upload current sources

apps/rego-tunnel-linux/vpn_scripts/cisco-vpn.sh

@@ -0,0 +1,536 @@
+#!/bin/bash
+
+# Dover VPN Connection Script with Semi-Automation
+# Keyboard shortcuts (global, work anywhere):
+#   Ctrl+1 - Type email
+#   Ctrl+2 - Type password
+#   Ctrl+3 - Type TOTP code
+#   Ctrl+4 - Type email + Tab + password (combo)
+#   Ctrl+5 - Full sequence: email + Tab + password + Tab + TOTP + Enter
+
+EMAIL="c-azaw@regoproducts.com"
+PASSWORD='Ji@83278327$$@@'
+TOTP_SECRET="rzqtqskdwkhz6zyr"
+VPN_HOST="vpn-ord1.dovercorp.com"
+TARGET_IP="10.35.33.230"
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+CYAN='\033[0;36m'
+GRAY='\033[0;90m'
+NC='\033[0m'
+
+# Logging function with timestamp
+log() {
+    local level="$1"
+    local msg="$2"
+    local timestamp=$(date '+%H:%M:%S')
+    case $level in
+        INFO)  echo -e "${GRAY}[$timestamp]${NC} ${GREEN}[INFO]${NC}  $msg" ;;
+        WARN)  echo -e "${GRAY}[$timestamp]${NC} ${YELLOW}[WARN]${NC}  $msg" ;;
+        ERROR) echo -e "${GRAY}[$timestamp]${NC} ${RED}[ERROR]${NC} $msg" ;;
+        DEBUG) echo -e "${GRAY}[$timestamp]${NC} ${CYAN}[DEBUG]${NC} $msg" ;;
+        CMD)   echo -e "${GRAY}[$timestamp]${NC} ${GRAY}[CMD]${NC}   $msg" ;;
+        *)     echo -e "${GRAY}[$timestamp]${NC} $msg" ;;
+    esac
+}
+
+# Run command with logging
+run_cmd() {
+    local desc="$1"
+    shift
+    log CMD "$desc: $*"
+    output=$("$@" 2>&1)
+    local rc=$?
+    if [ -n "$output" ]; then
+        echo "$output" | while IFS= read -r line; do
+            echo -e "           ${GRAY}│${NC} $line"
+        done
+    fi
+    return $rc
+}
+
+echo -e "${CYAN}========================================${NC}"
+echo -e "${CYAN}       Dover VPN Connection Script      ${NC}"
+echo -e "${CYAN}========================================${NC}"
+echo ""
+
+# Function to get current TOTP
+get_totp() {
+    oathtool --totp -b "$TOTP_SECRET"
+}
+
+# Function to detect VPN tunnel interface dynamically
+get_vpn_interface() {
+    # Look for cscotun* or tun* interfaces that are UP
+    local iface=$(ip link show | grep -oP '(cscotun\d+|tun\d+)(?=:.*UP)' | head -1)
+    if [ -z "$iface" ]; then
+        # Fallback: any cscotun interface
+        iface=$(ip link show | grep -oP 'cscotun\d+' | head -1)
+    fi
+    echo "$iface"
+}
+
+# Function to get VM's IP on host-only network (for Windows routing)
+get_vm_hostonly_ip() {
+    # Get IP from ens38 (host-only adapter) - could be any 192.168.x.x
+    ip addr show ens38 2>/dev/null | grep -oP 'inet \K[\d.]+' | head -1
+}
+
+# Function to get VPN tunnel IP
+get_vpn_ip() {
+    local iface=$(get_vpn_interface)
+    if [ -n "$iface" ]; then
+        ip addr show "$iface" 2>/dev/null | grep -oP 'inet \K[\d.]+' | head -1
+    fi
+}
+
+# Start xbindkeys for keyboard macros
+start_xbindkeys() {
+    log INFO "Starting keyboard macro listener (xbindkeys)..."
+
+    # Kill any existing xbindkeys
+    pkill xbindkeys 2>/dev/null
+    sleep 0.5
+
+    # Start xbindkeys
+    xbindkeys -f ~/.xbindkeysrc 2>/dev/null &
+    XBINDKEYS_PID=$!
+
+    if pgrep xbindkeys >/dev/null; then
+        log DEBUG "xbindkeys started (PID: $(pgrep xbindkeys))"
+        log INFO "Keyboard shortcuts active: Ctrl+1=email, Ctrl+2=pass, Ctrl+3=TOTP, Ctrl+4=combo, Ctrl+5=all"
+    else
+        log WARN "Failed to start xbindkeys"
+    fi
+}
+
+# Stop xbindkeys
+stop_xbindkeys() {
+    if pgrep xbindkeys >/dev/null; then
+        log INFO "Stopping keyboard macro listener..."
+        pkill xbindkeys 2>/dev/null
+        log DEBUG "xbindkeys stopped"
+    fi
+}
+
+# Kill all Cisco-related processes
+kill_cisco_processes() {
+    log INFO "Killing all Cisco-related processes..."
+
+    local killed=0
+    local my_pid=$$
+    local my_ppid=$(ps -o ppid= -p $$ | tr -d ' ')
+
+    # Kill vpnui specifically (not just any process with "vpn" in name)
+    for pid in $(pgrep -x "vpnui" 2>/dev/null); do
+        if [ "$pid" != "$my_pid" ] && [ "$pid" != "$my_ppid" ]; then
+            log DEBUG "Killing vpnui (PID $pid)"
+            sudo kill -9 "$pid" 2>/dev/null && ((killed++))
+        fi
+    done
+
+    # Note: Don't kill vpnagentd - we need it running
+
+    # Kill Cisco-specific processes by exact path
+    for proc in cstub cscan acwebsecagent vpndownloader; do
+        for pid in $(pgrep -x "$proc" 2>/dev/null); do
+            log DEBUG "Killing $proc (PID $pid)"
+            sudo kill -9 "$pid" 2>/dev/null && ((killed++))
+        done
+    done
+
+    # Kill openconnect (exact match)
+    for pid in $(pgrep -x "openconnect" 2>/dev/null); do
+        log DEBUG "Killing openconnect (PID $pid)"
+        sudo kill -9 "$pid" 2>/dev/null && ((killed++))
+    done
+
+    if [ $killed -eq 0 ]; then
+        log INFO "No Cisco processes were running"
+    else
+        log INFO "Killed $killed process(es)"
+        sleep 1
+    fi
+}
+
+# Function to setup iptables rules for forwarding
+setup_forwarding() {
+    log INFO "Setting up IP forwarding rules for $TARGET_IP..."
+
+    local vpn_iface=$(get_vpn_interface)
+    if [ -z "$vpn_iface" ]; then
+        log ERROR "No VPN interface found! Is VPN connected?"
+        return 1
+    fi
+
+    local vpn_ip=$(get_vpn_ip)
+    local vm_ip=$(get_vm_hostonly_ip)
+
+    log DEBUG "VPN interface: $vpn_iface"
+    log DEBUG "VPN IP: $vpn_ip"
+    log DEBUG "VM host-only IP: $vm_ip"
+
+    # Enable IP forwarding
+    run_cmd "Enabling IP forwarding" sudo sysctl -w net.ipv4.ip_forward=1
+
+    # NAT masquerade
+    if ! sudo iptables -t nat -C POSTROUTING -d "$TARGET_IP" -j MASQUERADE 2>/dev/null; then
+        run_cmd "Adding NAT masquerade rule" sudo iptables -t nat -A POSTROUTING -d "$TARGET_IP" -j MASQUERADE
+    else
+        log DEBUG "NAT masquerade rule already exists"
+    fi
+
+    # Forward rules
+    if ! sudo iptables -C FORWARD -d "$TARGET_IP" -j ACCEPT 2>/dev/null; then
+        run_cmd "Adding forward rule (to target)" sudo iptables -A FORWARD -d "$TARGET_IP" -j ACCEPT
+    else
+        log DEBUG "Forward rule (to target) already exists"
+    fi
+
+    if ! sudo iptables -C FORWARD -s "$TARGET_IP" -j ACCEPT 2>/dev/null; then
+        run_cmd "Adding forward rule (from target)" sudo iptables -A FORWARD -s "$TARGET_IP" -j ACCEPT
+    else
+        log DEBUG "Forward rule (from target) already exists"
+    fi
+
+    # Cisco VPN chain bypass (insert at top if chain exists)
+    if sudo iptables -L ciscovpn -n &>/dev/null; then
+        if ! sudo iptables -C ciscovpn -o "$vpn_iface" -d "$TARGET_IP" -j ACCEPT 2>/dev/null; then
+            run_cmd "Adding ciscovpn bypass (outbound)" sudo iptables -I ciscovpn 1 -o "$vpn_iface" -d "$TARGET_IP" -j ACCEPT
+        else
+            log DEBUG "Ciscovpn bypass (outbound) already exists"
+        fi
+
+        if ! sudo iptables -C ciscovpn -i "$vpn_iface" -s "$TARGET_IP" -j ACCEPT 2>/dev/null; then
+            run_cmd "Adding ciscovpn bypass (inbound)" sudo iptables -I ciscovpn 2 -i "$vpn_iface" -s "$TARGET_IP" -j ACCEPT
+        else
+            log DEBUG "Ciscovpn bypass (inbound) already exists"
+        fi
+    else
+        log DEBUG "ciscovpn chain does not exist (yet)"
+    fi
+
+    log INFO "Forwarding rules configured"
+    echo ""
+    log INFO "Windows route command (run as Admin):"
+    echo -e "           ${CYAN}route add $TARGET_IP mask 255.255.255.255 $vm_ip${NC}"
+    echo ""
+}
+
+# Copy credentials to clipboard as alternative
+copy_to_clipboard() {
+    log INFO "Starting clipboard credential rotation..."
+    echo ""
+
+    log INFO "Copying EMAIL to clipboard"
+    echo "$EMAIL" | xclip -selection clipboard
+    echo -e "           ${CYAN}Email ready: $EMAIL${NC}"
+    echo -e "           Paste now (Ctrl+V), then press ${GREEN}Enter${NC} here for password..."
+    read -r
+
+    log INFO "Copying PASSWORD to clipboard"
+    echo "$PASSWORD" | xclip -selection clipboard
+    echo -e "           ${CYAN}Password ready${NC}"
+    echo -e "           Paste now (Ctrl+V), then press ${GREEN}Enter${NC} here for TOTP..."
+    read -r
+
+    TOTP=$(get_totp)
