alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

upload current sources
Some checks failed
Test / test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Alex Zaw
2025-12-24 18:50:41 +00:00
parent 73280f3bbf
commit e3a14dbaa7
131 changed files with 280 additions and 87360 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/rego-tunnel-linux/.env.example
View File

@@ -1,5 +1,5 @@
# Required
OC_URL=https://vpn.cistech.net/Employees
OC_URL=https://vpn.rego.net/Employees
OC_SERVERCERT=pin-sha256:HyHob3LiVmIp8ch9AzHJ9jMYqI43tO5N13oWeBLiZ/0=
# Optional

6
apps/rego-tunnel-linux/README.md
View File

@@ -1,4 +1,4 @@
# Cistech Tunnel
# Rego Tunnel
OpenConnect-SSO VPN client running in a container with noVNC for browser-based access.
@@ -7,7 +7,7 @@ OpenConnect-SSO VPN client running in a container with noVNC for browser-based a
- **OpenConnect-SSO**: Cisco AnyConnect VPN with SSO/SAML authentication
- **TOTP Support**: Automatic 2FA via keyring integration
- **Auto-reconnect**: Automatically reconnects on disconnection
- **noVNC**: Browser-based VNC access on port 6902
- **noVNC**: Browser-based VNC access on port 8806
- **NAT/Masquerade**: Routes traffic through VPN tunnel
- **Cloudflared**: Optional Cloudflare tunnel support
- **SSH Tunnels**: Optional SSH port forwarding
@@ -20,7 +20,7 @@ OpenConnect-SSO VPN client running in a container with noVNC for browser-based a
## First-time SSO Login
1. Open noVNC at `http://<host>:6902`
1. Open noVNC at `http://<host>:8806`
2. Enter VNC password
3. Complete SSO login in the browser window
4. VPN will connect and auto-reconnect on disconnect

77
apps/rego-tunnel-linux/config.json Normal file → Executable file
View File

@@ -1,26 +1,53 @@
{
"name": "Rego Tunnel Linux",
"id": "rego-tunnel-linux",
"available": true,
"short_desc": "Cisco Secure Client VPN container with noVNC for Rego environments.",
"author": "alexz",
"port": 8806,
"categories": ["utilities", "network"],
"description": "Cisco Secure Client VPN running in an isolated container with noVNC for GUI access.",
"tipi_version": 1,
"version": "latest",
"source": "local",
"exposable": true,
"dynamic_config": true,
"no_gui": false,
"form_fields": [
{
"label": "VNC Password",
"type": "password",
"env_variable": "VNC_PASSWORD",
"required": true,
"default": "vpnpass"
}
],
"supported_architectures": ["amd64"]
}
"name": "Rego Tunnel",
"id": "rego-tunnel-linux",
"available": true,
"short_desc": "Rego VPN client container with noVNC.",
"author": "alexz",
"port": 8806,
"categories": [
"utilities",
"network"
],
"description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO reconnects.",
"tipi_version": 1,
"version": "latest",
"source": "local",
"exposable": true,
"dynamic_config": true,
"no_gui": false,
"form_fields": [
{
"label": "VPN URL",
"type": "text",
"env_variable": "OC_URL",
"required": true,
"default": "https://vpn.rego.net/Employees"
},
{
"label": "VNC Password",
"type": "password",
"env_variable": "VNC_PASSWORD",
"required": true,
"default": "Az@83278327$$@@"
},
{
"label": "Server Certificate",
"type": "text",
"env_variable": "OC_SERVERCERT",
"required": true,
"default": "pin-sha256:HyHob3LiVmIp8ch9AzHJ9jMYqI43tO5N13oWeBLiZ/0="
},
{
"label": "Username",
"type": "text",
"env_variable": "OC_USER",
"required": true,
"default": "alex.zaw@rego.net"
}
],
"supported_architectures": [
"arm64",
"amd64"
]
}

45
apps/rego-tunnel-linux/docker-compose.json Normal file → Executable file
View File

@@ -1,40 +1,23 @@
{
"schemaVersion": 2,
"services": [
{
"name": "rego-tunnel-linux",
"image": "rego-vpn:latest",
"environment": [
{
"key": "VNC_PASSWORD",
"value": "${VNC_PASSWORD}"
},
{
"key": "NOVNC_PORT",
"value": "8806"
}
],
"internalPort": 8806,
"volumes": [
{
"hostPath": "${APP_DATA_DIR}/data",
"containerPath": "/root",
"readOnly": false,
"shared": false,
"private": false
}
],
"devices": [
"/dev/net/tun:/dev/net/tun"
],
"privileged": true,
"capAdd": [
"NET_ADMIN"
],
"isMain": true,
"extraLabels": {
"runtipi.managed": true
}
"internalPort": 8806,
"privileged": true,
"capAdd": ["NET_ADMIN"],
"devices": ["/dev/net/tun:/dev/net/tun"],
"environment": {
"OC_URL": "${OC_URL}",
"OC_SERVERCERT": "${OC_SERVERCERT}",
"OC_USER": "${OC_USER}",
"VNC_PASSWORD": "${VNC_PASSWORD}",
"NOVNC_PORT": "8806"
},
"volumes": [
{ "hostPath": "${APP_DATA_DIR}/data", "containerPath": "/root" }
]
}
]
}

54
apps/rego-tunnel-linux/docker-compose.yml Normal file → Executable file
View File

@@ -1,40 +1,34 @@
services:
rego-tunnel-linux:
container_name: rego-tunnel-linux
image: rego-vpn:latest
restart: unless-stopped
privileged: true
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- NET_ADMIN
networks:
rego-tunnel-linux_runtipi_network:
gw_priority: 0
tipi_main_network:
gw_priority: 1
environment:
OC_URL: ${OC_URL}
OC_SERVERCERT: ${OC_SERVERCERT}
OC_USER: ${OC_USER}
VNC_PASSWORD: ${VNC_PASSWORD}
NOVNC_PORT: "8806"
ports:
- ${APP_PORT}:8806
environment:
- VNC_PASSWORD=${VNC_PASSWORD}
- NOVNC_PORT=8806
volumes:
- ${APP_DATA_DIR}/data:/root
networks:
- tipi_main_network
labels:
generated: true
traefik.enable: true
traefik.http.middlewares.rego-tunnel-linux-web-redirect.redirectscheme.scheme: https
traefik.http.services.rego-tunnel-linux.loadbalancer.server.port: 8806
traefik.http.routers.rego-tunnel-linux-insecure.rule: Host(`${APP_DOMAIN}`)
traefik.http.routers.rego-tunnel-linux-insecure.entrypoints: web
traefik.http.routers.rego-tunnel-linux-insecure.service: rego-tunnel-linux
traefik.http.routers.rego-tunnel-linux-insecure.middlewares: rego-tunnel-linux-web-redirect
traefik.http.routers.rego-tunnel-linux.rule: Host(`${APP_DOMAIN}`)
traefik.http.routers.rego-tunnel-linux.entrypoints: websecure
traefik.http.routers.rego-tunnel-linux.service: rego-tunnel-linux
traefik.http.routers.rego-tunnel-linux.tls.certresolver: myresolver
traefik.http.routers.rego-tunnel-linux-local-insecure.rule: Host(`rego-tunnel-linux.${LOCAL_DOMAIN}`)
traefik.http.routers.rego-tunnel-linux-local-insecure.entrypoints: web
traefik.http.routers.rego-tunnel-linux-local-insecure.service: rego-tunnel-linux
traefik.http.routers.rego-tunnel-linux-local-insecure.middlewares: rego-tunnel-linux-web-redirect
traefik.http.routers.rego-tunnel-linux-local.rule: Host(`rego-tunnel-linux.${LOCAL_DOMAIN}`)
traefik.http.routers.rego-tunnel-linux-local.entrypoints: websecure
traefik.http.routers.rego-tunnel-linux-local.service: rego-tunnel-linux
traefik.http.routers.rego-tunnel-linux-local.tls: true
runtipi.managed: true
traefik.docker.network: runtipi_tipi_main_network
traefik.http.middlewares.rego-tunnel-linux-runtipi-web-redirect.redirectscheme.scheme: https
traefik.http.services.rego-tunnel-linux-runtipi.loadbalancer.server.port: "8806"
traefik.http.routers.rego-tunnel-linux-runtipi-insecure.rule: Host(`${APP_DOMAIN}`)
traefik.http.routers.rego-tunnel-linux-runtipi-insecure.entrypoints: web
traefik.http.routers.rego-tunnel-linux-runtipi-insecure.service: rego-tunnel-linux-runtipi
traefik.http.routers.rego-tunnel-linux-runtipi-insecure.middlewares: rego-tunnel-linux-runtipi-web-redirect
traefik.http.routers.rego-tunnel-linux-runtipi.rule: Host(`${APP_DOMAIN}`)
traefik.http.routers.rego-tunnel-linux-runtipi.entrypoints: websecure
traefik.http.routers.rego-tunnel-linux-runtipi.service: rego-tunnel-linux-runtipi
traefik.http.routers.rego-tunnel-linux-runtipi.tls.certresolver: myresolver
runtipi.managed: true

168
apps/rego-tunnel-linux/metadata/README.md
View File

@@ -1,168 +0,0 @@
# Rego-Tunnel Linux VPN Bridge
This app runs a Linux VM (Ubuntu) inside a Docker container with Cisco Secure Client VPN, providing transparent access to VPN-protected resources (IBM i at 10.35.33.230) from the local network.
## Architecture
```
┌─────────────────────────────────────────────────────────────────────────┐
│ Linux Host (192.168.0.150) │
│ │
│ Bridge: br-vpn-linux (172.31.1.1/24) │
└─────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────┐
│ Container: rego-tunnel-linux (172.31.1.10) │
│ │
│ qemux/qemu running Ubuntu VM │
│ Port 8007 → Web console (noVNC) │
│ Port 2222 → SSH to VM │
│ │
│ Internal bridge: 172.32.1.1/24 │
└─────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────┐
│ Ubuntu VM (172.32.1.20) │
│ │
│ Cisco Secure Client VPN: connected to corporate network │
│ VPN IP: 10.215.x.x │
│ │
│ cisco-vpn.sh: │
│ - Auto-login to Cisco via xdotool │
│ - TOTP authentication (oathtool) │
│ - iptables forwarding for target IP │
└─────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────┐
│ IBM i (10.35.33.230) │
│ Via Cisco VPN tunnel │
└─────────────────────────────────────────────────────────────────────────┘
```
## Installation
### Step 1: Install the app via Runtipi
1. Go to Runtipi App Store
2. Install "Rego Tunnel Linux"
3. Configure RAM, CPU, and disk size
### Step 2: Set up the VM
1. Open the web console at port 8007
2. Complete Ubuntu installation (use Ubuntu Server for faster boot)
3. After installation, open a terminal
### Step 3: Install Cisco Secure Client
```bash
# Mount the shared folder (contains Cisco installation)
sudo mkdir -p /mnt/shared
sudo mount -t 9p shared /mnt/shared -o trans=virtio
# Run the install script
sudo bash /mnt/shared/install-cisco.sh
```
### Step 4: Connect VPN
```bash
# Run the VPN automation script
~/cisco-vpn.sh
```
The script will:
1. Start the Cisco VPN agent
2. Launch the VPN UI
3. Auto-type credentials and TOTP
4. Set up IP forwarding for the target
## Files
### vpn_scripts/secureclient/
Complete Cisco Secure Client installation.
### vpn_scripts/cisco-vpn.sh
Automated VPN login script:
- Starts vpnagentd if not running
- Launches vpnui
- Uses xdotool to type credentials
- Generates TOTP codes with oathtool
- Sets up iptables forwarding
### vpn_scripts/install-cisco.sh
One-time setup script to install Cisco Secure Client in the VM.
## Configuration
### VPN Credentials
Edit `~/cisco-vpn.sh` and update:
```bash
EMAIL="your-email@company.com"
PASSWORD="your-password"
TOTP_SECRET="your-totp-secret"
VPN_HOST="vpn.company.com"
TARGET_IP="10.x.x.x"
```
### Network Configuration
Add route on your laptop:
```cmd
route add 172.31.1.0 mask 255.255.255.0 192.168.0.150 -p
```
## User Config
Create `/etc/runtipi/user-config/runtipi/rego-tunnel-linux/docker-compose.yml`:
```yaml
networks:
vpn_static-linux:
driver: bridge
driver_opts:
com.docker.network.bridge.name: "br-vpn-linux"
ipam:
config:
- subnet: 172.31.1.0/24
services:
rego-tunnel-linux:
sysctls:
- net.ipv4.conf.all.rp_filter=0
- net.ipv4.conf.default.rp_filter=0
cap_add:
- NET_ADMIN
environment:
- VM_NET_IP=172.32.1.20
networks:
vpn_static-linux:
ipv4_address: 172.31.1.10
```
## Troubleshooting
### VPN UI doesn't start
- Ensure vpnagentd is running: `systemctl status cisco-vpnagentd`
- Check for missing libraries: `ldd /opt/cisco/secureclient/bin/vpnui`
### TOTP codes failing
- Sync time: `sudo timedatectl set-ntp true`
- Verify TOTP secret is correct
### Can't reach target IP
- Check if VPN is connected: `ip addr show cscotun0`
- Verify iptables rules: `sudo iptables -L -n`
## Comparison: Windows vs Linux
| Feature | Windows VM | Linux VM |
|---------|-----------|----------|
| Image | dockurr/windows | qemux/qemu |
| Boot time | ~3-5 min | ~1-2 min |
| RAM usage | ~2GB min | ~512MB min |
| Disk usage | ~15GB | ~5GB |
| Automation | DevTools/WebSocket | xdotool |

