alexz
89ea16a43f
Some checks failed
Test / test (push) Has been cancelled
Includes: - Dockerfile extending dockurr/windows with openssh-client - SSH key for Windows VM access - Startup script for network setup and script deployment - VPN automation scripts (vpn-login.js, socks5.js, vpn.bat) - Windows setup scripts (install-nodejs.ps1, setup-autologin-sshd.ps1, setup-ssh-keys.ps1) - Technical README 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
5.5 KiB
5.5 KiB
Rego VPN Automation - Technical Setup Guide
Overview
Cisco Secure Client VPN running in Windows VM (dockurr/windows) inside Docker container, with SOCKS5 proxy for transparent routing to IBM i systems.
Architecture
Clients → Host (iptables/redsocks) → Container (socat) → Windows VM (SOCKS5) → VPN → 10.35.33.x
Components
1. Windows VM (inside container)
- Container:
rego-tunnel_runtipi-rego-tunnel-1 - Windows VM IP:
172.30.0.16or172.30.0.17(internal to container) - VPN: Cisco Secure Client with SAML auth (email + password + TOTP)
- Files on Windows (
C:\Users\alexz\vpn_scripts):vpn.bat- Startup batch filevpn-login.js- Node.js script that automates SAML login via Chrome DevTools Protocolsocks5.js- Simple SOCKS5 proxy servernode_modules/- ws, otplib packages
2. Container
- External IPs:
10.128.16.2or similar - Internal bridge:
172.30.0.1/24(Windows VM at .16 or .17) - socat: Forwards port 1080 from container to Windows VM SOCKS5
- start.sh: Mounted at
/run/start.sh- sets up iptables DNAT rules
3. Host
- redsocks: Transparent SOCKS5 redirector (optional)
- iptables: Redirects traffic to VPN network through container
VPN Credentials
Located in vpn-login.js:
const CONFIG = {
email: "c-azaw@regoproducts.com",
password: "Fuckyou4suhail",
totpSecret: "RZQTQSKDWKHZ6ZYR",
devtoolsPort: 9222,
vpnTestIp: "10.35.33.230"
};
Windows Setup Steps
1. Install Node.js
Run PowerShell as Administrator:
# Option A: Run the install script
.\install-nodejs.ps1
# Option B: Manual download from https://nodejs.org/
2. Install Cisco Secure Client
- Download from company VPN portal or Cisco
- Install with default options
- Path:
C:\Program Files (x86)\Cisco\Cisco Secure Client\
3. Setup VPN Scripts
mkdir C:\Users\alexz\vpn_scripts
copy \\TSCLIENT\shared\vpn-scripts\*.js C:\Users\alexz\vpn_scripts\
copy \\TSCLIENT\shared\vpn-scripts\vpn.bat C:\Users\alexz\vpn_scripts\
cd C:\Users\alexz\vpn_scripts
npm install ws otplib
4. Add to Windows Startup
# Create shortcut to vpn.bat in:
shell:startup
# Or: C:\Users\alexz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
5. Enable Remote Debugging for Cisco UI
The vpn-login.js script sets this environment variable before launching Cisco:
WEBVIEW2_ADDITIONAL_BROWSER_ARGUMENTS=--remote-debugging-port=9222 --remote-debugging-address=0.0.0.0 --remote-allow-origins=*
Container Configuration
docker-compose.yml (user-config)
services:
rego-tunnel:
environment:
USER: alexz
PASS: Az@83278327$$@@
VERSION: win10
entrypoint: ["/bin/bash", "-c", "source /run/start.sh; exec /usr/bin/tini -s /run/entry.sh"]
start.sh (Container Startup Script)
Located at: /etc/runtipi/user-config/runtipi/rego-tunnel/scripts/start.sh
Sets up:
- iptables MASQUERADE for docker bridge
- Route to IBM i network via Windows VM
- DNAT rules for port forwarding (SSH, IBM i ports)
Key Ports
| Port | Service |
|---|---|
| 22 | SSH |
| 23 | Telnet (IBM i) |
| 446, 448, 449 | IBM i services |
| 1080 | SOCKS5 proxy |
| 8006 | noVNC web console |
| 8470-8476 | IBM i data ports |
| 9222 | Chrome DevTools (for automation) |
Manual Commands
Start VPN from host:
docker exec rego-tunnel_runtipi-rego-tunnel-1 ssh docker@172.30.0.16 'C:\Users\alexz\vpn_scripts\vpn.bat'
Start socat in container:
docker exec -d rego-tunnel_runtipi-rego-tunnel-1 socat TCP-LISTEN:1080,fork,reuseaddr TCP:172.30.0.16:1080
Test SOCKS5 connectivity:
nc -zv 10.128.16.2 1080
Check VPN status in Windows:
ipconfig | findstr 10\.
Troubleshooting
VPN not connecting
- Check time sync:
w32tm /resync /force - Verify Cisco agent:
net start "Cisco Secure Client Agent" - Check DevTools:
http://172.30.0.16:9222/json
SOCKS5 not working
- Verify VPN connected first (ping 10.35.33.230)
- Check socks5.js running:
tasklist | findstr node - Test locally:
nc -zv 127.0.0.1 1080
Container issues
- Check logs:
docker logs rego-tunnel_runtipi-rego-tunnel-1 - Verify start.sh:
docker exec rego-tunnel_runtipi-rego-tunnel-1 cat /run/start.sh - Check Windows VM IP:
docker exec rego-tunnel_runtipi-rego-tunnel-1 cat /run/qemu.pid
File Locations
Host
/etc/runtipi/user-config/runtipi/rego-tunnel/docker-compose.yml- User overrides/etc/runtipi/user-config/runtipi/rego-tunnel/scripts/start.sh- Container startup/etc/runtipi/repos/runtipi/apps/rego-tunnel/docker-compose.yml- Base config/etc/runtipi/app-data/runtipi/rego-tunnel/data/storage/- Windows disk image/etc/runtipi/app-data/runtipi/rego-tunnel/data/shared/- Shared folder with Windows
Windows VM
C:\Users\alexz\vpn_scripts\vpn-login.js- Main automation scriptC:\Users\alexz\vpn_scripts\socks5.js- SOCKS5 proxyC:\Users\alexz\vpn_scripts\vpn.bat- Startup batch fileC:\Program Files (x86)\Cisco\Cisco Secure Client\- Cisco installation
Watchdog Mode
The vpn-login.js script includes a watchdog that:
- Monitors VPN connectivity every 2 minutes
- Auto-reconnects after 2 consecutive failures
- Restarts SOCKS5 proxy after reconnection
- Logs memory usage every hour
Notes
- Windows VM takes ~2-3 minutes to boot
- VPN login takes ~30 seconds
- TOTP requires accurate system time (script syncs automatically)
- The container uses VERSION=win10 for dockurr/windows compatibility
- noVNC password:
Az@83278327$@@