+    log INFO "Copying TOTP to clipboard"
+    echo "$TOTP" | xclip -selection clipboard
+    echo -e "           ${CYAN}TOTP ready: $TOTP${NC}"
+    echo -e "           Paste now (Ctrl+V)"
+}
+
+# Print current TOTP with countdown
+show_totp() {
+    log INFO "Starting live TOTP display (Ctrl+C to stop)"
+    echo ""
+    while true; do
+        TOTP=$(get_totp)
+        SECONDS_LEFT=$((30 - ($(date +%s) % 30)))
+        echo -ne "\r           ${CYAN}Current TOTP:${NC} ${GREEN}$TOTP${NC} (expires in ${YELLOW}${SECONDS_LEFT}s${NC})   "
+        sleep 1
+    done
+}
+
+# Show network status
+show_network_status() {
+    log INFO "Current network status:"
+
+    # VM IPs
+    echo ""
+    log DEBUG "VM Network Interfaces:"
+    ip -4 addr show | grep -E "inet |^[0-9]+:" | while IFS= read -r line; do
+        echo -e "           ${GRAY}│${NC} $line"
+    done
+
+    # VPN status
+    echo ""
+    local vpn_iface=$(get_vpn_interface)
+    if [ -n "$vpn_iface" ]; then
+        local vpn_ip=$(get_vpn_ip)
+        log INFO "VPN Status: ${GREEN}CONNECTED${NC}"
+        log DEBUG "  Interface: $vpn_iface"
+        log DEBUG "  VPN IP: $vpn_ip"
+    else
+        log WARN "VPN Status: ${RED}NOT CONNECTED${NC}"
+    fi
+
+    # Host-only IP for Windows
+    local vm_ip=$(get_vm_hostonly_ip)
+    if [ -n "$vm_ip" ]; then
+        log DEBUG "Host-only IP (for Windows): $vm_ip"
+    fi
+    echo ""
+}
+
+# Main menu
+main_menu() {
+    echo -e "${GREEN}Options:${NC}"
+    echo -e "  ${CYAN}1${NC} - Start Cisco AnyConnect (kill existing + launch)"
+    echo -e "  ${CYAN}2${NC} - Copy credentials to clipboard (one by one)"
+    echo -e "  ${CYAN}3${NC} - Show live TOTP"
+    echo -e "  ${CYAN}4${NC} - Setup IP forwarding rules only"
+    echo -e "  ${CYAN}5${NC} - Test connection to $TARGET_IP"
+    echo -e "  ${CYAN}6${NC} - Show network status"
+    echo -e "  ${CYAN}7${NC} - Kill all Cisco processes"
+    echo -e "  ${CYAN}q${NC} - Quit"
+    echo ""
+}
+
+# Check if VPN is already connected
+check_vpn_status() {
+    local vpn_iface=$(get_vpn_interface)
+    if [ -n "$vpn_iface" ]; then
+        local vpn_ip=$(get_vpn_ip)
+        log INFO "VPN is ${GREEN}CONNECTED${NC}"
+        log DEBUG "  Interface: $vpn_iface"
+        log DEBUG "  VPN IP: $vpn_ip"
+        return 0
+    else
+        log WARN "VPN is ${RED}NOT CONNECTED${NC}"
+        return 1
+    fi
+}
+
+# Focus on Cisco AnyConnect window
+focus_vpn_window() {
+    local win_id=$(xdotool search --name "Cisco" 2>/dev/null | head -1)
+    if [ -n "$win_id" ]; then
+        xdotool windowactivate --sync "$win_id" 2>/dev/null
+        sleep 0.3
+        return 0
+    fi
+    return 1
+}
+
+# Auto-login sequence using xdotool (no auto-focus, types to active window)
+auto_login() {
+    log INFO "Starting automated login sequence..."
+
+    # Wait for UI to fully load
+    log DEBUG "Waiting 5s for UI to load..."
+    sleep 5
+
+    # Press Enter to initiate connection
+    log DEBUG "Pressing Enter to start connection..."
+    xdotool key Return
+    sleep 5
+
+    # Press Enter again (Connect button)
+    log DEBUG "Pressing Enter for Connect..."
+    xdotool key Return
+
+    # Wait for SSO browser to open
+    log DEBUG "Waiting for SSO browser to open..."
+    sleep 7
+
+    # Type email
+    log DEBUG "Typing email..."
+    xdotool type --delay 50 "$EMAIL"
+    xdotool key Return
+    sleep 5
+
+    # Type password
+    log DEBUG "Typing password..."
+    xdotool type --delay 50 "$PASSWORD"
+    xdotool key Return
+    sleep 5
+
+    # Type TOTP
+    log DEBUG "Typing TOTP..."
+    local totp=$(oathtool --totp -b "$TOTP_SECRET")
+    log DEBUG "TOTP: $totp"
+    xdotool type --delay 50 "$totp"
+    xdotool key Return
+    sleep 5
+
+    # Extra enters for any confirmation dialogs
+    log DEBUG "Sending confirmation enters..."
+    xdotool key Return
+    sleep 2
+    xdotool key Return
+    sleep 5
+    xdotool key Return
+
+    log INFO "Auto-login sequence completed"
+}
+
+# Start Cisco AnyConnect with logging
+start_anyconnect() {
+    log INFO "=== Starting Cisco AnyConnect VPN (FULLY AUTOMATED) ==="
+    echo ""
+
+    # Kill existing processes first
+    kill_cisco_processes
+
+    # Start vpnagentd if not running
+    if ! pgrep -x vpnagentd >/dev/null; then
+        log INFO "Starting vpnagentd..."
+        sudo /opt/cisco/secureclient/bin/vpnagentd &
+        log DEBUG "Waiting for vpnagentd to initialize..."
+        sleep 5
+    fi
+
+    # Show credentials
+    log INFO "Credentials for SSO login:"
+    echo -e "           ${CYAN}Email:    $EMAIL${NC}"
+    echo -e "           ${CYAN}Password: $PASSWORD${NC}"
+    TOTP=$(get_totp)
+    echo -e "           ${CYAN}TOTP:     $TOTP${NC}"
+    echo ""
+
+    # Start AnyConnect with GPU/WebKit workarounds
+    log INFO "Launching Cisco AnyConnect UI..."
+    export GDK_BACKEND=x11
+    export WEBKIT_DISABLE_DMABUF_RENDERER=1
+    /opt/cisco/secureclient/bin/vpnui &
+    VPNUI_PID=$!
+    log DEBUG "vpnui started with PID $VPNUI_PID"
+
+    # Run auto-login in background
+    auto_login &
+    AUTO_LOGIN_PID=$!
+    log DEBUG "Auto-login started with PID $AUTO_LOGIN_PID"
+
+    # Wait for VPN to connect
+    log INFO "Waiting for VPN connection..."
+    local wait_count=0
+    local max_wait=300  # 5 minutes
+    while [ -z "$(get_vpn_interface)" ]; do
+        sleep 2
+        ((wait_count+=2))
+        if [ $((wait_count % 10)) -eq 0 ]; then
+            log DEBUG "Still waiting for VPN... (${wait_count}s)"
+        fi
+        if [ $wait_count -ge $max_wait ]; then
+            log ERROR "Timeout waiting for VPN connection after ${max_wait}s"
+            stop_xbindkeys
+            return 1
+        fi
+    done
+
+    log INFO "VPN connected!"
+    local vpn_iface=$(get_vpn_interface)
+    local vpn_ip=$(get_vpn_ip)
+    log DEBUG "  Interface: $vpn_iface"
+    log DEBUG "  VPN IP: $vpn_ip"
+
+    # Wait a bit for routes to stabilize
+    log DEBUG "Waiting for routes to stabilize..."
+    sleep 3
+
+    # Setup forwarding
+    setup_forwarding
+
+    # Test connection
+    log INFO "Testing connection to $TARGET_IP..."
+    if ping -c 2 -W 3 "$TARGET_IP" &>/dev/null; then
+        log INFO "Connection test: ${GREEN}SUCCESS${NC}"
+    else
+        log WARN "Connection test: ${RED}FAILED${NC} (may need manual route on Windows)"
+    fi
+}
+
+# Main
+log INFO "Script started"
+echo ""
+
+# Check current status
+if check_vpn_status; then
+    echo ""
+    log INFO "VPN already connected. Setting up forwarding..."
+    setup_forwarding
+else
+    echo ""
+    log INFO "Auto-starting VPN connection..."
+    echo ""
+    start_anyconnect
+fi
+
+echo ""
+main_menu
+
+while true; do
+    echo -ne "${CYAN}Choice: ${NC}"
+    read -r choice
+
+    case $choice in
+        1)
+            echo ""
+            start_anyconnect
+            echo ""
+            main_menu
+            ;;
+        2)
+            echo ""
+            copy_to_clipboard
+            echo ""
+            main_menu
+            ;;
+        3)
+            echo ""
+            show_totp
+            echo ""
+            main_menu
+            ;;
+        4)
+            echo ""
+            setup_forwarding
+            echo ""
+            main_menu
+            ;;
+        5)
+            echo ""
+            log INFO "Testing connection to $TARGET_IP..."
+            if ping -c 3 "$TARGET_IP"; then
+                log INFO "Connection test: ${GREEN}SUCCESS${NC}"
+            else
+                log ERROR "Connection test: ${RED}FAILED${NC}"
+            fi
+            echo ""
+            main_menu
+            ;;
+        6)
+            echo ""
+            show_network_status
+            main_menu
+            ;;
+        7)
+            echo ""
+            kill_cisco_processes
+            echo ""
+            main_menu
+            ;;
+        q|Q)
+            log INFO "Goodbye!"
+            exit 0
+            ;;
+        *)
+            log ERROR "Invalid choice"
+            ;;
+    esac
+done