45
apps/rego-tunnel-linux/metadata/description.md Normal file → Executable file
View File

@@ -1,35 +1,20 @@
<h1 align="center">QEMU<br />
<div align="center">
<a href="https://github.com/qemus/qemu"><img src="https://github.com/qemus/qemu/raw/master/.github/logo.png" title="Logo" style="max-width:100%;" width="128" /></a>
</div>
<div align="center">
# Dockerized OpenConnect-SSO with noVNC and Cloudflared
</div></h1>
## Setup
1) Copy `.env.example` to `.env` and fill values (URLs, servercert pins, VNC passwords, cloudflared tokens).
Linux VM in a Docker container with Cisco Secure Client VPN.
2) First-time SSO: leave `OC_SSO_ARGS_*=--browser-display-mode visible`.
## Features
3) Build and start:
docker compose build
docker compose up -d vpn_a
# Open http://localhost:6901, complete SSO.
# After success, attach app containers or start cloudflared_a.
- KVM acceleration
- Web-based viewer
- Cisco Secure Client VPN pre-installed
- Auto-login with TOTP support
4) Optional: switch to headless after first login:
Set `OC_SSO_ARGS_*=--browser-display-mode hidden` (or `headless`) and restart the vpn service.
## Quick Start
1. Start the container and connect to the web viewer
2. After Ubuntu installation completes, open a terminal
3. Mount the shared folder and run the install script:
```bash
sudo mkdir -p /mnt/shared
sudo mount -t 9p shared /mnt/shared
sudo bash /mnt/shared/install-cisco.sh
```
4. Run the VPN automation: `~/cisco-vpn.sh`
## VPN Connection
The container includes automated VPN login with:
- TOTP code generation
- xdotool automation for GUI
- Watchdog mode for auto-reconnection
## Notes
- Each VPN runs in its own net namespace; routes from one cannot affect the other or the host.
- DNS from the VPN applies within its container namespace and attached services only.
- Persisted state lives in the named volumes mounted at `/root` (Playwright cache, configs).

44
apps/rego-tunnel-linux/source/Dockerfile
View File

@@ -1,12 +1,20 @@
FROM ubuntu:24.04
ENV DEBIAN_FRONTEND=noninteractive \
VNC_PASSWORD="vpnpass" \
NOVNC_PORT=8806
PLAYWRIGHT_BROWSERS_PATH=/ms-playwright \
VIRTUAL_ENV=/opt/venv \
PATH=/opt/venv/bin:$PATH \
QTWEBENGINE_DISABLE_SANDBOX=1 \
QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu" \
OC_URL="https://vpn.rego.net/Employees" \
OC_SERVERCERT="pin-sha256:HyHob3LiVmIp8ch9AzHJ9jMYqI43tO5N13oWeBLiZ/0=" \
OC_USER="alex.zaw@rego.net" \
OC_TOTP_SECRET="t6ypnjqvyx2yvw2l" \
VNC_PASSWORD="Az@83278327\$\$@@"
# Install base dependencies - same as cistech-tunnel for noVNC
RUN apt-get update && apt-get install -y \
iproute2 iptables ca-certificates \
curl wget openssh-client \
openconnect iproute2 iptables ca-certificates \
python3 python3-pip python3-venv \
vpnc-scripts curl wget openssh-client \
x11vnc xvfb fluxbox novnc websockify xterm nano oathtool \
xauth libnss3 libatk1.0-0 libatk-bridge2.0-0 \
libx11-6 libx11-xcb1 libxcomposite1 libxrandr2 libgbm1 libxdamage1 \
@@ -14,25 +22,23 @@ RUN apt-get update && apt-get install -y \
libegl1 libgl1 libopengl0 libdbus-1-3 libglib2.0-0 \
libxkbcommon0 libxkbcommon-x11-0 \
libxcb1 libxcb-cursor0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-render0 libxcb-render-util0 libxcb-shm0 libxcb-xfixes0 libxcb-xinerama0 libxcb-randr0 libxcb-glx0 \
xdotool xclip \
libwebkit2gtk-4.1-0 libgtk-3-0 libxml2 libxss1 libcairo2 libgdk-pixbuf2.0-0 \
sudo && rm -rf /var/lib/apt/lists/*
RUN apt-get update && (apt-get install -y libasound2t64 || apt-get install -y libasound2) && rm -rf /var/lib/apt/lists/*
# Install Cisco Secure Client
COPY cisco-secure-client-linux64-5.1.11.388-core-vpn-webdeploy-k9.sh /tmp/cisco-install.sh
RUN chmod +x /tmp/cisco-install.sh && \
/tmp/cisco-install.sh && \
rm /tmp/cisco-install.sh
# Python venv + Playwright + openconnect-sso
RUN python3 -m venv "$VIRTUAL_ENV"
RUN pip install --no-cache-dir openconnect-sso playwright keyring keyrings.alt && \
python -m playwright install --with-deps chromium
# Copy hostscan files
COPY hostscan /root/.cisco/hostscan
RUN chmod -R 755 /root/.cisco/hostscan
# Copy VPN automation script
COPY vpn-sso.sh /root/vpn-sso.sh
RUN chmod +x /root/vpn-sso.sh
# Cloudflared (amd64)
RUN arch=$(dpkg --print-architecture) && \
if [ "$arch" = "amd64" ]; then \
curl -fsSL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -o /tmp/cloudflared.deb && \
apt-get update && apt-get install -y /tmp/cloudflared.deb && rm -f /tmp/cloudflared.deb ; \
else \
echo "Install cloudflared manually for arch=$arch" && exit 1 ; \
fi
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

35490
apps/rego-tunnel-linux/source/cisco-secure-client-linux64-5.1.11.388-core-vpn-webdeploy-k9.sh
View File

File diff suppressed because it is too large Load Diff

170
apps/rego-tunnel-linux/source/entrypoint.sh
View File

@@ -1,12 +1,109 @@
#!/usr/bin/env bash
set -euo pipefail
NOVNC_PORT="${NOVNC_PORT:-8806}"
VNC_PASSWORD="${VNC_PASSWORD:-vpnpass}"
: "${OC_URL:?OC_URL required}"
: "${OC_SERVERCERT:?OC_SERVERCERT required}"
NOVNC_PORT="${NOVNC_PORT:-6901}"
VNC_PASSWORD="${VNC_PASSWORD:-changeme}"
DISPLAY_ADDR="${DISPLAY:-:1}"
OC_INTERFACE="${OC_INTERFACE:-tun0}"
OC_USER="${OC_USER:-}"
OC_TOTP_SECRET="${OC_TOTP_SECRET:-}"
# Default to hidden browser if OC_USER is set
if [[ -n "$OC_USER" ]]; then
OC_SSO_ARGS_DEFAULT="--browser-display-mode hidden -u $OC_USER"
else
OC_SSO_ARGS_DEFAULT="--browser-display-mode shown"
fi
CLOUDFLARED_MODE="${CLOUDFLARED_MODE:-off}" # off|token|config
CLOUDFLARED_TOKEN="${CLOUDFLARED_TOKEN:-}"
SSH_TUNNEL_ENABLE="${SSH_TUNNEL_ENABLE:-0}"
SSH_DEST="${SSH_DEST:-zawa@10.3.1.201}"
SSH_FORWARDS="${SSH_FORWARDS:-0.0.0.0:8090:localhost:8090}"
pids=()
# Setup keyring with TOTP secret if provided
setup_keyring() {
if [[ -n "$OC_TOTP_SECRET" && -n "$OC_USER" ]]; then
python3 -c "
import keyring
keyring.set_password('openconnect-sso', 'totp/$OC_USER', '$OC_TOTP_SECRET'.upper())
print('TOTP secret stored in keyring for $OC_USER')
"
fi
}
# Create vpn_connect command in PATH and save environment
create_vpn_command() {
# Save environment variables to a file
cat > /etc/vpn.env << ENVFILE
export OC_URL="$OC_URL"
export OC_SERVERCERT="$OC_SERVERCERT"
export OC_INTERFACE="$OC_INTERFACE"
export OC_USER="$OC_USER"
export OC_SSO_ARGS_DEFAULT="$OC_SSO_ARGS_DEFAULT"
export OC_SSO_ARGS="${OC_SSO_ARGS:-$OC_SSO_ARGS_DEFAULT}"
export OC_AUTHGROUP="${OC_AUTHGROUP:-}"
export OC_USERAGENT="${OC_USERAGENT:-}"
export OC_EXTRA_ARGS="${OC_EXTRA_ARGS:-}"
export OC_TOTP_SECRET="$OC_TOTP_SECRET"
export DISPLAY=":1"
ENVFILE
# Build openconnect command
OPENCONNECT_CMD="/usr/sbin/openconnect --protocol=anyconnect --servercert $OC_SERVERCERT --interface $OC_INTERFACE --script /usr/share/vpnc-scripts/vpnc-script"
[[ -n "${OC_AUTHGROUP:-}" ]] && OPENCONNECT_CMD+=" --authgroup $OC_AUTHGROUP"
[[ -n "${OC_USERAGENT:-}" ]] && OPENCONNECT_CMD+=" --useragent $OC_USERAGENT"
[[ -n "${OC_EXTRA_ARGS:-}" ]] && OPENCONNECT_CMD+=" ${OC_EXTRA_ARGS}"
echo "export OPENCONNECT_CMD=\"$OPENCONNECT_CMD\"" >> /etc/vpn.env
cat > /usr/local/bin/vpn_connect << 'VPNCMD'
#!/usr/bin/env bash
source /etc/vpn.env
echo "[$(date)] Starting VPN connection..."
# openconnect-sso reads TOTP from keyring automatically
if [[ -n "$OC_USER" ]]; then
echo "" | openconnect-sso -s "$OC_URL" ${OC_SSO_ARGS:-$OC_SSO_ARGS_DEFAULT} -- $OPENCONNECT_CMD
else
openconnect-sso -s "$OC_URL" ${OC_SSO_ARGS:-$OC_SSO_ARGS_DEFAULT} -- $OPENCONNECT_CMD
fi
VPNCMD
chmod +x /usr/local/bin/vpn_connect
}
# Create VPN runner script that keeps shell open
create_vpn_script() {
cat > /tmp/vpn-runner.sh << 'VPNSCRIPT'
#!/usr/bin/env bash
cd /root
echo "============================================"
echo " Rego VPN Container"
echo "============================================"
echo ""
echo "Commands:"
echo " vpn_connect - Start/restart VPN connection"
echo " Ctrl+C - Stop auto-reconnect and drop to shell"
echo ""
echo "Starting VPN with auto-reconnect..."
echo ""
while true; do
vpn_connect
echo ""
echo "[$(date)] VPN disconnected. Reconnecting in 10 seconds..."
echo "(Press Ctrl+C to stop auto-reconnect)"
sleep 10
done
VPNSCRIPT
chmod +x /tmp/vpn-runner.sh
}
start_gui() {
mkdir -p /root/.vnc
x11vnc -storepasswd "$VNC_PASSWORD" /root/.vnc/pass >/dev/null 2>&1 || true
@@ -23,38 +120,63 @@ start_gui() {
pids+=($!)
}
start_vpnagent() {
/opt/cisco/secureclient/bin/vpnagentd -execv_instance &
start_vpn_terminal() {
# Start xterm with VPN script
sleep 1
xterm -fa 'Monospace' -fs 11 -bg black -fg white -geometry 120x35+50+50 \
-T "Rego VPN" -e /tmp/vpn-runner.sh &
pids+=($!)
}
setup_tun() {
mkdir -p /dev/net
if [ ! -c /dev/net/tun ]; then
mknod /dev/net/tun c 10 200
chmod 600 /dev/net/tun
fi
start_cloudflared() {
case "$CLOUDFLARED_MODE" in
token)
[ -n "$CLOUDFLARED_TOKEN" ] && cloudflared tunnel run --token "$CLOUDFLARED_TOKEN" >/tmp/cloudflared.log 2>&1 &
pids+=($!)
;;
config)
cloudflared --no-autoupdate --config /etc/cloudflared/config.yml tunnel run >/tmp/cloudflared.log 2>&1 &
pids+=($!)
;;
off|*)
;;
esac
}
start_ssh_tunnel() {
[ "$SSH_TUNNEL_ENABLE" = "1" ] || return 0
IFS=',' read -ra LINES <<< "$SSH_FORWARDS"
args=(-N -o StrictHostKeyChecking=no -o ServerAliveInterval=60)
for m in "${LINES[@]}"; do args+=(-L "$m"); done
ssh "${args[@]}" "$SSH_DEST" &
pids+=($!)
}
setup_nat() {
sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1 || true
}
start_terminal() {
sleep 1
xterm -fa 'Monospace' -fs 11 -bg black -fg white -geometry 120x35+50+50 \
-T "Rego VPN" -e bash &
pids+=($!)
(
for i in {1..60}; do
if ip link show "$OC_INTERFACE" >/dev/null 2>&1; then
sysctl -w net.ipv4.ip_forward=1 >/dev/null
iptables -t nat -C POSTROUTING -o "$OC_INTERFACE" -j MASQUERADE 2>/dev/null || \
iptables -t nat -A POSTROUTING -o "$OC_INTERFACE" -j MASQUERADE
echo "NAT enabled on $OC_INTERFACE"
break
fi
sleep 2
done
) &
}
trap 'kill 0' INT TERM
echo "Starting Rego VPN container..."
setup_tun
setup_nat
# Always start GUI now
setup_keyring
create_vpn_command
create_vpn_script
start_gui
start_vpnagent
start_terminal
start_vpn_terminal
setup_nat
start_cloudflared
start_ssh_tunnel
echo "All services started. noVNC available on port $NOVNC_PORT"
wait

BIN
apps/rego-tunnel-linux/source/hostscan/bin/cscan
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/source/hostscan/bin/cstub
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/source/hostscan/lib/libcsd.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/source/hostscan/lib/libhostscan.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/source/hostscan/lib/libinspector.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/source/hostscan/lib/libwaapi.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/source/hostscan/lib/libwacollector.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/source/hostscan/lib/libwaheap.so.4
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/source/hostscan/lib/libwalocal.so.4
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/source/hostscan/lib/libwaresource.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/source/hostscan/lib/libwautils.so.4
View File

Binary file not shown.

