refactor(rego-tunnel): Complete migration to native Docker VPN

- Add custom init-rego.sh that unmounts /etc/resolv.conf and /etc/hosts for VPN
- Add custom xstartup that launches terminal with cisco-vpn script
- Add TARGET_IP environment variable
- Remove QEMU/VM dependencies (TAPs, bridges, dnsmasq not needed)
- The cisco-vpn script handles: vpnagentd, auto-login with TOTP, IP forwarding

Architecture:
1. init-rego.sh: DNS fix + IP forwarding + start systemd
2. systemd: manages vpnagentd and vnc services
3. xstartup: opens xterm with cisco-vpn script
4. cisco-vpn: auto-connects VPN, sets up routing

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/rego-tunnel/config.json

@@ -5,18 +5,18 @@
   "exposable": true,
   "dynamic_config": true,
   "id": "rego-tunnel",
-  "description": "Cisco Secure Client VPN in Docker with noVNC web UI for accessing Rego environments. No VM overhead.",
+  "description": "Cisco Secure Client VPN in Docker with noVNC web UI for accessing Rego environments. Native Docker - no VM overhead.",
-  "tipi_version": 5,
+  "tipi_version": 6,
   "version": "5.1.14.145",
   "categories": ["utilities"],
-  "short_desc": "Cisco VPN tunnel to Rego environments (native Docker, no VM)",
+  "short_desc": "Cisco VPN tunnel to Rego environments (native Docker)",
   "author": "alexz",
   "source": "https://git.alexzaw.dev/alexz/runtipi",
   "form_fields": [
     {
       "type": "email",
       "label": "VPN Email",
-      "hint": "Email address for VPN SSO login",
+      "hint": "Email address for VPN SSO login (configured in /shared/cisco-vpn script)",
       "placeholder": "your-email@company.com",
       "required": false,
       "env_variable": "VPN_EMAIL",
@@ -25,7 +25,7 @@
     {
       "type": "password",
       "label": "VPN Password",
-      "hint": "Password for VPN SSO login. Leave empty for manual login via noVNC.",
+      "hint": "Password for VPN SSO login (configured in /shared/cisco-vpn script)",
       "placeholder": "",
       "required": false,
       "env_variable": "VPN_PASSWORD",
@@ -34,7 +34,7 @@
     {
       "type": "text",
       "label": "TOTP Secret",
-      "hint": "Base32 encoded TOTP secret for 2FA (from authenticator app setup). Leave empty if not using TOTP.",
+      "hint": "Base32 TOTP secret for 2FA (configured in /shared/cisco-vpn script)",
       "placeholder": "",
       "required": false,
       "env_variable": "VPN_TOTP_SECRET",
@@ -43,19 +43,20 @@
     {
       "type": "text",
       "label": "VPN Host",
-      "hint": "VPN server hostname (for reference)",
+      "hint": "VPN server hostname",
       "placeholder": "vpn.company.com",
       "required": false,
       "env_variable": "VPN_HOST",
-      "default": ""
+      "default": "vpn-ord1.dovercorp.com"
     },
     {
-      "type": "boolean",
+      "type": "text",
-      "label": "Auto-Connect on Start",
+      "label": "Target IP",
-      "hint": "Automatically connect to VPN when container starts (requires credentials above)",
+      "hint": "IP address to route through VPN (e.g., IBM i server)",
+      "placeholder": "10.35.33.230",
       "required": false,
-      "env_variable": "VPN_AUTO_CONNECT",
+      "env_variable": "TARGET_IP",
-      "default": false
+      "default": "10.35.33.230"
     },
     {
       "type": "password",