Add REGO-VPN-CONTEXT.md and link in CLAUDE.md

CLAUDE.md

@@ -1,5 +1,8 @@
 # Runtipi Development Guidelines
 
+## App-Specific Context Files
+- **rego-tunnel-linux**: Read `apps/rego-tunnel-linux/REGO-VPN-CONTEXT.md` for Cisco VPN container details, fixes, and troubleshooting
+
 ## Deployment Workflow
 
 **IMPORTANT:** Always follow this workflow when deploying changes to runtipi apps:

apps/rego-tunnel-linux/REGO-VPN-CONTEXT.md

@@ -0,0 +1,81 @@
+# Rego VPN Container - Critical Context
+
+## Deployment Workflow (MUST FOLLOW)
+```bash
+cd /etc/runtipi/repos/runtipi
+git add . && git commit -m "message" && git push
+sudo runtipi-cli appstore update
+sudo runtipi-cli app stop rego-tunnel-linux:runtipi
+sudo runtipi-cli app start rego-tunnel-linux:runtipi
+```
+**NEVER use docker compose directly for runtipi apps**
+
+## Container Details
+- **App name**: `rego-tunnel-linux:runtipi`
+- **Image**: `rego-vpn:latest`
+- **Source dir**: `/etc/runtipi/repos/runtipi/apps/rego-tunnel-linux/source/`
+- **Cisco installer**: `cisco-secure-client-linux64-5.1.14.145-core-vpn-webdeploy-k9.sh`
+
+## Key Fixes Applied (in Dockerfile/entrypoint)
+1. **Library path**: Dockerfile adds `/opt/cisco/secureclient/lib` to `/etc/ld.so.conf.d/cisco.conf` + runs `ldconfig`
+2. **IPC socket cleanup**: entrypoint.sh runs `rm -f /root/.cisco/hostscan/.libcsd.ipc` before vpnagentd
+3. **kmod package**: Installed for `lsmod`/`modprobe` needed by load_tun.sh
+4. **`.anyconnect_global`**: Baked into `/opt/cisco/secureclient/vpn/`
+
+## vpn-sso.sh (/root/vpn-sso.sh)
+- **Email**: c-azaw@regoproducts.com
+- **Password**: `Cj@83278327$$@@`
+- **TOTP Secret**: rzqtqskdwkhz6zyr
+- **VPN Host**: vpn-ord1.dovercorp.com (162.209.24.100)
+
+### Command line flags
+- `-m` or `--menu`: Skip auto-login, go directly to menu
+
+### Menu options
+- 1: Start Cisco AnyConnect
+- 2: Copy credentials to clipboard
+- 3: Show live TOTP
+- 4: Setup IP forwarding rules (manual)
+- 5: Test connection to target
+- 6: Show network status
+- 7: Kill all Cisco processes
+- 8: Restart vpnagentd + test load_tun.sh
+- 9: Edit /etc/hosts
+- 0: Reset /etc/hosts to default
+
+## VPN Hosts (/etc/hosts entries)
+```
+162.209.24.100  vpn-ord1.dovercorp.com
+13.67.192.27    vpn.dovercorp.com
+```
+
+## Known Issues / Status
+- VPN connects and gets interface + IP
+- "unable to connect to secure gateway" error occurred
+- Auto-routing disabled in vpn-sso.sh for isolated testing
+- Use menu option 4 to manually setup forwarding after VPN connects
+
+## Troubleshooting Commands
+```bash
+# Check libraries
+sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 ldd /opt/cisco/secureclient/lib/libaccurl.so.4 | grep "not found"
+
+# Check vpnagentd
+sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 pgrep vpnagentd
+
+# Check VPN state
+sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 /opt/cisco/secureclient/bin/vpn state
+
+# Check tunnel interface
+sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 ip link show | grep cscotun
+
+# Check hostscan logs
+sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 tail -50 /root/.cisco/hostscan/log/libcsd.log
+
+# Clean IPC socket manually
+sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 rm -f /root/.cisco/hostscan/.libcsd.ipc
+
+# Restart vpnagentd
+sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 pkill -9 vpnagentd
+sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 /opt/cisco/secureclient/bin/vpnagentd
+```