dokril/lemana-vpn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f2d4f8e04b319ed5da20144b7a2c784f74a8f7d5
lemana-vpn/.agents/skills/lemana-vpn-operations/SKILL.md

2.6 KiB
Raw Blame History

name, description
name description
lemana-vpn-operations Use when working in the lemana-vpn repo on install, uninstall, status, CLI aliases, menu-bar app behavior, live VPN connection handling, update instructions, or user-facing answers.

Lemana VPN Operations

Overview

This repo is a macOS VPN packaging layer around openconnect, openconnect-lite, Keychain/Bitwarden credential sync, runtime SSO patches, DNS cleanup, and a Swift menu-bar app. Treat live VPN state as real user state, not as a disposable test fixture.

System Map

  • install.sh installs/updates the whole package and restarts LemanaVPN.app only if it is already running.
  • bin/vpn-lemanapro.sh is the runtime source for vpn, vpn-auto, vpn-manual, vpn-manual-full, vpn-debug, vpn-fix-dns.
  • app/Sources/LemanaVPN/VPNManager.swift shells out to ~/bin/vpn-lemanapro.sh --json; app state must stay compatible with CLI JSON events.
  • templates/openconnect-lite-config.toml holds Keycloak selectors and the VPN profile.
  • uninstall.sh must stop the running menu-bar app when removing the app, not only delete the bundle.

Live Connection Rules

Before any live connect, run:

vpn --status
vpn --status --json

Do not start another vpn, vpn-auto, vpn-debug, vpn --manual, vpn --manual-full, or app connect if status says connected/connecting/reconnecting or if the previous connect attempt is still active. Inspect logs instead:

tail -f ~/Library/Logs/LemanaVPN-openconnect-lite.log
tail -f ~/Library/Logs/LemanaVPN.log

Use vpn --manual for SSO diagnosis before automatic mode. Use vpn-lemanapro.sh --patch-only when only runtime patches need to be applied.

Update Commands

From a checkout:

sh install.sh
vpn --status
open ~/Applications/LemanaVPN.app

From the remote installer:

curl -fsSL https://git.dokops.ru/dokril/lemana-vpn/raw/branch/main/install.sh | sh

If Bitwarden is disabled or unavailable and Keychain credentials are missing:

vpn --configure-keychain

Answer Format

Final answers must always include how to run, how to check, and how to update. Also state whether live VPN was tested or intentionally skipped because an existing connection should not be disturbed.

Common Mistakes

  • Starting a second VPN session instead of reading vpn --status and logs.
  • Testing only the Swift app while breaking CLI JSON events.
  • Calling a Bitwarden master password an LDAP password.
  • Treating the current 6-digit TOTP code as the TOTP seed.
  • Forgetting that the menu-bar app may still be running after app files are changed or removed.
Reference in New Issue View Git Blame Copy Permalink