Simplify rego-tunnel: remove SOCKS5, use portproxy instead

- Remove SOCKS5 socat forwarder from start.sh
- Add SSH to VM on port 2222 (socat)
- Add port 22 DNAT for IBM i SSH via portproxy
- Remove SOCKS5 proxy startup from vpn-login.js
- Remove SOCKS5 restart from watchdog reconnect

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/rego-tunnel/vpn_scripts/start.sh

@@ -67,15 +67,10 @@ get_container_ip() {
   iptables -C FORWARD -d "$WINDOWS_IP" -j ACCEPT 2>/dev/null || \
   iptables -A FORWARD -d "$WINDOWS_IP" -j ACCEPT
 
-  # Start socat to forward SSH from Windows VM
-  pkill -f "socat.*:22" 2>/dev/null || true
-  socat TCP-LISTEN:22,fork,reuseaddr TCP:"$WINDOWS_IP":22 &
-  echo "[rego-tunnel] socat SSH forwarder started on port 22"
-
-  # Start socat to forward SOCKS5 proxy from Windows VM
-  pkill -f "socat.*1080" 2>/dev/null || true
-  socat TCP-LISTEN:1080,fork,reuseaddr TCP:"$WINDOWS_IP":1080 &
-  echo "[rego-tunnel] socat SOCKS5 forwarder started on port 1080"
+  # Forward port 2222 to VM's SSH (22) for VM access
+  pkill -f "socat.*:2222" 2>/dev/null || true
+  socat TCP-LISTEN:2222,fork,reuseaddr TCP:"$WINDOWS_IP":22 &
+  echo "[rego-tunnel] SSH to VM available on port 2222"
 
   # Add DNAT rules for port forwarding
   add_dnat() {
@@ -84,10 +79,8 @@ get_container_ip() {
     iptables -t nat -A PREROUTING -d "$CONTAINER_IP" -p tcp --dport "$port" -j DNAT --to-destination "$WINDOWS_IP:$port"
   }
 
-  # SSH access
+  # IBM i standard ports (via VM portproxy)
   add_dnat 22
-
-  # IBM i standard ports
   add_dnat 23
   add_dnat 446
   add_dnat 448
@@ -103,7 +96,7 @@ get_container_ip() {
   for port in $(seq 36000 36010); do add_dnat $port; done
 
   echo "[rego-tunnel] iptables DNAT rules configured"
-  echo "[rego-tunnel] SOCKS5 proxy available at $CONTAINER_IP:1080"
+  echo "[rego-tunnel] Port forwarding ready via $CONTAINER_IP"
 ) &
 
 return 0