From 06662a294b2499a66129700b46a703f875e87021 Mon Sep 17 00:00:00 2001 From: alexz Date: Thu, 25 Dec 2025 00:39:30 +0000 Subject: [PATCH] Add REGO-VPN-CONTEXT.md and link in CLAUDE.md --- CLAUDE.md | 3 + apps/rego-tunnel-linux/REGO-VPN-CONTEXT.md | 81 ++++++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 apps/rego-tunnel-linux/REGO-VPN-CONTEXT.md diff --git a/CLAUDE.md b/CLAUDE.md index 1f0725d..282fe0a 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -1,5 +1,8 @@ # Runtipi Development Guidelines +## App-Specific Context Files +- **rego-tunnel-linux**: Read `apps/rego-tunnel-linux/REGO-VPN-CONTEXT.md` for Cisco VPN container details, fixes, and troubleshooting + ## Deployment Workflow **IMPORTANT:** Always follow this workflow when deploying changes to runtipi apps: diff --git a/apps/rego-tunnel-linux/REGO-VPN-CONTEXT.md b/apps/rego-tunnel-linux/REGO-VPN-CONTEXT.md new file mode 100644 index 0000000..10067d5 --- /dev/null +++ b/apps/rego-tunnel-linux/REGO-VPN-CONTEXT.md @@ -0,0 +1,81 @@ +# Rego VPN Container - Critical Context + +## Deployment Workflow (MUST FOLLOW) +```bash +cd /etc/runtipi/repos/runtipi +git add . && git commit -m "message" && git push +sudo runtipi-cli appstore update +sudo runtipi-cli app stop rego-tunnel-linux:runtipi +sudo runtipi-cli app start rego-tunnel-linux:runtipi +``` +**NEVER use docker compose directly for runtipi apps** + +## Container Details +- **App name**: `rego-tunnel-linux:runtipi` +- **Image**: `rego-vpn:latest` +- **Source dir**: `/etc/runtipi/repos/runtipi/apps/rego-tunnel-linux/source/` +- **Cisco installer**: `cisco-secure-client-linux64-5.1.14.145-core-vpn-webdeploy-k9.sh` + +## Key Fixes Applied (in Dockerfile/entrypoint) +1. **Library path**: Dockerfile adds `/opt/cisco/secureclient/lib` to `/etc/ld.so.conf.d/cisco.conf` + runs `ldconfig` +2. **IPC socket cleanup**: entrypoint.sh runs `rm -f /root/.cisco/hostscan/.libcsd.ipc` before vpnagentd +3. **kmod package**: Installed for `lsmod`/`modprobe` needed by load_tun.sh +4. **`.anyconnect_global`**: Baked into `/opt/cisco/secureclient/vpn/` + +## vpn-sso.sh (/root/vpn-sso.sh) +- **Email**: c-azaw@regoproducts.com +- **Password**: `Cj@83278327$$@@` +- **TOTP Secret**: rzqtqskdwkhz6zyr +- **VPN Host**: vpn-ord1.dovercorp.com (162.209.24.100) + +### Command line flags +- `-m` or `--menu`: Skip auto-login, go directly to menu + +### Menu options +- 1: Start Cisco AnyConnect +- 2: Copy credentials to clipboard +- 3: Show live TOTP +- 4: Setup IP forwarding rules (manual) +- 5: Test connection to target +- 6: Show network status +- 7: Kill all Cisco processes +- 8: Restart vpnagentd + test load_tun.sh +- 9: Edit /etc/hosts +- 0: Reset /etc/hosts to default + +## VPN Hosts (/etc/hosts entries) +``` +162.209.24.100 vpn-ord1.dovercorp.com +13.67.192.27 vpn.dovercorp.com +``` + +## Known Issues / Status +- VPN connects and gets interface + IP +- "unable to connect to secure gateway" error occurred +- Auto-routing disabled in vpn-sso.sh for isolated testing +- Use menu option 4 to manually setup forwarding after VPN connects + +## Troubleshooting Commands +```bash +# Check libraries +sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 ldd /opt/cisco/secureclient/lib/libaccurl.so.4 | grep "not found" + +# Check vpnagentd +sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 pgrep vpnagentd + +# Check VPN state +sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 /opt/cisco/secureclient/bin/vpn state + +# Check tunnel interface +sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 ip link show | grep cscotun + +# Check hostscan logs +sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 tail -50 /root/.cisco/hostscan/log/libcsd.log + +# Clean IPC socket manually +sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 rm -f /root/.cisco/hostscan/.libcsd.ipc + +# Restart vpnagentd +sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 pkill -9 vpnagentd +sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 /opt/cisco/secureclient/bin/vpnagentd +```