means we can fail to get the device ID on a newly-installed system, since the Tunnel service may not have fully started up when the GUI process reaches this point, but in practice it's unlikely.
-    let id = firezone_bin_shared::device_id::get_client().context("Failed to get device ID")?;
+    let id = bin_shared::device_id::get_client().context("Failed to get device ID")?;

    if cli.is_telemetry_allowed() {
        rt.block_on(telemetry.start(
            &api_url,
            firezone_gui_client::RELEASE,
-            firezone_telemetry::GUI_DSN,
+            telemetry::GUI_DSN,
            id.id,
        ));
    }
--- a/rust/gui-client/src-tauri/src/controller.rs
+++ b/rust/gui-client/src-tauri/src/controller.rs
@@ -10,14 +10,14 @@ use crate::{
 };
 use anyhow::{Context, ErrorExt as _, Result, anyhow, bail};
 use connlib_model::ResourceView;
-use firezone_logging::FilterReloadHandle;
-use firezone_telemetry::Telemetry;
 use futures::{
    SinkExt, StreamExt,
    stream::{self, BoxStream},
 };
+use logging::FilterReloadHandle;
 use secrecy::{ExposeSecret as _, SecretString};
 use std::{ops::ControlFlow, path::PathBuf, task::Poll, time::Duration};
+use telemetry::Telemetry;
 use tokio::sync::{mpsc, oneshot};
 use tokio_stream::wrappers::ReceiverStream;
 use url::Url;
--- a/rust/gui-client/src-tauri/src/controller/ran_before.rs
+++ b/rust/gui-client/src-tauri/src/controller/ran_before.rs
@@ -25,7 +25,6 @@ pub(crate) async fn set() -> Result<()> {
 }

 fn path() -> Result<PathBuf> {
-    let session_dir =
-        firezone_bin_shared::known_dirs::session().context("Couldn't find session dir")?;
+    let session_dir = bin_shared::known_dirs::session().context("Couldn't find session dir")?;
    Ok(session_dir.join("ran_before.txt"))
 }
--- a/rust/gui-client/src-tauri/src/deep_link/windows.rs
+++ b/rust/gui-client/src-tauri/src/deep_link/windows.rs
@@ -3,7 +3,7 @@

 use super::FZ_SCHEME;
 use anyhow::{Context, Result};
-use firezone_bin_shared::BUNDLE_ID;
+use bin_shared::BUNDLE_ID;
 use std::{
    io,
    path::{Path, PathBuf},
--- a/rust/gui-client/src-tauri/src/gui.rs
+++ b/rust/gui-client/src-tauri/src/gui.rs
@@ -19,8 +19,8 @@ use crate::{
    },
 };
 use anyhow::{Context, Result, bail};
-use firezone_logging::err_with_src;
 use futures::SinkExt as _;
+use logging::err_with_src;
 use std::time::Duration;
 use tauri::Manager;
 use tauri_specta::Event;
@@ -240,7 +240,7 @@ pub fn run(
    config: RunConfig,
    mdm_settings: MdmSettings,
    advanced_settings: AdvancedSettingsLegacy,
-    reloader: firezone_logging::FilterReloadHandle,
+    reloader: logging::FilterReloadHandle,
 ) -> Result<()> {
    tauri::async_runtime::set(rt.handle().clone());

@@ -333,7 +333,7 @@ pub fn run(
        }

        assert_eq!(
-            firezone_bin_shared::BUNDLE_ID,
+            bin_shared::BUNDLE_ID,
            app_handle.config().identifier,
            "BUNDLE_ID should match bundle ID in tauri.conf.json"
        );
--- a/rust/gui-client/src-tauri/src/gui/os_windows.rs
+++ b/rust/gui-client/src-tauri/src/gui/os_windows.rs
@@ -1,7 +1,7 @@
 use super::{ControllerRequest, CtlrTx};
 use anyhow::{Context, Result};
-use firezone_bin_shared::BUNDLE_ID;
-use firezone_logging::err_with_src;
+use bin_shared::BUNDLE_ID;
+use logging::err_with_src;
 use std::env;
 use tauri::AppHandle;
 use winreg::RegKey;
--- a/rust/gui-client/src-tauri/src/gui/system_tray.rs
+++ b/rust/gui-client/src-tauri/src/gui/system_tray.rs
@@ -134,7 +134,7 @@ impl Tray {
            tracing::debug!("Skipping redundant menu update");
        } else {
            self.run_on_main_thread(move || {
-                firezone_logging::unwrap_or_debug!(
+                logging::unwrap_or_debug!(
                    update(handle, &app, &menu),
                    "Error while updating tray menu: {}"
                );
@@ -162,7 +162,7 @@ impl Tray {
                .set_icon(Some(icon_to_tauri_icon(&icon)))
                .context("Failed to set tray icon");

-            firezone_logging::unwrap_or_debug!(result, "{}");
+            logging::unwrap_or_debug!(result, "{}");
        });
    }

@@ -172,7 +172,7 @@ impl Tray {
            .run_on_main_thread(f)
            .context("Failed to run closure on main thread");

-        firezone_logging::unwrap_or_debug!(result, "{}");
+        logging::unwrap_or_debug!(result, "{}");
    }
 }

--- a/rust/gui-client/src-tauri/src/ipc.rs
+++ b/rust/gui-client/src-tauri/src/ipc.rs
@@ -203,7 +203,7 @@ mod tests {

    #[tokio::test]
    async fn no_such_service() -> Result<()> {
-        let _guard = firezone_logging::test("trace");
+        let _guard = logging::test("trace");
        const ID: SocketId = SocketId::Test("H56FRXVH");

        if super::connect::<(), ()>(ID, super::ConnectOptions::default())
@@ -228,7 +228,7 @@ mod tests {
    /// Make sure the IPC client and server can exchange messages
    #[tokio::test]
    async fn smoke() -> Result<()> {
-        let _guard = firezone_logging::test("trace");
+        let _guard = logging::test("trace");
        let loops = 10;
        const ID: SocketId = SocketId::Test("OB5SZCGN");

@@ -309,7 +309,7 @@ mod tests {
    /// this test will fail.
    #[tokio::test]
    async fn loop_to_next_client() -> Result<()> {
-        let _guard = firezone_logging::test("trace");
+        let _guard = logging::test("trace");

        let mut server = Server::new(SocketId::Test("H6L73DG5"))?;
        for i in 0..5 {
--- a/rust/gui-client/src-tauri/src/ipc/linux.rs
+++ b/rust/gui-client/src-tauri/src/ipc/linux.rs
@@ -1,6 +1,6 @@
 use super::{NotFound, SocketId};
 use anyhow::{Context as _, Result};
-use firezone_bin_shared::BUNDLE_ID;
+use bin_shared::BUNDLE_ID;
 use std::{io::ErrorKind, os::unix::fs::PermissionsExt, path::PathBuf};
 use tokio::net::{UnixListener, UnixStream};

