fix(cistech-tunnel): correct routing config and sync compose files

- host-routing.sh: Updated to use cistech values (172.30.0.10, br-vpn-static) - config.json: Added TARGET_IP form field, bumped tipi_version to 2 - docker-compose.json: Added TARGET_IP environment variable - docker-compose.yml: Synced with docker-compose.json (correct image, port 6080, all env vars) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-17 11:10:59 +00:00
parent e462edd99b
commit 9307cab1bb
4 changed files with 36 additions and 15 deletions
--- a/apps/cistech-tunnel/config.json
+++ b/apps/cistech-tunnel/config.json
@@ -10,7 +10,7 @@
        "network"
    ],
    "description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO reconnects.",
-    "tipi_version": 1,
+    "tipi_version": 2,
    "version": "latest",
    "source": "local",
    "exposable": true,
@@ -48,6 +48,13 @@
            "type": "password",
            "env_variable": "VNC_PASSWORD",
            "required": true
+        },
+        {
+            "label": "Target IP",
+            "type": "text",
+            "env_variable": "TARGET_IP",
+            "required": false,
+            "hint": "IP address to route through VPN (for host routing)"
        }
    ],
    "supported_architectures": [
--- a/apps/cistech-tunnel/docker-compose.json
+++ b/apps/cistech-tunnel/docker-compose.json
@@ -11,7 +11,8 @@
        { "key": "OC_TOTP_SECRET", "value": "${OC_TOTP_SECRET}" },
        { "key": "VNC_PASSWORD", "value": "${VNC_PASSWORD}" },
        { "key": "NOVNC_PORT", "value": "6080" },
-        { "key": "TZ", "value": "${TZ}" }
+        { "key": "TZ", "value": "${TZ}" },
+        { "key": "TARGET_IP", "value": "${TARGET_IP}" }
      ],
      "internalPort": 6080,
      "volumes": [
--- a/apps/cistech-tunnel/docker-compose.yml
+++ b/apps/cistech-tunnel/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
  cistech-tunnel:
-    image: cistech-vpn:latest
+    image: git.alexzaw.dev/alexz/cistech-vpn:latest
    restart: unless-stopped
    networks:
      cistech-tunnel_runtipi_network:
@@ -9,20 +9,33 @@ services:
        gw_priority: 1
    environment:
      OC_URL: ${OC_URL}
-      OC_SERVERCERT: ${OC_SERVERCERT}
      OC_USER: ${OC_USER}
+      OC_PASSWORD: ${OC_PASSWORD}
+      OC_TOTP_SECRET: ${OC_TOTP_SECRET}
      VNC_PASSWORD: ${VNC_PASSWORD}
-      NOVNC_PORT: "6902"
+      NOVNC_PORT: "6080"
+      TZ: ${TZ}
+      TARGET_IP: ${TARGET_IP}
    ports:
-      - ${APP_PORT}:6902
+      - ${APP_PORT}:6080
    volumes:
-      - ${APP_DATA_DIR}/data:/root
+      - ${APP_DATA_DIR}/config:/config
+      - ${APP_DATA_DIR}:/runtime
+      - /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared:/shared
+      - /sys/fs/cgroup:/sys/fs/cgroup
+      - /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared/xstartup:/root/.vnc/xstartup:ro
+    devices:
+      - /dev/net/tun
+    privileged: true
+    cap_add:
+      - NET_ADMIN
+    stop_grace_period: 30s
    labels:
      generated: true
      traefik.enable: true
      traefik.docker.network: runtipi_tipi_main_network
      traefik.http.middlewares.cistech-tunnel-runtipi-web-redirect.redirectscheme.scheme: https
-      traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6902"
+      traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6080"
      traefik.http.routers.cistech-tunnel-runtipi-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.cistech-tunnel-runtipi-insecure.entrypoints: web
      traefik.http.routers.cistech-tunnel-runtipi-insecure.service: cistech-tunnel-runtipi
@@ -31,4 +44,4 @@ services:
      traefik.http.routers.cistech-tunnel-runtipi.entrypoints: websecure
      traefik.http.routers.cistech-tunnel-runtipi.service: cistech-tunnel-runtipi
      traefik.http.routers.cistech-tunnel-runtipi.tls.certresolver: myresolver
-      runtipi.managed: true
+      runtipi.managed: true
--- a/apps/cistech-tunnel/shared/host-routing.sh
+++ b/apps/cistech-tunnel/shared/host-routing.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Host routing script for rego-tunnel
+# Host routing script for cistech-tunnel
 # Routes TARGET_IP through the VPN container
 #
 set -euo pipefail
@@ -8,15 +8,15 @@ set -euo pipefail
 ACTION="${1:-start}"

 # Fixed configuration (we assigned these)
-CONTAINER_IP="172.31.0.10"
-BRIDGE_NAME="br-rego-vpn"
-TARGET_IP="${TARGET_IP:-10.35.33.230}"
+CONTAINER_IP="172.30.0.10"
+BRIDGE_NAME="br-vpn-static"
+TARGET_IP="${TARGET_IP:-}"
 LAN_SUBNET="192.168.0.0/23"
 LAN_INTERFACES="eth0 eth1 wlan0"
-LOG_FILE="/var/log/rego-routing.log"
+LOG_FILE="/var/log/cistech-routing.log"

 log() {
-    local msg="[$(date '+%Y-%m-%d %H:%M:%S')] [rego-routing] $*"
+    local msg="[$(date '+%Y-%m-%d %H:%M:%S')] [cistech-routing] $*"
    echo "$msg" | tee -a "$LOG_FILE" >&2
 }