.

apps/rego-tunnel/build/Dockerfile

@@ -72,17 +72,9 @@ RUN echo 'W1VuaXRdCkRlc2NyaXB0aW9uPVZOQyBhbmQgbm9WTkMgU2VydmVyCkFmdGVyPW5ldHdvcm
 RUN chmod 644 /lib/systemd/system/vnc.service && \
     systemctl enable vnc.service
 
-# Copy scripts that CAN be overridden at runtime
+# Copy entrypoint script
-COPY scripts/init-vpn.sh /opt/scripts/
+COPY scripts/entrypoint.sh /opt/scripts/
-COPY scripts/xstartup /root/.vnc/xstartup
+RUN chmod +x /opt/scripts/entrypoint.sh
-COPY scripts/vpn-connect.sh /opt/scripts/
-RUN chmod +x /opt/scripts/*.sh /root/.vnc/xstartup
-
-# Setup VNC password (default, can be overridden via mount)
-ARG VNC_PASSWORD=cisco123
-RUN mkdir -p /root/.vnc && \
-    echo "${VNC_PASSWORD}" | vncpasswd -f > /root/.vnc/passwd && \
-    chmod 600 /root/.vnc/passwd
 
 VOLUME ["/sys/fs/cgroup"]
 
@@ -90,4 +82,4 @@ EXPOSE 5901 6080
 
 STOPSIGNAL SIGRTMIN+3
 
-CMD ["/opt/scripts/init-vpn.sh"]
+CMD ["/opt/scripts/entrypoint.sh"]

apps/rego-tunnel/build/scripts/entrypoint.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+# Entrypoint: VNC setup + DNS fix + systemd
+
+# Setup VNC password from environment variable (passed by runtipi)
+if [ -n "$VNC_PASSWORD" ]; then
+    mkdir -p /root/.vnc
+    echo "$VNC_PASSWORD" | vncpasswd -f > /root/.vnc/passwd
+    chmod 600 /root/.vnc/passwd
+fi
+
+# Backup current DNS config
+cp /etc/resolv.conf /tmp/resolv.conf.bak 2>/dev/null || true
+cp /etc/hosts /tmp/hosts.bak 2>/dev/null || true
+
+# Unmount Docker's bind mounts (allows VPN to modify DNS)
+umount /etc/resolv.conf 2>/dev/null || true
+umount /etc/hosts 2>/dev/null || true
+
+# Restore DNS config as regular files
+cat /tmp/resolv.conf.bak > /etc/resolv.conf 2>/dev/null || echo "nameserver 8.8.8.8" > /etc/resolv.conf
+cat /tmp/hosts.bak > /etc/hosts 2>/dev/null || echo "127.0.0.1 localhost" > /etc/hosts
+
+# Start systemd
+exec /sbin/init