diff --git a/apps/rego-tunnel-linux/source/Dockerfile b/apps/rego-tunnel-linux/source/Dockerfile
index 49520ea..08c1506 100755
--- a/apps/rego-tunnel-linux/source/Dockerfile
+++ b/apps/rego-tunnel-linux/source/Dockerfile
@@ -40,7 +40,9 @@ RUN mkdir -p /usr/share/desktop-directories
 COPY cisco-secure-client-linux64-5.1.14.145-core-vpn-webdeploy-k9.sh /tmp/cisco-install.sh
 RUN chmod +x /tmp/cisco-install.sh && \
     /tmp/cisco-install.sh && \
-    rm /tmp/cisco-install.sh
+    rm /tmp/cisco-install.sh && \
+    echo "/opt/cisco/secureclient/lib" > /etc/ld.so.conf.d/cisco.conf && \
+    ldconfig
 
 # Copy user data (hostscan, etc)
 COPY cisco-userdata.tar.gz /tmp/
diff --git a/apps/rego-tunnel-linux/source/entrypoint.sh b/apps/rego-tunnel-linux/source/entrypoint.sh
index 00b22db..ffd0ed1 100755
--- a/apps/rego-tunnel-linux/source/entrypoint.sh
+++ b/apps/rego-tunnel-linux/source/entrypoint.sh
@@ -39,6 +39,8 @@ start_gui() {
 start_vpnagent() {
   # Load TUN module if needed
   /opt/cisco/secureclient/bin/load_tun.sh 2>/dev/null || true
+  # Clean up stale IPC socket
+  rm -f /root/.cisco/hostscan/.libcsd.ipc 2>/dev/null || true
   # Start Cisco VPN agent daemon
   /opt/cisco/secureclient/bin/vpnagentd &
   pids+=($!)
diff --git a/apps/rego-tunnel-linux/source/vpn-sso.sh b/apps/rego-tunnel-linux/source/vpn-sso.sh
index ef9316c..36e9ff0 100755
--- a/apps/rego-tunnel-linux/source/vpn-sso.sh
+++ b/apps/rego-tunnel-linux/source/vpn-sso.sh
@@ -9,11 +9,35 @@
 #   Ctrl+5 - Full sequence: email + Tab + password + Tab + TOTP + Enter
 
 EMAIL="c-azaw@regoproducts.com"
-PASSWORD='Ji@83278327$$@@'
+PASSWORD='Cj@83278327$$@@'
 TOTP_SECRET="rzqtqskdwkhz6zyr"
 VPN_HOST="vpn-ord1.dovercorp.com"
 TARGET_IP="10.35.33.230"
 
+# Parse command line arguments
+SKIP_AUTO_LOGIN=false
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        -m|--menu)
+            SKIP_AUTO_LOGIN=true
+            shift
+            ;;
+        *)
+            shift
+            ;;
+    esac
+done
+
+# Default /etc/hosts content
+DEFAULT_HOSTS='127.0.0.1       localhost
+::1             localhost ip6-localhost ip6-loopback
+fe00::0         ip6-localnet
+ff00::0         ip6-mcastprefix
+ff02::1         ip6-allnodes
+ff02::2         ip6-allrouters
+162.209.24.100  vpn-ord1.dovercorp.com
+13.67.192.27    vpn.dovercorp.com'
+
 # Colors
 RED='\033[0;31m'
 GREEN='\033[0;32m'
@@ -297,10 +321,57 @@ main_menu() {
     echo -e "  ${CYAN}5${NC} - Test connection to $TARGET_IP"
     echo -e "  ${CYAN}6${NC} - Show network status"
     echo -e "  ${CYAN}7${NC} - Kill all Cisco processes"
+    echo -e "  ${CYAN}8${NC} - Restart vpnagentd + test load_tun.sh"
+    echo -e "  ${CYAN}9${NC} - Edit /etc/hosts"
+    echo -e "  ${CYAN}0${NC} - Reset /etc/hosts to default"
     echo -e "  ${CYAN}q${NC} - Quit"
     echo ""
 }
 
+# Restart vpnagentd and test load_tun
+restart_vpnagentd() {
+    log INFO "Testing load_tun.sh..."
+    /opt/cisco/secureclient/bin/load_tun.sh
+    if [ $? -eq 0 ]; then
+        log INFO "load_tun.sh: ${GREEN}OK${NC}"
+    else
+        log WARN "load_tun.sh: ${YELLOW}WARNING${NC}"
+    fi
+
+    log INFO "Restarting vpnagentd..."
+    sudo pkill -9 vpnagentd 2>/dev/null
+    sleep 1
+
+    # Clean up stale IPC socket
+    rm -f /root/.cisco/hostscan/.libcsd.ipc 2>/dev/null
+
+    sudo /opt/cisco/secureclient/bin/vpnagentd &
+    sleep 2
+
+    if pgrep -x vpnagentd >/dev/null; then
+        log INFO "vpnagentd: ${GREEN}RUNNING${NC}"
+    else
+        log ERROR "vpnagentd: ${RED}FAILED TO START${NC}"
+    fi
+}
+
+# Edit /etc/hosts
+edit_hosts() {
+    log INFO "Opening /etc/hosts in nano..."
+    sudo nano /etc/hosts
+}
+
+# Reset /etc/hosts to default
+reset_hosts() {
+    log INFO "Resetting /etc/hosts to default..."
+    echo "$DEFAULT_HOSTS" | sudo tee /etc/hosts > /dev/null
+    log INFO "/etc/hosts reset complete"
+    log DEBUG "Current contents:"
+    cat /etc/hosts | while IFS= read -r line; do
+        echo -e "           ${GRAY}│${NC} $line"
+    done
+}
+
 # Check if VPN is already connected
 check_vpn_status() {
     local vpn_iface=$(get_vpn_interface)
@@ -459,8 +530,10 @@ start_anyconnect() {
 log INFO "Script started"
 echo ""
 
-# Check current status
-if check_vpn_status; then
+# Check current status and auto-start unless --menu flag
+if [ "$SKIP_AUTO_LOGIN" = true ]; then
+    log INFO "Menu mode - skipping auto-login"
+elif check_vpn_status; then
     echo ""
     log INFO "VPN already connected. Setting up forwarding..."
     setup_forwarding
@@ -525,6 +598,24 @@ while true; do
             echo ""
             main_menu
             ;;
+        8)
+            echo ""
+            restart_vpnagentd
+            echo ""
+            main_menu
+            ;;
+        9)
+            echo ""
+            edit_hosts
+            echo ""
+            main_menu
+            ;;
+        0)
+            echo ""
+            reset_hosts
+            echo ""
+            main_menu
+            ;;
         q|Q)
             log INFO "Goodbye!"
             exit 0