6.6 KiB
6.6 KiB
Rego-Tunnel Linux VPN Bridge
This app runs a Linux VM (Ubuntu) inside a Docker container with Cisco Secure Client VPN, providing transparent access to VPN-protected resources (IBM i at 10.35.33.230) from the local network.
Architecture
┌─────────────────────────────────────────────────────────────────────────┐
│ Linux Host (192.168.0.150) │
│ │
│ Bridge: br-vpn-linux (172.31.1.1/24) │
└─────────────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────┐
│ Container: rego-tunnel-linux (172.31.1.10) │
│ │
│ qemux/qemu running Ubuntu VM │
│ Port 8007 → Web console (noVNC) │
│ Port 2222 → SSH to VM │
│ │
│ Internal bridge: 172.32.1.1/24 │
└─────────────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────┐
│ Ubuntu VM (172.32.1.20) │
│ │
│ Cisco Secure Client VPN: connected to corporate network │
│ VPN IP: 10.215.x.x │
│ │
│ cisco-vpn.sh: │
│ - Auto-login to Cisco via xdotool │
│ - TOTP authentication (oathtool) │
│ - iptables forwarding for target IP │
└─────────────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────┐
│ IBM i (10.35.33.230) │
│ Via Cisco VPN tunnel │
└─────────────────────────────────────────────────────────────────────────┘
Installation
Step 1: Install the app via Runtipi
- Go to Runtipi App Store
- Install "Rego Tunnel Linux"
- Configure RAM, CPU, and disk size
Step 2: Set up the VM
- Open the web console at port 8007
- Complete Ubuntu installation (use Ubuntu Server for faster boot)
- After installation, open a terminal
Step 3: Install Cisco Secure Client
# Mount the shared folder (contains Cisco installation)
sudo mkdir -p /mnt/shared
sudo mount -t 9p shared /mnt/shared -o trans=virtio
# Run the install script
sudo bash /mnt/shared/install-cisco.sh
Step 4: Connect VPN
# Run the VPN automation script
~/cisco-vpn.sh
The script will:
- Start the Cisco VPN agent
- Launch the VPN UI
- Auto-type credentials and TOTP
- Set up IP forwarding for the target
Files
vpn_scripts/secureclient/
Complete Cisco Secure Client installation.
vpn_scripts/cisco-vpn.sh
Automated VPN login script:
- Starts vpnagentd if not running
- Launches vpnui
- Uses xdotool to type credentials
- Generates TOTP codes with oathtool
- Sets up iptables forwarding
vpn_scripts/install-cisco.sh
One-time setup script to install Cisco Secure Client in the VM.
Configuration
VPN Credentials
Edit ~/cisco-vpn.sh and update:
EMAIL="your-email@company.com"
PASSWORD="your-password"
TOTP_SECRET="your-totp-secret"
VPN_HOST="vpn.company.com"
TARGET_IP="10.x.x.x"
Network Configuration
Add route on your laptop:
route add 172.31.1.0 mask 255.255.255.0 192.168.0.150 -p
User Config
Create /etc/runtipi/user-config/runtipi/rego-tunnel-linux/docker-compose.yml:
networks:
vpn_static-linux:
driver: bridge
driver_opts:
com.docker.network.bridge.name: "br-vpn-linux"
ipam:
config:
- subnet: 172.31.1.0/24
services:
rego-tunnel-linux:
sysctls:
- net.ipv4.conf.all.rp_filter=0
- net.ipv4.conf.default.rp_filter=0
cap_add:
- NET_ADMIN
environment:
- VM_NET_IP=172.32.1.20
networks:
vpn_static-linux:
ipv4_address: 172.31.1.10
Troubleshooting
VPN UI doesn't start
- Ensure vpnagentd is running:
systemctl status cisco-vpnagentd - Check for missing libraries:
ldd /opt/cisco/secureclient/bin/vpnui
TOTP codes failing
- Sync time:
sudo timedatectl set-ntp true - Verify TOTP secret is correct
Can't reach target IP
- Check if VPN is connected:
ip addr show cscotun0 - Verify iptables rules:
sudo iptables -L -n
Comparison: Windows vs Linux
| Feature | Windows VM | Linux VM |
|---|---|---|
| Image | dockurr/windows | qemux/qemu |
| Boot time | ~3-5 min | ~1-2 min |
| RAM usage | ~2GB min | ~512MB min |
| Disk usage | ~15GB | ~5GB |
| Automation | DevTools/WebSocket | xdotool |