# Rego VPN Container - Critical Context

## Deployment Workflow (MUST FOLLOW)
```bash
cd /etc/runtipi/repos/runtipi
git add . && git commit -m "message" && git push
sudo runtipi-cli appstore update
sudo runtipi-cli app stop rego-tunnel-linux:runtipi
sudo runtipi-cli app start rego-tunnel-linux:runtipi
```
**NEVER use docker compose directly for runtipi apps**

## Container Details
- **App name**: `rego-tunnel-linux:runtipi`
- **Image**: `rego-vpn:latest`
- **Source dir**: `/etc/runtipi/repos/runtipi/apps/rego-tunnel-linux/source/`
- **Cisco installer**: `cisco-secure-client-linux64-5.1.14.145-core-vpn-webdeploy-k9.sh`

## Key Fixes Applied (in Dockerfile/entrypoint)
1. **Library path**: Dockerfile adds `/opt/cisco/secureclient/lib` to `/etc/ld.so.conf.d/cisco.conf` + runs `ldconfig`
2. **IPC socket cleanup**: entrypoint.sh runs `rm -f /root/.cisco/hostscan/.libcsd.ipc` before vpnagentd
3. **kmod package**: Installed for `lsmod`/`modprobe` needed by load_tun.sh
4. **`.anyconnect_global`**: Baked into `/opt/cisco/secureclient/vpn/`

## vpn-sso.sh (/root/vpn-sso.sh)
- **Email**: c-azaw@regoproducts.com
- **Password**: `Cj@83278327$$@@`
- **TOTP Secret**: rzqtqskdwkhz6zyr
- **VPN Host**: vpn-ord1.dovercorp.com (162.209.24.100)

### Command line flags
- `-m` or `--menu`: Skip auto-login, go directly to menu

### Menu options
- 1: Start Cisco AnyConnect
- 2: Copy credentials to clipboard
- 3: Show live TOTP
- 4: Setup IP forwarding rules (manual)
- 5: Test connection to target
- 6: Show network status
- 7: Kill all Cisco processes
- 8: Restart vpnagentd + test load_tun.sh
- 9: Edit /etc/hosts
- 0: Reset /etc/hosts to default

## VPN Hosts (/etc/hosts entries)
```
162.209.24.100  vpn-ord1.dovercorp.com
13.67.192.27    vpn.dovercorp.com
```

## Known Issues / Status
- VPN connects and gets interface + IP
- "unable to connect to secure gateway" error occurred
- Auto-routing disabled in vpn-sso.sh for isolated testing
- Use menu option 4 to manually setup forwarding after VPN connects

## Troubleshooting Commands
```bash
# Check libraries
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 ldd /opt/cisco/secureclient/lib/libaccurl.so.4 | grep "not found"

# Check vpnagentd
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 pgrep vpnagentd

# Check VPN state
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 /opt/cisco/secureclient/bin/vpn state

# Check tunnel interface
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 ip link show | grep cscotun

# Check hostscan logs
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 tail -50 /root/.cisco/hostscan/log/libcsd.log

# Clean IPC socket manually
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 rm -f /root/.cisco/hostscan/.libcsd.ipc

# Restart vpnagentd
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 pkill -9 vpnagentd
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 /opt/cisco/secureclient/bin/vpnagentd
```