apps/rego-tunnel-linux/vpn_scripts/install-cisco.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Install Cisco Secure Client on Ubuntu VM
+# Run this script once after the VM is set up
+
+set -e
+
+echo "========================================"
+echo "  Installing Cisco Secure Client"
+echo "========================================"
+
+# Install dependencies
+echo "Installing dependencies..."
+sudo apt-get update
+sudo apt-get install -y xdotool oathtool xclip p7zip-full curl wget \
+    libpango-1.0-0 libpangocairo-1.0-0 libgtk-3-0 libwebkit2gtk-4.0-37 \
+    libjavascriptcoregtk-4.0-18 libnss3 net-tools iproute2 iptables
+
+# Create Cisco directories
+echo "Creating Cisco directories..."
+sudo mkdir -p /opt/cisco/secureclient
+sudo mkdir -p /opt/.cisco/certificates/ca
+
+# Copy Cisco installation from shared folder
+if [ -d "/mnt/shared/secureclient" ]; then
+    echo "Copying Cisco Secure Client from shared folder..."
+    sudo cp -r /mnt/shared/secureclient/* /opt/cisco/secureclient/
+    sudo chmod +x /opt/cisco/secureclient/bin/*
+    
+    # Create symlinks for system-wide access
+    sudo ln -sf /opt/cisco/secureclient/bin/vpn /usr/local/bin/vpn
+    sudo ln -sf /opt/cisco/secureclient/bin/vpnui /usr/local/bin/vpnui
+    sudo ln -sf /opt/cisco/secureclient/bin/vpnagentd /usr/local/bin/vpnagentd
+    
+    # Create library symlinks
+    sudo ldconfig /opt/cisco/secureclient/lib
+    
+    # Create systemd service for vpnagentd
+    sudo tee /etc/systemd/system/cisco-vpnagentd.service > /dev/null << 'EOF'
+[Unit]
+Description=Cisco Secure Client VPN Agent
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/opt/cisco/secureclient/bin/vpnagentd
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+    
+    sudo systemctl daemon-reload
+    sudo systemctl enable cisco-vpnagentd
+    sudo systemctl start cisco-vpnagentd
+    
+    echo "Cisco Secure Client installed successfully!"
+else
+    echo "ERROR: Shared folder /mnt/shared/secureclient not found"
+    echo "Please mount the vpn_scripts directory to /mnt/shared"
+    exit 1
+fi
+
+# Copy VPN automation script
+if [ -f "/mnt/shared/cisco-vpn.sh" ]; then
+    echo "Copying VPN automation script..."
+    cp /mnt/shared/cisco-vpn.sh ~/cisco-vpn.sh
+    chmod +x ~/cisco-vpn.sh
+fi
+
+echo ""
+echo "========================================"
+echo "  Installation Complete!"
+echo "========================================"
+echo ""
+echo "To connect to VPN:"
+echo "  1. Start a display session (GUI or VNC)"
+echo "  2. Run: ~/cisco-vpn.sh"
+echo ""

apps/rego-tunnel-linux/vpn_scripts/secureclient/ACManifestVPN.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<vpn rev="1.0">
+  <file version="5.1.11.388" id="VPNCore" is_core="yes" type="script" action="install">
+    <uri>binaries/cisco-secure-client-linux64-5.1.11.388-core-vpn-webdeploy-k9.sh</uri>
+    <display-name>Cisco Secure Client - AnyConnect VPN</display-name>
+  </file>
+</vpn>

apps/rego-tunnel-linux/vpn_scripts/secureclient/AnyConnectLocalPolicy.xml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<AnyConnectLocalPolicy xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectLocalPolicy.xsd" acversion="5.1.11.388">
+<BypassDefaultLocalization>false</BypassDefaultLocalization>
+<BypassDownloader>false</BypassDownloader>
+<ExcludeFirefoxNSSCertStore>false</ExcludeFirefoxNSSCertStore>
+<FipsMode>false</FipsMode>
+<OCSPRevocation>false</OCSPRevocation>
+<RestrictHelpWebDeploy>false</RestrictHelpWebDeploy>
+<RestrictLocalizationWebDeploy>false</RestrictLocalizationWebDeploy>
+<RestrictPreferenceCaching>false</RestrictPreferenceCaching>
+<RestrictResourceWebDeploy>false</RestrictResourceWebDeploy>
+<RestrictScriptWebDeploy>false</RestrictScriptWebDeploy>
+<RestrictServerCertStore>false</RestrictServerCertStore>
+<RestrictTunnelProtocols>false</RestrictTunnelProtocols>
+<RestrictWebLaunch>false</RestrictWebLaunch>
+<StrictCertificateTrust>false</StrictCertificateTrust>
+<UpdatePolicy>
+<AllowComplianceModuleUpdatesFromAnyServer>true</AllowComplianceModuleUpdatesFromAnyServer>
+<AllowHelpUpdatesFromAnyServer>true</AllowHelpUpdatesFromAnyServer>
+<AllowISEProfileUpdatesFromAnyServer>true</AllowISEProfileUpdatesFromAnyServer>
+<AllowLocalizationUpdatesFromAnyServer>true</AllowLocalizationUpdatesFromAnyServer>
+<AllowManagementVPNProfileUpdatesFromAnyServer>true</AllowManagementVPNProfileUpdatesFromAnyServer>
+<AllowResourceUpdatesFromAnyServer>true</AllowResourceUpdatesFromAnyServer>
+<AllowScriptUpdatesFromAnyServer>true</AllowScriptUpdatesFromAnyServer>
+<AllowServiceProfileUpdatesFromAnyServer>true</AllowServiceProfileUpdatesFromAnyServer>
+<AllowSoftwareUpdatesFromAnyServer>true</AllowSoftwareUpdatesFromAnyServer>
+<AllowVPNProfileUpdatesFromAnyServer>true</AllowVPNProfileUpdatesFromAnyServer></UpdatePolicy>
+</AnyConnectLocalPolicy>

