alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6f6538fa73b4e8750582084fc6f1137c80e6f29d
runtipi/apps/cistech-tunnel/metadata/description.md
alexz f1793baa57
Some checks failed
Test / test (push) Has been cancelled
Details
.
2026-01-17 14:23:50 +00:00

145 lines
3.6 KiB
Markdown
Executable File
Raw Blame History

# Rego Tunnel - Cisco Secure Client VPN
Native Docker container running Cisco Secure Client (AnyConnect) with full GUI support via noVNC. Provides transparent VPN access to protected resources from your LAN.
## Features
- **Cisco Secure Client 5.1.14.145** - Full GUI with VPN, DART, and Posture modules
- **Web-based access** via noVNC (port 6080)
- **Auto-login with TOTP** - Fully automated VPN connection
- **LAN routing** - Other machines on your network can reach VPN targets
- **Native Docker** - No QEMU/VM overhead
## Architecture
```
LAN Devices ──► Linux Host ──► Container (172.31.0.10) ──► VPN Tunnel ──► Target (10.35.33.230)
│ │
│ └── Cisco Secure Client
│ └── noVNC web UI (port 6080)
└── Host routing service
(routes VPN traffic through container)
```
## Installation
### 1. Install the app through Runtipi
Configure your VPN credentials in app settings:
- VPN Email
- VPN Password
- TOTP Secret (base32)
- VPN Host (default: vpn-ord1.dovercorp.com)
- Target IP (default: 10.35.33.230)
### 2. Install host routing service (required for LAN access)
**Run this ONCE on the host after app install:**
```bash
/etc/runtipi/repos/runtipi/apps/rego-tunnel/shared/install-host-services.sh
```
This creates systemd services that route VPN traffic through the container.
### 3. Access the VPN GUI
Open `http://<your-server>:6080/vnc.html`
The VPN will auto-connect using your configured credentials.
## Usage
### Access noVNC
Navigate to port 6080 on your server. The cisco-vpn script runs automatically and provides a menu:
```
1 - Start Cisco AnyConnect
2 - Copy credentials to clipboard
3 - Show live TOTP
4 - Setup IP forwarding rules
5 - Test connection to target
6 - Show network status
7 - Kill all Cisco processes
8 - Show routing table
9 - Show /etc/hosts
q - Quit
```
### Command line options
```bash
# Inside container
cisco-vpn -m # Menu only (skip auto-connect)
cisco-vpn -c # Connect and exit
cisco-vpn -d # Disconnect and exit
cisco-vpn -s # Show status
cisco-vpn --help # Show all options
```
### View logs
```bash
# Inside container
cat /var/log/cisco-vpn/$(date +%Y-%m-%d).log
# On host
cat /var/log/rego-routing.log
```
## LAN Access
After the host routing service is installed, any device on your LAN can reach the VPN target:
1. **From the host:** Works automatically
2. **From other LAN devices:** Add a static route pointing to your host
Example (Windows client):
```cmd
route add 10.35.33.230 mask 255.255.255.255 192.168.0.150 -p
```
Where `192.168.0.150` is your Linux host IP.
## Uninstall
Before removing the app from Runtipi:
```bash
/etc/runtipi/repos/runtipi/apps/rego-tunnel/shared/uninstall-host-services.sh
```
## Troubleshooting
### noVNC not accessible
```bash
docker exec rego-tunnel_runtipi-rego-tunnel-1 systemctl status vnc.service
```
### VPN connects but can't reach target
```bash
# Check routes inside container
docker exec rego-tunnel_runtipi-rego-tunnel-1 ip route
# Check host routing
ip route | grep 10.35.33.230
```
### Host routing not working
```bash
# Check watcher service
systemctl status rego-routing-watcher.path
# Manually trigger routing
touch /etc/runtipi/app-data/runtipi/rego-tunnel/restart-routing
```
## Technical Details
- **Container IP:** 172.31.0.10 (on br-rego-vpn bridge)
- **Ports:** 6080 (noVNC), 5901 (VNC)
- **Privileges:** `--privileged`, `NET_ADMIN`, `/dev/net/tun`
- **Log retention:** 7 days (auto-cleanup)
Reference in New Issue View Git Blame Copy Permalink