upload current sources

2025-12-24 07:12:55 +00:00
parent 60855d6a85
commit a3d18358db
110 changed files with 42163 additions and 1 deletions
--- a/apps/rego-tunnel-linux/metadata/README.md
+++ b/apps/rego-tunnel-linux/metadata/README.md
@@ -0,0 +1,168 @@
+# Rego-Tunnel Linux VPN Bridge
+
+This app runs a Linux VM (Ubuntu) inside a Docker container with Cisco Secure Client VPN, providing transparent access to VPN-protected resources (IBM i at 10.35.33.230) from the local network.
+
+## Architecture
+
+```
+┌─────────────────────────────────────────────────────────────────────────┐
+│ Linux Host (192.168.0.150)                                              │
+│                                                                         │
+│   Bridge: br-vpn-linux (172.31.1.1/24)                                 │
+└─────────────────────────────────────────────────────────────────────────┘
+                                    │
+                                    ▼
+┌─────────────────────────────────────────────────────────────────────────┐
+│ Container: rego-tunnel-linux (172.31.1.10)                             │
+│                                                                         │
+│   qemux/qemu running Ubuntu VM                                         │
+│   Port 8007 → Web console (noVNC)                                      │
+│   Port 2222 → SSH to VM                                                │
+│                                                                         │
+│   Internal bridge: 172.32.1.1/24                                       │
+└─────────────────────────────────────────────────────────────────────────┘
+                                    │
+                                    ▼
+┌─────────────────────────────────────────────────────────────────────────┐
+│ Ubuntu VM (172.32.1.20)                                                │
+│                                                                         │
+│   Cisco Secure Client VPN: connected to corporate network             │
+│   VPN IP: 10.215.x.x                                                   │
+│                                                                         │
+│   cisco-vpn.sh:                                                        │
+│     - Auto-login to Cisco via xdotool                                  │
+│     - TOTP authentication (oathtool)                                   │
+│     - iptables forwarding for target IP                                │
+└─────────────────────────────────────────────────────────────────────────┘
+                                    │
+                                    ▼
+┌─────────────────────────────────────────────────────────────────────────┐
+│ IBM i (10.35.33.230)                                                   │
+│   Via Cisco VPN tunnel                                                  │
+└─────────────────────────────────────────────────────────────────────────┘
+```
+
+## Installation
+
+### Step 1: Install the app via Runtipi
+
+1. Go to Runtipi App Store
+2. Install "Rego Tunnel Linux"
+3. Configure RAM, CPU, and disk size
+
+### Step 2: Set up the VM
+
+1. Open the web console at port 8007
+2. Complete Ubuntu installation (use Ubuntu Server for faster boot)
+3. After installation, open a terminal
+
+### Step 3: Install Cisco Secure Client
+
+```bash
+# Mount the shared folder (contains Cisco installation)
+sudo mkdir -p /mnt/shared
+sudo mount -t 9p shared /mnt/shared -o trans=virtio
+
+# Run the install script
+sudo bash /mnt/shared/install-cisco.sh
+```
+
+### Step 4: Connect VPN
+
+```bash
+# Run the VPN automation script
+~/cisco-vpn.sh
+```
+
+The script will:
+1. Start the Cisco VPN agent
+2. Launch the VPN UI
+3. Auto-type credentials and TOTP
+4. Set up IP forwarding for the target
+
+## Files
+
+### vpn_scripts/secureclient/
+Complete Cisco Secure Client installation.
+
+### vpn_scripts/cisco-vpn.sh
+Automated VPN login script:
+- Starts vpnagentd if not running
+- Launches vpnui
+- Uses xdotool to type credentials
+- Generates TOTP codes with oathtool
+- Sets up iptables forwarding
+
+### vpn_scripts/install-cisco.sh
+One-time setup script to install Cisco Secure Client in the VM.
+
+## Configuration
+
+### VPN Credentials
+Edit `~/cisco-vpn.sh` and update:
+```bash
+EMAIL="your-email@company.com"
+PASSWORD="your-password"
+TOTP_SECRET="your-totp-secret"
+VPN_HOST="vpn.company.com"
+TARGET_IP="10.x.x.x"
+```
+
+### Network Configuration
+
+Add route on your laptop:
+```cmd
+route add 172.31.1.0 mask 255.255.255.0 192.168.0.150 -p
+```
+
+## User Config
+
+Create `/etc/runtipi/user-config/runtipi/rego-tunnel-linux/docker-compose.yml`:
+
+```yaml
+networks:
+  vpn_static-linux:
+    driver: bridge
+    driver_opts:
+      com.docker.network.bridge.name: "br-vpn-linux"
+    ipam:
+      config:
+        - subnet: 172.31.1.0/24
+
+services:
+  rego-tunnel-linux:
+    sysctls:
+      - net.ipv4.conf.all.rp_filter=0
+      - net.ipv4.conf.default.rp_filter=0
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - VM_NET_IP=172.32.1.20
+    networks:
+      vpn_static-linux:
+        ipv4_address: 172.31.1.10
+```
+
+## Troubleshooting
+
+### VPN UI doesn't start
+- Ensure vpnagentd is running: `systemctl status cisco-vpnagentd`
+- Check for missing libraries: `ldd /opt/cisco/secureclient/bin/vpnui`
+
+### TOTP codes failing
+- Sync time: `sudo timedatectl set-ntp true`
+- Verify TOTP secret is correct
+
+### Can't reach target IP
+- Check if VPN is connected: `ip addr show cscotun0`
+- Verify iptables rules: `sudo iptables -L -n`
+
+## Comparison: Windows vs Linux
+
+| Feature | Windows VM | Linux VM |
+|---------|-----------|----------|
+| Image | dockurr/windows | qemux/qemu |
+| Boot time | ~3-5 min | ~1-2 min |
+| RAM usage | ~2GB min | ~512MB min |
+| Disk usage | ~15GB | ~5GB |
+| Automation | DevTools/WebSocket | xdotool |