azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Major directory reorganization and cleanup

Browse Source 
Reorganized project structure for better maintainability and reduced
disk usage by 95.9% (11 GB -> 451 MB).

Directory Reorganization (85% reduction in root files):
- Created docs/ with subdirectories (deployment, testing, database, etc.)
- Created infrastructure/vpn-configs/ for VPN scripts
- Moved 90+ files from root to organized locations
- Archived obsolete documentation (context system, offline mode, zombie debugging)
- Moved all test files to tests/ directory
- Root directory: 119 files -> 18 files

Disk Cleanup (10.55 GB recovered):
- Deleted Rust build artifacts: 9.6 GB (target/ directories)
- Deleted Python virtual environments: 161 MB (venv/ directories)
- Deleted Python cache: 50 KB (__pycache__/)

New Structure:
- docs/ - All documentation organized by category
- docs/archives/ - Obsolete but preserved documentation
- infrastructure/ - VPN configs and SSH setup
- tests/ - All test files consolidated
- logs/ - Ready for future logs

Benefits:
- Cleaner root directory (18 vs 119 files)
- Logical organization of documentation
- 95.9% disk space reduction
- Faster navigation and discovery
- Better portability (build artifacts excluded)

Build artifacts can be regenerated:
- Rust: cargo build --release (5-15 min per project)
- Python: pip install -r requirements.txt (2-3 min)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-01-18 20:42:28 -07:00
parent 89e5118306
commit 06f7617718
96 changed files with 54 additions and 2639 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
infrastructure/setup-ssh-keys.ps1 Normal file
View File

@@ -0,0 +1,107 @@
# Setup Passwordless SSH Access to RMM Server
# This script configures SSH key authentication for automated deployments
param(
[string]$Password
)
$ErrorActionPreference = "Stop"
$RMM_HOST = "guru@172.16.3.30"
$SSH_PUB_KEY = Get-Content "$env:USERPROFILE\.ssh\id_rsa.pub"
Write-Host "[INFO] Setting up passwordless SSH access to RMM server..." -ForegroundColor Cyan
Write-Host ""
# Step 1: Copy public key to RMM server
Write-Host "[1/4] Copying SSH public key to RMM server..." -ForegroundColor Yellow
# Create temp file with public key
$tempKeyFile = "$env:TEMP\claude_ssh_key.pub"
$SSH_PUB_KEY | Out-File -FilePath $tempKeyFile -Encoding ASCII -NoNewline
# Copy to RMM server /tmp
if ($Password) {
# Use password if provided
$env:PLINK_PASSWORD = $Password
echo y | pscp -pw $Password $tempKeyFile "${RMM_HOST}:/tmp/claude_key.pub" 2>&1 | Out-Null
} else {
# Interactive password prompt
echo y | pscp $tempKeyFile "${RMM_HOST}:/tmp/claude_key.pub"
}
if ($LASTEXITCODE -ne 0) {
Write-Host "[ERROR] Failed to copy SSH key to server" -ForegroundColor Red
exit 1
}
Write-Host "[OK] Public key copied to /tmp/claude_key.pub" -ForegroundColor Green
Write-Host ""
# Step 2: Create .ssh directory on RMM server
Write-Host "[2/4] Creating .ssh directory on RMM server..." -ForegroundColor Yellow
if ($Password) {
plink -batch -pw $Password $RMM_HOST "mkdir -p ~/.ssh && chmod 700 ~/.ssh" 2>&1 | Out-Null
} else {
plink $RMM_HOST "mkdir -p ~/.ssh && chmod 700 ~/.ssh"
}
if ($LASTEXITCODE -ne 0) {
Write-Host "[WARNING] .ssh directory may already exist" -ForegroundColor Yellow
}
Write-Host "[OK] .ssh directory ready" -ForegroundColor Green
Write-Host ""
# Step 3: Append public key to authorized_keys
Write-Host "[3/4] Adding public key to authorized_keys..." -ForegroundColor Yellow
$setupCommand = @"
cat /tmp/claude_key.pub >> ~/.ssh/authorized_keys && \
chmod 600 ~/.ssh/authorized_keys && \
rm /tmp/claude_key.pub && \
echo 'SSH key installed successfully'
"@
if ($Password) {
plink -batch -pw $Password $RMM_HOST $setupCommand
} else {
plink $RMM_HOST $setupCommand
}
if ($LASTEXITCODE -ne 0) {
Write-Host "[ERROR] Failed to configure authorized_keys" -ForegroundColor Red
exit 1
}
Write-Host "[OK] Public key added to authorized_keys" -ForegroundColor Green
Write-Host ""
# Step 4: Test passwordless access
Write-Host "[4/4] Testing passwordless SSH access..." -ForegroundColor Yellow
Start-Sleep -Seconds 2
$testResult = plink -batch $RMM_HOST "echo 'Passwordless SSH working!'" 2>&1
if ($LASTEXITCODE -eq 0) {
Write-Host "[SUCCESS] Passwordless SSH is configured!" -ForegroundColor Green
Write-Host ""
Write-Host "You can now use plink/pscp without passwords:" -ForegroundColor White
Write-Host " pscp file.txt ${RMM_HOST}:/tmp/" -ForegroundColor Gray
Write-Host " plink ${RMM_HOST} 'ls -l'" -ForegroundColor Gray
Write-Host ""
Write-Host "The deploy.ps1 script will now work without prompts." -ForegroundColor White
} else {
Write-Host "[ERROR] Passwordless SSH test failed" -ForegroundColor Red
Write-Host "Output: $testResult" -ForegroundColor Gray
exit 1
}
# Clean up
Remove-Item $tempKeyFile -ErrorAction SilentlyContinue
Write-Host ""
Write-Host "=" * 70 -ForegroundColor Green
Write-Host "SSH KEY AUTHENTICATION CONFIGURED" -ForegroundColor Green
Write-Host "=" * 70 -ForegroundColor Green

