# Rego VPN Automation - Technical Setup Guide ## Overview Cisco Secure Client VPN running in Windows VM (dockurr/windows) inside Docker container, with SOCKS5 proxy for transparent routing to IBM i systems. ## Architecture ``` Clients → Host (iptables/redsocks) → Container (socat) → Windows VM (SOCKS5) → VPN → 10.35.33.x ``` ## Components ### 1. Windows VM (inside container) - **Container**: `rego-tunnel_runtipi-rego-tunnel-1` - **Windows VM IP**: `172.30.0.16` or `172.30.0.17` (internal to container) - **VPN**: Cisco Secure Client with SAML auth (email + password + TOTP) - **Files on Windows** (`C:\Users\alexz\vpn_scripts`): - `vpn.bat` - Startup batch file - `vpn-login.js` - Node.js script that automates SAML login via Chrome DevTools Protocol - `socks5.js` - Simple SOCKS5 proxy server - `node_modules/` - ws, otplib packages ### 2. Container - **External IPs**: `10.128.16.2` or similar - **Internal bridge**: `172.30.0.1/24` (Windows VM at .16 or .17) - **socat**: Forwards port 1080 from container to Windows VM SOCKS5 - **start.sh**: Mounted at `/run/start.sh` - sets up iptables DNAT rules ### 3. Host - **redsocks**: Transparent SOCKS5 redirector (optional) - **iptables**: Redirects traffic to VPN network through container ## VPN Credentials Located in `vpn-login.js`: ```javascript const CONFIG = { email: "c-azaw@regoproducts.com", password: "Fuckyou4suhail", totpSecret: "RZQTQSKDWKHZ6ZYR", devtoolsPort: 9222, vpnTestIp: "10.35.33.230" }; ``` ## Windows Setup Steps ### 1. Install Node.js Run PowerShell as Administrator: ```powershell # Option A: Run the install script .\install-nodejs.ps1 # Option B: Manual download from https://nodejs.org/ ``` ### 2. Install Cisco Secure Client - Download from company VPN portal or Cisco - Install with default options - Path: `C:\Program Files (x86)\Cisco\Cisco Secure Client\` ### 3. Setup VPN Scripts ```cmd mkdir C:\Users\alexz\vpn_scripts copy \\TSCLIENT\shared\vpn-scripts\*.js C:\Users\alexz\vpn_scripts\ copy \\TSCLIENT\shared\vpn-scripts\vpn.bat C:\Users\alexz\vpn_scripts\ cd C:\Users\alexz\vpn_scripts npm install ws otplib ``` ### 4. Add to Windows Startup ```cmd # Create shortcut to vpn.bat in: shell:startup # Or: C:\Users\alexz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ``` ### 5. Enable Remote Debugging for Cisco UI The vpn-login.js script sets this environment variable before launching Cisco: ``` WEBVIEW2_ADDITIONAL_BROWSER_ARGUMENTS=--remote-debugging-port=9222 --remote-debugging-address=0.0.0.0 --remote-allow-origins=* ``` ## Container Configuration ### docker-compose.yml (user-config) ```yaml services: rego-tunnel: environment: USER: alexz PASS: Az@83278327$$@@ VERSION: win10 entrypoint: ["/bin/bash", "-c", "source /run/start.sh; exec /usr/bin/tini -s /run/entry.sh"] ``` ### start.sh (Container Startup Script) Located at: `/etc/runtipi/user-config/runtipi/rego-tunnel/scripts/start.sh` Sets up: - iptables MASQUERADE for docker bridge - Route to IBM i network via Windows VM - DNAT rules for port forwarding (SSH, IBM i ports) ## Key Ports | Port | Service | |------|---------| | 22 | SSH | | 23 | Telnet (IBM i) | | 446, 448, 449 | IBM i services | | 1080 | SOCKS5 proxy | | 8006 | noVNC web console | | 8470-8476 | IBM i data ports | | 9222 | Chrome DevTools (for automation) | ## Manual Commands ### Start VPN from host: ```bash docker exec rego-tunnel_runtipi-rego-tunnel-1 ssh docker@172.30.0.16 'C:\Users\alexz\vpn_scripts\vpn.bat' ``` ### Start socat in container: ```bash docker exec -d rego-tunnel_runtipi-rego-tunnel-1 socat TCP-LISTEN:1080,fork,reuseaddr TCP:172.30.0.16:1080 ``` ### Test SOCKS5 connectivity: ```bash nc -zv 10.128.16.2 1080 ``` ### Check VPN status in Windows: ```cmd ipconfig | findstr 10\. ``` ## Troubleshooting ### VPN not connecting 1. Check time sync: `w32tm /resync /force` 2. Verify Cisco agent: `net start "Cisco Secure Client Agent"` 3. Check DevTools: `http://172.30.0.16:9222/json` ### SOCKS5 not working 1. Verify VPN connected first (ping 10.35.33.230) 2. Check socks5.js running: `tasklist | findstr node` 3. Test locally: `nc -zv 127.0.0.1 1080` ### Container issues 1. Check logs: `docker logs rego-tunnel_runtipi-rego-tunnel-1` 2. Verify start.sh: `docker exec rego-tunnel_runtipi-rego-tunnel-1 cat /run/start.sh` 3. Check Windows VM IP: `docker exec rego-tunnel_runtipi-rego-tunnel-1 cat /run/qemu.pid` ## File Locations ### Host - `/etc/runtipi/user-config/runtipi/rego-tunnel/docker-compose.yml` - User overrides - `/etc/runtipi/user-config/runtipi/rego-tunnel/scripts/start.sh` - Container startup - `/etc/runtipi/repos/runtipi/apps/rego-tunnel/docker-compose.yml` - Base config - `/etc/runtipi/app-data/runtipi/rego-tunnel/data/storage/` - Windows disk image - `/etc/runtipi/app-data/runtipi/rego-tunnel/data/shared/` - Shared folder with Windows ### Windows VM - `C:\Users\alexz\vpn_scripts\vpn-login.js` - Main automation script - `C:\Users\alexz\vpn_scripts\socks5.js` - SOCKS5 proxy - `C:\Users\alexz\vpn_scripts\vpn.bat` - Startup batch file - `C:\Program Files (x86)\Cisco\Cisco Secure Client\` - Cisco installation ## Watchdog Mode The vpn-login.js script includes a watchdog that: - Monitors VPN connectivity every 2 minutes - Auto-reconnects after 2 consecutive failures - Restarts SOCKS5 proxy after reconnection - Logs memory usage every hour ## Notes - Windows VM takes ~2-3 minutes to boot - VPN login takes ~30 seconds - TOTP requires accurate system time (script syncs automatically) - The container uses VERSION=win10 for dockurr/windows compatibility - noVNC password: `Az@83278327$@@`