71 lines
2.5 KiB
Markdown
71 lines
2.5 KiB
Markdown
---
|
|
name: lemana-vpn-operations
|
|
description: Use when working in the lemana-vpn repo on install, uninstall, status, CLI aliases, menu-bar app behavior, live VPN connection handling, update instructions, or user-facing answers.
|
|
---
|
|
|
|
# Lemana VPN Operations
|
|
|
|
## Overview
|
|
|
|
This repo is a macOS VPN packaging layer around `openconnect`, `openconnect-lite`, Keychain/Bitwarden credential sync, runtime SSO patches, DNS cleanup, and a Swift menu-bar app. Treat live VPN state as real user state, not as a disposable test fixture.
|
|
|
|
## System Map
|
|
|
|
- `install.sh` installs/updates the whole package and restarts `LemanaVPN.app` only if it is already running.
|
|
- `bin/vpn-lemanapro.sh` is the runtime source for `vpn`, `vpn-auto`, `vpn-manual`, `vpn-debug`, `vpn-fix-dns`.
|
|
- `app/Sources/LemanaVPN/VPNManager.swift` shells out to `~/bin/vpn-lemanapro.sh --json`; app state must stay compatible with CLI JSON events.
|
|
- `templates/openconnect-lite-config.toml` holds Keycloak selectors and the VPN profile.
|
|
- `uninstall.sh` must stop the running menu-bar app when removing the app, not only delete the bundle.
|
|
|
|
## Live Connection Rules
|
|
|
|
Before any live connect, run:
|
|
|
|
```sh
|
|
vpn --status
|
|
vpn --status --json
|
|
```
|
|
|
|
Do not start another `vpn`, `vpn-auto`, `vpn-debug`, `vpn --manual`, or app connect if status says connected/connecting/reconnecting or if the previous connect attempt is still active. Inspect logs instead:
|
|
|
|
```sh
|
|
tail -f ~/Library/Logs/LemanaVPN-openconnect-lite.log
|
|
tail -f ~/Library/Logs/LemanaVPN.log
|
|
```
|
|
|
|
Use `vpn --manual` for SSO diagnosis before automatic mode. Use `vpn-lemanapro.sh --patch-only` when only runtime patches need to be applied.
|
|
|
|
## Update Commands
|
|
|
|
From a checkout:
|
|
|
|
```sh
|
|
sh install.sh
|
|
vpn --status
|
|
open ~/Applications/LemanaVPN.app
|
|
```
|
|
|
|
From the remote installer:
|
|
|
|
```sh
|
|
curl -fsSL https://git.dokops.ru/dokril/lemana-vpn/raw/branch/main/install.sh | sh
|
|
```
|
|
|
|
If Bitwarden is disabled or unavailable and Keychain credentials are missing:
|
|
|
|
```sh
|
|
vpn --configure-keychain
|
|
```
|
|
|
|
## Answer Format
|
|
|
|
Final answers must always include how to run, how to check, and how to update. Also state whether live VPN was tested or intentionally skipped because an existing connection should not be disturbed.
|
|
|
|
## Common Mistakes
|
|
|
|
- Starting a second VPN session instead of reading `vpn --status` and logs.
|
|
- Testing only the Swift app while breaking CLI JSON events.
|
|
- Calling a Bitwarden master password an LDAP password.
|
|
- Treating the current 6-digit TOTP code as the TOTP seed.
|
|
- Forgetting that the menu-bar app may still be running after app files are changed or removed.
|