@@ -100,11 +100,11 @@ impl Server {
 fn ipc_path(id: SocketId) -> PathBuf {
    match id {
        SocketId::Tunnel => PathBuf::from("/run").join(BUNDLE_ID).join("tunnel.sock"),
-        SocketId::Gui => firezone_bin_shared::known_dirs::runtime()
+        SocketId::Gui => bin_shared::known_dirs::runtime()
            .expect("`known_dirs::runtime()` should always work")
            .join("gui.sock"),
        #[cfg(test)]
-        SocketId::Test(id) => firezone_bin_shared::known_dirs::runtime()
+        SocketId::Test(id) => bin_shared::known_dirs::runtime()
            .expect("`known_dirs::runtime()` should always work")
            .join(format!("ipc_test_{id}.sock")),
    }
--- a/rust/gui-client/src-tauri/src/ipc/windows.rs
+++ b/rust/gui-client/src-tauri/src/ipc/windows.rs
@@ -1,6 +1,6 @@
 use super::{NotFound, SocketId};
 use anyhow::{Context as _, Result, bail};
-use firezone_bin_shared::BUNDLE_ID;
+use bin_shared::BUNDLE_ID;
 use std::{ffi::c_void, io::ErrorKind, os::windows::io::AsRawHandle, time::Duration};
 use tokio::net::windows::named_pipe;
 use windows::Win32::{
@@ -192,7 +192,7 @@ mod tests {

    #[tokio::test]
    async fn single_instance() -> anyhow::Result<()> {
-        let _guard = firezone_logging::test("trace");
+        let _guard = logging::test("trace");
        const ID: SocketId = SocketId::Test("2GOCMPBG");
        let mut server_1 = Server::new(ID)?;
        let pipe_path = server_1.pipe_path.clone();
--- a/rust/gui-client/src-tauri/src/logging.rs
+++ b/rust/gui-client/src-tauri/src/logging.rs
@@ -1,8 +1,9 @@
 //! Everything for logging to files, zipping up the files for export, and counting the files

+pub use ::logging::*;
+
 use anyhow::{Context as _, Result, bail};
-use firezone_bin_shared::known_dirs;
-use firezone_logging::FilterReloadHandle;
+use bin_shared::known_dirs;
 use serde::Serialize;
 use std::{
    fs,
@@ -16,8 +17,8 @@ use tracing_subscriber::{EnvFilter, Layer, Registry, layer::SubscriberExt};
 /// resulting in empty log files.
 #[must_use]
 pub struct Handles {
-    pub logger: firezone_logging::file::Handle,
-    pub reloader: firezone_logging::FilterReloadHandle,
+    pub logger: logging::file::Handle,
+    pub reloader: FilterReloadHandle,
 }

 struct LogPath {
@@ -58,34 +59,34 @@ pub fn setup_gui(directives: &str) -> Result<Handles> {

    // Logfilter for stdout cannot be reloaded. This is okay because we are using it only for local dev and debugging anyway.
    // Having multiple reload handles makes their type-signature quite complex so we don't bother with that.
-    let (stdout_filter, stdout_reloader) = firezone_logging::try_filter(directives)?;
+    let (stdout_filter, stdout_reloader) = logging::try_filter(directives)?;
    let stdout_layer = tracing_subscriber::fmt::layer()
-        .with_ansi(firezone_logging::stdout_supports_ansi())
-        .event_format(firezone_logging::Format::new());
+        .with_ansi(logging::stdout_supports_ansi())
+        .event_format(logging::Format::new());

-    let (system_filter, system_reloader) = firezone_logging::try_filter(directives)?;
+    let (system_filter, system_reloader) = logging::try_filter(directives)?;
    let system_layer = system_layer().context("Failed to init system logger")?;
    #[cfg(target_os = "linux")]
    let syslog_identifier = Some(system_layer.syslog_identifier().to_owned());
    #[cfg(not(target_os = "linux"))]
    let syslog_identifier = Option::<String>::None;

-    let (file_layer, logger) = firezone_logging::file::layer(&log_path, "gui-client");
-    let (file_filter, file_reloader) = firezone_logging::try_filter(directives)?;
+    let (file_layer, logger) = logging::file::layer(&log_path, "gui-client");
+    let (file_filter, file_reloader) = logging::try_filter(directives)?;

    let subscriber = Registry::default()
        .with(file_layer.with_filter(file_filter))
        .with(stdout_layer.with_filter(stdout_filter))
        .with(system_layer.with_filter(system_filter))
-        .with(firezone_logging::sentry_layer());
-    firezone_logging::init(subscriber)?;
+        .with(logging::sentry_layer());
+    logging::init(subscriber)?;

    tracing::info!(
        arch = std::env::consts::ARCH,
        os = std::env::consts::OS,
        version = env!("CARGO_PKG_VERSION"),
        %directives,
-        system_uptime = firezone_bin_shared::uptime::get().map(tracing::field::debug),
+        system_uptime = bin_shared::uptime::get().map(tracing::field::debug),
        log_path = %log_path.display(),
        syslog_identifier = syslog_identifier.map(tracing::field::display),
        "`gui-client` started logging"
@@ -103,10 +104,7 @@ pub fn setup_gui(directives: &str) -> Result<Handles> {
 /// and flushes the log file.
 pub fn setup_tunnel(
    log_path: Option<PathBuf>,
-) -> Result<(
-    firezone_logging::file::Handle,
-    firezone_logging::FilterReloadHandle,
-)> {
+) -> Result<(logging::file::Handle, logging::FilterReloadHandle)> {
    // If `log_dir` is Some, use that. Else call `tunnel_service_logs`
    let log_path = log_path.map_or_else(
        || {
@@ -120,27 +118,27 @@ pub fn setup_tunnel(

    let directives = get_log_filter().context("Couldn't read log filter")?;

-    let (file_filter, file_reloader) = firezone_logging::try_filter(&directives)?;
-    let (stdout_filter, stdout_reloader) = firezone_logging::try_filter(&directives)?;
+    let (file_filter, file_reloader) = logging::try_filter(&directives)?;
+    let (stdout_filter, stdout_reloader) = logging::try_filter(&directives)?;