apps/rego-tunnel-linux/vpn_scripts/secureclient/AnyConnectLocalPolicy.xsd

@@ -0,0 +1,273 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/encoding/" targetNamespace="http://schemas.xmlsoap.org/encoding/" elementFormDefault="qualified" attributeFormDefault="unqualified">
+  <xs:element name="AnyConnectLocalPolicy">
+    <xs:complexType>
+      <xs:all minOccurs="0">
+        <xs:element name="FipsMode" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="true" />
+              <xs:enumeration value="false" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="BypassDownloader" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="true" />
+              <xs:enumeration value="false" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="BypassDefaultLocalization" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="true" />
+              <xs:enumeration value="false" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>        
+        <xs:element name="RestrictScriptWebDeploy" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="true" />
+              <xs:enumeration value="false" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="RestrictHelpWebDeploy" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="true" />
+              <xs:enumeration value="false" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="RestrictResourceWebDeploy" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="true" />
+              <xs:enumeration value="false" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="RestrictLocalizationWebDeploy" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="true" />
+              <xs:enumeration value="false" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="RestrictWebLaunch" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="true" />
+              <xs:enumeration value="false" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="StrictCertificateTrust" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="true" />
+              <xs:enumeration value="false" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="EnableCRLCheck" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="true" />
+              <xs:enumeration value="false" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="OCSPRevocation" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="true" />
+              <xs:enumeration value="false" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="RestrictTunnelProtocols" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="false" />
+              <xs:enumeration value="IPSec" />
+              <xs:enumeration value="TLS" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="RestrictPreferenceCaching" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:pattern value="((false|All|Credentials|Thumbprints|CredentialsAndThumbprints|AutomaticServerSelection),)*(false|All|Credentials|Thumbprints|CredentialsAndThumbprints|AutomaticServerSelection)"/>
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="ExcludePemFileCertStore" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="false" />
+              <xs:enumeration value="true" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="ExcludeWinNativeCertStore" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="false" />
+              <xs:enumeration value="true" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="ExcludeMacNativeCertStore" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="false" />
+              <xs:enumeration value="true" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="ExcludeFirefoxNSSCertStore" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="false" />
+              <xs:enumeration value="true" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+		<xs:element name="RestrictServerCertStore" minOccurs="0">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="false" />
+              <xs:enumeration value="true" />
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:element>
+        <xs:element name="UpdatePolicy" minOccurs="0">
+          <xs:complexType>
+            <xs:all minOccurs="0">
+              <xs:element name="AllowSoftwareUpdatesFromAnyServer" minOccurs="0">
+                <xs:simpleType>
+                  <xs:restriction base="xs:token">
+                    <xs:enumeration value="true" />
+                    <xs:enumeration value="false" />
+                  </xs:restriction>
+                </xs:simpleType>
+              </xs:element>
+              <xs:element name="AllowComplianceModuleUpdatesFromAnyServer" minOccurs="0">
+                <xs:simpleType>
+                  <xs:restriction base="xs:token">
+                    <xs:enumeration value="true" />
+                    <xs:enumeration value="false" />
+                  </xs:restriction>
+                </xs:simpleType>
+              </xs:element>
+              <xs:element name="AllowVPNProfileUpdatesFromAnyServer" minOccurs="0">
+                <xs:simpleType>
+                  <xs:restriction base="xs:token">
+                    <xs:enumeration value="true" />
+                    <xs:enumeration value="false" />
+                  </xs:restriction>
+                </xs:simpleType>
+              </xs:element>
+              <xs:element name="AllowManagementVPNProfileUpdatesFromAnyServer" minOccurs="0">
+                <xs:simpleType>
+                  <xs:restriction base="xs:token">
+                    <xs:enumeration value="true" />
+                    <xs:enumeration value="false" />
+                  </xs:restriction>
+                </xs:simpleType>
+              </xs:element>
+              <xs:element name="AllowISEProfileUpdatesFromAnyServer" minOccurs="0">
+                <xs:simpleType>
+                  <xs:restriction base="xs:token">
+                    <xs:enumeration value="true" />
+                    <xs:enumeration value="false" />
+                  </xs:restriction>
+                </xs:simpleType>
+              </xs:element>
+              <xs:element name="AllowServiceProfileUpdatesFromAnyServer" minOccurs="0">
+                <xs:simpleType>
+                  <xs:restriction base="xs:token">
+                    <xs:enumeration value="true" />
+                    <xs:enumeration value="false" />
+                  </xs:restriction>
+                </xs:simpleType>
+              </xs:element>
+              <xs:element name="AllowHelpUpdatesFromAnyServer" minOccurs="0">
+                <xs:simpleType>
+                  <xs:restriction base="xs:token">
+                    <xs:enumeration value="true" />
+                    <xs:enumeration value="false" />
+                  </xs:restriction>
+                </xs:simpleType>
+              </xs:element>
+              <xs:element name="AllowResourceUpdatesFromAnyServer" minOccurs="0">
+                <xs:simpleType>
+                  <xs:restriction base="xs:token">
+                    <xs:enumeration value="true" />
+                    <xs:enumeration value="false" />
+                  </xs:restriction>
+                </xs:simpleType>
+              </xs:element>
+              <xs:element name="AllowLocalizationUpdatesFromAnyServer" minOccurs="0">
+                <xs:simpleType>
+                  <xs:restriction base="xs:token">
+                    <xs:enumeration value="true" />
+                    <xs:enumeration value="false" />
+                  </xs:restriction>
+                </xs:simpleType>
+              </xs:element>
+              <xs:element name="AllowScriptUpdatesFromAnyServer" minOccurs="0">
+                <xs:simpleType>
+                  <xs:restriction base="xs:token">
+                    <xs:enumeration value="true" />
+                    <xs:enumeration value="false" />
+                  </xs:restriction>
+                </xs:simpleType>
+              </xs:element>
+              <xs:element name="AuthorizedServerList" minOccurs="0">
+                <xs:complexType>
+                  <xs:sequence>
+                    <xs:element name="ServerName" type="xs:token" minOccurs="0" maxOccurs="unbounded"/>
+                  </xs:sequence>
+                </xs:complexType>
+              </xs:element>
+            </xs:all>
+          </xs:complexType>
+        </xs:element>
+        <xs:element name="TrustedISECertFingerprints" minOccurs="0">
+          <xs:complexType>
+            <xs:sequence>
+              <xs:element minOccurs="1" maxOccurs="unbounded" name="fingerprint">
+                <xs:complexType>
+                  <xs:sequence>
+                    <xs:element name="algorithm" type="xs:token" />
+                    <xs:element name="hash">
+                      <xs:simpleType>
+                        <xs:restriction base="xs:token">
+                          <xs:pattern value="[\s:]*([a-fA-F0-9][\s:]*){64}" />
+                        </xs:restriction>
+                       </xs:simpleType>
+                   </xs:element>
+                  </xs:sequence>
+                </xs:complexType>
+              </xs:element>
+            </xs:sequence>
+          </xs:complexType>
+        </xs:element>
+      </xs:all>
+      <xs:attribute name="acversion">
+        <xs:simpleType>
+          <xs:restriction base="xs:token">
+            <xs:pattern value="(\d+)(\.(\d+))(\.(\d+))(\.(\d+))?" />
+          </xs:restriction>
+        </xs:simpleType>
+      </xs:attribute>
+    </xs:complexType>
+  </xs:element>
+</xs:schema>

apps/rego-tunnel-linux/vpn_scripts/secureclient/CustomerExperienceFeedback/history

@@ -0,0 +1,6 @@
+last_version_number:5.1.11.388
+last_sequence_number:2
+last_post:
+last_feedback:1764115637
+last_crash_report:
+last_threat_report:

apps/rego-tunnel-linux/vpn_scripts/secureclient/CustomerExperienceFeedback/moduledata/vpn.cef

