alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(rego-tunnel): Replace QEMU VM with native Docker Cisco VPN
Some checks failed
Test / test (push) Has been cancelled
Details

Browse Source 
- Switch from linux-vm QEMU image to cisco-vpn native Docker image
- Change port from 8006 to 6080 (noVNC)
- Remove VM-specific config (RAM, CPU, bridges, taps, QEMU)
- Add VPN credential fields (email, password, TOTP, VPN host)
- Add auto-connect and VNC password options
- Update description.md with new documentation
- Simplify Docker requirements (no /dev/kvm needed)

Benefits:
- No QEMU/VM overhead - runs natively in Docker
- Full Cisco Secure Client 5.1.14.145 with GUI
- Auto-login with TOTP support
- Auto-reconnect on disconnect

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Alex Zaw
2026-01-16 19:47:11 +00:00
parent 96153fa557
commit 8523c79999
4 changed files with 127 additions and 304 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
apps/rego-tunnel/docker-compose.json
View File

@@ -3,86 +3,42 @@
"services": [
{
"name": "rego-tunnel",
"image": "git.alexzaw.dev/alexz/linux-vm:latest",
"image": "git.alexzaw.dev/alexz/cisco-vpn:latest",
"environment": [
{
"key": "VM_RAM",
"value": "${WINDOWS_RAM_GB}G"
"key": "VPN_EMAIL",
"value": "${VPN_EMAIL}"
},
{
"key": "VM_CPUS",
"value": "${WINDOWS_CPU_CORES}"
"key": "VPN_PASSWORD",
"value": "${VPN_PASSWORD}"
},
{
"key": "BRIDGE_NAME",
"value": "${BRIDGE_NAME}"
"key": "VPN_TOTP_SECRET",
"value": "${VPN_TOTP_SECRET}"
},
{
"key": "TAP_NAME",
"value": "${TAP_NAME}"
"key": "VPN_HOST",
"value": "${VPN_HOST}"
},
{
"key": "TAP2_NAME",
"value": "${TAP2_NAME}"
"key": "VPN_AUTO_CONNECT",
"value": "${VPN_AUTO_CONNECT}"
},
{
"key": "BRIDGE_CIDR",
"value": "${BRIDGE_CIDR}"
"key": "VNC_PASSWORD",
"value": "${VNC_PASSWORD}"
},
{
"key": "VM_NET_IP",
"value": "${VM_NET_IP}"
},
{
"key": "VM_SUBNET",
"value": "${VM_SUBNET}"
},
{
"key": "TARGET_IP",
"value": "${TARGET_IP}"
},
{
"key": "VM_MAC",
"value": "${VM_MAC}"
},
{
"key": "VM_MAC2",
"value": "${VM_MAC2}"
},
{
"key": "DNS_SERVERS",
"value": "${DNS_SERVERS}"
},
{
"key": "LEASE_TIME",
"value": "${LEASE_TIME}"
},
{
"key": "HOSTSHARE_DIR",
"value": "${HOSTSHARE_DIR}"
},
{
"key": "BRIDGE2_NAME",
"value": "${BRIDGE2_NAME}"
},
{
"key": "BRIDGE2_CIDR",
"value": "${BRIDGE2_CIDR}"
},
{
"key": "BRIDGE2_UPLINK_IF",
"value": "${BRIDGE2_UPLINK_IF}"
},
{
"key": "QEMU_BIN",
"value": "${QEMU_BIN}"
"key": "TZ",
"value": "${TZ}"
}
],
"internalPort": 8006,
"internalPort": 6080,
"volumes": [
{
"hostPath": "/etc/runtipi/user-config/runtipi/rego-tunnel/storage/linux-vm.qcow2",
"containerPath": "/vm/linux-vm.qcow2",
"hostPath": "${APP_DATA_DIR}/config",
"containerPath": "/config",
"readOnly": false,
"shared": false,
"private": false
@@ -93,19 +49,11 @@
"readOnly": false,
"shared": false,
"private": false
},
{
"hostPath": "${HOSTSHARE_DIR}",
"containerPath": "/hostshare",
"readOnly": false,
"shared": false,
"private": false
}
],
"stopGracePeriod": "2m",
"stopGracePeriod": "30s",
"sysctls": {},
"devices": [
"/dev/kvm",
"/dev/net/tun"
],
"privileged": true,
@@ -114,10 +62,10 @@
],
"isMain": true,
"extraLabels": {
"traefik.http.middlewares.rego-tunnel-runtipi-auth.basicauth.users": "alexz:$$2y$$05$$nv5ygL66/LEYut3RBuslFuXBwHIDg1yKFmhB8B4Nyqd8GJnN4gy5u",
"traefik.http.middlewares.rego-tunnel-runtipi-auth.basicauth.users": "${BASICAUTH_USERS}",
"traefik.http.routers.rego-tunnel-runtipi.middlewares": "rego-tunnel-runtipi-auth",
"runtipi.managed": true
}
}
]
}
}