From 9307cab1bbedc855f04f773bd16622a0546cfa94 Mon Sep 17 00:00:00 2001 From: alexz Date: Sat, 17 Jan 2026 11:10:59 +0000 Subject: [PATCH] fix(cistech-tunnel): correct routing config and sync compose files - host-routing.sh: Updated to use cistech values (172.30.0.10, br-vpn-static) - config.json: Added TARGET_IP form field, bumped tipi_version to 2 - docker-compose.json: Added TARGET_IP environment variable - docker-compose.yml: Synced with docker-compose.json (correct image, port 6080, all env vars) Co-Authored-By: Claude Opus 4.5 --- apps/cistech-tunnel/config.json | 9 +++++++- apps/cistech-tunnel/docker-compose.json | 3 ++- apps/cistech-tunnel/docker-compose.yml | 27 ++++++++++++++++------ apps/cistech-tunnel/shared/host-routing.sh | 12 +++++----- 4 files changed, 36 insertions(+), 15 deletions(-) diff --git a/apps/cistech-tunnel/config.json b/apps/cistech-tunnel/config.json index ca201a7..405ac2f 100755 --- a/apps/cistech-tunnel/config.json +++ b/apps/cistech-tunnel/config.json @@ -10,7 +10,7 @@ "network" ], "description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO reconnects.", - "tipi_version": 1, + "tipi_version": 2, "version": "latest", "source": "local", "exposable": true, @@ -48,6 +48,13 @@ "type": "password", "env_variable": "VNC_PASSWORD", "required": true + }, + { + "label": "Target IP", + "type": "text", + "env_variable": "TARGET_IP", + "required": false, + "hint": "IP address to route through VPN (for host routing)" } ], "supported_architectures": [ diff --git a/apps/cistech-tunnel/docker-compose.json b/apps/cistech-tunnel/docker-compose.json index e46a95b..2c93c05 100755 --- a/apps/cistech-tunnel/docker-compose.json +++ b/apps/cistech-tunnel/docker-compose.json @@ -11,7 +11,8 @@ { "key": "OC_TOTP_SECRET", "value": "${OC_TOTP_SECRET}" }, { "key": "VNC_PASSWORD", "value": "${VNC_PASSWORD}" }, { "key": "NOVNC_PORT", "value": "6080" }, - { "key": "TZ", "value": "${TZ}" } + { "key": "TZ", "value": "${TZ}" }, + { "key": "TARGET_IP", "value": "${TARGET_IP}" } ], "internalPort": 6080, "volumes": [ diff --git a/apps/cistech-tunnel/docker-compose.yml b/apps/cistech-tunnel/docker-compose.yml index e4778df..279e4e3 100755 --- a/apps/cistech-tunnel/docker-compose.yml +++ b/apps/cistech-tunnel/docker-compose.yml @@ -1,6 +1,6 @@ services: cistech-tunnel: - image: cistech-vpn:latest + image: git.alexzaw.dev/alexz/cistech-vpn:latest restart: unless-stopped networks: cistech-tunnel_runtipi_network: @@ -9,20 +9,33 @@ services: gw_priority: 1 environment: OC_URL: ${OC_URL} - OC_SERVERCERT: ${OC_SERVERCERT} OC_USER: ${OC_USER} + OC_PASSWORD: ${OC_PASSWORD} + OC_TOTP_SECRET: ${OC_TOTP_SECRET} VNC_PASSWORD: ${VNC_PASSWORD} - NOVNC_PORT: "6902" + NOVNC_PORT: "6080" + TZ: ${TZ} + TARGET_IP: ${TARGET_IP} ports: - - ${APP_PORT}:6902 + - ${APP_PORT}:6080 volumes: - - ${APP_DATA_DIR}/data:/root + - ${APP_DATA_DIR}/config:/config + - ${APP_DATA_DIR}:/runtime + - /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared:/shared + - /sys/fs/cgroup:/sys/fs/cgroup + - /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared/xstartup:/root/.vnc/xstartup:ro + devices: + - /dev/net/tun + privileged: true + cap_add: + - NET_ADMIN + stop_grace_period: 30s labels: generated: true traefik.enable: true traefik.docker.network: runtipi_tipi_main_network traefik.http.middlewares.cistech-tunnel-runtipi-web-redirect.redirectscheme.scheme: https - traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6902" + traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6080" traefik.http.routers.cistech-tunnel-runtipi-insecure.rule: Host(`${APP_DOMAIN}`) traefik.http.routers.cistech-tunnel-runtipi-insecure.entrypoints: web traefik.http.routers.cistech-tunnel-runtipi-insecure.service: cistech-tunnel-runtipi @@ -31,4 +44,4 @@ services: traefik.http.routers.cistech-tunnel-runtipi.entrypoints: websecure traefik.http.routers.cistech-tunnel-runtipi.service: cistech-tunnel-runtipi traefik.http.routers.cistech-tunnel-runtipi.tls.certresolver: myresolver - runtipi.managed: true \ No newline at end of file + runtipi.managed: true diff --git a/apps/cistech-tunnel/shared/host-routing.sh b/apps/cistech-tunnel/shared/host-routing.sh index be818f9..537ea41 100644 --- a/apps/cistech-tunnel/shared/host-routing.sh +++ b/apps/cistech-tunnel/shared/host-routing.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # -# Host routing script for rego-tunnel +# Host routing script for cistech-tunnel # Routes TARGET_IP through the VPN container # set -euo pipefail @@ -8,15 +8,15 @@ set -euo pipefail ACTION="${1:-start}" # Fixed configuration (we assigned these) -CONTAINER_IP="172.31.0.10" -BRIDGE_NAME="br-rego-vpn" -TARGET_IP="${TARGET_IP:-10.35.33.230}" +CONTAINER_IP="172.30.0.10" +BRIDGE_NAME="br-vpn-static" +TARGET_IP="${TARGET_IP:-}" LAN_SUBNET="192.168.0.0/23" LAN_INTERFACES="eth0 eth1 wlan0" -LOG_FILE="/var/log/rego-routing.log" +LOG_FILE="/var/log/cistech-routing.log" log() { - local msg="[$(date '+%Y-%m-%d %H:%M:%S')] [rego-routing] $*" + local msg="[$(date '+%Y-%m-%d %H:%M:%S')] [cistech-routing] $*" echo "$msg" | tee -a "$LOG_FILE" >&2 }