@@ -0,0 +1 @@
+d11:Connectionsd11:SessionInfod3:SSLd12:ConnectCounti1e11:ProfileHashd64:5FBB526D589505911C49F093A8B12F06419E445B25828E2750230009A0F5FE60d5:Counti1eee17:TunnelInitiatedByd3:GUId5:Counti1eeeee10:TunnelInfod11:GatewayTyped15:ASA (9.12(4)72)d8:DTLSv1.2d6:Cipherd29:ECDHE_ECDSA_AES256_GCM_SHA384d5:Counti1eee14:TunnelConnectsi1ee7:TLSv1.2d6:Cipherd27:ECDHE_RSA_AES256_GCM_SHA384d5:Counti1eee14:TunnelConnectsi1eeeeee11:LocalPolicyd45:AllowManagementVPNProfileUpdatesFromAnyServeri1e39:AllowServiceProfileUpdatesFromAnyServeri1e33:AllowSoftwareUpdatesFromAnyServeri1e35:AllowVPNProfileUpdatesFromAnyServeri1e16:BypassDownloaderi0e26:ExcludeFirefoxNSSCertStorei0e25:ExcludeMacNativeCertStorei0e23:ExcludePemFileCertStorei0e25:ExcludeWinNativeCertStorei0e8:FipsModei0e25:RestrictPreferenceCaching5:false23:RestrictTunnelProtocols5:false17:RestrictWebLaunchi0e22:StrictCertificateTrusti0eee

apps/rego-tunnel-linux/vpn_scripts/secureclient/CustomerExperienceFeedback/moduledata/vpn.cef.temp

@@ -0,0 +1 @@
+d11:Connectionsd11:SessionInfod3:SSLd12:ConnectCounti3e11:ProfileHashd64:5FBB526D589505911C49F093A8B12F06419E445B25828E2750230009A0F5FE60d5:Counti3eee14:ReconnectCounti1e17:TunnelInitiatedByd3:GUId5:Counti3eeeee10:TunnelInfod11:GatewayTyped15:ASA (9.12(4)72)d8:DTLSv1.2d6:Cipherd29:ECDHE_ECDSA_AES256_GCM_SHA384d5:Counti4eee14:TunnelConnectsi4ee7:TLSv1.2d6:Cipherd27:ECDHE_RSA_AES256_GCM_SHA384d5:Counti4eee14:TunnelConnectsi4eeeeee11:LocalPolicyd45:AllowManagementVPNProfileUpdatesFromAnyServeri1e39:AllowServiceProfileUpdatesFromAnyServeri1e33:AllowSoftwareUpdatesFromAnyServeri1e35:AllowVPNProfileUpdatesFromAnyServeri1e16:BypassDownloaderi0e26:ExcludeFirefoxNSSCertStorei0e25:ExcludeMacNativeCertStorei0e23:ExcludePemFileCertStorei0e25:ExcludeWinNativeCertStorei0e8:FipsModei0e25:RestrictPreferenceCaching5:false23:RestrictTunnelProtocols5:false17:RestrictWebLaunchi0e22:StrictCertificateTrusti0eee

apps/rego-tunnel-linux/vpn_scripts/secureclient/OpenSource.html

@@ -0,0 +1,12 @@
+<html>
+    <head>
+        <title>Open Source Used In AnyConnect VPN Client Software</title>
+    </head>
+    <body>
+        <h1>Open Source Used In AnyConnect VPN Client Software</h1>
+        <br/>
+        <h3>Please refer to <a href="https://www.cisco.com/go/opensource">Open Source in Cisco Products</a> for the latest information on the open source used in AnyConnect VPN Client Software.</h3>
+        <br/>
+        <p><font size="2">Copyright &copy; 2025 Cisco Systems, Inc. All rights reserved.</font></p>
+    </body>
+</html>

apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/cisco_secure_client_uninstall.sh

@@ -0,0 +1,50 @@
+#!/bin/sh
+
+INSTPREFIX="/opt/cisco/secureclient"
+BINDIR="${INSTPREFIX}/bin"
+NVM_BINDIR="${INSTPREFIX}/NVM/bin"
+POSTURE_BINDIR="${INSTPREFIX}/securefirewallposture/bin"
+
+VPN_UNINST=${BINDIR}/vpn_uninstall.sh
+POSTURE_UNINST=${POSTURE_BINDIR}/posture_uninstall.sh
+NVM_UNINST=${NVM_BINDIR}/nvm_uninstall.sh
+ISEPOSTURE_UNINST=${BINDIR}/iseposture_uninstall.sh
+ISECOMPLIANCE_UNINST=${BINDIR}/isecompliance_uninstall.sh
+
+if [ -x "${ISECOMPLIANCE_UNINST}" ]; then
+  ${ISECOMPLIANCE_UNINST}
+  if [ $? -ne 0 ]; then
+    echo "Error uninstalling Cisco Secure Client - ISE Compliance."
+  fi
+fi
+
+if [ -x "${ISEPOSTURE_UNINST}" ]; then
+  ${ISEPOSTURE_UNINST}
+  if [ $? -ne 0 ]; then
+    echo "Error uninstalling Cisco Secure Client - ISE Posture."
+  fi
+fi
+
+if [ -x "${POSTURE_UNINST}" ]; then
+  ${POSTURE_UNINST}
+  if [ $? -ne 0 ]; then
+    echo "Error uninstalling Cisco Secure Client - Secure Firewall Posture Module."
+  fi
+fi
+
+if [ -x "${NVM_UNINST}" ]; then
+  ${NVM_UNINST}
+  if [ $? -ne 0 ]; then
+  echo "Error uninstalling Cisco Secure Client - Network Visibility Module."
+  fi
+fi
+
+
+if [ -x "${VPN_UNINST}" ]; then
+  ${VPN_UNINST}
+  if [ $? -ne 0 ]; then
+    echo "Error uninstalling Cisco Secure Client."
+  fi
+fi
+
+exit 0

apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/load_tun.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+/sbin/lsmod | grep tun > /dev/null
+if [ $? -ne 0 ]; then
+ /sbin/modprobe tun > /dev/null 2> /dev/null
+ if [ $? -ne 0 ]; then
+   # check for /dev/net/tun
+   [ -c "/dev/net/tun" ] || echo  Warning: Unable to verify that the tun/tap driver is loaded.  Contact your system administrator for assistance.
+ fi
+fi

apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/vpn_uninstall.sh

@@ -0,0 +1,194 @@
+#!/bin/sh
+
+AC_INSTPREFIX="/opt/cisco/anyconnect"
+INSTPREFIX="/opt/cisco/secureclient"
+NVM_DIR="${INSTPREFIX}/NVM"
+ROOTCERTSTORE=/opt/.cisco/certificates/ca
+ROOTCACERT="DigiCertAssuredIDRootCA.pem"
+ROOTCACERT_OLD="VeriSignClass3PublicPrimaryCertificationAuthority-G5.pem"
+BINDIR="${INSTPREFIX}/bin"
+LIBDIR="${INSTPREFIX}/lib"
+PROFDIR="${INSTPREFIX}/vpn/profile"
+SCRIPTDIR="${INSTPREFIX}/vpn/script"
+HELPDIR="${INSTPREFIX}/help"
+PLUGINDIR="${BINDIR}/plugins"
+MENUDIR="/etc/xdg/menus/applications-merged/"
+DIRECTORYDIR="/usr/share/desktop-directories/"
+DESKTOPDIR="/usr/share/applications"
+ICONSDIR="/usr/share/icons"
+SYSTEMD_CONF="vpnagentd.service"
+SYSTEMD_CONF_DIR="/etc/systemd/system"
+AGENT="vpnagentd"
+VPNMANIFEST="ACManifestVPN.xml"
+LOGDIR="/var/log/secureclient"
+UNINSTALLLOG="${LOGDIR}/csc_vpn_uninstall.log"
+
+# List of files to remove
+FILELIST="${BINDIR}/vpnagentd \
+          ${BINDIR}/vpn_uninstall.sh \
+          ${BINDIR}/cisco_secure_client_uninstall.sh \
+          ${LIBDIR}/libacciscossl.so \
+          ${LIBDIR}/libacciscocrypto.so \
+          ${LIBDIR}/cfom.so \
+          ${LIBDIR}/libaccurl.so.4 \
+          ${LIBDIR}/libaccurl.so.4.8.0 \
+          ${LIBDIR}/libvpnagentutilities.so \
+          ${LIBDIR}/libvpncommon.so \
+          ${LIBDIR}/libvpncommoncrypt.so \
+          ${LIBDIR}/libvpnapi.so \
+          ${LIBDIR}/libacruntime.so \
+          ${BINDIR}/vpnui \
+          ${BINDIR}/vpn \
+          ${BINDIR}/vpndownloader \
+          ${BINDIR}/vpndownloader-cli \
+          ${PLUGINDIR}/libacdownloader.so \
+          ${BINDIR}/acinstallhelper \
+          ${BINDIR}/acwebhelper \
+          ${BINDIR}/acextwebhelper \
+          ${BINDIR}/manifesttool \
+          ${BINDIR}/manifesttool_vpn \
+          ${BINDIR}/load_tun.sh \
+          ${MENUDIR}/cisco-secure-client.menu \
+          ${DIRECTORYDIR}/cisco-secure-client.directory \
+          ${DESKTOPDIR}/com.cisco.secureclient.gui.desktop \
+          ${ICONSDIR}/hicolor/48x48/apps/cisco-secure-client.png \
+          ${ICONSDIR}/hicolor/64x64/apps/cisco-secure-client.png \
+          ${ICONSDIR}/hicolor/96x96/apps/cisco-secure-client.png \
+          ${ICONSDIR}/hicolor/128x128/apps/cisco-secure-client.png \
+          ${ICONSDIR}/hicolor/256x256/apps/cisco-secure-client.png \
+          ${ICONSDIR}/hicolor/512x512/apps/cisco-secure-client.png \
+          ${INSTPREFIX}/resources/* \
+          ${INSTPREFIX}/${VPNMANIFEST} \
+          ${INSTPREFIX}/update.txt \
+          ${INSTPREFIX}/OpenSource.html \
+          ${PROFDIR}/AnyConnectProfile.xsd \
+          ${INSTPREFIX}/AnyConnectLocalPolicy.xsd \
+          ${LIBDIR}/libboost_date_time.so* \
+          ${LIBDIR}/libboost_atomic.so* \
+          ${LIBDIR}/libboost_filesystem.so* \
+          ${LIBDIR}/libboost_system.so* \
+          ${LIBDIR}/libboost_thread.so* \
+          ${LIBDIR}/libboost_chrono.so* \
+          ${LIBDIR}/libboost_regex.so* \
+          ${PLUGINDIR}/libvpnipsec.so \
+          ${PLUGINDIR}/libacfeedback.so \
+          ${PLUGINDIR}/libacwebhelper.so \
+          ${ROOTCERTSTORE}/${ROOTCACERT} \
+          ${ROOTCERTSTORE}/${ROOTCACERT_OLD} \
+          ${AC_INSTPREFIX}/${VPNMANIFEST} \
+          ${SYSTEMD_CONF_DIR}/${SYSTEMD_CONF}"
+
+# Create log directory if not exist
+if [ ! -d ${LOGDIR} ]; then
+  mkdir -p ${LOGDIR} >/dev/null 2>&1
+fi
+
+echo "Uninstalling Cisco Secure Client..."
+echo "Uninstalling Cisco Secure Client..." > ${UNINSTALLLOG}
+echo `whoami` "invoked $0 from " `pwd` " at " `date` >> ${UNINSTALLLOG}
+
+# Check for root privileges
+if [ `id | sed -e 's/(.*//'` != "uid=0" ]; then
+  echo "Sorry, you need super user privileges to run this script."
+  echo "Sorry, you need super user privileges to run this script." >> ${UNINSTALLLOG}
+  exit 1
+fi
+
+# update the VPNManifest.dat
+echo "${BINDIR}/manifesttool_vpn -x ${INSTPREFIX} ${INSTPREFIX}/${VPNMANIFEST}" >> ${UNINSTALLLOG}
+${BINDIR}/manifesttool_vpn -x ${INSTPREFIX} ${INSTPREFIX}/${VPNMANIFEST} >> ${UNINSTALLLOG}
+
+# Attempt to stop the service if it is running.
+echo "Stopping the VPN agent..." >> ${UNINSTALLLOG}
+TESTINIT=`ls -l /proc/1/exe`
+if [ -z "${TESTINIT##*"systemd"*}" ]; then
+  echo systemctl stop ${SYSTEMD_CONF} >> ${UNINSTALLLOG}
+  systemctl stop ${SYSTEMD_CONF} >> ${UNINSTALLLOG} 2>&1
+  echo systemctl disable ${SYSTEMD_CONF} >> ${UNINSTALLLOG}
+  systemctl disable ${SYSTEMD_CONF} >> ${UNINSTALLLOG} 2>&1
+fi
+
+logger "Stopping the VPN agent..."
+max_seconds_to_wait=10
+ntests=$max_seconds_to_wait
+# Wait up to max_seconds_to_wait seconds for the agent to finish.
+while [ -n "`ps -A -o command | grep \"/opt/cisco/secureclient/bin/${AGENT}\" | grep -v 'grep'`" ]
+  do
+      ntests=`expr  $ntests - 1`
+      if [ $ntests -eq 0 ]; then
+        logger "Timeout waiting for agent to stop."
+        echo "Timeout waiting for agent to stop." >> ${UNINSTALLLOG}
+        break
+      fi
+      sleep 1
+  done
+
+# ensure that the VPN related processes are not running
+OURPROCS=`ps -A -o pid,command | grep ${BINDIR} | grep -E -v 'grep|vpn_uninstall|cisco_secure_client_uninstall' | awk '{print $1}'`
+if [ -n "${OURPROCS}" ] ; then
+    for DOOMED in ${OURPROCS}; do
+        echo Killing `ps -A -o pid,command -p ${DOOMED} | grep ${DOOMED} | grep -E -v 'ps|grep'` >> ${UNINSTALLLOG}
+        kill -KILL ${DOOMED} >> ${UNINSTALLLOG} 2>&1
+    done
+fi
+
+# Remove only those files that we know we installed
+for FILE in ${FILELIST}; do
+  echo "rm -f ${FILE}" >> ${UNINSTALLLOG}
+  rm -f ${FILE} >> ${UNINSTALLLOG} 2>&1
+done
+
+# Remove desktop file in Autostart Directory
+if [ -z "$XDG_CONFIG_DIRS" ]; then
+    AUTOSTART_DIR=/etc/xdg/autostart
+else
+    AUTOSTART_DIR=$XDG_CONFIG_DIRS
+fi
+echo "rm -f $AUTOSTART_DIR/com.cisco.secureclient.gui.desktop" >> ${UNINSTALLLOG}
+rm -f $AUTOSTART_DIR/com.cisco.secureclient.gui.desktop >> ${UNINSTALLLOG} 2>&1
+
+# Remove the plugins directory
+echo "rm -rf ${PLUGINDIR}" >> ${UNINSTALLLOG}
+rm -rf ${PLUGINDIR} >> ${UNINSTALLLOG} 2>&1
+
+# Remove the bin directory if it is empty
+echo "rmdir --ignore-fail-on-non-empty ${BINDIR}" >> ${UNINSTALLLOG}
+rmdir --ignore-fail-on-non-empty ${BINDIR} >> ${UNINSTALLLOG} 2>&1
+
+# Remove the lib directory if it is empty
+echo "rmdir --ignore-fail-on-non-empty ${LIBDIR}" >> ${UNINSTALLLOG}
+rmdir --ignore-fail-on-non-empty ${LIBDIR} >> ${UNINSTALLLOG} 2>&1
+
+# Remove the script directory if it is empty
+echo "rmdir --ignore-fail-on-non-empty ${SCRIPTDIR}" >> ${UNINSTALLLOG}
+rmdir --ignore-fail-on-non-empty ${SCRIPTDIR} >> ${UNINSTALLLOG} 2>&1
+
+# Remove the help directory if it is empty
+echo "rmdir --ignore-fail-on-non-empty ${HELPDIR}" >> ${UNINSTALLLOG}
+rmdir --ignore-fail-on-non-empty ${HELPDIR} >> ${UNINSTALLLOG} 2>&1
+
+# Remove the profile directory if it is empty
+echo "rmdir --ignore-fail-on-non-empty ${PROFDIR}" >> ${UNINSTALLLOG}
+rmdir --ignore-fail-on-non-empty ${PROFDIR} >> ${UNINSTALLLOG} 2>&1
+
+# Remove the cert store directory if it is empty
+echo "rmdir --ignore-fail-on-non-empty ${ROOTCERTSTORE}" >> ${UNINSTALLLOG}
+rmdir --ignore-fail-on-non-empty ${ROOTCERTSTORE} >> ${UNINSTALLLOG} 2>&1
+
+# update the menu cache so that the Cisco Secure Client short cut in the
+# applications menu is removed. This is neccessary on some
+# gnome desktops(Ubuntu 10.04)
+if [ -x "/usr/share/gnome-menus/update-gnome-menus-cache" ]; then
+    for CACHE_FILE in $(ls /usr/share/applications/desktop.*.cache); do
+        echo "updating ${CACHE_FILE}" >> ${UNINSTALLLOG}
+        /usr/share/gnome-menus/update-gnome-menus-cache /usr/share/applications/ > ${CACHE_FILE}
+    done
+fi
+
+echo "Updating GTK icon cache" >> ${UNINSTALLLOG}
+gtk-update-icon-cache -f -t /usr/share/icons/hicolor >> ${UNINSTALLLOG} 2>&1
+
+echo "Successfully removed Cisco Secure Client from the system." >> ${UNINSTALLLOG}
+echo "Successfully removed Cisco Secure Client from the system."
+exit 0
+

apps/rego-tunnel-linux/vpn_scripts/secureclient/cisco-secure-client-linux64-5.1.11.388-core-vpn-webdeploy-k9-10093222122025.log

