# Rego Tunnel - Cisco Secure Client VPN

Run Cisco Secure Client (AnyConnect) with full GUI support in Docker using noVNC.

## Features

- **Full Cisco Secure Client 5.1.14.145** with GUI
- VPN, DART, and Posture modules pre-installed
- **Web-based VNC access** via noVNC
- Systemd support for proper service management
- **No QEMU or VM overhead** - runs natively in Docker
- **Auto-login with TOTP support** - fully automated connection
- Auto-reconnect on disconnect

## Quick Start

1. **Install the app** through Runtipi
2. **Configure credentials** (optional) through app settings for auto-connect
3. **Access the VPN GUI** at `http://<your-server>:6080/vnc.html`
4. Default VNC password: `cisco123`

## Auto-Connect

For fully automated VPN connection:

1. Fill in your VPN Email, Password, and TOTP Secret in app settings
2. Enable "Auto-Connect on Start"
3. The container will automatically connect to VPN on startup

## Manual Connect

If you prefer manual login:

1. Access the noVNC interface at port 6080
2. Use the Cisco Secure Client GUI to connect
3. Enter your credentials manually

## VPN CLI (inside container)

```bash
# Connect to VPN
docker exec -it rego-tunnel /opt/cisco/secureclient/bin/vpn connect <server>

# Check status
docker exec -it rego-tunnel /opt/cisco/secureclient/bin/vpn state

# Disconnect
docker exec -it rego-tunnel /opt/cisco/secureclient/bin/vpn disconnect
```

## Troubleshooting

### VPN connects but immediately disconnects
Check if the DNS files are writable. Restart the container if needed.

### "Unable to start VA" error
This usually means the DNS files are read-only. Restart the container.

### noVNC not accessible
Check if the VNC service is running:
```bash
docker exec rego-tunnel systemctl status vnc.service
```

## Technical Details

The container uses:
- `--privileged` mode for systemd and DNS mount manipulation
- `NET_ADMIN` capability for VPN tunnel creation
- `/dev/net/tun` device for the VPN tunnel
- Ports: 6080 (noVNC web UI), 5901 (VNC)