138
infrastructure/vpn-configs/Reference/PST-NW-VPN-Windows.ovpn Normal file
View File

@@ -0,0 +1,138 @@
client
dev tun
proto tcp
remote 64.139.88.249 1194
resolv-retry infinite
nobind
# Management interface required for auto-start connections
management 127.0.0.1 25340
# Windows-compatible: removed user/group (Linux only)
# user nobody
# group nogroup
persist-key
persist-tun
# Auto-login with credentials file
auth-user-pass PST-NW-VPN-auth.txt
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
auth SHA1
key-direction 1
reneg-sec 0
redirect-gateway def1
<ca>
-----BEGIN CERTIFICATE-----
MIIEfDCCA2SgAwIBAgIIb8aPsAP41VowDQYJKoZIhvcNAQELBQAwgYExCzAJBgNV
BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlvcmsxFjAU
BgNVBAoMDVViaXF1aXRpIEluYy4xGTAXBgNVBAsMEFVuaUZpX09wZW5WUE5fQ0Ex
GTAXBgNVBAMMEFVuaUZpX09wZW5WUE5fQ0EwHhcNMjYwMTE1MTUyNzA0WhcNNDEw
MTExMTUyNzA0WjCBgTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREw
DwYDVQQHDAhOZXcgWW9yazEWMBQGA1UECgwNVWJpcXVpdGkgSW5jLjEZMBcGA1UE
CwwQVW5pRmlfT3BlblZQTl9DQTEZMBcGA1UEAwwQVW5pRmlfT3BlblZQTl9DQTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOWAmCWSutfdvZmQDvN0Mcw9
/rTknqkR1Udsymk6EowuQXA0A6jsc3GytgTDTMqrK7MAaVCa5gZbTy3Fc+6XtNXu
AHAYfLRqC+t2OZEZCtM+m40iogzjAjo2ABXBklQQl+X1ub/1IA4I3f61+EBioHIR
8XM6rikVpjBhq7fh1IroKljvBkxhCb2AkvHE8xNGUP3KqxFhmUtyOHiZvsPCKbL8
UsoQwTSazTRRtS7DWoh/tZOXpU0kc5KRlYOnBkP/XqS80zCNf6OrvBvLfiRlD7WC
36DQ846FWAqVc/3Vyp9gjc+z7Mq9Iyh5y91vzUGSQympgLvlbtcF618gJfWHuakC
AwEAAaOB9TCB8jALBgNVHQ8EBAMCAQYwDAYDVR0TBAUwAwEB/zCBtQYDVR0jBIGt
MIGqgBSvpjxh48yMz4o7zIp3noJFpxV44qGBh6SBhDCBgTELMAkGA1UEBhMCVVMx
ETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEWMBQGA1UECgwN
VWJpcXVpdGkgSW5jLjEZMBcGA1UECwwQVW5pRmlfT3BlblZQTl9DQTEZMBcGA1UE
AwwQVW5pRmlfT3BlblZQTl9DQYIIb8aPsAP41VowHQYDVR0OBBYEFK+mPGHjzIzP