-    let (file_layer, file_handle) = firezone_logging::file::layer(&log_path, "tunnel-service");
+    let (file_layer, file_handle) = logging::file::layer(&log_path, "tunnel-service");

    let stdout_layer = tracing_subscriber::fmt::layer()
-        .with_ansi(firezone_logging::stdout_supports_ansi())
-        .event_format(firezone_logging::Format::new().without_timestamp());
+        .with_ansi(logging::stdout_supports_ansi())
+        .event_format(logging::Format::new().without_timestamp());

    let subscriber = Registry::default()
        .with(file_layer.with_filter(file_filter))
        .with(stdout_layer.with_filter(stdout_filter))
-        .with(firezone_logging::sentry_layer());
-    firezone_logging::init(subscriber)?;
+        .with(logging::sentry_layer());
+    logging::init(subscriber)?;

    tracing::info!(
        arch = std::env::consts::ARCH,
        os = std::env::consts::OS,
        version = env!("CARGO_PKG_VERSION"),
        ?directives,
-        system_uptime = firezone_bin_shared::uptime::get().map(tracing::field::debug),
+        system_uptime = bin_shared::uptime::get().map(tracing::field::debug),
        log_path = %log_path.display(),
        "`tunnel service` started logging"
    );
@@ -151,12 +149,12 @@ pub fn setup_tunnel(
 /// Sets up logging for stdout only, with INFO level by default
 pub fn setup_stdout() -> Result<FilterReloadHandle> {
    let directives = get_log_filter().context("Can't read log filter")?;
-    let (filter, reloader) = firezone_logging::try_filter(&directives)?;
+    let (filter, reloader) = logging::try_filter(&directives)?;
    let layer = tracing_subscriber::fmt::layer()
-        .event_format(firezone_logging::Format::new())
+        .event_format(logging::Format::new())
        .with_filter(filter);
    let subscriber = Registry::default().with(layer);
-    firezone_logging::init(subscriber)?;
+    logging::init(subscriber)?;

    Ok(reloader)
 }
@@ -181,9 +179,8 @@ pub(crate) fn get_log_filter() -> Result<String> {
        return Ok(filter);
    }

-    if let Ok(filter) =
-        std::fs::read_to_string(firezone_bin_shared::known_dirs::tunnel_log_filter()?)
-            .map(|s| s.trim().to_string())
+    if let Ok(filter) = std::fs::read_to_string(bin_shared::known_dirs::tunnel_log_filter()?)
+        .map(|s| s.trim().to_string())
    {
        return Ok(filter);
    }
--- a/rust/gui-client/src-tauri/src/service.rs
+++ b/rust/gui-client/src-tauri/src/service.rs
@@ -5,22 +5,21 @@ use crate::{
 use anyhow::{Context as _, ErrorExt as _, Result, bail};
 use atomicwrites::{AtomicFile, OverwriteBehavior};
 use backoff::ExponentialBackoffBuilder;
-use connlib_model::ResourceView;
-use firezone_bin_shared::{
+use bin_shared::{
    DnsControlMethod, DnsController, TunDeviceManager,
    device_id::{self, DeviceId},
    device_info, known_dirs,
    platform::{UdpSocketFactory, tcp_socket_factory},
    signals,
 };
-use firezone_logging::{FilterReloadHandle, err_with_src};
-use firezone_telemetry::{Telemetry, analytics};
+use connlib_model::ResourceView;
 use futures::{
    Future as _, SinkExt as _, Stream, StreamExt,
    future::poll_fn,
    stream::{self, BoxStream},
    task::{Context, Poll},
 };
+use logging::{FilterReloadHandle, err_with_src};
 use phoenix_channel::{DeviceInfo, LoginUrl, PhoenixChannel, get_user_agent};
 use secrecy::{ExposeSecret, SecretBox, SecretString};
 use std::{
@@ -30,6 +29,7 @@ use std::{
    sync::Arc,
    time::Duration,
 };
+use telemetry::{Telemetry, analytics};
 use tokio::time::Instant;
 use url::Url;

@@ -607,7 +607,7 @@ impl<'a> Handler<'a> {
                        .start(
                            &environment,
                            &release,
-                            firezone_telemetry::GUI_DSN,
+                            telemetry::GUI_DSN,
                            self.device_id.id.clone(),
                        )
                        .await;
@@ -705,7 +705,7 @@ pub fn run_debug(dns_control: DnsControlMethod) -> Result<()> {
    tracing::info!(
        arch = std::env::consts::ARCH,
        version = env!("CARGO_PKG_VERSION"),
-        system_uptime_seconds = firezone_bin_shared::uptime::get().map(|dur| dur.as_secs()),
+        system_uptime_seconds = bin_shared::uptime::get().map(|dur| dur.as_secs()),
    );
    if !elevation_check()? {
        bail!("Tunnel service failed its elevation check, try running as admin / root");
@@ -726,7 +726,7 @@ pub fn run_debug(dns_control: DnsControlMethod) -> Result<()> {
 pub fn run_smoke_test() -> Result<()> {
    use crate::ipc::{self, SocketId};
    use anyhow::{Context as _, bail};
-    use firezone_bin_shared::{DnsController, device_id};
+    use bin_shared::{DnsController, device_id};

    let log_filter_reloader = logging::setup_stdout()?;
    if !elevation_check()? {
@@ -768,7 +768,7 @@ pub fn run_smoke_test() -> Result<()> {
 }

 async fn new_dns_notifier() -> Result<impl Stream<Item = Result<()>>> {
-    let worker = firezone_bin_shared::new_dns_notifier(
+    let worker = bin_shared::new_dns_notifier(
        tokio::runtime::Handle::current(),
        DnsControlMethod::default(),
    )
@@ -782,7 +782,7 @@ async fn new_dns_notifier() -> Result<impl Stream<Item = Result<()>>> {
 }

 async fn new_network_notifier() -> Result<impl Stream<Item = Result<()>>> {
-    let worker = firezone_bin_shared::new_network_notifier(
+    let worker = bin_shared::new_network_notifier(
        tokio::runtime::Handle::current(),
        DnsControlMethod::default(),
    )
--- a/rust/gui-client/src-tauri/src/service/linux.rs
+++ b/rust/gui-client/src-tauri/src/service/linux.rs
@@ -1,7 +1,7 @@
 use std::{path::PathBuf, time::Duration};

 use anyhow::{Result, bail};
-use firezone_bin_shared::{DnsControlMethod, signals};
+use bin_shared::{DnsControlMethod, signals};