2767
apps/rego-tunnel-linux/source/hostscan/log/cscan.log
View File

File diff suppressed because it is too large Load Diff

2675
apps/rego-tunnel-linux/source/hostscan/log/cstub.log
View File

File diff suppressed because it is too large Load Diff

3707
apps/rego-tunnel-linux/source/hostscan/log/libcsd.log
View File

File diff suppressed because it is too large Load Diff

0
apps/rego-tunnel-linux/source/hostscan/manifest
View File

536
apps/rego-tunnel-linux/source/vpn-sso.sh
View File

@@ -1,536 +0,0 @@
#!/bin/bash
# Dover VPN Connection Script with Semi-Automation
# Keyboard shortcuts (global, work anywhere):
# Ctrl+1 - Type email
# Ctrl+2 - Type password
# Ctrl+3 - Type TOTP code
# Ctrl+4 - Type email + Tab + password (combo)
# Ctrl+5 - Full sequence: email + Tab + password + Tab + TOTP + Enter
EMAIL="c-azaw@regoproducts.com"
PASSWORD='Ji@83278327$$@@'
TOTP_SECRET="rzqtqskdwkhz6zyr"
VPN_HOST="vpn-ord1.dovercorp.com"
TARGET_IP="10.35.33.230"
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
GRAY='\033[0;90m'
NC='\033[0m'
# Logging function with timestamp
log() {
local level="$1"
local msg="$2"
local timestamp=$(date '+%H:%M:%S')
case $level in
INFO) echo -e "${GRAY}[$timestamp]${NC} ${GREEN}[INFO]${NC} $msg" ;;
WARN) echo -e "${GRAY}[$timestamp]${NC} ${YELLOW}[WARN]${NC} $msg" ;;
ERROR) echo -e "${GRAY}[$timestamp]${NC} ${RED}[ERROR]${NC} $msg" ;;
DEBUG) echo -e "${GRAY}[$timestamp]${NC} ${CYAN}[DEBUG]${NC} $msg" ;;
CMD) echo -e "${GRAY}[$timestamp]${NC} ${GRAY}[CMD]${NC} $msg" ;;
*) echo -e "${GRAY}[$timestamp]${NC} $msg" ;;
esac
}
# Run command with logging
run_cmd() {
local desc="$1"
shift
log CMD "$desc: $*"
output=$("$@" 2>&1)
local rc=$?
if [ -n "$output" ]; then
echo "$output" | while IFS= read -r line; do
echo -e " ${GRAY}${NC} $line"
done
fi
return $rc
}
echo -e "${CYAN}========================================${NC}"
echo -e "${CYAN} Dover VPN Connection Script ${NC}"
echo -e "${CYAN}========================================${NC}"
echo ""
# Function to get current TOTP
get_totp() {
oathtool --totp -b "$TOTP_SECRET"
}
# Function to detect VPN tunnel interface dynamically
get_vpn_interface() {
# Look for cscotun* or tun* interfaces that are UP
local iface=$(ip link show | grep -oP '(cscotun\d+|tun\d+)(?=:.*UP)' | head -1)
if [ -z "$iface" ]; then
# Fallback: any cscotun interface
iface=$(ip link show | grep -oP 'cscotun\d+' | head -1)
fi
echo "$iface"
}
# Function to get VM's IP on host-only network (for Windows routing)
get_vm_hostonly_ip() {
# Get IP from ens38 (host-only adapter) - could be any 192.168.x.x
ip addr show ens38 2>/dev/null | grep -oP 'inet \K[\d.]+' | head -1
}
# Function to get VPN tunnel IP
get_vpn_ip() {
local iface=$(get_vpn_interface)
if [ -n "$iface" ]; then
ip addr show "$iface" 2>/dev/null | grep -oP 'inet \K[\d.]+' | head -1
fi
}
# Start xbindkeys for keyboard macros
start_xbindkeys() {
log INFO "Starting keyboard macro listener (xbindkeys)..."
# Kill any existing xbindkeys
pkill xbindkeys 2>/dev/null
sleep 0.5
# Start xbindkeys
xbindkeys -f ~/.xbindkeysrc 2>/dev/null &
XBINDKEYS_PID=$!
if pgrep xbindkeys >/dev/null; then
log DEBUG "xbindkeys started (PID: $(pgrep xbindkeys))"
log INFO "Keyboard shortcuts active: Ctrl+1=email, Ctrl+2=pass, Ctrl+3=TOTP, Ctrl+4=combo, Ctrl+5=all"
else
log WARN "Failed to start xbindkeys"
fi
}
# Stop xbindkeys
stop_xbindkeys() {
if pgrep xbindkeys >/dev/null; then
log INFO "Stopping keyboard macro listener..."
pkill xbindkeys 2>/dev/null
log DEBUG "xbindkeys stopped"
fi
}
# Kill all Cisco-related processes
kill_cisco_processes() {
log INFO "Killing all Cisco-related processes..."
local killed=0
local my_pid=$$
local my_ppid=$(ps -o ppid= -p $$ | tr -d ' ')
# Kill vpnui specifically (not just any process with "vpn" in name)
for pid in $(pgrep -x "vpnui" 2>/dev/null); do
if [ "$pid" != "$my_pid" ] && [ "$pid" != "$my_ppid" ]; then
log DEBUG "Killing vpnui (PID $pid)"
sudo kill -9 "$pid" 2>/dev/null && ((killed++))
fi
done
# Note: Don't kill vpnagentd - we need it running
# Kill Cisco-specific processes by exact path
for proc in cstub cscan acwebsecagent vpndownloader; do
for pid in $(pgrep -x "$proc" 2>/dev/null); do
log DEBUG "Killing $proc (PID $pid)"
sudo kill -9 "$pid" 2>/dev/null && ((killed++))
done
done
# Kill openconnect (exact match)
for pid in $(pgrep -x "openconnect" 2>/dev/null); do
log DEBUG "Killing openconnect (PID $pid)"
sudo kill -9 "$pid" 2>/dev/null && ((killed++))
done
if [ $killed -eq 0 ]; then
log INFO "No Cisco processes were running"
else
log INFO "Killed $killed process(es)"
sleep 1
fi
}
# Function to setup iptables rules for forwarding
setup_forwarding() {
log INFO "Setting up IP forwarding rules for $TARGET_IP..."
local vpn_iface=$(get_vpn_interface)
if [ -z "$vpn_iface" ]; then
log ERROR "No VPN interface found! Is VPN connected?"
return 1
fi
local vpn_ip=$(get_vpn_ip)
local vm_ip=$(get_vm_hostonly_ip)
log DEBUG "VPN interface: $vpn_iface"
log DEBUG "VPN IP: $vpn_ip"
log DEBUG "VM host-only IP: $vm_ip"
# Enable IP forwarding
run_cmd "Enabling IP forwarding" sudo sysctl -w net.ipv4.ip_forward=1
# NAT masquerade
if ! sudo iptables -t nat -C POSTROUTING -d "$TARGET_IP" -j MASQUERADE 2>/dev/null; then
run_cmd "Adding NAT masquerade rule" sudo iptables -t nat -A POSTROUTING -d "$TARGET_IP" -j MASQUERADE
else
log DEBUG "NAT masquerade rule already exists"
fi
# Forward rules
if ! sudo iptables -C FORWARD -d "$TARGET_IP" -j ACCEPT 2>/dev/null; then
run_cmd "Adding forward rule (to target)" sudo iptables -A FORWARD -d "$TARGET_IP" -j ACCEPT
else
log DEBUG "Forward rule (to target) already exists"
fi
if ! sudo iptables -C FORWARD -s "$TARGET_IP" -j ACCEPT 2>/dev/null; then
run_cmd "Adding forward rule (from target)" sudo iptables -A FORWARD -s "$TARGET_IP" -j ACCEPT
else
log DEBUG "Forward rule (from target) already exists"
fi
# Cisco VPN chain bypass (insert at top if chain exists)
if sudo iptables -L ciscovpn -n &>/dev/null; then
if ! sudo iptables -C ciscovpn -o "$vpn_iface" -d "$TARGET_IP" -j ACCEPT 2>/dev/null; then
run_cmd "Adding ciscovpn bypass (outbound)" sudo iptables -I ciscovpn 1 -o "$vpn_iface" -d "$TARGET_IP" -j ACCEPT
else
log DEBUG "Ciscovpn bypass (outbound) already exists"
fi
if ! sudo iptables -C ciscovpn -i "$vpn_iface" -s "$TARGET_IP" -j ACCEPT 2>/dev/null; then
run_cmd "Adding ciscovpn bypass (inbound)" sudo iptables -I ciscovpn 2 -i "$vpn_iface" -s "$TARGET_IP" -j ACCEPT
else
log DEBUG "Ciscovpn bypass (inbound) already exists"
fi
else
log DEBUG "ciscovpn chain does not exist (yet)"
fi
log INFO "Forwarding rules configured"
echo ""
log INFO "Windows route command (run as Admin):"
echo -e " ${CYAN}route add $TARGET_IP mask 255.255.255.255 $vm_ip${NC}"
echo ""
}
# Copy credentials to clipboard as alternative
copy_to_clipboard() {
log INFO "Starting clipboard credential rotation..."
echo ""
log INFO "Copying EMAIL to clipboard"
echo "$EMAIL" | xclip -selection clipboard
echo -e " ${CYAN}Email ready: $EMAIL${NC}"
echo -e " Paste now (Ctrl+V), then press ${GREEN}Enter${NC} here for password..."
read -r
log INFO "Copying PASSWORD to clipboard"
echo "$PASSWORD" | xclip -selection clipboard
echo -e " ${CYAN}Password ready${NC}"
echo -e " Paste now (Ctrl+V), then press ${GREEN}Enter${NC} here for TOTP..."
read -r
TOTP=$(get_totp)
log INFO "Copying TOTP to clipboard"
echo "$TOTP" | xclip -selection clipboard
echo -e " ${CYAN}TOTP ready: $TOTP${NC}"
echo -e " Paste now (Ctrl+V)"
}
# Print current TOTP with countdown
show_totp() {
log INFO "Starting live TOTP display (Ctrl+C to stop)"
echo ""
while true; do
TOTP=$(get_totp)
SECONDS_LEFT=$((30 - ($(date +%s) % 30)))
echo -ne "\r ${CYAN}Current TOTP:${NC} ${GREEN}$TOTP${NC} (expires in ${YELLOW}${SECONDS_LEFT}s${NC}) "
sleep 1
done
}
# Show network status
show_network_status() {
log INFO "Current network status:"
# VM IPs
echo ""
log DEBUG "VM Network Interfaces:"
ip -4 addr show | grep -E "inet |^[0-9]+:" | while IFS= read -r line; do
echo -e " ${GRAY}${NC} $line"
done
# VPN status
echo ""
local vpn_iface=$(get_vpn_interface)
if [ -n "$vpn_iface" ]; then
local vpn_ip=$(get_vpn_ip)
log INFO "VPN Status: ${GREEN}CONNECTED${NC}"
log DEBUG " Interface: $vpn_iface"
log DEBUG " VPN IP: $vpn_ip"
else
log WARN "VPN Status: ${RED}NOT CONNECTED${NC}"
fi
# Host-only IP for Windows
local vm_ip=$(get_vm_hostonly_ip)
if [ -n "$vm_ip" ]; then
log DEBUG "Host-only IP (for Windows): $vm_ip"
fi
echo ""
}
# Main menu
main_menu() {
echo -e "${GREEN}Options:${NC}"
echo -e " ${CYAN}1${NC} - Start Cisco AnyConnect (kill existing + launch)"
echo -e " ${CYAN}2${NC} - Copy credentials to clipboard (one by one)"
echo -e " ${CYAN}3${NC} - Show live TOTP"
echo -e " ${CYAN}4${NC} - Setup IP forwarding rules only"
echo -e " ${CYAN}5${NC} - Test connection to $TARGET_IP"
echo -e " ${CYAN}6${NC} - Show network status"
echo -e " ${CYAN}7${NC} - Kill all Cisco processes"
echo -e " ${CYAN}q${NC} - Quit"
echo ""
}
# Check if VPN is already connected
check_vpn_status() {
local vpn_iface=$(get_vpn_interface)
if [ -n "$vpn_iface" ]; then
local vpn_ip=$(get_vpn_ip)
log INFO "VPN is ${GREEN}CONNECTED${NC}"
log DEBUG " Interface: $vpn_iface"
log DEBUG " VPN IP: $vpn_ip"
return 0
else
log WARN "VPN is ${RED}NOT CONNECTED${NC}"
return 1
fi
}
# Focus on Cisco AnyConnect window
focus_vpn_window() {
local win_id=$(xdotool search --name "Cisco" 2>/dev/null | head -1)
if [ -n "$win_id" ]; then
xdotool windowactivate --sync "$win_id" 2>/dev/null
sleep 0.3
return 0
fi
return 1
}
# Auto-login sequence using xdotool (no auto-focus, types to active window)
auto_login() {
log INFO "Starting automated login sequence..."
# Wait for UI to fully load
log DEBUG "Waiting 5s for UI to load..."
sleep 5
# Press Enter to initiate connection
log DEBUG "Pressing Enter to start connection..."
xdotool key Return
sleep 5
# Press Enter again (Connect button)
log DEBUG "Pressing Enter for Connect..."
xdotool key Return
# Wait for SSO browser to open
log DEBUG "Waiting for SSO browser to open..."
sleep 7
# Type email
log DEBUG "Typing email..."
xdotool type --delay 50 "$EMAIL"
xdotool key Return
sleep 5
# Type password
log DEBUG "Typing password..."
xdotool type --delay 50 "$PASSWORD"
xdotool key Return
sleep 5
# Type TOTP
log DEBUG "Typing TOTP..."
local totp=$(oathtool --totp -b "$TOTP_SECRET")
log DEBUG "TOTP: $totp"
xdotool type --delay 50 "$totp"
xdotool key Return
sleep 5
# Extra enters for any confirmation dialogs
log DEBUG "Sending confirmation enters..."
xdotool key Return
sleep 2
xdotool key Return
sleep 5
xdotool key Return
log INFO "Auto-login sequence completed"
}
# Start Cisco AnyConnect with logging
start_anyconnect() {
log INFO "=== Starting Cisco AnyConnect VPN (FULLY AUTOMATED) ==="
echo ""
# Kill existing processes first
kill_cisco_processes
# Start vpnagentd if not running
if ! pgrep -x vpnagentd >/dev/null; then
log INFO "Starting vpnagentd..."
sudo /opt/cisco/secureclient/bin/vpnagentd &
log DEBUG "Waiting for vpnagentd to initialize..."
sleep 5
fi
# Show credentials
log INFO "Credentials for SSO login:"
echo -e " ${CYAN}Email: $EMAIL${NC}"
echo -e " ${CYAN}Password: $PASSWORD${NC}"
TOTP=$(get_totp)
echo -e " ${CYAN}TOTP: $TOTP${NC}"
echo ""
# Start AnyConnect with GPU/WebKit workarounds
log INFO "Launching Cisco AnyConnect UI..."
export GDK_BACKEND=x11
export WEBKIT_DISABLE_DMABUF_RENDERER=1
/opt/cisco/secureclient/bin/vpnui &
VPNUI_PID=$!
log DEBUG "vpnui started with PID $VPNUI_PID"
# Run auto-login in background
auto_login &
AUTO_LOGIN_PID=$!
log DEBUG "Auto-login started with PID $AUTO_LOGIN_PID"
# Wait for VPN to connect
log INFO "Waiting for VPN connection..."
local wait_count=0
local max_wait=300 # 5 minutes
while [ -z "$(get_vpn_interface)" ]; do
sleep 2
((wait_count+=2))
if [ $((wait_count % 10)) -eq 0 ]; then
log DEBUG "Still waiting for VPN... (${wait_count}s)"
fi
if [ $wait_count -ge $max_wait ]; then
log ERROR "Timeout waiting for VPN connection after ${max_wait}s"
stop_xbindkeys
return 1
fi
done
log INFO "VPN connected!"
local vpn_iface=$(get_vpn_interface)
local vpn_ip=$(get_vpn_ip)
log DEBUG " Interface: $vpn_iface"
log DEBUG " VPN IP: $vpn_ip"
# Wait a bit for routes to stabilize
log DEBUG "Waiting for routes to stabilize..."
sleep 3
# Setup forwarding
setup_forwarding
# Test connection
log INFO "Testing connection to $TARGET_IP..."
if ping -c 2 -W 3 "$TARGET_IP" &>/dev/null; then
log INFO "Connection test: ${GREEN}SUCCESS${NC}"
else
log WARN "Connection test: ${RED}FAILED${NC} (may need manual route on Windows)"
fi
}
# Main
log INFO "Script started"
echo ""
# Check current status
if check_vpn_status; then
echo ""
log INFO "VPN already connected. Setting up forwarding..."
setup_forwarding
else
echo ""
log INFO "Auto-starting VPN connection..."
echo ""
start_anyconnect
fi
echo ""
main_menu
while true; do
echo -ne "${CYAN}Choice: ${NC}"
read -r choice
case $choice in
1)
echo ""
start_anyconnect
echo ""
main_menu
;;
2)
echo ""
copy_to_clipboard
echo ""
main_menu
;;
3)
echo ""
show_totp
echo ""
main_menu
;;
4)
echo ""
setup_forwarding
echo ""
main_menu
;;
5)
echo ""
log INFO "Testing connection to $TARGET_IP..."
if ping -c 3 "$TARGET_IP"; then
log INFO "Connection test: ${GREEN}SUCCESS${NC}"
else
log ERROR "Connection test: ${RED}FAILED${NC}"
fi
echo ""
main_menu
;;
6)
echo ""
show_network_status
main_menu
;;
7)
echo ""
kill_cisco_processes
echo ""
main_menu
;;
q|Q)
log INFO "Goodbye!"
exit 0
;;
*)
log ERROR "Invalid choice"
;;
esac
done

