alexz
27c46542e8
Some checks failed
Test / test (push) Has been cancelled
- Add shared/host-routing.sh with nft for NAT masquerade - Add shared/install-host-services.sh to set up systemd watcher - Add shared/uninstall-host-services.sh for cleanup - Add /runtime volume mount for trigger file - Update entrypoint.sh to trigger host routing when VPN connects Run install-host-services.sh on host after app install. Requires image rebuild for entrypoint changes. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Cistech Tunnel
OpenConnect-SSO VPN client running in a container with noVNC for browser-based access.
Features
- OpenConnect-SSO: Cisco AnyConnect VPN with SSO/SAML authentication
- TOTP Support: Automatic 2FA via keyring integration
- Auto-reconnect: Automatically reconnects on disconnection
- noVNC: Browser-based VNC access on port 6902
- NAT/Masquerade: Routes traffic through VPN tunnel
- Cloudflared: Optional Cloudflare tunnel support
- SSH Tunnels: Optional SSH port forwarding
Runtipi Installation
- Install from the app store or custom repo
- Configure the required environment variables
- Start the app via Runtipi dashboard
First-time SSO Login
- Open noVNC at
http://<host>:6902 - Enter VNC password
- Complete SSO login in the browser window
- VPN will connect and auto-reconnect on disconnect
Source Files
source/Dockerfile: Container build filesource/entrypoint.sh: Container entrypoint with auto-reconnect
Environment Variables
| Variable | Required | Description |
|---|---|---|
| OC_URL | Yes | VPN server URL |
| OC_SERVERCERT | Yes | Server certificate pin |
| OC_USER | No | Username (enables hidden browser mode) |
| VNC_PASSWORD | Yes | noVNC access password |
| OC_TOTP_SECRET | No | TOTP secret for auto 2FA |
| NOVNC_PORT | No | noVNC port (default: 6901) |