# Cistech Tunnel - Build Files This directory contains the Dockerfile and scripts to build the OpenConnect-SSO VPN Docker image. ## Files - `Dockerfile` - Docker image definition (Ubuntu 22.04 + openconnect-sso + noVNC) - `build.sh` - Build and push script - `scripts/entrypoint.sh` - Container entrypoint ## Building ```bash cd /etc/runtipi/repos/runtipi/apps/cistech-tunnel/build ./build.sh ``` This builds and pushes to `git.alexzaw.dev/alexz/openconnect-vpn:latest` To build without pushing: ```bash docker build -t git.alexzaw.dev/alexz/openconnect-vpn:latest . ``` ## What's in the image The Dockerfile creates an image with: - Ubuntu 22.04 - openconnect + openconnect-sso[full] (Python) - Playwright Chromium browser (for SSO authentication) - TigerVNC server + noVNC (web-based VNC) - Tools: oathtool (TOTP), openbox, xterm ### Scripts (baked in) - `/opt/scripts/startup-vnc.sh` - Starts VNC server and noVNC - `/opt/scripts/entrypoint.sh` - Container entrypoint (DNS fix, IP forwarding, config generation) ## Runtime mounts (from shared/) When running as cistech-tunnel app, these are mounted from `shared/`: - `/shared/openconnect-vpn` - Main VPN connection script - `/shared/xstartup` -> `/root/.vnc/xstartup` - VNC session startup ## Environment Variables | Variable | Description | |----------|-------------| | `VPN_EMAIL` | Email/username for SSO login | | `VPN_PASSWORD` | Password for SSO login | | `VPN_TOTP_SECRET` | TOTP secret for 2FA (base32) | | `VPN_HOST` | VPN server URL (e.g., `https://vpn.example.com/Group`) | | `TARGET_IP` | Target IP for connectivity testing | | `VNC_PASSWORD` | VNC access password | ## Ports - `5901` - VNC server - `6092` - noVNC web interface ## How it works 1. Container starts, generates openconnect-sso config from env vars 2. VNC server starts with noVNC web interface 3. xterm launches with the `openconnect-vpn` script 4. Script sets up keyring with credentials (password + TOTP) 5. openconnect-sso handles SSO authentication via hidden browser 6. VPN connects and IP forwarding/NAT is configured