 /// Cross-platform entry point for systemd / Windows services
 ///
--- a/rust/gui-client/src-tauri/src/service/macos.rs
+++ b/rust/gui-client/src-tauri/src/service/macos.rs
@@ -1,5 +1,5 @@
 use anyhow::{Result, bail};
-use firezone_bin_shared::DnsControlMethod;
+use bin_shared::DnsControlMethod;
 use std::path::PathBuf;

 pub fn run(log_dir: Option<PathBuf>, _dns_control: DnsControlMethod) -> Result<()> {
--- a/rust/gui-client/src-tauri/src/service/windows.rs
+++ b/rust/gui-client/src-tauri/src/service/windows.rs
@@ -1,5 +1,5 @@
 use anyhow::{Context as _, Result};
-use firezone_bin_shared::DnsControlMethod;
+use bin_shared::DnsControlMethod;
 use futures::channel::mpsc;
 use std::path::PathBuf;
 use std::{
@@ -277,7 +277,7 @@ fn run_service(arguments: Vec<OsString>) {
        process_id: None,
    });

-    let mut signals = firezone_bin_shared::signals::Terminate::from_channel(shutdown_rx);
+    let mut signals = bin_shared::signals::Terminate::from_channel(shutdown_rx);

    let result = rt
        .block_on(super::ipc_listen(
--- a/rust/gui-client/src-tauri/src/settings.rs
+++ b/rust/gui-client/src-tauri/src/settings.rs
@@ -2,8 +2,8 @@
 //! advanced settings and code for manipulating diagnostic logs.

 use anyhow::{Context as _, Result};
+use bin_shared::known_dirs;
 use connlib_model::ResourceId;
-use firezone_bin_shared::known_dirs;
 use serde::de::DeserializeOwned;
 use serde::{Deserialize, Serialize};
 use std::{collections::HashSet, path::PathBuf};
--- a/rust/gui-client/src-tauri/src/updates.rs
+++ b/rust/gui-client/src-tauri/src/updates.rs
@@ -205,7 +205,7 @@ impl Checker {
 }

 fn version_file_path() -> Result<PathBuf> {
-    Ok(firezone_bin_shared::known_dirs::session()
+    Ok(bin_shared::known_dirs::session()
        .context("Couldn't find session dir")?
        .join("latest_version_seen.txt"))
 }
--- a/rust/gui-client/src-tauri/src/view.rs
+++ b/rust/gui-client/src-tauri/src/view.rs
@@ -1,7 +1,7 @@
 use std::{path::PathBuf, time::Duration};

 use anyhow::Context as _;
-use firezone_logging::err_with_src;
+use logging::err_with_src;
 use serde::Serialize;
 use tauri_plugin_dialog::DialogExt as _;

--- a/rust/headless-client/Cargo.toml
+++ b/rust/headless-client/Cargo.toml
@@ -10,16 +10,15 @@ license = { workspace = true }
 [dependencies]
 anyhow = { workspace = true }
 backoff = { workspace = true }
+bin-shared = { workspace = true }
 clap = { workspace = true, features = ["derive", "env", "string"] }
 client-shared = { workspace = true }
 connlib-model = { workspace = true }
 dns-types = { workspace = true }
-firezone-bin-shared = { workspace = true }
-firezone-logging = { workspace = true }
-firezone-telemetry = { workspace = true }
 futures = { workspace = true }
 humantime = { workspace = true }
 ip-packet = { workspace = true }
+logging = { workspace = true }
 opentelemetry = { workspace = true, features = ["metrics"] }
 opentelemetry-otlp = { workspace = true, features = ["metrics", "grpc-tonic"] }
 opentelemetry-stdout = { workspace = true, features = ["metrics"] }
@@ -28,6 +27,7 @@ phoenix-channel = { workspace = true }
 rustls = { workspace = true }
 secrecy = { workspace = true }
 socket-factory = { workspace = true }
+telemetry = { workspace = true }
 # This actually relies on many other features in Tokio, so this will probably
 # fail to build outside the workspace. <https://github.com/firezone/firezone/pull/4328#discussion_r1540342142>
 tokio = { workspace = true, features = ["macros", "signal", "process", "time", "fs", "rt"] }
--- a/rust/headless-client/src/linux.rs
+++ b/rust/headless-client/src/linux.rs
@@ -2,7 +2,7 @@

 use super::TOKEN_ENV_KEY;
 use anyhow::{Result, bail};
-use firezone_bin_shared::BUNDLE_ID;
+use bin_shared::BUNDLE_ID;
 use nix::fcntl::AT_FDCWD;
 use std::path::{Path, PathBuf};

--- a/rust/headless-client/src/main.rs
+++ b/rust/headless-client/src/main.rs
@@ -4,16 +4,13 @@

 use anyhow::{Context as _, Result, anyhow};
 use backoff::ExponentialBackoffBuilder;
-use clap::Parser;
-use firezone_bin_shared::{
+use bin_shared::{
    DnsControlMethod, DnsController, TOKEN_ENV_KEY, TunDeviceManager, device_id, device_info,
    new_dns_notifier, new_network_notifier,
    platform::{UdpSocketFactory, tcp_socket_factory},
    signals,
 };
-use firezone_telemetry::{
-    MaybePushMetricsExporter, NoopPushMetricsExporter, Telemetry, analytics, feature_flags, otel,
-};
+use clap::Parser;
 use opentelemetry_otlp::WithExportConfig as _;
 use opentelemetry_sdk::metrics::SdkMeterProvider;
 use phoenix_channel::PhoenixChannel;
@@ -25,6 +22,9 @@ use std::{
    sync::Arc,
    time::Duration,
 };
+use telemetry::{
+    MaybePushMetricsExporter, NoopPushMetricsExporter, Telemetry, analytics, feature_flags, otel,
+};
 use tokio::time::Instant;

 #[cfg(target_os = "linux")]
@@ -213,9 +213,9 @@ fn try_main() -> Result<()> {
    let (layer, _handle) = cli
        .log_dir
        .as_deref()
-        .map(|dir| firezone_logging::file::layer(dir, "firezone-headless-client"))
+        .map(|dir| logging::file::layer(dir, "firezone-headless-client"))
        .unzip();
-    firezone_logging::setup_global_subscriber(layer, false).context("Failed to set up logging")?;
+    logging::setup_global_subscriber(layer, false).context("Failed to set up logging")?;

    // Deactivate DNS control before starting telemetry or connecting to the portal,
    // in case a previous run of Firezone left DNS control on and messed anything up.
@@ -255,7 +255,7 @@ fn try_main() -> Result<()> {
        rt.block_on(telemetry.start(
            cli.api_url.as_ref(),
            RELEASE,
-            firezone_telemetry::HEADLESS_DSN,
+            telemetry::HEADLESS_DSN,
            firezone_id.clone(),
        ));

--- a/rust/headless-client/src/windows.rs
+++ b/rust/headless-client/src/windows.rs
@@ -5,7 +5,7 @@
 //! We must tell Windows explicitly when our service is stopping.

