PST VPN - Quick Reference Guide
================================

CONFIGURATION SUMMARY
---------------------
VPN Name: PST-NW-VPN
Server: 64.139.88.249
Type: L2TP/IPsec with Pre-Shared Key (UniFi)
Username: pst-admin
Password: 24Hearts$
PSK: rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7
Tunnel Mode: SPLIT-TUNNEL (only remote traffic uses VPN)
DNS: 192.168.0.2
Remote Network: 192.168.0.0/24 (auto-routed)


INSTALLATION
------------
Run as Administrator:
  cd D:\ClaudeTools
  .\Setup-PST-L2TP-VPN.ps1


CONNECTION METHODS
------------------
IMPORTANT: For all-user VPN connections, credentials must be provided!

Method 1: PowerShell Script (RECOMMENDED - includes DNS + route config)
  powershell -File D:\ClaudeTools\Connect-PST-VPN.ps1
  (This is what the scheduled task uses)

Method 2: Batch file shortcut (simple connection)
  Double-click: D:\ClaudeTools\vpn-connect.bat
  (DNS and route must be configured separately)

Method 3: Command line with credentials
  rasdial "PST-NW-VPN" pst-admin "24Hearts$"
  (DNS and route must be configured separately)

Method 4: Windows GUI
  Settings > Network & Internet > VPN > PST-NW-VPN > Connect
  Enter credentials when prompted
  (DNS and route must be configured separately)

Method 5: Automatic at startup
  Scheduled task connects automatically (uses Method 1)

IMPORTANT: DO NOT use "rasdial PST-NW-VPN" without credentials!
This will fail with error 691 because saved credentials don't work
for all-user connections accessed via rasdial.


DISCONNECTION
-------------
rasdial "PST-NW-VPN" /disconnect

Or use batch file:
D:\ClaudeTools\vpn-disconnect.bat


UNIFI L2TP ROUTE REQUIREMENT (IMPORTANT!)
------------------------------------------
UniFi L2TP VPN requires an explicit route to be added for the remote network.
Without this route, traffic won't flow through the VPN even when connected!

The Connect-PST-VPN.ps1 script automatically adds this route:
  Route: 192.168.0.0 mask 255.255.255.0 via VPN interface

If you connect manually with "rasdial", you MUST add the route manually:
  powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1

Or manually:
  route add 192.168.0.0 mask 255.255.255.0 0.0.0.0 if [VPN-INTERFACE-INDEX] metric 1


SPLIT-TUNNEL EXPLAINED
----------------------
With split-tunnel enabled:
- Only traffic to the remote network (192.168.0.x) goes through VPN
- Internet traffic goes directly through your local connection
- This improves performance for non-VPN traffic
- Reduces load on the VPN server

Without split-tunnel (full tunnel):
- ALL traffic would go through the VPN
- Including internet browsing, streaming, etc.
- Slower for general internet use


DNS CONFIGURATION
-----------------
DNS Server: 192.168.0.2

Why this matters:
- This DNS server can resolve hostnames on the remote network
- Example: "server.peacefulspirit.local" will resolve correctly
- Without this DNS, you'd need to use IP addresses

The Connect-PST-VPN.ps1 script automatically sets this DNS
when connecting through scheduled task or manual script execution.

Manual DNS configuration (if needed):
  $vpnAdapter = Get-NetAdapter | Where-Object {$_.InterfaceDescription -like "*L2TP*" -and $_.Status -eq "Up"}
  Set-DnsClientServerAddress -InterfaceIndex $vpnAdapter.InterfaceIndex -ServerAddresses "192.168.0.2"


VERIFICATION
------------
Check VPN status:
  rasdial

Check VPN connection details:
  Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection

Check DNS settings:
  Get-NetAdapter | Where-Object {$_.InterfaceDescription -like "*L2TP*"} | Get-DnsClientServerAddress

Check routing (split-tunnel verification):
  route print
  Look for routes to 192.168.0.0/24 through VPN interface
  Default route (0.0.0.0) should NOT be through VPN

Test DNS resolution:
  nslookup server.peacefulspirit.local 192.168.0.2


AUTO-CONNECT DETAILS
--------------------
Scheduled Task: PST-VPN-AutoConnect
Script Location: C:\Windows\System32\Connect-PST-VPN.ps1
Trigger: At system startup
User: SYSTEM (runs before login)
Delay: 30 seconds after startup

View task:
  Get-ScheduledTask -TaskName "PST-VPN-AutoConnect"

Disable auto-connect:
  Disable-ScheduledTask -TaskName "PST-VPN-AutoConnect"

Enable auto-connect:
  Enable-ScheduledTask -TaskName "PST-VPN-AutoConnect"

Remove auto-connect:
  Unregister-ScheduledTask -TaskName "PST-VPN-AutoConnect" -Confirm:$false


TROUBLESHOOTING
---------------
Connection fails:
  - Verify server is reachable: ping 64.139.88.249
  - Check Windows Firewall allows L2TP
  - Verify credentials are correct

VPN connects but can't reach remote network:
  - THIS IS THE MOST COMMON ISSUE with UniFi L2TP!
  - The route is missing - run: powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1
  - Or use Connect-PST-VPN.ps1 which adds route automatically
  - Verify route exists: route print | findstr 192.168.0.0
  - Test: ping 192.168.0.2 (should work if route is correct)

DNS not working:
  - Reconnect using Connect-PST-VPN.ps1 script
  - Manually set DNS (see DNS CONFIGURATION above)
  - Check DNS server is reachable: ping 192.168.0.2

Split-tunnel not working:
  - Verify: Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection
  - Check SplitTunneling property is True
  - Reconnect if changed

Internet slow after VPN connect:
  - This suggests full-tunnel mode (all traffic through VPN)
  - Verify split-tunnel: Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection
  - Should show: SplitTunneling: True
  - If False, run: Set-VpnConnection -Name "PST-NW-VPN" -SplitTunneling $true -AllUserConnection

Route verification:
  - Check routing table: route print | findstr 192.168.0.0
  - Should see entry for 192.168.0.0 with metric 1
  - Interface should be the L2TP adapter
  - If missing, run: powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1


MANAGEMENT COMMANDS
-------------------
View all VPN connections:
  Get-VpnConnection -AllUserConnection

Modify split-tunnel setting:
  Set-VpnConnection -Name "PST-NW-VPN" -SplitTunneling $true -AllUserConnection

Remove VPN connection:
  Remove-VpnConnection -Name "PST-NW-VPN" -AllUserConnection -Force

View IPsec configuration:
  Get-VpnConnectionIPsecConfiguration -ConnectionName "PST-NW-VPN"


FILES CREATED
-------------
D:\ClaudeTools\Setup-PST-L2TP-VPN.ps1 - Main setup script
D:\ClaudeTools\Connect-PST-VPN.ps1 - Connection helper (with DNS & route config)
D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1 - Manual route configuration helper
C:\Windows\System32\Connect-PST-VPN.ps1 - System copy of connection helper
D:\ClaudeTools\PST-VPN-Quick-Reference.txt - This file