35490
apps/rego-tunnel-linux/vpn_scripts/cisco-secure-client-linux64-5.1.11.388-core-vpn-webdeploy-k9.sh
View File

File diff suppressed because it is too large Load Diff

536
apps/rego-tunnel-linux/vpn_scripts/cisco-vpn.sh
View File

@@ -1,536 +0,0 @@
#!/bin/bash
# Dover VPN Connection Script with Semi-Automation
# Keyboard shortcuts (global, work anywhere):
# Ctrl+1 - Type email
# Ctrl+2 - Type password
# Ctrl+3 - Type TOTP code
# Ctrl+4 - Type email + Tab + password (combo)
# Ctrl+5 - Full sequence: email + Tab + password + Tab + TOTP + Enter
EMAIL="c-azaw@regoproducts.com"
PASSWORD='Ji@83278327$$@@'
TOTP_SECRET="rzqtqskdwkhz6zyr"
VPN_HOST="vpn-ord1.dovercorp.com"
TARGET_IP="10.35.33.230"
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
GRAY='\033[0;90m'
NC='\033[0m'
# Logging function with timestamp
log() {
local level="$1"
local msg="$2"
local timestamp=$(date '+%H:%M:%S')
case $level in
INFO) echo -e "${GRAY}[$timestamp]${NC} ${GREEN}[INFO]${NC} $msg" ;;
WARN) echo -e "${GRAY}[$timestamp]${NC} ${YELLOW}[WARN]${NC} $msg" ;;
ERROR) echo -e "${GRAY}[$timestamp]${NC} ${RED}[ERROR]${NC} $msg" ;;
DEBUG) echo -e "${GRAY}[$timestamp]${NC} ${CYAN}[DEBUG]${NC} $msg" ;;
CMD) echo -e "${GRAY}[$timestamp]${NC} ${GRAY}[CMD]${NC} $msg" ;;
*) echo -e "${GRAY}[$timestamp]${NC} $msg" ;;
esac
}
# Run command with logging
run_cmd() {
local desc="$1"
shift
log CMD "$desc: $*"
output=$("$@" 2>&1)
local rc=$?
if [ -n "$output" ]; then
echo "$output" | while IFS= read -r line; do
echo -e " ${GRAY}${NC} $line"
done
fi
return $rc
}
echo -e "${CYAN}========================================${NC}"
echo -e "${CYAN} Dover VPN Connection Script ${NC}"
echo -e "${CYAN}========================================${NC}"
echo ""
# Function to get current TOTP
get_totp() {
oathtool --totp -b "$TOTP_SECRET"
}
# Function to detect VPN tunnel interface dynamically
get_vpn_interface() {
# Look for cscotun* or tun* interfaces that are UP
local iface=$(ip link show | grep -oP '(cscotun\d+|tun\d+)(?=:.*UP)' | head -1)
if [ -z "$iface" ]; then
# Fallback: any cscotun interface
iface=$(ip link show | grep -oP 'cscotun\d+' | head -1)
fi
echo "$iface"
}
# Function to get VM's IP on host-only network (for Windows routing)
get_vm_hostonly_ip() {
# Get IP from ens38 (host-only adapter) - could be any 192.168.x.x
ip addr show ens38 2>/dev/null | grep -oP 'inet \K[\d.]+' | head -1
}
# Function to get VPN tunnel IP
get_vpn_ip() {
local iface=$(get_vpn_interface)
if [ -n "$iface" ]; then
ip addr show "$iface" 2>/dev/null | grep -oP 'inet \K[\d.]+' | head -1
fi
}
# Start xbindkeys for keyboard macros
start_xbindkeys() {
log INFO "Starting keyboard macro listener (xbindkeys)..."
# Kill any existing xbindkeys
pkill xbindkeys 2>/dev/null
sleep 0.5
# Start xbindkeys
xbindkeys -f ~/.xbindkeysrc 2>/dev/null &
XBINDKEYS_PID=$!
if pgrep xbindkeys >/dev/null; then
log DEBUG "xbindkeys started (PID: $(pgrep xbindkeys))"
log INFO "Keyboard shortcuts active: Ctrl+1=email, Ctrl+2=pass, Ctrl+3=TOTP, Ctrl+4=combo, Ctrl+5=all"
else
log WARN "Failed to start xbindkeys"
fi
}
# Stop xbindkeys
stop_xbindkeys() {
if pgrep xbindkeys >/dev/null; then
log INFO "Stopping keyboard macro listener..."
pkill xbindkeys 2>/dev/null
log DEBUG "xbindkeys stopped"
fi
}
# Kill all Cisco-related processes
kill_cisco_processes() {
log INFO "Killing all Cisco-related processes..."
local killed=0
local my_pid=$$
local my_ppid=$(ps -o ppid= -p $$ | tr -d ' ')
# Kill vpnui specifically (not just any process with "vpn" in name)
for pid in $(pgrep -x "vpnui" 2>/dev/null); do
if [ "$pid" != "$my_pid" ] && [ "$pid" != "$my_ppid" ]; then
log DEBUG "Killing vpnui (PID $pid)"
sudo kill -9 "$pid" 2>/dev/null && ((killed++))
fi
done
# Note: Don't kill vpnagentd - we need it running
# Kill Cisco-specific processes by exact path
for proc in cstub cscan acwebsecagent vpndownloader; do
for pid in $(pgrep -x "$proc" 2>/dev/null); do
log DEBUG "Killing $proc (PID $pid)"
sudo kill -9 "$pid" 2>/dev/null && ((killed++))
done
done
# Kill openconnect (exact match)
for pid in $(pgrep -x "openconnect" 2>/dev/null); do
log DEBUG "Killing openconnect (PID $pid)"
sudo kill -9 "$pid" 2>/dev/null && ((killed++))
done
if [ $killed -eq 0 ]; then
log INFO "No Cisco processes were running"
else
log INFO "Killed $killed process(es)"
sleep 1
fi
}
# Function to setup iptables rules for forwarding
setup_forwarding() {
log INFO "Setting up IP forwarding rules for $TARGET_IP..."
local vpn_iface=$(get_vpn_interface)
if [ -z "$vpn_iface" ]; then
log ERROR "No VPN interface found! Is VPN connected?"
return 1
fi
local vpn_ip=$(get_vpn_ip)
local vm_ip=$(get_vm_hostonly_ip)
log DEBUG "VPN interface: $vpn_iface"
log DEBUG "VPN IP: $vpn_ip"
log DEBUG "VM host-only IP: $vm_ip"
# Enable IP forwarding
run_cmd "Enabling IP forwarding" sudo sysctl -w net.ipv4.ip_forward=1
# NAT masquerade
if ! sudo iptables -t nat -C POSTROUTING -d "$TARGET_IP" -j MASQUERADE 2>/dev/null; then
run_cmd "Adding NAT masquerade rule" sudo iptables -t nat -A POSTROUTING -d "$TARGET_IP" -j MASQUERADE
else
log DEBUG "NAT masquerade rule already exists"
fi
# Forward rules
if ! sudo iptables -C FORWARD -d "$TARGET_IP" -j ACCEPT 2>/dev/null; then
run_cmd "Adding forward rule (to target)" sudo iptables -A FORWARD -d "$TARGET_IP" -j ACCEPT
else
log DEBUG "Forward rule (to target) already exists"
fi
if ! sudo iptables -C FORWARD -s "$TARGET_IP" -j ACCEPT 2>/dev/null; then
run_cmd "Adding forward rule (from target)" sudo iptables -A FORWARD -s "$TARGET_IP" -j ACCEPT
else
log DEBUG "Forward rule (from target) already exists"
fi
# Cisco VPN chain bypass (insert at top if chain exists)
if sudo iptables -L ciscovpn -n &>/dev/null; then
if ! sudo iptables -C ciscovpn -o "$vpn_iface" -d "$TARGET_IP" -j ACCEPT 2>/dev/null; then
run_cmd "Adding ciscovpn bypass (outbound)" sudo iptables -I ciscovpn 1 -o "$vpn_iface" -d "$TARGET_IP" -j ACCEPT
else
log DEBUG "Ciscovpn bypass (outbound) already exists"
fi
if ! sudo iptables -C ciscovpn -i "$vpn_iface" -s "$TARGET_IP" -j ACCEPT 2>/dev/null; then
run_cmd "Adding ciscovpn bypass (inbound)" sudo iptables -I ciscovpn 2 -i "$vpn_iface" -s "$TARGET_IP" -j ACCEPT
else
log DEBUG "Ciscovpn bypass (inbound) already exists"
fi
else
log DEBUG "ciscovpn chain does not exist (yet)"
fi
log INFO "Forwarding rules configured"
echo ""
log INFO "Windows route command (run as Admin):"
echo -e " ${CYAN}route add $TARGET_IP mask 255.255.255.255 $vm_ip${NC}"
echo ""
}
# Copy credentials to clipboard as alternative
copy_to_clipboard() {
log INFO "Starting clipboard credential rotation..."
echo ""
log INFO "Copying EMAIL to clipboard"
echo "$EMAIL" | xclip -selection clipboard
echo -e " ${CYAN}Email ready: $EMAIL${NC}"
echo -e " Paste now (Ctrl+V), then press ${GREEN}Enter${NC} here for password..."
read -r
log INFO "Copying PASSWORD to clipboard"
echo "$PASSWORD" | xclip -selection clipboard
echo -e " ${CYAN}Password ready${NC}"
echo -e " Paste now (Ctrl+V), then press ${GREEN}Enter${NC} here for TOTP..."
read -r
TOTP=$(get_totp)
log INFO "Copying TOTP to clipboard"
echo "$TOTP" | xclip -selection clipboard
echo -e " ${CYAN}TOTP ready: $TOTP${NC}"
echo -e " Paste now (Ctrl+V)"
}
# Print current TOTP with countdown
show_totp() {
log INFO "Starting live TOTP display (Ctrl+C to stop)"
echo ""
while true; do
TOTP=$(get_totp)
SECONDS_LEFT=$((30 - ($(date +%s) % 30)))
echo -ne "\r ${CYAN}Current TOTP:${NC} ${GREEN}$TOTP${NC} (expires in ${YELLOW}${SECONDS_LEFT}s${NC}) "
sleep 1
done
}
# Show network status
show_network_status() {
log INFO "Current network status:"
# VM IPs
echo ""
log DEBUG "VM Network Interfaces:"
ip -4 addr show | grep -E "inet |^[0-9]+:" | while IFS= read -r line; do
echo -e " ${GRAY}${NC} $line"
done
# VPN status
echo ""
local vpn_iface=$(get_vpn_interface)
if [ -n "$vpn_iface" ]; then
local vpn_ip=$(get_vpn_ip)
log INFO "VPN Status: ${GREEN}CONNECTED${NC}"
log DEBUG " Interface: $vpn_iface"
log DEBUG " VPN IP: $vpn_ip"
else
