alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c6903bb2a00eaf7578564138c77f25fd33a56a1c
runtipi/apps/rego-tunnel-linux/REGO-VPN-CONTEXT.md
alexz 06662a294b
Some checks failed
Test / test (push) Has been cancelled
Details
Add REGO-VPN-CONTEXT.md and link in CLAUDE.md
2025-12-25 00:39:30 +00:00

2.9 KiB
Raw Blame History

Rego VPN Container - Critical Context

Deployment Workflow (MUST FOLLOW)

cd /etc/runtipi/repos/runtipi
git add . && git commit -m "message" && git push
sudo runtipi-cli appstore update
sudo runtipi-cli app stop rego-tunnel-linux:runtipi
sudo runtipi-cli app start rego-tunnel-linux:runtipi

NEVER use docker compose directly for runtipi apps

Container Details

  • App name: rego-tunnel-linux:runtipi
  • Image: rego-vpn:latest
  • Source dir: /etc/runtipi/repos/runtipi/apps/rego-tunnel-linux/source/
  • Cisco installer: cisco-secure-client-linux64-5.1.14.145-core-vpn-webdeploy-k9.sh

Key Fixes Applied (in Dockerfile/entrypoint)

  1. Library path: Dockerfile adds /opt/cisco/secureclient/lib to /etc/ld.so.conf.d/cisco.conf + runs ldconfig
  2. IPC socket cleanup: entrypoint.sh runs rm -f /root/.cisco/hostscan/.libcsd.ipc before vpnagentd
  3. kmod package: Installed for lsmod/modprobe needed by load_tun.sh
  4. .anyconnect_global: Baked into /opt/cisco/secureclient/vpn/

vpn-sso.sh (/root/vpn-sso.sh)

  • Email: c-azaw@regoproducts.com
  • Password: Cj@83278327$$@@
  • TOTP Secret: rzqtqskdwkhz6zyr
  • VPN Host: vpn-ord1.dovercorp.com (162.209.24.100)

Command line flags

  • -m or --menu: Skip auto-login, go directly to menu

Menu options

  • 1: Start Cisco AnyConnect
  • 2: Copy credentials to clipboard
  • 3: Show live TOTP
  • 4: Setup IP forwarding rules (manual)
  • 5: Test connection to target
  • 6: Show network status
  • 7: Kill all Cisco processes
  • 8: Restart vpnagentd + test load_tun.sh
  • 9: Edit /etc/hosts
  • 0: Reset /etc/hosts to default

VPN Hosts (/etc/hosts entries)

162.209.24.100  vpn-ord1.dovercorp.com
13.67.192.27    vpn.dovercorp.com

Known Issues / Status

  • VPN connects and gets interface + IP
  • "unable to connect to secure gateway" error occurred
  • Auto-routing disabled in vpn-sso.sh for isolated testing
  • Use menu option 4 to manually setup forwarding after VPN connects

Troubleshooting Commands

# Check libraries
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 ldd /opt/cisco/secureclient/lib/libaccurl.so.4 | grep "not found"

# Check vpnagentd
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 pgrep vpnagentd

# Check VPN state
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 /opt/cisco/secureclient/bin/vpn state

# Check tunnel interface
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 ip link show | grep cscotun

# Check hostscan logs
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 tail -50 /root/.cisco/hostscan/log/libcsd.log

# Clean IPC socket manually
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 rm -f /root/.cisco/hostscan/.libcsd.ipc

# Restart vpnagentd
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 pkill -9 vpnagentd
sudo docker exec rego-tunnel-linux_runtipi-rego-tunnel-linux-1 /opt/cisco/secureclient/bin/vpnagentd
Reference in New Issue View Git Blame Copy Permalink