 use anyhow::Result;
-use firezone_bin_shared::BUNDLE_ID;
+use bin_shared::BUNDLE_ID;
 use known_folders::{KnownFolder, get_known_folder_path};
 use std::path::{Path, PathBuf};

--- a/rust/libs/anyhow-ext/Cargo.toml
+++ b/rust/libs/anyhow-ext/Cargo.toml
--- a/rust/libs/anyhow-ext/lib.rs
+++ b/rust/libs/anyhow-ext/lib.rs
--- a/rust/libs/bin-shared/Cargo.toml
+++ b/rust/libs/bin-shared/Cargo.toml
@@ -1,5 +1,5 @@
 [package]
-name = "firezone-bin-shared"
+name = "bin-shared"
 version = "0.1.0"
 edition = { workspace = true }
 description = "Firezone-specific modules shared between binaries."
@@ -12,19 +12,19 @@ atomicwrites = { workspace = true }
 axum = { workspace = true, features = ["http1", "tokio"] }
 clap = { workspace = true, features = ["derive", "env"] }
 dns-types = { workspace = true }
-firezone-logging = { workspace = true }
-firezone-telemetry = { workspace = true }
 futures = { workspace = true, features = ["std", "async-await"] }
 gat-lending-iterator = { workspace = true }
 hex = { workspace = true }
 hex-literal = { workspace = true }
 ip-packet = { workspace = true }
 ip_network = { workspace = true, features = ["serde"] }
+logging = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 sha2 = { workspace = true }
 smbios-lib = { workspace = true }
 socket-factory = { workspace = true }
+telemetry = { workspace = true }
 thiserror = { workspace = true }
 tokio = { workspace = true, features = ["io-util", "net", "rt", "sync", "process", "signal"] }
 tracing = { workspace = true }
--- a/rust/libs/bin-shared/src/device_id.rs
+++ b/rust/libs/bin-shared/src/device_id.rs
@@ -245,7 +245,7 @@ mod tests {
    #[test]
    #[cfg(target_os = "linux")]
    fn compute_device_id_hardware_id() {
-        let _guard = firezone_logging::test("debug");
+        let _guard = logging::test("debug");

        let id = compute_from_hardware_id(CLIENT_APP_ID).unwrap();

--- a/rust/libs/bin-shared/src/device_info.rs
+++ b/rust/libs/bin-shared/src/device_info.rs
--- a/rust/libs/bin-shared/src/dns_control.rs
+++ b/rust/libs/bin-shared/src/dns_control.rs
--- a/rust/libs/bin-shared/src/dns_control/linux.rs
+++ b/rust/libs/bin-shared/src/dns_control/linux.rs
--- a/rust/libs/bin-shared/src/dns_control/linux/etc_resolv_conf.rs
+++ b/rust/libs/bin-shared/src/dns_control/linux/etc_resolv_conf.rs
--- a/rust/libs/bin-shared/src/dns_control/macos.rs
+++ b/rust/libs/bin-shared/src/dns_control/macos.rs
--- a/rust/libs/bin-shared/src/dns_control/windows.rs
+++ b/rust/libs/bin-shared/src/dns_control/windows.rs
--- a/rust/libs/bin-shared/src/http_health_check.rs
+++ b/rust/libs/bin-shared/src/http_health_check.rs
--- a/rust/libs/bin-shared/src/known_dirs.rs
+++ b/rust/libs/bin-shared/src/known_dirs.rs
--- a/rust/libs/bin-shared/src/known_dirs/linux.rs
+++ b/rust/libs/bin-shared/src/known_dirs/linux.rs
--- a/rust/libs/bin-shared/src/known_dirs/macos.rs
+++ b/rust/libs/bin-shared/src/known_dirs/macos.rs
--- a/rust/libs/bin-shared/src/known_dirs/windows.rs
+++ b/rust/libs/bin-shared/src/known_dirs/windows.rs
--- a/rust/libs/bin-shared/src/lib.rs
+++ b/rust/libs/bin-shared/src/lib.rs
--- a/rust/libs/bin-shared/src/linux.rs
+++ b/rust/libs/bin-shared/src/linux.rs
--- a/rust/libs/bin-shared/src/macos.rs
+++ b/rust/libs/bin-shared/src/macos.rs
--- a/rust/libs/bin-shared/src/network_changes.rs
+++ b/rust/libs/bin-shared/src/network_changes.rs
--- a/rust/libs/bin-shared/src/network_changes/linux.rs
+++ b/rust/libs/bin-shared/src/network_changes/linux.rs
--- a/rust/libs/bin-shared/src/network_changes/macos.rs
+++ b/rust/libs/bin-shared/src/network_changes/macos.rs
--- a/rust/libs/bin-shared/src/network_changes/windows.rs
+++ b/rust/libs/bin-shared/src/network_changes/windows.rs
--- a/rust/libs/bin-shared/src/signals.rs
+++ b/rust/libs/bin-shared/src/signals.rs
--- a/rust/libs/bin-shared/src/signals/linux.rs
+++ b/rust/libs/bin-shared/src/signals/linux.rs
--- a/rust/libs/bin-shared/src/signals/macos.rs
+++ b/rust/libs/bin-shared/src/signals/macos.rs
--- a/rust/libs/bin-shared/src/signals/windows.rs
+++ b/rust/libs/bin-shared/src/signals/windows.rs
--- a/rust/libs/bin-shared/src/tun_device_manager.rs
+++ b/rust/libs/bin-shared/src/tun_device_manager.rs
@@ -1,4 +1,4 @@
-//! DNS and route control  for the virtual network interface in `firezone-tunnel`
+//! DNS and route control  for the virtual network interface in `tunnel`

