Update cisco-vpn to use 172.31.0.0/24 container network

- Replace 100.100.0.0/24 with 172.31.0.0/24
- Update gateway to 172.31.0.1

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/rego-tunnel/shared/cisco-vpn

@@ -173,14 +173,14 @@ get_vpn_interface() {
 
 # Function to get VM's IP on the bridge network (for container routing)
 get_vm_bridge_ip() {
-    # Get IP from ens3 (main adapter with 100.100.0.x)
+    # Get IP from container network (172.31.0.x)
     ip addr show ens3 2>/dev/null | grep -oP 'inet \K[\d.]+' | head -1
 }
 
 # Function to get container gateway IP
 get_container_gateway() {
-    # The container bridge is at 100.100.0.1
+    # The container bridge gateway
-    echo "100.100.0.1"
+    echo "172.31.0.1"
 }
 
 # Function to get VPN tunnel IP
@@ -316,10 +316,10 @@ setup_forwarding() {
     # Enable IP forwarding
     run_cmd "Enabling IP forwarding" sudo sysctl -w net.ipv4.ip_forward=1
 
-    # NAT masquerade for traffic from container network (100.100.0.0/24) going through VPN
+    # NAT masquerade for traffic from container network (172.31.0.0/24) going through VPN
     # This is the ONLY masquerade rule needed - source-based, not destination-based
-    if ! sudo iptables -t nat -C POSTROUTING -s 100.100.0.0/24 -o "$vpn_iface" -j MASQUERADE 2>/dev/null; then
+    if ! sudo iptables -t nat -C POSTROUTING -s 172.31.0.0/24 -o "$vpn_iface" -j MASQUERADE 2>/dev/null; then
-        run_cmd "Adding NAT masquerade for container network -> VPN" sudo iptables -t nat -A POSTROUTING -s 100.100.0.0/24 -o "$vpn_iface" -j MASQUERADE
+        run_cmd "Adding NAT masquerade for container network -> VPN" sudo iptables -t nat -A POSTROUTING -s 172.31.0.0/24 -o "$vpn_iface" -j MASQUERADE
     else
         log DEBUG "NAT masquerade for container network already exists"
     fi
@@ -338,14 +338,14 @@ setup_forwarding() {
     fi
 
     # Accept forwarding from container network
-    if ! sudo iptables -C FORWARD -s 100.100.0.0/24 -j ACCEPT 2>/dev/null; then
+    if ! sudo iptables -C FORWARD -s 172.31.0.0/24 -j ACCEPT 2>/dev/null; then
-        run_cmd "Adding forward rule (from container network)" sudo iptables -A FORWARD -s 100.100.0.0/24 -j ACCEPT
+        run_cmd "Adding forward rule (from container network)" sudo iptables -A FORWARD -s 172.31.0.0/24 -j ACCEPT
     else
         log DEBUG "Forward rule (from container network) already exists"
     fi
 
-    if ! sudo iptables -C FORWARD -d 100.100.0.0/24 -j ACCEPT 2>/dev/null; then
+    if ! sudo iptables -C FORWARD -d 172.31.0.0/24 -j ACCEPT 2>/dev/null; then
-        run_cmd "Adding forward rule (to container network)" sudo iptables -A FORWARD -d 100.100.0.0/24 -j ACCEPT
+        run_cmd "Adding forward rule (to container network)" sudo iptables -A FORWARD -d 172.31.0.0/24 -j ACCEPT
     else
         log DEBUG "Forward rule (to container network) already exists"
     fi
@@ -365,8 +365,8 @@ setup_forwarding() {
         fi
 
         # Also allow container network through ciscovpn chain
-        if ! sudo iptables -C ciscovpn -s 100.100.0.0/24 -j ACCEPT 2>/dev/null; then
+        if ! sudo iptables -C ciscovpn -s 172.31.0.0/24 -j ACCEPT 2>/dev/null; then
-            run_cmd "Adding ciscovpn bypass (container network)" sudo iptables -I ciscovpn 3 -s 100.100.0.0/24 -j ACCEPT
+            run_cmd "Adding ciscovpn bypass (container network)" sudo iptables -I ciscovpn 3 -s 172.31.0.0/24 -j ACCEPT
         fi
     else
         log DEBUG "ciscovpn chain does not exist (yet)"