log WARN "VPN Status: ${RED}NOT CONNECTED${NC}"
fi
# Host-only IP for Windows
local vm_ip=$(get_vm_hostonly_ip)
if [ -n "$vm_ip" ]; then
log DEBUG "Host-only IP (for Windows): $vm_ip"
fi
echo ""
}
# Main menu
main_menu() {
echo -e "${GREEN}Options:${NC}"
echo -e " ${CYAN}1${NC} - Start Cisco AnyConnect (kill existing + launch)"
echo -e " ${CYAN}2${NC} - Copy credentials to clipboard (one by one)"
echo -e " ${CYAN}3${NC} - Show live TOTP"
echo -e " ${CYAN}4${NC} - Setup IP forwarding rules only"
echo -e " ${CYAN}5${NC} - Test connection to $TARGET_IP"
echo -e " ${CYAN}6${NC} - Show network status"
echo -e " ${CYAN}7${NC} - Kill all Cisco processes"
echo -e " ${CYAN}q${NC} - Quit"
echo ""
}
# Check if VPN is already connected
check_vpn_status() {
local vpn_iface=$(get_vpn_interface)
if [ -n "$vpn_iface" ]; then
local vpn_ip=$(get_vpn_ip)
log INFO "VPN is ${GREEN}CONNECTED${NC}"
log DEBUG " Interface: $vpn_iface"
log DEBUG " VPN IP: $vpn_ip"
return 0
else
log WARN "VPN is ${RED}NOT CONNECTED${NC}"
return 1
fi
}
# Focus on Cisco AnyConnect window
focus_vpn_window() {
local win_id=$(xdotool search --name "Cisco" 2>/dev/null | head -1)
if [ -n "$win_id" ]; then
xdotool windowactivate --sync "$win_id" 2>/dev/null
sleep 0.3
return 0
fi
return 1
}
# Auto-login sequence using xdotool (no auto-focus, types to active window)
auto_login() {
log INFO "Starting automated login sequence..."
# Wait for UI to fully load
log DEBUG "Waiting 5s for UI to load..."
sleep 5
# Press Enter to initiate connection
log DEBUG "Pressing Enter to start connection..."
xdotool key Return
sleep 5
# Press Enter again (Connect button)
log DEBUG "Pressing Enter for Connect..."
xdotool key Return
# Wait for SSO browser to open
log DEBUG "Waiting for SSO browser to open..."
sleep 7
# Type email
log DEBUG "Typing email..."
xdotool type --delay 50 "$EMAIL"
xdotool key Return
sleep 5
# Type password
log DEBUG "Typing password..."
xdotool type --delay 50 "$PASSWORD"
xdotool key Return
sleep 5
# Type TOTP
log DEBUG "Typing TOTP..."
local totp=$(oathtool --totp -b "$TOTP_SECRET")
log DEBUG "TOTP: $totp"
xdotool type --delay 50 "$totp"
xdotool key Return
sleep 5
# Extra enters for any confirmation dialogs
log DEBUG "Sending confirmation enters..."
xdotool key Return
sleep 2
xdotool key Return
sleep 5
xdotool key Return
log INFO "Auto-login sequence completed"
}
# Start Cisco AnyConnect with logging
start_anyconnect() {
log INFO "=== Starting Cisco AnyConnect VPN (FULLY AUTOMATED) ==="
echo ""
# Kill existing processes first
kill_cisco_processes
# Start vpnagentd if not running
if ! pgrep -x vpnagentd >/dev/null; then
log INFO "Starting vpnagentd..."
sudo /opt/cisco/secureclient/bin/vpnagentd &
log DEBUG "Waiting for vpnagentd to initialize..."
sleep 5
fi
# Show credentials
log INFO "Credentials for SSO login:"
echo -e " ${CYAN}Email: $EMAIL${NC}"
echo -e " ${CYAN}Password: $PASSWORD${NC}"
TOTP=$(get_totp)
echo -e " ${CYAN}TOTP: $TOTP${NC}"
echo ""
# Start AnyConnect with GPU/WebKit workarounds
log INFO "Launching Cisco AnyConnect UI..."
export GDK_BACKEND=x11
export WEBKIT_DISABLE_DMABUF_RENDERER=1
/opt/cisco/secureclient/bin/vpnui &
VPNUI_PID=$!
log DEBUG "vpnui started with PID $VPNUI_PID"
# Run auto-login in background
auto_login &
AUTO_LOGIN_PID=$!
log DEBUG "Auto-login started with PID $AUTO_LOGIN_PID"
# Wait for VPN to connect
log INFO "Waiting for VPN connection..."
local wait_count=0
local max_wait=300 # 5 minutes
while [ -z "$(get_vpn_interface)" ]; do
sleep 2
((wait_count+=2))
if [ $((wait_count % 10)) -eq 0 ]; then
log DEBUG "Still waiting for VPN... (${wait_count}s)"
fi
if [ $wait_count -ge $max_wait ]; then
log ERROR "Timeout waiting for VPN connection after ${max_wait}s"
stop_xbindkeys
return 1
fi
done
log INFO "VPN connected!"
local vpn_iface=$(get_vpn_interface)
local vpn_ip=$(get_vpn_ip)
log DEBUG " Interface: $vpn_iface"
log DEBUG " VPN IP: $vpn_ip"
# Wait a bit for routes to stabilize
log DEBUG "Waiting for routes to stabilize..."
sleep 3
# Setup forwarding
setup_forwarding
# Test connection
log INFO "Testing connection to $TARGET_IP..."
if ping -c 2 -W 3 "$TARGET_IP" &>/dev/null; then
log INFO "Connection test: ${GREEN}SUCCESS${NC}"
else
log WARN "Connection test: ${RED}FAILED${NC} (may need manual route on Windows)"
fi
}
# Main
log INFO "Script started"
echo ""
# Check current status
if check_vpn_status; then
echo ""
log INFO "VPN already connected. Setting up forwarding..."
setup_forwarding
else
echo ""
log INFO "Auto-starting VPN connection..."
echo ""
start_anyconnect
fi
echo ""
main_menu
while true; do
echo -ne "${CYAN}Choice: ${NC}"
read -r choice
case $choice in
1)
echo ""
start_anyconnect
echo ""
main_menu
;;
2)
echo ""
copy_to_clipboard
echo ""
main_menu
;;
3)
echo ""
show_totp
echo ""
main_menu
;;
4)
echo ""
setup_forwarding
echo ""
main_menu
;;
5)
echo ""
log INFO "Testing connection to $TARGET_IP..."
if ping -c 3 "$TARGET_IP"; then
log INFO "Connection test: ${GREEN}SUCCESS${NC}"
else
log ERROR "Connection test: ${RED}FAILED${NC}"
fi
echo ""
main_menu
;;
6)
echo ""
show_network_status
main_menu
;;
7)
echo ""
kill_cisco_processes
echo ""
main_menu
;;
q|Q)
log INFO "Goodbye!"
exit 0
;;
*)
log ERROR "Invalid choice"
;;
esac
done

79
apps/rego-tunnel-linux/vpn_scripts/install-cisco.sh
View File

@@ -1,79 +0,0 @@
#!/bin/bash
# Install Cisco Secure Client on Ubuntu VM
# Run this script once after the VM is set up
set -e
echo "========================================"
echo " Installing Cisco Secure Client"
echo "========================================"
# Install dependencies
echo "Installing dependencies..."
sudo apt-get update
sudo apt-get install -y xdotool oathtool xclip p7zip-full curl wget \
libpango-1.0-0 libpangocairo-1.0-0 libgtk-3-0 libwebkit2gtk-4.0-37 \
libjavascriptcoregtk-4.0-18 libnss3 net-tools iproute2 iptables
# Create Cisco directories
echo "Creating Cisco directories..."
sudo mkdir -p /opt/cisco/secureclient
sudo mkdir -p /opt/.cisco/certificates/ca
# Copy Cisco installation from shared folder
if [ -d "/mnt/shared/secureclient" ]; then
echo "Copying Cisco Secure Client from shared folder..."
sudo cp -r /mnt/shared/secureclient/* /opt/cisco/secureclient/
sudo chmod +x /opt/cisco/secureclient/bin/*
# Create symlinks for system-wide access
sudo ln -sf /opt/cisco/secureclient/bin/vpn /usr/local/bin/vpn
sudo ln -sf /opt/cisco/secureclient/bin/vpnui /usr/local/bin/vpnui
sudo ln -sf /opt/cisco/secureclient/bin/vpnagentd /usr/local/bin/vpnagentd
# Create library symlinks
sudo ldconfig /opt/cisco/secureclient/lib
# Create systemd service for vpnagentd
sudo tee /etc/systemd/system/cisco-vpnagentd.service > /dev/null << 'EOF'
[Unit]
Description=Cisco Secure Client VPN Agent
After=network.target
[Service]
Type=simple
ExecStart=/opt/cisco/secureclient/bin/vpnagentd
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload
sudo systemctl enable cisco-vpnagentd
sudo systemctl start cisco-vpnagentd
echo "Cisco Secure Client installed successfully!"
else
echo "ERROR: Shared folder /mnt/shared/secureclient not found"
echo "Please mount the vpn_scripts directory to /mnt/shared"
exit 1
fi
# Copy VPN automation script
if [ -f "/mnt/shared/cisco-vpn.sh" ]; then
echo "Copying VPN automation script..."
cp /mnt/shared/cisco-vpn.sh ~/cisco-vpn.sh
chmod +x ~/cisco-vpn.sh
fi
echo ""
echo "========================================"
echo " Installation Complete!"
echo "========================================"
echo ""
echo "To connect to VPN:"
echo " 1. Start a display session (GUI or VNC)"
echo " 2. Run: ~/cisco-vpn.sh"
echo ""

7
apps/rego-tunnel-linux/vpn_scripts/secureclient/ACManifestVPN.xml
View File

@@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vpn rev="1.0">
<file version="5.1.11.388" id="VPNCore" is_core="yes" type="script" action="install">
<uri>binaries/cisco-secure-client-linux64-5.1.11.388-core-vpn-webdeploy-k9.sh</uri>
<display-name>Cisco Secure Client - AnyConnect VPN</display-name>
</file>
</vpn>

