.

apps/rego-tunnel/vpn_scripts - not used/start.sh

@@ -0,0 +1,117 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# Startup hook - runs after container starts
+# Dynamically detects Windows VM IP and sets up networking
+
+# Install required packages (not persistent across restarts)
+echo "[rego-tunnel] Installing required packages..."
+apt-get update -qq && apt-get install -y -qq socat openssh-client netcat-openbsd >/dev/null 2>&1 || true
+
+# Setup SSH key for accessing Windows VM
+echo "[rego-tunnel] Setting up SSH key..."
+mkdir -p /root/.ssh
+cp /vpn_scripts/id_ed25519-lenovo /root/.ssh/ 2>/dev/null || true
+chmod 600 /root/.ssh/id_ed25519-lenovo 2>/dev/null || true
+
+get_windows_ip() {
+  # Use VM_NET_IP env var if set, otherwise detect from DHCP leases
+  if [[ -n "${VM_NET_IP:-}" ]]; then
+    echo "$VM_NET_IP"
+    return
+  fi
+  awk '/Windows/ {print $3}' /var/lib/misc/dnsmasq.leases 2>/dev/null | head -1
+}
+
+get_container_ip() {
+  # Get container's external IP (172.31.0.10) - exclude docker bridge gateway (.1)
+  ip -4 addr 2>/dev/null | grep -oE '172\.31\.0\.[0-9]+' | grep -v '\.1$' | head -1
+}
+
+(
+  # Wait for Windows VM to boot and get IP
+  echo "[rego-tunnel] Waiting for Windows VM..."
+  WINDOWS_IP=""
+  for i in {1..120}; do
+    WINDOWS_IP=$(get_windows_ip)
+    if [[ -n "$WINDOWS_IP" ]]; then
+      echo "[rego-tunnel] Windows VM IP: $WINDOWS_IP"
+      break
+    fi
+    sleep 2
+  done
+
+  if [[ -z "$WINDOWS_IP" ]]; then
+    echo "[rego-tunnel] ERROR: Could not detect Windows VM IP"
+    exit 1
+  fi
+
+  # Wait for SSH to be available on Windows
+  echo "[rego-tunnel] Waiting for SSH on Windows..."
+  for i in {1..60}; do
+    if nc -z "$WINDOWS_IP" 22 2>/dev/null; then
+      echo "[rego-tunnel] SSH is available"
+      break
+    fi
+    sleep 2
+  done
+
+  CONTAINER_IP=$(get_container_ip)
+  echo "[rego-tunnel] Container IP: $CONTAINER_IP"
+
+  # Add MASQUERADE for docker bridge
+  iptables -t nat -C POSTROUTING -o docker -j MASQUERADE 2>/dev/null || \
+  iptables -t nat -A POSTROUTING -o docker -j MASQUERADE
+
+  # Allow forwarding to Windows VM
+  iptables -C FORWARD -d "$WINDOWS_IP" -j ACCEPT 2>/dev/null || \
+  iptables -A FORWARD -d "$WINDOWS_IP" -j ACCEPT
+
+  # Forward port 2222 to VM's SSH (2222) for VM access
+  pkill -f "socat.*:2222" 2>/dev/null || true
+  socat TCP-LISTEN:2222,fork,reuseaddr TCP:"$WINDOWS_IP":2222 &
+  echo "[rego-tunnel] SSH to VM available on port 2222"
+
+  # Add DNAT rules for port forwarding
+  add_dnat() {
+    local port=$1
+    iptables -t nat -C PREROUTING -d "$CONTAINER_IP" -p tcp --dport "$port" -j DNAT --to-destination "$WINDOWS_IP:$port" 2>/dev/null || \
+    iptables -t nat -A PREROUTING -d "$CONTAINER_IP" -p tcp --dport "$port" -j DNAT --to-destination "$WINDOWS_IP:$port"
+  }
+
+  # IBM i standard ports (via VM portproxy)
+  add_dnat 22
+  add_dnat 23
+  add_dnat 446
+  add_dnat 448
+  add_dnat 449
+
+  # IBM i data ports
+  for port in $(seq 8470 8476); do add_dnat $port; done
+
+  # Additional port ranges
+  for port in $(seq 2000 2020); do add_dnat $port; done
+  for port in $(seq 3000 3020); do add_dnat $port; done
+  for port in $(seq 10000 10020); do add_dnat $port; done
+  for port in $(seq 36000 36010); do add_dnat $port; done
+
+  echo "[rego-tunnel] iptables DNAT rules configured"
+  echo "[rego-tunnel] Port forwarding ready via $CONTAINER_IP"
+
+  # Set VNC password if VNC_PASSWORD env var is set
+  if [[ -n "${VNC_PASSWORD:-}" ]]; then
+    echo "[rego-tunnel] Setting VNC password..."
+    for i in {1..30}; do
+      if nc -z localhost 7100 2>/dev/null; then
+        sleep 2
+        echo "set_password vnc ${VNC_PASSWORD}" | nc -q1 localhost 7100 >/dev/null 2>&1 && \
+          echo "[rego-tunnel] VNC password set successfully" || \
+          echo "[rego-tunnel] Failed to set VNC password"
+        break
+      fi
+      sleep 2
+    done
+  fi
+) &
+
+return 0