- host-routing.sh: Use nft instead of iptables for NAT masquerade
(iptables-nft backend doesn't support iptables -t nat commands)
- cisco-vpn: Use -I FORWARD 1 instead of -A FORWARD to insert rules
BEFORE Cisco VPN chains (which have catch-all DROP rules)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added start_watchdog() function that:
- Checks VPN every 60 seconds
- Sends keepalive ping every 5 minutes to prevent idle timeout
- Auto-reconnects up to 3 times if VPN drops
- Disabled screen blanking in xstartup and after VPN connects
- Removed useless monitor loop that only logged
- Removed get_vm_bridge_ip() and get_container_gateway()
- Added get_container_ip() for eth0 (172.31.0.x network)
- Updated setup_forwarding() and show_network_status()
- No more ens3/VM references
- Removed all sudo commands since container runs as root
- Added LOG_FILE at /var/log/cisco-vpn.log
- Modified log() to write to both console and file
- Added startup logging with env var status
- Delete init-vpn.sh, vpn-connect.sh, xstartup from build/scripts
- Change cisco-vpn monitor to background process so menu shows after connect
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
SSH to host and restart rego-routing.service after VPN connection
is established in the VM.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