ijvMineegkWnFXjiMA0GCSqGSIb3DQEBCwUAA4IBAQCR99JaKoAv9qf1ctavAMGI
5DQ0IkUoksEaQlZqH+LTM3dOMl3p0EBdkY7Fd6RwWZYPtIXoYXXTnKgfpziTfhoc
NJIDGVaAIh9wU07V7U+g3uXPzT4wu9QvVptXaKWJJdjvLeEQbiADAcczBJMZD/3z
uGvOj9gue94reb5c4jLV2LSQrcUj5QmV+B125w1AbNo8/12usnGxbK8yq/kNdla5
RRlFGNVQ79rdYUkESQRCe4++7ViFkXEFcEEawc9HNPUvasBwbUzDmYjFafc27Y7u
MgX5JGvk/h8ToBsPdWmJiu68kD5EwFXpvFnIOtLUTtxT6ZL+IUzc/VFxKnEnRUlE
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
aa7cb0c33a8c6981dd2aef5061f18d61
0d1ea4b401d235266a2def46a4d2655e
870c868afccb79c229f94f3c13bd1062
e17520850578ccdb4871e57ca4492661
70174fe5311aaec6ab6a7c22c696838e
5e7f82905c4f9530995fa4b82340e466
06c0f1f6271b9b1ac518f3bac4fd96e6
422ca4938069b63ccfa0f25c5dcb96f5
6e3b010c83eb19dbe9bfe5a93d167dba
5a5c9700955288748887ae378b0280e2
a2478913c8664dbca0d5f0b027e86cd2
44b808d037f16eea5234a82729dc35ce
6507dee41391a4d07b999186a73a104b
ebea644043218d30cdfb4f887b6aa398
17a0f2b7fb28902d69ff429b1b8920f2
72e9bb37fb1f4e74a8109c7ccf0ab149
-----END OpenVPN Static key V1-----
</tls-auth>
<cert>
-----BEGIN CERTIFICATE-----
MIIEmDCCA4CgAwIBAgIIJ3DNoa1mKT0wDQYJKoZIhvcNAQELBQAwgYExCzAJBgNV
BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlvcmsxFjAU
BgNVBAoMDVViaXF1aXRpIEluYy4xGTAXBgNVBAsMEFVuaUZpX09wZW5WUE5fQ0Ex
GTAXBgNVBAMMEFVuaUZpX09wZW5WUE5fQ0EwHhcNMjYwMTE1MTUyNzA0WhcNMzEw
MTE0MTUyNzA0WjCBiTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREw
DwYDVQQHDAhOZXcgWW9yazEWMBQGA1UECgwNVWJpcXVpdGkgSW5jLjEdMBsGA1UE
CwwUVW5pRmlfT3BlblZQTl9DbGllbnQxHTAbBgNVBAMMFFVuaUZpX09wZW5WUE5f
Q2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYUY3w4UoJYK
09BKGFDelpGRfyq2veJKYs8VuVIWoYPvHB3fDZCi9ECz84MaJyAtt1Yf3fWUmsGt
+CWiiSNEiTkcOUJUYGcCqIHkJtAlf8NtnLHeAiJ8W5rq7HEqRl5j/caBbsHMXO71
KrldY6V3YcZfas1lb6eKva3Oh/FCm88n4DgY8oKfTyvI7R+sgJWCix63ukjj3N7z