 #[cfg(target_os = "linux")]
 pub mod linux;
--- a/rust/libs/bin-shared/src/tun_device_manager/linux.rs
+++ b/rust/libs/bin-shared/src/tun_device_manager/linux.rs
@@ -2,8 +2,6 @@

 use crate::FIREZONE_MARK;
 use anyhow::{Context as _, Result};
-use firezone_logging::{DisplayBTreeSet, err_with_src};
-use firezone_telemetry::otel;
 use futures::{
    SinkExt, StreamExt, TryStreamExt,
    future::{self, Either},
@@ -14,6 +12,7 @@ use libc::{
    EEXIST, ENOENT, ESRCH, F_GETFL, F_SETFL, O_NONBLOCK, O_RDWR, S_IFCHR, fcntl, makedev, mknod,
    open,
 };
+use logging::{DisplayBTreeSet, err_with_src};
 use netlink_packet_route::link::{LinkAttribute, State};
 use netlink_packet_route::route::{
    RouteAddress, RouteAttribute, RouteMessage, RouteProtocol, RouteScope,
@@ -39,6 +38,7 @@ use std::{
    os::{fd::RawFd, unix::fs::PermissionsExt},
 };
 use std::{net::IpAddr, time::Duration};
+use telemetry::otel;
 use tokio::{sync::mpsc, time::Instant};
 use tokio_util::sync::PollSender;
 use tun::ioctl;
@@ -697,7 +697,7 @@ impl Tun {
                let fd = fd.clone();

                move || {
-                    firezone_logging::unwrap_or_warn!(
+                    logging::unwrap_or_warn!(
                        tun::unix::tun_send(fd, outbound_rx, write),
                        "Failed to send to TUN device: {}"
                    )
@@ -707,7 +707,7 @@ impl Tun {
        std::thread::Builder::new()
            .name("TUN recv".to_owned())
            .spawn(move || {
-                firezone_logging::unwrap_or_warn!(
+                logging::unwrap_or_warn!(
                    tun::unix::tun_recv(fd, inbound_tx, read),
                    "Failed to recv from TUN device: {}"
                )
--- a/rust/libs/bin-shared/src/tun_device_manager/macos.rs
+++ b/rust/libs/bin-shared/src/tun_device_manager/macos.rs
--- a/rust/libs/bin-shared/src/tun_device_manager/windows.rs
+++ b/rust/libs/bin-shared/src/tun_device_manager/windows.rs
@@ -2,10 +2,9 @@ use crate::TUNNEL_NAME;
 use crate::windows::TUNNEL_UUID;
 use crate::windows::error::{NOT_FOUND, NOT_SUPPORTED, OBJECT_EXISTS};
 use anyhow::{Context as _, Result};
-use firezone_logging::err_with_src;
-use firezone_telemetry::otel;
 use ip_network::{IpNetwork, Ipv4Network, Ipv6Network};
 use ip_packet::{IpPacket, IpPacketBuf};
+use logging::err_with_src;
 use ring::digest;
 use std::net::IpAddr;
 use std::sync::Weak;
@@ -19,6 +18,7 @@ use std::{
    sync::Arc,
    task::{Context, Poll},
 };
+use telemetry::otel;
 use tokio::sync::mpsc;
 use tokio_util::sync::PollSender;
 use windows::Win32::NetworkManagement::IpHelper::{
--- a/rust/libs/bin-shared/src/uptime/README.md
+++ b/rust/libs/bin-shared/src/uptime/README.md
--- a/rust/libs/bin-shared/src/uptime/mod.rs
+++ b/rust/libs/bin-shared/src/uptime/mod.rs
--- a/rust/libs/bin-shared/src/windows.rs
+++ b/rust/libs/bin-shared/src/windows.rs
@@ -1,7 +1,7 @@
 use crate::TUNNEL_NAME;
 use anyhow::Result;
 use dashmap::DashMap;
-use firezone_logging::err_with_src;
+use logging::err_with_src;
 use socket_factory::SocketFactory;
 use socket_factory::{TcpSocket, UdpSocket};
 use std::{
@@ -60,21 +60,21 @@ pub mod error {
    /// Win32 error code objects that don't exist (like network adapters).
    ///
    /// ```
-    /// assert_eq!(firezone_bin_shared::windows::error::NOT_FOUND.0 as u32, 0x80070490)
+    /// assert_eq!(bin_shared::windows::error::NOT_FOUND.0 as u32, 0x80070490)
    /// ```
    pub const NOT_FOUND: HRESULT = HRESULT::from_win32(0x0490);

    /// Win32 error code for objects that already exist (like routing table entries).
    ///
    /// ```
-    /// assert_eq!(firezone_bin_shared::windows::error::OBJECT_EXISTS.0 as u32, 0x80071392)
+    /// assert_eq!(bin_shared::windows::error::OBJECT_EXISTS.0 as u32, 0x80071392)
    /// ```
    pub const OBJECT_EXISTS: HRESULT = HRESULT::from_win32(0x1392);

    /// Win32 error code for unsupported operations (like setting an IPv6 address without an IPv6 stack).
    ///
    /// ```
-    /// assert_eq!(firezone_bin_shared::windows::error::NOT_SUPPORTED.0 as u32, 0x80070032)
+    /// assert_eq!(bin_shared::windows::error::NOT_SUPPORTED.0 as u32, 0x80070032)
    /// ```
    pub const NOT_SUPPORTED: HRESULT = HRESULT::from_win32(0x0032);

@@ -85,7 +85,7 @@ pub mod error {
    /// > There are no more endpoints available from the endpoint mapper.
    ///
    /// ```
-    /// assert_eq!(firezone_bin_shared::windows::error::EPT_S_NOT_REGISTERED.0 as u32, 0x800706D9)
+    /// assert_eq!(bin_shared::windows::error::EPT_S_NOT_REGISTERED.0 as u32, 0x800706D9)
    /// ```
    pub const EPT_S_NOT_REGISTERED: HRESULT = HRESULT::from_win32(0x06D9);
 }
--- a/rust/libs/bin-shared/src/wintun/README.md
+++ b/rust/libs/bin-shared/src/wintun/README.md
--- a/rust/libs/bin-shared/src/wintun/bin/amd64/wintun.dll
+++ b/rust/libs/bin-shared/src/wintun/bin/amd64/wintun.dll
--- a/rust/libs/bin-shared/src/wintun/bin/arm64/wintun.dll
+++ b/rust/libs/bin-shared/src/wintun/bin/arm64/wintun.dll
--- a/rust/libs/bin-shared/tests/dns_control_windows.rs
+++ b/rust/libs/bin-shared/tests/dns_control_windows.rs
@@ -1,16 +1,16 @@
 #![cfg(target_os = "windows")]
 #![allow(clippy::unwrap_used)]

-use firezone_bin_shared::{DnsControlMethod, DnsController};
+use bin_shared::{DnsControlMethod, DnsController};
 use std::{collections::BTreeSet, net::IpAddr};

 // Passes in CI but not locally. Maybe ReactorScram's dev system has IPv6 misconfigured. There it fails to pick up the IPv6 DNS servers.
 #[ignore = "Needs admin, changes system state"]
 #[tokio::test]
 async fn dns_control() {
-    let _guard = firezone_logging::test("debug");
+    let _guard = logging::test("debug");

-    let mut tun_dev_manager = firezone_bin_shared::TunDeviceManager::new(1280).unwrap();
+    let mut tun_dev_manager = bin_shared::TunDeviceManager::new(1280).unwrap();
    let _tun = tun_dev_manager.make_tun().unwrap();

    tun_dev_manager
--- a/rust/libs/bin-shared/tests/network_notifiers.rs
+++ b/rust/libs/bin-shared/tests/network_notifiers.rs
@@ -1,6 +1,6 @@
 #![allow(clippy::unwrap_used)]

