.

2026-01-17 14:29:47 +00:00
parent 6f6538fa73
commit 24594915a9
1 changed files with 43 additions and 40 deletions
--- a/apps/cistech-tunnel/metadata/description.md
+++ b/apps/cistech-tunnel/metadata/description.md
@@ -1,22 +1,23 @@
-# Rego Tunnel - Cisco Secure Client VPN
+# Cistech Tunnel - OpenConnect-SSO VPN
-Native Docker container running Cisco Secure Client (AnyConnect) with full GUI support via noVNC. Provides transparent VPN access to protected resources from your LAN.
+Docker container running OpenConnect-SSO for Cisco AnyConnect VPN with SSO/SAML authentication support via noVNC. Provides transparent VPN access to protected resources from your LAN.
 ## Features
- **Cisco Secure Client 5.1.14.145** - Full GUI with VPN, DART, and Posture modules
+- **OpenConnect-SSO** - Handles SAML/SSO authentication automatically
- **Web-based access** via noVNC (port 6080)
+- **Playwright browser** - Headless Chromium for SSO login
- **Auto-login with TOTP** - Fully automated VPN connection
+- **Web-based access** via noVNC (port 6092)
 - **Auto-login with TOTP** - Credentials stored in keyring
 - **LAN routing** - Other machines on your network can reach VPN targets
- **Native Docker** - No QEMU/VM overhead
+- **Lightweight** - No systemd, no Cisco bloat
 ## Architecture
 ```
-LAN Devices ──► Linux Host ──► Container (172.31.0.10) ──► VPN Tunnel ──► Target (10.35.33.230)
+LAN Devices ──► Linux Host ──► Container (172.30.0.10) ──► VPN Tunnel ──► Target
                   │                    │
-                   │                    └── Cisco Secure Client
+                   │                    └── openconnect-sso + openconnect
-                   │                    └── noVNC web UI (port 6080)
+                   │                    └── noVNC web UI (port 6092)
                   │
                   └── Host routing service
                       (routes VPN traffic through container)
@@ -30,22 +31,22 @@ Configure your VPN credentials in app settings:
 - VPN Email
 - VPN Password
 - TOTP Secret (base32)
- VPN Host (default: vpn-ord1.dovercorp.com)
+- VPN Host (e.g., `https://vpn.cistech.net/Employees`)
- Target IP (default: 10.35.33.230)
+- Target IP (for connectivity testing)
 ### 2. Install host routing service (required for LAN access)
 **Run this ONCE on the host after app install:**
 ```bash
-/etc/runtipi/repos/runtipi/apps/rego-tunnel/shared/install-host-services.sh
+/etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared/install-host-services.sh
 ```
 This creates systemd services that route VPN traffic through the container.
 ### 3. Access the VPN GUI
-Open `http://<your-server>:6080/vnc.html`
+Open `http://<your-server>:6092/vnc.html`
 The VPN will auto-connect using your configured credentials.
@@ -53,18 +54,17 @@ The VPN will auto-connect using your configured credentials.
 ### Access noVNC
-Navigate to port 6080 on your server. The cisco-vpn script runs automatically and provides a menu:
+Navigate to port 6092 on your server. The openconnect-vpn script runs automatically and provides a menu:
 ```
-1 - Start Cisco AnyConnect
+1 - Connect VPN
-2 - Copy credentials to clipboard
+2 - Disconnect VPN
-3 - Show live TOTP
+3 - Show VPN status
-4 - Setup IP forwarding rules
+4 - Setup IP forwarding
-5 - Test connection to target
+5 - Test connection
 6 - Show network status
-7 - Kill all Cisco processes
+7 - Show routing table
-8 - Show routing table
+8 - Setup keyring
 9 - Show /etc/hosts
 q - Quit
 ```
@@ -72,21 +72,20 @@ q - Quit
 ```bash
 # Inside container
-cisco-vpn -m          # Menu only (skip auto-connect)
+openconnect-vpn -c          # Connect and exit
-cisco-vpn -c          # Connect and exit
+openconnect-vpn -d          # Disconnect and exit
-cisco-vpn -d          # Disconnect and exit
+openconnect-vpn -s          # Show status
-cisco-vpn -s          # Show status
+openconnect-vpn --help      # Show all options
 cisco-vpn --help      # Show all options
 ```
 ### View logs
 ```bash
 # Inside container
-cat /var/log/cisco-vpn/$(date +%Y-%m-%d).log
+cat /var/log/openconnect-vpn/$(date +%Y-%m-%d).log
 # On host
-cat /var/log/rego-routing.log
+cat /var/log/cistech-routing.log
 ```
 ## LAN Access
@@ -98,7 +97,7 @@ After the host routing service is installed, any device on your LAN can reach th
 Example (Windows client):
 ```cmd
-route add 10.35.33.230 mask 255.255.255.255 192.168.0.150 -p
+route add 10.3.1.0 mask 255.255.255.0 192.168.0.150 -p
 ```
 Where `192.168.0.150` is your Linux host IP.
@@ -108,37 +107,41 @@ Where `192.168.0.150` is your Linux host IP.
 Before removing the app from Runtipi:
 ```bash
-/etc/runtipi/repos/runtipi/apps/rego-tunnel/shared/uninstall-host-services.sh
+/etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared/uninstall-host-services.sh
 ```
 ## Troubleshooting
-### noVNC not accessible
+### VPN not connecting
 ```bash
-docker exec rego-tunnel_runtipi-rego-tunnel-1 systemctl status vnc.service
+# Check logs
 docker exec cistech-tunnel cat /var/log/openconnect-vpn/$(date +%Y-%m-%d).log
 # Try manual connect
 docker exec -it cistech-tunnel /shared/openconnect-vpn -c
 ```
 ### VPN connects but can't reach target
 ```bash
 # Check routes inside container
-docker exec rego-tunnel_runtipi-rego-tunnel-1 ip route
+docker exec cistech-tunnel ip route
 # Check host routing
-ip route | grep 10.35.33.230
+ip route | grep <target-ip>
 ```
 ### Host routing not working
 ```bash
 # Check watcher service
-systemctl status rego-routing-watcher.path
+systemctl status cistech-routing-watcher.path
 # Manually trigger routing
-touch /etc/runtipi/app-data/runtipi/rego-tunnel/restart-routing
+touch /etc/runtipi/app-data/runtipi/cistech-tunnel/restart-routing
 ```
 ## Technical Details
- **Container IP:** 172.31.0.10 (on br-rego-vpn bridge)
+- **Container IP:** 172.30.0.10 (on br-cistech-vpn bridge)
- **Ports:** 6080 (noVNC), 5901 (VNC)
+- **Ports:** 6092 (noVNC), 5901 (VNC)
- **Privileges:** `--privileged`, `NET_ADMIN`, `/dev/net/tun`
+- **Capabilities:** `NET_ADMIN`, `/dev/net/tun`
 - **Log retention:** 7 days (auto-cleanup)