28
apps/rego-tunnel-linux/vpn_scripts/secureclient/AnyConnectLocalPolicy.xml
View File

@@ -1,28 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectLocalPolicy xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectLocalPolicy.xsd" acversion="5.1.11.388">
<BypassDefaultLocalization>false</BypassDefaultLocalization>
<BypassDownloader>false</BypassDownloader>
<ExcludeFirefoxNSSCertStore>false</ExcludeFirefoxNSSCertStore>
<FipsMode>false</FipsMode>
<OCSPRevocation>false</OCSPRevocation>
<RestrictHelpWebDeploy>false</RestrictHelpWebDeploy>
<RestrictLocalizationWebDeploy>false</RestrictLocalizationWebDeploy>
<RestrictPreferenceCaching>false</RestrictPreferenceCaching>
<RestrictResourceWebDeploy>false</RestrictResourceWebDeploy>
<RestrictScriptWebDeploy>false</RestrictScriptWebDeploy>
<RestrictServerCertStore>false</RestrictServerCertStore>
<RestrictTunnelProtocols>false</RestrictTunnelProtocols>
<RestrictWebLaunch>false</RestrictWebLaunch>
<StrictCertificateTrust>false</StrictCertificateTrust>
<UpdatePolicy>
<AllowComplianceModuleUpdatesFromAnyServer>true</AllowComplianceModuleUpdatesFromAnyServer>
<AllowHelpUpdatesFromAnyServer>true</AllowHelpUpdatesFromAnyServer>
<AllowISEProfileUpdatesFromAnyServer>true</AllowISEProfileUpdatesFromAnyServer>
<AllowLocalizationUpdatesFromAnyServer>true</AllowLocalizationUpdatesFromAnyServer>
<AllowManagementVPNProfileUpdatesFromAnyServer>true</AllowManagementVPNProfileUpdatesFromAnyServer>
<AllowResourceUpdatesFromAnyServer>true</AllowResourceUpdatesFromAnyServer>
<AllowScriptUpdatesFromAnyServer>true</AllowScriptUpdatesFromAnyServer>
<AllowServiceProfileUpdatesFromAnyServer>true</AllowServiceProfileUpdatesFromAnyServer>
<AllowSoftwareUpdatesFromAnyServer>true</AllowSoftwareUpdatesFromAnyServer>
<AllowVPNProfileUpdatesFromAnyServer>true</AllowVPNProfileUpdatesFromAnyServer></UpdatePolicy>
</AnyConnectLocalPolicy>

273
apps/rego-tunnel-linux/vpn_scripts/secureclient/AnyConnectLocalPolicy.xsd
View File

@@ -1,273 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/encoding/" targetNamespace="http://schemas.xmlsoap.org/encoding/" elementFormDefault="qualified" attributeFormDefault="unqualified">
<xs:element name="AnyConnectLocalPolicy">
<xs:complexType>
<xs:all minOccurs="0">
<xs:element name="FipsMode" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="BypassDownloader" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="BypassDefaultLocalization" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="RestrictScriptWebDeploy" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="RestrictHelpWebDeploy" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="RestrictResourceWebDeploy" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="RestrictLocalizationWebDeploy" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="RestrictWebLaunch" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="StrictCertificateTrust" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="EnableCRLCheck" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="OCSPRevocation" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="RestrictTunnelProtocols" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="false" />
<xs:enumeration value="IPSec" />
<xs:enumeration value="TLS" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="RestrictPreferenceCaching" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:pattern value="((false|All|Credentials|Thumbprints|CredentialsAndThumbprints|AutomaticServerSelection),)*(false|All|Credentials|Thumbprints|CredentialsAndThumbprints|AutomaticServerSelection)"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="ExcludePemFileCertStore" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="false" />
<xs:enumeration value="true" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="ExcludeWinNativeCertStore" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="false" />
<xs:enumeration value="true" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="ExcludeMacNativeCertStore" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="false" />
<xs:enumeration value="true" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="ExcludeFirefoxNSSCertStore" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="false" />
<xs:enumeration value="true" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="RestrictServerCertStore" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="false" />
<xs:enumeration value="true" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="UpdatePolicy" minOccurs="0">
<xs:complexType>
<xs:all minOccurs="0">
<xs:element name="AllowSoftwareUpdatesFromAnyServer" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="AllowComplianceModuleUpdatesFromAnyServer" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="AllowVPNProfileUpdatesFromAnyServer" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="AllowManagementVPNProfileUpdatesFromAnyServer" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="AllowISEProfileUpdatesFromAnyServer" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="AllowServiceProfileUpdatesFromAnyServer" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="AllowHelpUpdatesFromAnyServer" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="AllowResourceUpdatesFromAnyServer" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="AllowLocalizationUpdatesFromAnyServer" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="AllowScriptUpdatesFromAnyServer" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="AuthorizedServerList" minOccurs="0">
<xs:complexType>
<xs:sequence>
<xs:element name="ServerName" type="xs:token" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:all>
</xs:complexType>
</xs:element>
<xs:element name="TrustedISECertFingerprints" minOccurs="0">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="1" maxOccurs="unbounded" name="fingerprint">
<xs:complexType>
<xs:sequence>
<xs:element name="algorithm" type="xs:token" />
<xs:element name="hash">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:pattern value="[\s:]*([a-fA-F0-9][\s:]*){64}" />
</xs:restriction>
</xs:simpleType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:all>
<xs:attribute name="acversion">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:pattern value="(\d+)(\.(\d+))(\.(\d+))(\.(\d+))?" />
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:schema>

6
apps/rego-tunnel-linux/vpn_scripts/secureclient/CustomerExperienceFeedback/history
View File

@@ -1,6 +0,0 @@
last_version_number:5.1.11.388
last_sequence_number:2
last_post:
last_feedback:1764115637
last_crash_report:
last_threat_report:

1
apps/rego-tunnel-linux/vpn_scripts/secureclient/CustomerExperienceFeedback/moduledata/vpn.cef
View File

@@ -1 +0,0 @@
d11:Connectionsd11:SessionInfod3:SSLd12:ConnectCounti1e11:ProfileHashd64:5FBB526D589505911C49F093A8B12F06419E445B25828E2750230009A0F5FE60d5:Counti1eee17:TunnelInitiatedByd3:GUId5:Counti1eeeee10:TunnelInfod11:GatewayTyped15:ASA (9.12(4)72)d8:DTLSv1.2d6:Cipherd29:ECDHE_ECDSA_AES256_GCM_SHA384d5:Counti1eee14:TunnelConnectsi1ee7:TLSv1.2d6:Cipherd27:ECDHE_RSA_AES256_GCM_SHA384d5:Counti1eee14:TunnelConnectsi1eeeeee11:LocalPolicyd45:AllowManagementVPNProfileUpdatesFromAnyServeri1e39:AllowServiceProfileUpdatesFromAnyServeri1e33:AllowSoftwareUpdatesFromAnyServeri1e35:AllowVPNProfileUpdatesFromAnyServeri1e16:BypassDownloaderi0e26:ExcludeFirefoxNSSCertStorei0e25:ExcludeMacNativeCertStorei0e23:ExcludePemFileCertStorei0e25:ExcludeWinNativeCertStorei0e8:FipsModei0e25:RestrictPreferenceCaching5:false23:RestrictTunnelProtocols5:false17:RestrictWebLaunchi0e22:StrictCertificateTrusti0eee

1
apps/rego-tunnel-linux/vpn_scripts/secureclient/CustomerExperienceFeedback/moduledata/vpn.cef.temp
View File

@@ -1 +0,0 @@
d11:Connectionsd11:SessionInfod3:SSLd12:ConnectCounti3e11:ProfileHashd64:5FBB526D589505911C49F093A8B12F06419E445B25828E2750230009A0F5FE60d5:Counti3eee14:ReconnectCounti1e17:TunnelInitiatedByd3:GUId5:Counti3eeeee10:TunnelInfod11:GatewayTyped15:ASA (9.12(4)72)d8:DTLSv1.2d6:Cipherd29:ECDHE_ECDSA_AES256_GCM_SHA384d5:Counti4eee14:TunnelConnectsi4ee7:TLSv1.2d6:Cipherd27:ECDHE_RSA_AES256_GCM_SHA384d5:Counti4eee14:TunnelConnectsi4eeeeee11:LocalPolicyd45:AllowManagementVPNProfileUpdatesFromAnyServeri1e39:AllowServiceProfileUpdatesFromAnyServeri1e33:AllowSoftwareUpdatesFromAnyServeri1e35:AllowVPNProfileUpdatesFromAnyServeri1e16:BypassDownloaderi0e26:ExcludeFirefoxNSSCertStorei0e25:ExcludeMacNativeCertStorei0e23:ExcludePemFileCertStorei0e25:ExcludeWinNativeCertStorei0e8:FipsModei0e25:RestrictPreferenceCaching5:false23:RestrictTunnelProtocols5:false17:RestrictWebLaunchi0e22:StrictCertificateTrusti0eee

12
apps/rego-tunnel-linux/vpn_scripts/secureclient/OpenSource.html
View File

@@ -1,12 +0,0 @@
<html>
<head>
<title>Open Source Used In AnyConnect VPN Client Software</title>
</head>
<body>
<h1>Open Source Used In AnyConnect VPN Client Software</h1>
<br/>
<h3>Please refer to <a href="https://www.cisco.com/go/opensource">Open Source in Cisco Products</a> for the latest information on the open source used in AnyConnect VPN Client Software.</h3>
<br/>
<p><font size="2">Copyright &copy; 2025 Cisco Systems, Inc. All rights reserved.</font></p>
</body>
</html>

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/VPNManifest.dat
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/acextwebhelper
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/acinstallhelper
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/acwebhelper
View File

Binary file not shown.

50
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/cisco_secure_client_uninstall.sh
View File

@@ -1,50 +0,0 @@
#!/bin/sh
INSTPREFIX="/opt/cisco/secureclient"
BINDIR="${INSTPREFIX}/bin"
NVM_BINDIR="${INSTPREFIX}/NVM/bin"
POSTURE_BINDIR="${INSTPREFIX}/securefirewallposture/bin"
VPN_UNINST=${BINDIR}/vpn_uninstall.sh
POSTURE_UNINST=${POSTURE_BINDIR}/posture_uninstall.sh
NVM_UNINST=${NVM_BINDIR}/nvm_uninstall.sh
ISEPOSTURE_UNINST=${BINDIR}/iseposture_uninstall.sh
ISECOMPLIANCE_UNINST=${BINDIR}/isecompliance_uninstall.sh
if [ -x "${ISECOMPLIANCE_UNINST}" ]; then
${ISECOMPLIANCE_UNINST}
if [ $? -ne 0 ]; then
echo "Error uninstalling Cisco Secure Client - ISE Compliance."
fi
fi
if [ -x "${ISEPOSTURE_UNINST}" ]; then
${ISEPOSTURE_UNINST}
if [ $? -ne 0 ]; then
echo "Error uninstalling Cisco Secure Client - ISE Posture."
fi
fi
if [ -x "${POSTURE_UNINST}" ]; then
${POSTURE_UNINST}
if [ $? -ne 0 ]; then
echo "Error uninstalling Cisco Secure Client - Secure Firewall Posture Module."
fi
fi
if [ -x "${NVM_UNINST}" ]; then
${NVM_UNINST}
if [ $? -ne 0 ]; then
echo "Error uninstalling Cisco Secure Client - Network Visibility Module."
fi
fi
if [ -x "${VPN_UNINST}" ]; then
${VPN_UNINST}
if [ $? -ne 0 ]; then
echo "Error uninstalling Cisco Secure Client."
fi
fi
exit 0

9
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/load_tun.sh
View File

@@ -1,9 +0,0 @@
#!/bin/sh
/sbin/lsmod | grep tun > /dev/null
if [ $? -ne 0 ]; then
/sbin/modprobe tun > /dev/null 2> /dev/null
if [ $? -ne 0 ]; then
# check for /dev/net/tun
[ -c "/dev/net/tun" ] || echo Warning: Unable to verify that the tun/tap driver is loaded. Contact your system administrator for assistance.
fi
fi

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/manifesttool
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/manifesttool_vpn
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/plugins/libacdownloader.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/plugins/libacfeedback.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/plugins/libacwebhelper.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/plugins/libvpnipsec.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/vpn
View File

Binary file not shown.