@@ -0,0 +1,4 @@
+Installing Cisco Secure Client...
+root invoked /home/alexz/Downloads/cisco-secure-client-linux64-5.1.11.388-core-vpn-webdeploy-k9.sh from  /home/alexz  at  Mon Dec 22 10:09:32 AM PST 2025
+Version 5.1.11.388 is already installed!
+Exiting now.

apps/rego-tunnel-linux/vpn_scripts/secureclient/cisco-secure-client-linux64-5.1.11.388-core-vpn-webdeploy-k9-15571525112025.log

@@ -0,0 +1,209 @@
+Installing Cisco Secure Client...
+root invoked Downloads/cisco-secure-client-linux64-5.1.11.388-core-vpn-webdeploy-k9.sh from  /home/alexz  at  Tue Nov 25 03:57:15 PM PST 2025
+Extracting installation files to /tmp/vpn.wVQjjC/vpninst874817225.tgz...
+Unarchiving installation files to /tmp/vpn.wVQjjC...
+vpn/
+vpn/com.cisco.secureclient.gui.desktop
+vpn/libvpnipsec.so
+vpn/libvpncommoncrypt.so
+vpn/libvpnagentutilities.so
+vpn/vpndownloader
+vpn/libacfeedback.so
+vpn/libacdownloader.so
+vpn/acextwebhelper
+vpn/cfom.so
+vpn/load_tun.sh
+vpn/libvpncommon.so
+vpn/ACManifestVPN.xml
+vpn/acwebhelper
+vpn/libboost_thread.so
+vpn/libacwebhelper.so
+vpn/libacciscossl.so
+vpn/vpn
+vpn/cisco-secure-client.menu
+vpn/libvpnapi.so
+vpn/vpnagentd
+vpn/VeriSignClass3PublicPrimaryCertificationAuthority-G5.pem
+vpn/libboost_filesystem.so
+vpn/vpndownloader-cli
+vpn/update.txt
+vpn/libboost_regex.so
+vpn/libaccurl.so.4.8.0
+vpn/acinstallhelper
+vpn/cisco-secure-client.directory
+vpn/resources/
+vpn/resources/badge_alert.png
+vpn/resources/badge_error.png
+vpn/resources/cvcdownloader-gtk.glade
+vpn/resources/secure-client-logo.png
+vpn/resources/vpnui512.png
+vpn/resources/systray_disconnecting.png
+vpn/resources/badge_progress_r45.png
+vpn/resources/cvc-disconnect.png
+vpn/resources/ztna_logo.png
+vpn/resources/badge_not_compliant.png
+vpn/resources/vpn.png
+vpn/resources/systray_notconnected.png
+vpn/resources/cvcgui-gtk.glade
+vpn/resources/cvc-info.png
+vpn/resources/badge_ready.png
+vpn/resources/cvc-about.png
+vpn/resources/nac_16x.png
+vpn/resources/nac_72x.png
+vpn/resources/company-logo.png
+vpn/resources/systray_connected.png
+vpn/resources/systray_connected_alert.png
+vpn/resources/webbrowser128.png
+vpn/resources/vpnui64.png
+vpn/resources/vpnui128.png
+vpn/resources/cvc-connect.png
+vpn/resources/vpnui256.png
+vpn/resources/vpnui48.png
+vpn/resources/systray_reconnecting.png
+vpn/resources/badge_progress.png
+vpn/resources/cvc-configure.png
+vpn/resources/badge_ok.png
+vpn/resources/systray_quarantined.png
+vpn/resources/downloader-arrow.png
+vpn/resources/badge_trusted.png
+vpn/resources/vpnui96.png
+vpn/resources/l10n/
+vpn/resources/l10n/ko-kr/
+vpn/resources/l10n/ko-kr/LC_MESSAGES/
+vpn/resources/l10n/ko-kr/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/zh-cn/
+vpn/resources/l10n/zh-cn/LC_MESSAGES/
+vpn/resources/l10n/zh-cn/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/de-de/
+vpn/resources/l10n/de-de/LC_MESSAGES/
+vpn/resources/l10n/de-de/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/zh-tw/
+vpn/resources/l10n/zh-tw/LC_MESSAGES/
+vpn/resources/l10n/zh-tw/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/ru-ru/
+vpn/resources/l10n/ru-ru/LC_MESSAGES/
+vpn/resources/l10n/ru-ru/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/zh-hans/
+vpn/resources/l10n/zh-hans/LC_MESSAGES/
+vpn/resources/l10n/zh-hans/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/ja-jp/
+vpn/resources/l10n/ja-jp/LC_MESSAGES/
+vpn/resources/l10n/ja-jp/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/pl-pl/
+vpn/resources/l10n/pl-pl/LC_MESSAGES/
+vpn/resources/l10n/pl-pl/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/zh-hant/
+vpn/resources/l10n/zh-hant/LC_MESSAGES/
+vpn/resources/l10n/zh-hant/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/hu-hu/
+vpn/resources/l10n/hu-hu/LC_MESSAGES/
+vpn/resources/l10n/hu-hu/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/pt-br/
+vpn/resources/l10n/pt-br/LC_MESSAGES/
+vpn/resources/l10n/pt-br/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/fr-fr/
+vpn/resources/l10n/fr-fr/LC_MESSAGES/
+vpn/resources/l10n/fr-fr/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/fr-ca/
+vpn/resources/l10n/fr-ca/LC_MESSAGES/
+vpn/resources/l10n/fr-ca/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/cs-cz/
+vpn/resources/l10n/cs-cz/LC_MESSAGES/
+vpn/resources/l10n/cs-cz/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/es-es/
+vpn/resources/l10n/es-es/LC_MESSAGES/
+vpn/resources/l10n/es-es/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/nl-nl/
+vpn/resources/l10n/nl-nl/LC_MESSAGES/
+vpn/resources/l10n/nl-nl/LC_MESSAGES/SecureClientDefault.mo
+vpn/resources/l10n/it-it/
+vpn/resources/l10n/it-it/LC_MESSAGES/
+vpn/resources/l10n/it-it/LC_MESSAGES/SecureClientDefault.mo
+vpn/libboost_atomic.so
+vpn/libacciscocrypto.so
+vpn/libboost_chrono.so
+vpn/DigiCertAssuredIDRootCA.pem
+vpn/vpnui
+vpn/vpn_uninstall.sh
+vpn/cisco_secure_client_uninstall.sh
+vpn/libboost_system.so
+vpn/vpnagentd.service
+vpn/libacruntime.so
+vpn/AnyConnectProfile.xsd
+vpn/libboost_date_time.so
+vpn/manifesttool_vpn
+vpn/OpenSource.html
+vpn/license.txt
+vpn/vpn_install.sh
+vpn/AnyConnectLocalPolicy.xsd
+Installing /opt/cisco/secureclient/bin
+Installing /opt/cisco/secureclient/lib
+Installing /opt/cisco/secureclient/vpn/profile
+Installing /opt/cisco/secureclient/vpn/script
+Installing /opt/cisco/secureclient/help
+Installing /opt/cisco/secureclient/bin/plugins
+Installing /opt/.cisco/certificates/ca
+Installing /opt/cisco/anyconnect
+Installing /tmp/vpn.wVQjjC/vpn/DigiCertAssuredIDRootCA.pem
+Installing /tmp/vpn.wVQjjC/vpn/VeriSignClass3PublicPrimaryCertificationAuthority-G5.pem
+Installing /tmp/vpn.wVQjjC/vpn/vpn_uninstall.sh
+Installing /tmp/vpn.wVQjjC/vpn/load_tun.sh
+Installing /tmp/vpn.wVQjjC/vpn/cisco_secure_client_uninstall.sh
+Installing /tmp/vpn.wVQjjC/vpn/vpnagentd
+Installing /tmp/vpn.wVQjjC/vpn/libvpnagentutilities.so
+Installing /tmp/vpn.wVQjjC/vpn/libvpncommon.so
+Installing /tmp/vpn.wVQjjC/vpn/libvpncommoncrypt.so
+Installing /tmp/vpn.wVQjjC/vpn/libvpnapi.so
+Installing /tmp/vpn.wVQjjC/vpn/libacruntime.so
+Installing /tmp/vpn.wVQjjC/vpn/libacciscossl.so
+Installing /tmp/vpn.wVQjjC/vpn/libacciscocrypto.so
+Installing /tmp/vpn.wVQjjC/vpn/cfom.so
+Installing /tmp/vpn.wVQjjC/vpn/libaccurl.so.4.8.0
+Creating symlink /tmp/vpn.wVQjjC/vpn/libaccurl.so.4
+Installing /tmp/vpn.wVQjjC/vpn/libvpnipsec.so
+Installing /tmp/vpn.wVQjjC/vpn/libacfeedback.so
+Installing /tmp/vpn.wVQjjC/vpn/libacwebhelper.so
+Installing /tmp/vpn.wVQjjC/vpn/libboost_date_time.so
+Installing /tmp/vpn.wVQjjC/vpn/libboost_atomic.so
+Installing /tmp/vpn.wVQjjC/vpn/libboost_filesystem.so
+Installing /tmp/vpn.wVQjjC/vpn/libboost_system.so
+Installing /tmp/vpn.wVQjjC/vpn/libboost_thread.so
+Installing /tmp/vpn.wVQjjC/vpn/libboost_chrono.so
+Installing /tmp/vpn.wVQjjC/vpn/libboost_regex.so
+Installing /tmp/vpn.wVQjjC/vpn/vpnui
+Installing /tmp/vpn.wVQjjC/vpn/acwebhelper
+Installing /tmp/vpn.wVQjjC/vpn/acextwebhelper
+Installing /tmp/vpn.wVQjjC/vpn/vpn
+Copying resources
+Updating GTK icon cache
+gtk-update-icon-cache: Cache file created successfully.
+Installing /tmp/vpn.wVQjjC/vpn/cisco-secure-client.menu
+Installing /tmp/vpn.wVQjjC/vpn/cisco-secure-client.directory
+Installing /tmp/vpn.wVQjjC/vpn/com.cisco.secureclient.gui.desktop
+Installing /tmp/vpn.wVQjjC/vpn/ACManifestVPN.xml at /opt/cisco/secureclient
+Creating ACManifestVPN.xml symlink at /opt/cisco/anyconnect
+Installing /tmp/vpn.wVQjjC/vpn/manifesttool_vpn
+Creating manifesttool symlink for legacy install compatibility.
+Installing /tmp/vpn.wVQjjC/vpn/update.txt
+Installing /tmp/vpn.wVQjjC/vpn/vpndownloader
+Installing /tmp/vpn.wVQjjC/vpn/vpndownloader-cli
+Installing /tmp/vpn.wVQjjC/vpn/libacdownloader.so
+Installing /tmp/vpn.wVQjjC/vpn/acinstallhelper
+Installing /tmp/vpn.wVQjjC/vpn/OpenSource.html
+Installing /tmp/vpn.wVQjjC/vpn/AnyConnectProfile.xsd
+Installing /tmp/vpn.wVQjjC/vpn/AnyConnectLocalPolicy.xsd
+systemctl daemon-reexec
+systemctl stop vpnagentd.service
+Failed to stop vpnagentd.service: Unit vpnagentd.service not loaded.
+systemctl disable vpnagentd.service
+Failed to disable unit: Unit file vpnagentd.service does not exist.
+install systemd config
+Installing /tmp/vpn.wVQjjC/vpn/vpnagentd.service
+install -o root -m 644 /tmp/vpn.wVQjjC/vpn/vpnagentd.service /etc/systemd/system/vpnagentd.service
+systemctl enable vpnagentd.service
+Created symlink /etc/systemd/system/multi-user.target.wants/vpnagentd.service → /etc/systemd/system/vpnagentd.service.
+Starting Cisco Secure Client Agent...
+systemctl start vpnagentd.service
+rm -rf /tmp/vpn.wVQjjC
+Done!
+Exiting now.

apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/cvcdownloader-gtk.glade

@@ -0,0 +1,158 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.38.2 -->
+<!--*- mode: xml -*-->
+<interface>
+  <requires lib="gtk+" version="3.0"/>
+  <object class="GtkWindow" id="window1">
+    <property name="can-focus">False</property>
+    <property name="title">Cisco Secure Client - Downloader</property>
+    <property name="resizable">False</property>
+    <property name="window-position">center</property>
+    <child>
+      <object class="GtkVBox" id="vbox1">
+        <property name="width-request">416</property>
+        <property name="height-request">136</property>
+        <property name="visible">True</property>
+        <property name="can-focus">False</property>
+        <child>
+          <object class="GtkHBox" id="hbox5">
+            <property name="visible">True</property>
+            <property name="can-focus">False</property>
+            <child>
+              <object class="GtkImage" id="image1">
+                <property name="visible">True</property>
+                <property name="can-focus">False</property>
+                <property name="xalign">0</property>
+                <property name="yalign">0</property>
+                <property name="xpad">7</property>
+                <property name="ypad">5</property>
+                <property name="pixbuf">downloader-arrow.png</property>
+              </object>
+              <packing>
+                <property name="expand">False</property>
+                <property name="fill">False</property>
+                <property name="position">0</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkLabel" id="progressLabel">
+                <property name="visible">True</property>
+                <property name="can-focus">False</property>
+                <property name="xpad">8</property>
+                <property name="ypad">5</property>
+                <property name="label">Downloader is analyzing this computer. Please wait...</property>
+                <property name="wrap">True</property>
+                <property name="max-width-chars">60</property>
+                <property name="xalign">0</property>
+                <property name="yalign">0</property>
+              </object>
+              <packing>
+                <property name="expand">True</property>
+                <property name="fill">True</property>
+                <property name="pack-type">end</property>
+                <property name="position">1</property>
+              </packing>
+            </child>
+          </object>
+          <packing>
+            <property name="expand">True</property>
+            <property name="fill">True</property>
+            <property name="padding">4</property>
+            <property name="position">0</property>
+          </packing>
+        </child>
+        <child>
+          <object class="GtkHBox" id="hbox3">
+            <property name="visible">True</property>
+            <property name="can-focus">False</property>
+            <child>
+              <object class="GtkLabel" id="label2">
+                <property name="visible">True</property>
+                <property name="can-focus">False</property>
+                <property name="xpad">4</property>
+                <property name="ypad">4</property>
+              </object>
+              <packing>
+                <property name="expand">False</property>
+                <property name="fill">False</property>
+                <property name="position">0</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkProgressBar" id="progressbar1">
+                <property name="width-request">400</property>
+                <property name="height-request">16</property>
+                <property name="visible">True</property>
+                <property name="can-focus">False</property>
+              </object>
+              <packing>
+                <property name="expand">False</property>
+                <property name="fill">False</property>
+                <property name="position">1</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkLabel" id="label3">
+                <property name="visible">True</property>
+                <property name="can-focus">False</property>
+                <property name="xpad">4</property>
+                <property name="ypad">4</property>
+              </object>
+              <packing>
+                <property name="expand">False</property>
+                <property name="fill">False</property>
+                <property name="position">2</property>
+              </packing>
+            </child>
+          </object>
+          <packing>
+            <property name="expand">False</property>
+            <property name="fill">False</property>
+            <property name="padding">2</property>
+            <property name="position">1</property>
+          </packing>
+        </child>
+        <child>
+          <object class="GtkHBox" id="hbox1">
+            <property name="visible">True</property>
+            <property name="can-focus">False</property>
+            <child>
+              <object class="GtkAlignment" id="alignment1">
+                <property name="visible">True</property>
+                <property name="can-focus">False</property>
+                <child>
+                  <placeholder/>
+                </child>
+              </object>
+              <packing>
+                <property name="expand">True</property>
+                <property name="fill">True</property>
+                <property name="position">0</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkButton" id="button1">
+                <property name="label">Cancel</property>
+                <property name="visible">True</property>
+                <property name="can-focus">True</property>
+                <property name="receives-default">False</property>
+                <property name="border-width">8</property>
+                <property name="use-underline">True</property>
+              </object>
+              <packing>
+                <property name="expand">False</property>
+                <property name="fill">False</property>
+                <property name="position">1</property>
+              </packing>
+            </child>
+          </object>
+          <packing>
+            <property name="expand">True</property>
+            <property name="fill">True</property>
+            <property name="position">2</property>
+          </packing>
+        </child>
+      </object>
+    </child>
+  </object>
+</interface>

apps/rego-tunnel-linux/vpn_scripts/secureclient/update.txt

@@ -0,0 +1 @@
+5,1,11,388