-use firezone_bin_shared::{DnsControlMethod, new_dns_notifier, new_network_notifier};
+use bin_shared::{DnsControlMethod, new_dns_notifier, new_network_notifier};
 use futures::future::FutureExt as _;
 use std::time::Duration;
 use tokio::time::timeout;
@@ -11,7 +11,7 @@ use tokio::time::timeout;
 /// This tests that the threads quit gracefully when we call `close`, and they don't crash on startup.
 #[tokio::test]
 async fn notifiers() {
-    firezone_logging::test_global("debug");
+    logging::test_global("debug");
    let tokio_handle = tokio::runtime::Handle::current();

    let mut dns = new_dns_notifier(tokio_handle.clone(), DnsControlMethod::default())
--- a/rust/libs/bin-shared/tests/no_packet_loops_tcp.rs
+++ b/rust/libs/bin-shared/tests/no_packet_loops_tcp.rs
@@ -1,6 +1,6 @@
 #![allow(clippy::unwrap_used)]

-use firezone_bin_shared::{TunDeviceManager, platform::tcp_socket_factory};
+use bin_shared::{TunDeviceManager, platform::tcp_socket_factory};
 use ip_network::Ipv4Network;
 use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr, SocketAddrV4};
 use tokio::io::{AsyncReadExt as _, AsyncWriteExt as _};
@@ -10,7 +10,7 @@ use tokio::io::{AsyncReadExt as _, AsyncWriteExt as _};
 #[tokio::test]
 #[ignore = "Needs admin / sudo and Internet"]
 async fn no_packet_loops_tcp() {
-    firezone_logging::test_global("debug"); // `Tun` uses threads and we want to see the logs of all threads.
+    logging::test_global("debug"); // `Tun` uses threads and we want to see the logs of all threads.

    let ipv4 = Ipv4Addr::from([100, 90, 215, 97]);
    let ipv6 = Ipv6Addr::from([0xfd00, 0x2021, 0x1111, 0x0, 0x0, 0x0, 0x0016, 0x588f]);
--- a/rust/libs/bin-shared/tests/no_packet_loops_udp.rs
+++ b/rust/libs/bin-shared/tests/no_packet_loops_udp.rs
@@ -1,8 +1,8 @@
 #![allow(clippy::unwrap_used)]

+use bin_shared::{TunDeviceManager, platform::UdpSocketFactory};
 use bufferpool::BufferPool;
 use bytes::BytesMut;
-use firezone_bin_shared::{TunDeviceManager, platform::UdpSocketFactory};
 use gat_lending_iterator::LendingIterator as _;
 use ip_network::Ipv4Network;
 use ip_packet::Ecn;
@@ -17,7 +17,7 @@ use std::{
 #[tokio::test]
 #[ignore = "Needs admin / sudo and Internet"]
 async fn no_packet_loops_udp() {
-    firezone_logging::test_global("debug"); // `Tun` uses threads and we want to see the logs of all threads.
+    logging::test_global("debug"); // `Tun` uses threads and we want to see the logs of all threads.

    let ipv4 = Ipv4Addr::from([100, 90, 215, 97]);
    let ipv6 = Ipv6Addr::from([0xfd00, 0x2021, 0x1111, 0x0, 0x0, 0x0, 0x0016, 0x588f]);
--- a/rust/libs/bin-shared/tests/tunnel_drop.rs
+++ b/rust/libs/bin-shared/tests/tunnel_drop.rs
@@ -1,13 +1,13 @@
 #![allow(clippy::unwrap_used)]

-use firezone_bin_shared::TunDeviceManager;
+use bin_shared::TunDeviceManager;

 /// Checks for regressions in issue #4765, un-initializing Wintun
 /// Redundant but harmless on Linux.
 #[tokio::test] // Needs a runtime.
 #[ignore = "Needs admin / sudo and Internet"]
 async fn tunnel_drop() {
-    firezone_logging::test_global("debug"); // `Tun` uses threads and we want to see the logs of all threads.
+    logging::test_global("debug"); // `Tun` uses threads and we want to see the logs of all threads.

    let mut tun_device_manager = TunDeviceManager::new(1280).unwrap();

--- a/rust/libs/client-shared/Cargo.toml
+++ b/rust/libs/client-shared/Cargo.toml
@@ -10,12 +10,11 @@ backoff = { workspace = true }
 bimap = { workspace = true }
 connlib-model = { workspace = true }
 dns-types = { workspace = true }
-firezone-logging = { workspace = true }
-firezone-tunnel = { workspace = true }
 futures = { workspace = true }
 ip_network = { workspace = true }
 l4-udp-dns-client = { workspace = true }
 libc = { workspace = true }
+logging = { workspace = true }
 parking_lot = { workspace = true }
 phoenix-channel = { workspace = true }
 secrecy = { workspace = true }
@@ -28,6 +27,7 @@ tokio = { workspace = true, features = ["rt", "sync"] }
 tokio-stream = { workspace = true, features = ["sync"] }
 tracing = { workspace = true, features = ["std", "attributes"] }
 tun = { workspace = true }
+tunnel = { workspace = true }
 url = { workspace = true, features = ["serde"] }

 [dev-dependencies]
--- a/rust/libs/client-shared/src/eventloop.rs
+++ b/rust/libs/client-shared/src/eventloop.rs
@@ -1,14 +1,6 @@
 use crate::PHOENIX_TOPIC;
 use anyhow::{Context as _, ErrorExt as _, Result};
 use connlib_model::{PublicKey, ResourceView};
-use firezone_tunnel::messages::RelaysPresence;
-use firezone_tunnel::messages::client::{
-    EgressMessages, FailReason, FlowCreated, FlowCreationFailed, GatewayIceCandidates,
-    GatewaysIceCandidates, IngressMessages, InitClient,
-};
-use firezone_tunnel::{
-    ClientEvent, ClientTunnel, DnsResourceRecord, IpConfig, TunConfig, TunnelError,
-};
 use l4_udp_dns_client::UdpDnsClient;
 use parking_lot::Mutex;
 use phoenix_channel::{ErrorReply, PhoenixChannel, PublicKeyParam};
@@ -26,6 +18,12 @@ use std::{
 use std::{future, mem};
 use tokio::sync::{mpsc, watch};
 use tun::Tun;
+use tunnel::messages::RelaysPresence;
+use tunnel::messages::client::{
+    EgressMessages, FailReason, FlowCreated, FlowCreationFailed, GatewayIceCandidates,
+    GatewaysIceCandidates, IngressMessages, InitClient,
+};
+use tunnel::{ClientEvent, ClientTunnel, DnsResourceRecord, IpConfig, TunConfig, TunnelError};