194
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/vpn_uninstall.sh
View File

@@ -1,194 +0,0 @@
#!/bin/sh
AC_INSTPREFIX="/opt/cisco/anyconnect"
INSTPREFIX="/opt/cisco/secureclient"
NVM_DIR="${INSTPREFIX}/NVM"
ROOTCERTSTORE=/opt/.cisco/certificates/ca
ROOTCACERT="DigiCertAssuredIDRootCA.pem"
ROOTCACERT_OLD="VeriSignClass3PublicPrimaryCertificationAuthority-G5.pem"
BINDIR="${INSTPREFIX}/bin"
LIBDIR="${INSTPREFIX}/lib"
PROFDIR="${INSTPREFIX}/vpn/profile"
SCRIPTDIR="${INSTPREFIX}/vpn/script"
HELPDIR="${INSTPREFIX}/help"
PLUGINDIR="${BINDIR}/plugins"
MENUDIR="/etc/xdg/menus/applications-merged/"
DIRECTORYDIR="/usr/share/desktop-directories/"
DESKTOPDIR="/usr/share/applications"
ICONSDIR="/usr/share/icons"
SYSTEMD_CONF="vpnagentd.service"
SYSTEMD_CONF_DIR="/etc/systemd/system"
AGENT="vpnagentd"
VPNMANIFEST="ACManifestVPN.xml"
LOGDIR="/var/log/secureclient"
UNINSTALLLOG="${LOGDIR}/csc_vpn_uninstall.log"
# List of files to remove
FILELIST="${BINDIR}/vpnagentd \
${BINDIR}/vpn_uninstall.sh \
${BINDIR}/cisco_secure_client_uninstall.sh \
${LIBDIR}/libacciscossl.so \
${LIBDIR}/libacciscocrypto.so \
${LIBDIR}/cfom.so \
${LIBDIR}/libaccurl.so.4 \
${LIBDIR}/libaccurl.so.4.8.0 \
${LIBDIR}/libvpnagentutilities.so \
${LIBDIR}/libvpncommon.so \
${LIBDIR}/libvpncommoncrypt.so \
${LIBDIR}/libvpnapi.so \
${LIBDIR}/libacruntime.so \
${BINDIR}/vpnui \
${BINDIR}/vpn \
${BINDIR}/vpndownloader \
${BINDIR}/vpndownloader-cli \
${PLUGINDIR}/libacdownloader.so \
${BINDIR}/acinstallhelper \
${BINDIR}/acwebhelper \
${BINDIR}/acextwebhelper \
${BINDIR}/manifesttool \
${BINDIR}/manifesttool_vpn \
${BINDIR}/load_tun.sh \
${MENUDIR}/cisco-secure-client.menu \
${DIRECTORYDIR}/cisco-secure-client.directory \
${DESKTOPDIR}/com.cisco.secureclient.gui.desktop \
${ICONSDIR}/hicolor/48x48/apps/cisco-secure-client.png \
${ICONSDIR}/hicolor/64x64/apps/cisco-secure-client.png \
${ICONSDIR}/hicolor/96x96/apps/cisco-secure-client.png \
${ICONSDIR}/hicolor/128x128/apps/cisco-secure-client.png \
${ICONSDIR}/hicolor/256x256/apps/cisco-secure-client.png \
${ICONSDIR}/hicolor/512x512/apps/cisco-secure-client.png \
${INSTPREFIX}/resources/* \
${INSTPREFIX}/${VPNMANIFEST} \
${INSTPREFIX}/update.txt \
${INSTPREFIX}/OpenSource.html \
${PROFDIR}/AnyConnectProfile.xsd \
${INSTPREFIX}/AnyConnectLocalPolicy.xsd \
${LIBDIR}/libboost_date_time.so* \
${LIBDIR}/libboost_atomic.so* \
${LIBDIR}/libboost_filesystem.so* \
${LIBDIR}/libboost_system.so* \
${LIBDIR}/libboost_thread.so* \
${LIBDIR}/libboost_chrono.so* \
${LIBDIR}/libboost_regex.so* \
${PLUGINDIR}/libvpnipsec.so \
${PLUGINDIR}/libacfeedback.so \
${PLUGINDIR}/libacwebhelper.so \
${ROOTCERTSTORE}/${ROOTCACERT} \
${ROOTCERTSTORE}/${ROOTCACERT_OLD} \
${AC_INSTPREFIX}/${VPNMANIFEST} \
${SYSTEMD_CONF_DIR}/${SYSTEMD_CONF}"
# Create log directory if not exist
if [ ! -d ${LOGDIR} ]; then
mkdir -p ${LOGDIR} >/dev/null 2>&1
fi
echo "Uninstalling Cisco Secure Client..."
echo "Uninstalling Cisco Secure Client..." > ${UNINSTALLLOG}
echo `whoami` "invoked $0 from " `pwd` " at " `date` >> ${UNINSTALLLOG}
# Check for root privileges
if [ `id | sed -e 's/(.*//'` != "uid=0" ]; then
echo "Sorry, you need super user privileges to run this script."
echo "Sorry, you need super user privileges to run this script." >> ${UNINSTALLLOG}
exit 1
fi
# update the VPNManifest.dat
echo "${BINDIR}/manifesttool_vpn -x ${INSTPREFIX} ${INSTPREFIX}/${VPNMANIFEST}" >> ${UNINSTALLLOG}
${BINDIR}/manifesttool_vpn -x ${INSTPREFIX} ${INSTPREFIX}/${VPNMANIFEST} >> ${UNINSTALLLOG}
# Attempt to stop the service if it is running.
echo "Stopping the VPN agent..." >> ${UNINSTALLLOG}
TESTINIT=`ls -l /proc/1/exe`
if [ -z "${TESTINIT##*"systemd"*}" ]; then
echo systemctl stop ${SYSTEMD_CONF} >> ${UNINSTALLLOG}
systemctl stop ${SYSTEMD_CONF} >> ${UNINSTALLLOG} 2>&1
echo systemctl disable ${SYSTEMD_CONF} >> ${UNINSTALLLOG}
systemctl disable ${SYSTEMD_CONF} >> ${UNINSTALLLOG} 2>&1
fi
logger "Stopping the VPN agent..."
max_seconds_to_wait=10
ntests=$max_seconds_to_wait
# Wait up to max_seconds_to_wait seconds for the agent to finish.
while [ -n "`ps -A -o command | grep \"/opt/cisco/secureclient/bin/${AGENT}\" | grep -v 'grep'`" ]
do
ntests=`expr $ntests - 1`
if [ $ntests -eq 0 ]; then
logger "Timeout waiting for agent to stop."
echo "Timeout waiting for agent to stop." >> ${UNINSTALLLOG}
break
fi
sleep 1
done
# ensure that the VPN related processes are not running
OURPROCS=`ps -A -o pid,command | grep ${BINDIR} | grep -E -v 'grep|vpn_uninstall|cisco_secure_client_uninstall' | awk '{print $1}'`
if [ -n "${OURPROCS}" ] ; then
for DOOMED in ${OURPROCS}; do
echo Killing `ps -A -o pid,command -p ${DOOMED} | grep ${DOOMED} | grep -E -v 'ps|grep'` >> ${UNINSTALLLOG}
kill -KILL ${DOOMED} >> ${UNINSTALLLOG} 2>&1
done
fi
# Remove only those files that we know we installed
for FILE in ${FILELIST}; do
echo "rm -f ${FILE}" >> ${UNINSTALLLOG}
rm -f ${FILE} >> ${UNINSTALLLOG} 2>&1
done
# Remove desktop file in Autostart Directory
if [ -z "$XDG_CONFIG_DIRS" ]; then
AUTOSTART_DIR=/etc/xdg/autostart
else
AUTOSTART_DIR=$XDG_CONFIG_DIRS
fi
echo "rm -f $AUTOSTART_DIR/com.cisco.secureclient.gui.desktop" >> ${UNINSTALLLOG}
rm -f $AUTOSTART_DIR/com.cisco.secureclient.gui.desktop >> ${UNINSTALLLOG} 2>&1
# Remove the plugins directory
echo "rm -rf ${PLUGINDIR}" >> ${UNINSTALLLOG}
rm -rf ${PLUGINDIR} >> ${UNINSTALLLOG} 2>&1
# Remove the bin directory if it is empty
echo "rmdir --ignore-fail-on-non-empty ${BINDIR}" >> ${UNINSTALLLOG}
rmdir --ignore-fail-on-non-empty ${BINDIR} >> ${UNINSTALLLOG} 2>&1
# Remove the lib directory if it is empty
echo "rmdir --ignore-fail-on-non-empty ${LIBDIR}" >> ${UNINSTALLLOG}
rmdir --ignore-fail-on-non-empty ${LIBDIR} >> ${UNINSTALLLOG} 2>&1
# Remove the script directory if it is empty
echo "rmdir --ignore-fail-on-non-empty ${SCRIPTDIR}" >> ${UNINSTALLLOG}
rmdir --ignore-fail-on-non-empty ${SCRIPTDIR} >> ${UNINSTALLLOG} 2>&1
# Remove the help directory if it is empty
echo "rmdir --ignore-fail-on-non-empty ${HELPDIR}" >> ${UNINSTALLLOG}
rmdir --ignore-fail-on-non-empty ${HELPDIR} >> ${UNINSTALLLOG} 2>&1
# Remove the profile directory if it is empty
echo "rmdir --ignore-fail-on-non-empty ${PROFDIR}" >> ${UNINSTALLLOG}
rmdir --ignore-fail-on-non-empty ${PROFDIR} >> ${UNINSTALLLOG} 2>&1
# Remove the cert store directory if it is empty
echo "rmdir --ignore-fail-on-non-empty ${ROOTCERTSTORE}" >> ${UNINSTALLLOG}
rmdir --ignore-fail-on-non-empty ${ROOTCERTSTORE} >> ${UNINSTALLLOG} 2>&1
# update the menu cache so that the Cisco Secure Client short cut in the
# applications menu is removed. This is neccessary on some
# gnome desktops(Ubuntu 10.04)
if [ -x "/usr/share/gnome-menus/update-gnome-menus-cache" ]; then
for CACHE_FILE in $(ls /usr/share/applications/desktop.*.cache); do
echo "updating ${CACHE_FILE}" >> ${UNINSTALLLOG}
/usr/share/gnome-menus/update-gnome-menus-cache /usr/share/applications/ > ${CACHE_FILE}
done
fi
echo "Updating GTK icon cache" >> ${UNINSTALLLOG}
gtk-update-icon-cache -f -t /usr/share/icons/hicolor >> ${UNINSTALLLOG} 2>&1
echo "Successfully removed Cisco Secure Client from the system." >> ${UNINSTALLLOG}
echo "Successfully removed Cisco Secure Client from the system."
exit 0

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/vpnagentd
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/vpndownloader
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/vpndownloader-cli
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/bin/vpnui
View File

Binary file not shown.

4
apps/rego-tunnel-linux/vpn_scripts/secureclient/cisco-secure-client-linux64-5.1.11.388-core-vpn-webdeploy-k9-10093222122025.log
View File

@@ -1,4 +0,0 @@
Installing Cisco Secure Client...
root invoked /home/alexz/Downloads/cisco-secure-client-linux64-5.1.11.388-core-vpn-webdeploy-k9.sh from /home/alexz at Mon Dec 22 10:09:32 AM PST 2025
Version 5.1.11.388 is already installed!
Exiting now.

209
apps/rego-tunnel-linux/vpn_scripts/secureclient/cisco-secure-client-linux64-5.1.11.388-core-vpn-webdeploy-k9-15571525112025.log
View File

