Simplify rego-tunnel: remove SOCKS5, use portproxy instead

- Remove SOCKS5 socat forwarder from start.sh - Add SSH to VM on port 2222 (socat) - Add port 22 DNAT for IBM i SSH via portproxy - Remove SOCKS5 proxy startup from vpn-login.js - Remove SOCKS5 restart from watchdog reconnect 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-19 09:47:52 +00:00
parent 2fe54fc7f0
commit e103847796
2 changed files with 8 additions and 33 deletions
--- a/apps/rego-tunnel/vpn_scripts/start.sh
+++ b/apps/rego-tunnel/vpn_scripts/start.sh
@@ -67,15 +67,10 @@ get_container_ip() {
  iptables -C FORWARD -d "$WINDOWS_IP" -j ACCEPT 2>/dev/null || \
  iptables -A FORWARD -d "$WINDOWS_IP" -j ACCEPT
-  # Start socat to forward SSH from Windows VM
+  # Forward port 2222 to VM's SSH (22) for VM access
-  pkill -f "socat.*:22" 2>/dev/null || true
+  pkill -f "socat.*:2222" 2>/dev/null || true
-  socat TCP-LISTEN:22,fork,reuseaddr TCP:"$WINDOWS_IP":22 &
+  socat TCP-LISTEN:2222,fork,reuseaddr TCP:"$WINDOWS_IP":22 &
-  echo "[rego-tunnel] socat SSH forwarder started on port 22"
+  echo "[rego-tunnel] SSH to VM available on port 2222"
  # Start socat to forward SOCKS5 proxy from Windows VM
  pkill -f "socat.*1080" 2>/dev/null || true
  socat TCP-LISTEN:1080,fork,reuseaddr TCP:"$WINDOWS_IP":1080 &
  echo "[rego-tunnel] socat SOCKS5 forwarder started on port 1080"
  # Add DNAT rules for port forwarding
  add_dnat() {
@@ -84,10 +79,8 @@ get_container_ip() {
    iptables -t nat -A PREROUTING -d "$CONTAINER_IP" -p tcp --dport "$port" -j DNAT --to-destination "$WINDOWS_IP:$port"
  }
-  # SSH access
+  # IBM i standard ports (via VM portproxy)
  add_dnat 22
  # IBM i standard ports
  add_dnat 23
  add_dnat 446
  add_dnat 448
@@ -103,7 +96,7 @@ get_container_ip() {
  for port in $(seq 36000 36010); do add_dnat $port; done
  echo "[rego-tunnel] iptables DNAT rules configured"
-  echo "[rego-tunnel] SOCKS5 proxy available at $CONTAINER_IP:1080"
+  echo "[rego-tunnel] Port forwarding ready via $CONTAINER_IP"
 ) &
 return 0
--- a/apps/rego-tunnel/vpn_scripts/vpn-login.js
+++ b/apps/rego-tunnel/vpn_scripts/vpn-login.js
@@ -274,28 +274,17 @@ async function main() {
  await sleep(2000);
  ws.close();
-  // Verify VPN connection before starting SOCKS5
+  // Verify VPN connection
  const vpnConnected = await verifyVpnConnection();
  if (!vpnConnected) {
    log("ERROR: VPN connection could not be verified");
    log("SOCKS5 proxy NOT started");
    process.exit(1);
  }
  // Start SOCKS5 proxy only after VPN verified
  log("Starting SOCKS5 proxy on port 1080...");
  run("taskkill /F /IM node.exe /FI \"WINDOWTITLE eq socks5\"");
  spawn("node", ["" + require("path").join(require("os").homedir(), "vpn_scripts", "socks5.js") + ""], {
    detached: true,
    stdio: "ignore",
    windowsHide: true
  }).unref();
  console.log("");
  console.log("========================================");
-  console.log("     CONNECTED!");
+  console.log("     VPN CONNECTED!");
  console.log("     SOCKS5 proxy: 172.30.0.16:1080");
  console.log("     Entering watchdog mode...");
  console.log("========================================");
  console.log("");
@@ -439,13 +428,6 @@ async function reconnectVpn() {
  const verified = await verifyVpnConnection();
  if (verified) {
    log("Reconnection successful!");
    // Restart socks5
    run("taskkill /F /IM node.exe /FI \"WINDOWTITLE eq socks5\"");
    spawn("node", ["" + require("path").join(require("os").homedir(), "vpn_scripts", "socks5.js") + ""], {
      detached: true,
      stdio: "ignore",
      windowsHide: true
    }).unref();
    return true;
  }