 /// In-memory cache for DNS resource records.
 ///
@@ -335,7 +333,7 @@ impl Eventloop {
                continue;
            }

-            if e.any_is::<firezone_tunnel::UdpSocketThreadStopped>() {
+            if e.any_is::<tunnel::UdpSocketThreadStopped>() {
                return Err(e);
            }

@@ -373,11 +371,7 @@ impl Eventloop {

                state.update_interface_config(interface);
                state.set_resources(resources, Instant::now());
-                state.update_relays(
-                    BTreeSet::default(),
-                    firezone_tunnel::turn(&relays),
-                    Instant::now(),
-                );
+                state.update_relays(BTreeSet::default(), tunnel::turn(&relays), Instant::now());
            }
            IngressMessages::ResourceCreatedOrUpdated(resource) => {
                tunnel.state_mut().add_resource(resource, Instant::now());
@@ -390,7 +384,7 @@ impl Eventloop {
                connected,
            }) => tunnel.state_mut().update_relays(
                BTreeSet::from_iter(disconnected_ids),
-                firezone_tunnel::turn(&connected),
+                tunnel::turn(&connected),
                Instant::now(),
            ),
            IngressMessages::InvalidateIceCandidates(GatewayIceCandidates {
--- a/rust/libs/client-shared/src/lib.rs
+++ b/rust/libs/client-shared/src/lib.rs
@@ -3,8 +3,8 @@
 //! Main connlib library for clients.
 pub use connlib_model::StaticSecret;
 pub use eventloop::DisconnectError;
-pub use firezone_tunnel::TunConfig;
-pub use firezone_tunnel::messages::client::{IngressMessages, ResourceDescription};
+pub use tunnel::TunConfig;
+pub use tunnel::messages::client::{IngressMessages, ResourceDescription};

 use anyhow::Result;
 use connlib_model::ResourceView;
--- a/rust/libs/connlib/README.md
+++ b/rust/libs/connlib/README.md
--- a/rust/libs/connlib/bufferpool/Cargo.toml
+++ b/rust/libs/connlib/bufferpool/Cargo.toml
--- a/rust/libs/connlib/bufferpool/lib.rs
+++ b/rust/libs/connlib/bufferpool/lib.rs
--- a/rust/libs/connlib/dns-over-tcp/Cargo.toml
+++ b/rust/libs/connlib/dns-over-tcp/Cargo.toml
@@ -8,9 +8,9 @@ license = { workspace = true }
 [dependencies]
 anyhow = { workspace = true }
 dns-types = { workspace = true }
-firezone-logging = { workspace = true }
 ip-packet = { workspace = true }
 l3-tcp = { workspace = true }
+logging = { workspace = true }
 rand = { workspace = true }
 tracing = { workspace = true }

@@ -19,7 +19,7 @@ futures = { workspace = true }
 tokio = { workspace = true, features = ["process", "rt", "macros"] }

 [target.'cfg(target_os = "linux")'.dev-dependencies]
-firezone-bin-shared = { workspace = true }
+bin-shared = { workspace = true }
 ip_network = { workspace = true }
 tun = { workspace = true }

--- a/rust/libs/connlib/dns-over-tcp/src/client.rs
+++ b/rust/libs/connlib/dns-over-tcp/src/client.rs
--- a/rust/libs/connlib/dns-over-tcp/src/codec.rs
+++ b/rust/libs/connlib/dns-over-tcp/src/codec.rs
--- a/rust/libs/connlib/dns-over-tcp/src/lib.rs
+++ b/rust/libs/connlib/dns-over-tcp/src/lib.rs
--- a/rust/libs/connlib/dns-over-tcp/src/server.rs
+++ b/rust/libs/connlib/dns-over-tcp/src/server.rs
--- a/rust/libs/connlib/dns-over-tcp/tests/client_and_server.rs
+++ b/rust/libs/connlib/dns-over-tcp/tests/client_and_server.rs
@@ -12,7 +12,7 @@ use dns_types::{Query, RecordType, ResponseBuilder, ResponseCode};

 #[test]
 fn smoke() {
-    let _guard = firezone_logging::test(
+    let _guard = logging::test(
        "netlink_proto=off,wire::dns::res=trace,dns_over_tcp=trace,smoltcp=trace,debug",
    );

@@ -49,7 +49,7 @@ fn smoke() {

 #[test]
 fn no_panic_after_set_listen_address() {
-    let _guard = firezone_logging::test(
+    let _guard = logging::test(
        "netlink_proto=off,wire::dns::res=trace,dns_over_tcp=trace,smoltcp=trace,debug",
    );

--- a/rust/libs/connlib/dns-over-tcp/tests/smoke_server.rs
+++ b/rust/libs/connlib/dns-over-tcp/tests/smoke_server.rs
@@ -10,8 +10,8 @@ use std::{
 };

 use anyhow::{Context as _, Result};
+use bin_shared::TunDeviceManager;
 use dns_types::{ResponseBuilder, ResponseCode};
-use firezone_bin_shared::TunDeviceManager;
 use ip_network::Ipv4Network;
 use tokio::task::JoinSet;
 use tun::Tun;
@@ -21,7 +21,7 @@ const CLIENT_CONCURRENCY: usize = 3;
 #[tokio::test]
 #[ignore = "Requires root & IP forwarding"]
 async fn smoke() {
-    let _guard = firezone_logging::test("netlink_proto=off,wire::dns=trace,debug");
+    let _guard = logging::test("netlink_proto=off,wire::dns=trace,debug");

    let ipv4 = Ipv4Addr::from([100, 90, 215, 97]);
    let ipv6 = Ipv6Addr::from([0xfd00, 0x2021, 0x1111, 0x0, 0x0, 0x0, 0x0016, 0x588f]);
--- a/rust/libs/connlib/dns-types/Cargo.toml
+++ b/rust/libs/connlib/dns-types/Cargo.toml
--- a/rust/libs/connlib/dns-types/lib.rs
+++ b/rust/libs/connlib/dns-types/lib.rs
--- a/rust/libs/connlib/etherparse-ext/Cargo.toml
+++ b/rust/libs/connlib/etherparse-ext/Cargo.toml
--- a/rust/libs/connlib/etherparse-ext/src/icmpv4_header_slice_mut.rs
+++ b/rust/libs/connlib/etherparse-ext/src/icmpv4_header_slice_mut.rs
--- a/Show More
+++ b/Show More