@@ -1,209 +0,0 @@
Installing Cisco Secure Client...
root invoked Downloads/cisco-secure-client-linux64-5.1.11.388-core-vpn-webdeploy-k9.sh from /home/alexz at Tue Nov 25 03:57:15 PM PST 2025
Extracting installation files to /tmp/vpn.wVQjjC/vpninst874817225.tgz...
Unarchiving installation files to /tmp/vpn.wVQjjC...
vpn/
vpn/com.cisco.secureclient.gui.desktop
vpn/libvpnipsec.so
vpn/libvpncommoncrypt.so
vpn/libvpnagentutilities.so
vpn/vpndownloader
vpn/libacfeedback.so
vpn/libacdownloader.so
vpn/acextwebhelper
vpn/cfom.so
vpn/load_tun.sh
vpn/libvpncommon.so
vpn/ACManifestVPN.xml
vpn/acwebhelper
vpn/libboost_thread.so
vpn/libacwebhelper.so
vpn/libacciscossl.so
vpn/vpn
vpn/cisco-secure-client.menu
vpn/libvpnapi.so
vpn/vpnagentd
vpn/VeriSignClass3PublicPrimaryCertificationAuthority-G5.pem
vpn/libboost_filesystem.so
vpn/vpndownloader-cli
vpn/update.txt
vpn/libboost_regex.so
vpn/libaccurl.so.4.8.0
vpn/acinstallhelper
vpn/cisco-secure-client.directory
vpn/resources/
vpn/resources/badge_alert.png
vpn/resources/badge_error.png
vpn/resources/cvcdownloader-gtk.glade
vpn/resources/secure-client-logo.png
vpn/resources/vpnui512.png
vpn/resources/systray_disconnecting.png
vpn/resources/badge_progress_r45.png
vpn/resources/cvc-disconnect.png
vpn/resources/ztna_logo.png
vpn/resources/badge_not_compliant.png
vpn/resources/vpn.png
vpn/resources/systray_notconnected.png
vpn/resources/cvcgui-gtk.glade
vpn/resources/cvc-info.png
vpn/resources/badge_ready.png
vpn/resources/cvc-about.png
vpn/resources/nac_16x.png
vpn/resources/nac_72x.png
vpn/resources/company-logo.png
vpn/resources/systray_connected.png
vpn/resources/systray_connected_alert.png
vpn/resources/webbrowser128.png
vpn/resources/vpnui64.png
vpn/resources/vpnui128.png
vpn/resources/cvc-connect.png
vpn/resources/vpnui256.png
vpn/resources/vpnui48.png
vpn/resources/systray_reconnecting.png
vpn/resources/badge_progress.png
vpn/resources/cvc-configure.png
vpn/resources/badge_ok.png
vpn/resources/systray_quarantined.png
vpn/resources/downloader-arrow.png
vpn/resources/badge_trusted.png
vpn/resources/vpnui96.png
vpn/resources/l10n/
vpn/resources/l10n/ko-kr/
vpn/resources/l10n/ko-kr/LC_MESSAGES/
vpn/resources/l10n/ko-kr/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/zh-cn/
vpn/resources/l10n/zh-cn/LC_MESSAGES/
vpn/resources/l10n/zh-cn/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/de-de/
vpn/resources/l10n/de-de/LC_MESSAGES/
vpn/resources/l10n/de-de/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/zh-tw/
vpn/resources/l10n/zh-tw/LC_MESSAGES/
vpn/resources/l10n/zh-tw/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/ru-ru/
vpn/resources/l10n/ru-ru/LC_MESSAGES/
vpn/resources/l10n/ru-ru/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/zh-hans/
vpn/resources/l10n/zh-hans/LC_MESSAGES/
vpn/resources/l10n/zh-hans/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/ja-jp/
vpn/resources/l10n/ja-jp/LC_MESSAGES/
vpn/resources/l10n/ja-jp/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/pl-pl/
vpn/resources/l10n/pl-pl/LC_MESSAGES/
vpn/resources/l10n/pl-pl/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/zh-hant/
vpn/resources/l10n/zh-hant/LC_MESSAGES/
vpn/resources/l10n/zh-hant/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/hu-hu/
vpn/resources/l10n/hu-hu/LC_MESSAGES/
vpn/resources/l10n/hu-hu/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/pt-br/
vpn/resources/l10n/pt-br/LC_MESSAGES/
vpn/resources/l10n/pt-br/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/fr-fr/
vpn/resources/l10n/fr-fr/LC_MESSAGES/
vpn/resources/l10n/fr-fr/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/fr-ca/
vpn/resources/l10n/fr-ca/LC_MESSAGES/
vpn/resources/l10n/fr-ca/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/cs-cz/
vpn/resources/l10n/cs-cz/LC_MESSAGES/
vpn/resources/l10n/cs-cz/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/es-es/
vpn/resources/l10n/es-es/LC_MESSAGES/
vpn/resources/l10n/es-es/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/nl-nl/
vpn/resources/l10n/nl-nl/LC_MESSAGES/
vpn/resources/l10n/nl-nl/LC_MESSAGES/SecureClientDefault.mo
vpn/resources/l10n/it-it/
vpn/resources/l10n/it-it/LC_MESSAGES/
vpn/resources/l10n/it-it/LC_MESSAGES/SecureClientDefault.mo
vpn/libboost_atomic.so
vpn/libacciscocrypto.so
vpn/libboost_chrono.so
vpn/DigiCertAssuredIDRootCA.pem
vpn/vpnui
vpn/vpn_uninstall.sh
vpn/cisco_secure_client_uninstall.sh
vpn/libboost_system.so
vpn/vpnagentd.service
vpn/libacruntime.so
vpn/AnyConnectProfile.xsd
vpn/libboost_date_time.so
vpn/manifesttool_vpn
vpn/OpenSource.html
vpn/license.txt
vpn/vpn_install.sh
vpn/AnyConnectLocalPolicy.xsd
Installing /opt/cisco/secureclient/bin
Installing /opt/cisco/secureclient/lib
Installing /opt/cisco/secureclient/vpn/profile
Installing /opt/cisco/secureclient/vpn/script
Installing /opt/cisco/secureclient/help
Installing /opt/cisco/secureclient/bin/plugins
Installing /opt/.cisco/certificates/ca
Installing /opt/cisco/anyconnect
Installing /tmp/vpn.wVQjjC/vpn/DigiCertAssuredIDRootCA.pem
Installing /tmp/vpn.wVQjjC/vpn/VeriSignClass3PublicPrimaryCertificationAuthority-G5.pem
Installing /tmp/vpn.wVQjjC/vpn/vpn_uninstall.sh
Installing /tmp/vpn.wVQjjC/vpn/load_tun.sh
Installing /tmp/vpn.wVQjjC/vpn/cisco_secure_client_uninstall.sh
Installing /tmp/vpn.wVQjjC/vpn/vpnagentd
Installing /tmp/vpn.wVQjjC/vpn/libvpnagentutilities.so
Installing /tmp/vpn.wVQjjC/vpn/libvpncommon.so
Installing /tmp/vpn.wVQjjC/vpn/libvpncommoncrypt.so
Installing /tmp/vpn.wVQjjC/vpn/libvpnapi.so
Installing /tmp/vpn.wVQjjC/vpn/libacruntime.so
Installing /tmp/vpn.wVQjjC/vpn/libacciscossl.so
Installing /tmp/vpn.wVQjjC/vpn/libacciscocrypto.so
Installing /tmp/vpn.wVQjjC/vpn/cfom.so
Installing /tmp/vpn.wVQjjC/vpn/libaccurl.so.4.8.0
Creating symlink /tmp/vpn.wVQjjC/vpn/libaccurl.so.4
Installing /tmp/vpn.wVQjjC/vpn/libvpnipsec.so
Installing /tmp/vpn.wVQjjC/vpn/libacfeedback.so
Installing /tmp/vpn.wVQjjC/vpn/libacwebhelper.so
Installing /tmp/vpn.wVQjjC/vpn/libboost_date_time.so
Installing /tmp/vpn.wVQjjC/vpn/libboost_atomic.so
Installing /tmp/vpn.wVQjjC/vpn/libboost_filesystem.so
Installing /tmp/vpn.wVQjjC/vpn/libboost_system.so
Installing /tmp/vpn.wVQjjC/vpn/libboost_thread.so
Installing /tmp/vpn.wVQjjC/vpn/libboost_chrono.so
Installing /tmp/vpn.wVQjjC/vpn/libboost_regex.so
Installing /tmp/vpn.wVQjjC/vpn/vpnui
Installing /tmp/vpn.wVQjjC/vpn/acwebhelper
Installing /tmp/vpn.wVQjjC/vpn/acextwebhelper
Installing /tmp/vpn.wVQjjC/vpn/vpn
Copying resources
Updating GTK icon cache
gtk-update-icon-cache: Cache file created successfully.
Installing /tmp/vpn.wVQjjC/vpn/cisco-secure-client.menu
Installing /tmp/vpn.wVQjjC/vpn/cisco-secure-client.directory
Installing /tmp/vpn.wVQjjC/vpn/com.cisco.secureclient.gui.desktop
Installing /tmp/vpn.wVQjjC/vpn/ACManifestVPN.xml at /opt/cisco/secureclient
Creating ACManifestVPN.xml symlink at /opt/cisco/anyconnect
Installing /tmp/vpn.wVQjjC/vpn/manifesttool_vpn
Creating manifesttool symlink for legacy install compatibility.
Installing /tmp/vpn.wVQjjC/vpn/update.txt
Installing /tmp/vpn.wVQjjC/vpn/vpndownloader
Installing /tmp/vpn.wVQjjC/vpn/vpndownloader-cli
Installing /tmp/vpn.wVQjjC/vpn/libacdownloader.so
Installing /tmp/vpn.wVQjjC/vpn/acinstallhelper
Installing /tmp/vpn.wVQjjC/vpn/OpenSource.html
Installing /tmp/vpn.wVQjjC/vpn/AnyConnectProfile.xsd
Installing /tmp/vpn.wVQjjC/vpn/AnyConnectLocalPolicy.xsd
systemctl daemon-reexec
systemctl stop vpnagentd.service
Failed to stop vpnagentd.service: Unit vpnagentd.service not loaded.
systemctl disable vpnagentd.service
Failed to disable unit: Unit file vpnagentd.service does not exist.
install systemd config
Installing /tmp/vpn.wVQjjC/vpn/vpnagentd.service
install -o root -m 644 /tmp/vpn.wVQjjC/vpn/vpnagentd.service /etc/systemd/system/vpnagentd.service
systemctl enable vpnagentd.service
Created symlink /etc/systemd/system/multi-user.target.wants/vpnagentd.service → /etc/systemd/system/vpnagentd.service.
Starting Cisco Secure Client Agent...
systemctl start vpnagentd.service
rm -rf /tmp/vpn.wVQjjC
Done!
Exiting now.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/cfom.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libacciscocrypto.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libacciscossl.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libaccurl.so.4
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libaccurl.so.4.8.0
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libacruntime.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libboost_atomic.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libboost_chrono.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libboost_date_time.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libboost_filesystem.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libboost_regex.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libboost_system.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libboost_thread.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libvpnagentutilities.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libvpnapi.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libvpncommon.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/lib/libvpncommoncrypt.so
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/badge_alert.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.6 KiB

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/badge_error.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.2 KiB

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/badge_not_compliant.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.9 KiB

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/badge_ok.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.4 KiB

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/badge_progress.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.4 KiB

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/badge_progress_r45.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.5 KiB

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/badge_ready.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.9 KiB

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/badge_trusted.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.0 KiB

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/company-logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.7 KiB

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/cvc-about.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 280 B

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/cvc-configure.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 429 B

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/cvc-connect.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 466 B

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/cvc-disconnect.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.0 KiB

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/cvc-info.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 292 B

158
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/cvcdownloader-gtk.glade
View File

@@ -1,158 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated with glade 3.38.2 -->
<!--*- mode: xml -*-->
<interface>
<requires lib="gtk+" version="3.0"/>
<object class="GtkWindow" id="window1">
<property name="can-focus">False</property>
<property name="title">Cisco Secure Client - Downloader</property>
<property name="resizable">False</property>
<property name="window-position">center</property>
<child>
<object class="GtkVBox" id="vbox1">
<property name="width-request">416</property>
<property name="height-request">136</property>
<property name="visible">True</property>
<property name="can-focus">False</property>
<child>
<object class="GtkHBox" id="hbox5">
<property name="visible">True</property>
<property name="can-focus">False</property>
<child>
<object class="GtkImage" id="image1">
<property name="visible">True</property>
<property name="can-focus">False</property>
<property name="xalign">0</property>
<property name="yalign">0</property>
<property name="xpad">7</property>
<property name="ypad">5</property>
<property name="pixbuf">downloader-arrow.png</property>
</object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">0</property>
</packing>
</child>
<child>
<object class="GtkLabel" id="progressLabel">
<property name="visible">True</property>
<property name="can-focus">False</property>
<property name="xpad">8</property>
<property name="ypad">5</property>
<property name="label">Downloader is analyzing this computer. Please wait...</property>
<property name="wrap">True</property>
<property name="max-width-chars">60</property>
<property name="xalign">0</property>
<property name="yalign">0</property>
</object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="pack-type">end</property>
<property name="position">1</property>
</packing>
</child>
</object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="padding">4</property>
<property name="position">0</property>
</packing>
</child>
<child>
<object class="GtkHBox" id="hbox3">
<property name="visible">True</property>
<property name="can-focus">False</property>
<child>
<object class="GtkLabel" id="label2">
<property name="visible">True</property>
<property name="can-focus">False</property>
<property name="xpad">4</property>
<property name="ypad">4</property>
</object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">0</property>
</packing>
</child>
<child>
<object class="GtkProgressBar" id="progressbar1">
<property name="width-request">400</property>
<property name="height-request">16</property>
<property name="visible">True</property>
<property name="can-focus">False</property>
</object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">1</property>
</packing>
</child>
<child>
<object class="GtkLabel" id="label3">
<property name="visible">True</property>
<property name="can-focus">False</property>
<property name="xpad">4</property>
<property name="ypad">4</property>
</object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">2</property>
</packing>
</child>
</object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="padding">2</property>
<property name="position">1</property>
</packing>
</child>
<child>
<object class="GtkHBox" id="hbox1">
<property name="visible">True</property>
<property name="can-focus">False</property>
<child>
<object class="GtkAlignment" id="alignment1">
<property name="visible">True</property>
<property name="can-focus">False</property>
<child>
<placeholder/>
</child>
</object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">0</property>
</packing>
</child>
<child>
<object class="GtkButton" id="button1">
<property name="label">Cancel</property>
<property name="visible">True</property>
<property name="can-focus">True</property>
<property name="receives-default">False</property>
<property name="border-width">8</property>
<property name="use-underline">True</property>
</object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">1</property>
</packing>
</child>
</object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">2</property>
</packing>
</child>
</object>
</child>
</object>
</interface>

2928
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/cvcgui-gtk.glade
View File

File diff suppressed because it is too large Load Diff

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/downloader-arrow.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.9 KiB

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/l10n/cs-cz/LC_MESSAGES/SecureClientDefault.mo
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/l10n/de-de/LC_MESSAGES/SecureClientDefault.mo
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/l10n/es-es/LC_MESSAGES/SecureClientDefault.mo
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/l10n/fr-ca/LC_MESSAGES/SecureClientDefault.mo
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/l10n/fr-fr/LC_MESSAGES/SecureClientDefault.mo
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/l10n/hu-hu/LC_MESSAGES/SecureClientDefault.mo
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/l10n/it-it/LC_MESSAGES/SecureClientDefault.mo
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/l10n/ja-jp/LC_MESSAGES/SecureClientDefault.mo
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/l10n/ko-kr/LC_MESSAGES/SecureClientDefault.mo
View File

Binary file not shown.

BIN
apps/rego-tunnel-linux/vpn_scripts/secureclient/resources/l10n/nl-nl/LC_MESSAGES/SecureClientDefault.mo
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More