tVixOxALpavenYzSBjp7hYfUUbZh7Afb0t/XwDhfNpnrYo7lHINSFZoFuAw1irtO
VhMCCANWXvCGwQvZCR7QGZrNw6KSe3QcTp9U6nICPIr8OPMbigSU2WquBO+gR8vN
gGOAPM0CqwIDAQABo4IBCDCCAQQwgbUGA1UdIwSBrTCBqoAUr6Y8YePMjM+KO8yK
d56CRacVeOKhgYekgYQwgYExCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9y
azERMA8GA1UEBwwITmV3IFlvcmsxFjAUBgNVBAoMDVViaXF1aXRpIEluYy4xGTAX
BgNVBAsMEFVuaUZpX09wZW5WUE5fQ0ExGTAXBgNVBAMMEFVuaUZpX09wZW5WUE5f
Q0GCCG/Gj7AD+NVaMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoG
CCsGAQUFBwMCMB0GA1UdDgQWBBTnDTURnXXSkaSoa/QCURaiXz4N9jANBgkqhkiG
9w0BAQsFAAOCAQEA3NEPl0zFDE993nsuunM3XYqF+GKJb+4FmlglfcEjneCV322J
j5AfQmN8Wib46rFsiPhoyoJ5uTc6zw9puNXGHzm/BcYlh/O+Cs83Z9BbAZZ3QWk1
nirb9ugU181BOu5a++t4mnmzsNLoQC+IUWhC8xyaVTnXuKb6xGizR+rmC1qSxhT0
25jP/NIBZfauvdmPe2r0q14NEsai+vDNFFvQ0hYm5b+NPrJs9GYwRXBLOCaEblIy
lFift9ylpCF8zrihMH/b1RHZPgM2ScImFCq0meDr1cWCBoEhCDRg0mSim1O91KdQ
LWUky4nIGKaFKk1CVyVbCM0KES6azGK1M64OlQ==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5hRjfDhSglgrT
0EoYUN6WkZF/Kra94kpizxW5Uhahg+8cHd8NkKL0QLPzgxonIC23Vh/d9ZSawa34
JaKJI0SJORw5QlRgZwKogeQm0CV/w22csd4CInxbmurscSpGXmP9xoFuwcxc7vUq
uV1jpXdhxl9qzWVvp4q9rc6H8UKbzyfgOBjygp9PK8jtH6yAlYKLHre6SOPc3vO1
WLE7EAulq96djNIGOnuFh9RRtmHsB9vS39fAOF82metijuUcg1IVmgW4DDWKu05W
EwIIA1Ze8IbBC9kJHtAZms3DopJ7dBxOn1TqcgI8ivw48xuKBJTZaq4E76BHy82A
Y4A8zQKrAgMBAAECggEAVSnhWfv3wiQ+wi965CCzncEjXpI4I4DvDt7rpRAm7WxI
Zsrbqzl7ZM8TDLVhWxathd0Wcekbl9NTTnfQXk3/V1MNPsfRPhPrp3lBSAQDQtxu
xCDuvmIgXlkGgRYOBxGrq0LmBfcXHo5fo4ZGdcjuvca35Kp3Z0MtMJfKGKPLJQSw
1DObhuTvzDyWn1hgLczOjM0WUZ/SVGFiqSCOAB6UYsipnRG8gWS/07XrPPcJSvwn
S0+RracCNfMWJolo83smuTstErkypFmU743naV2uIbNBYtXnG3tD8O2vTLm3HzjH
u6aAYCO837HhJT9LwzpXR9yUx3mV4jcy0xYZ0BwbyQKBgQC9yTVzwWbxv7PyM7b7
yf3+/+c1uDgnNWy4NtvIEVGvDxC7jxWuTS2HACznHMsBDpsKcJFFdT0x5NZz+gau
VUE8haIpZGhkaKOC9yz/uuioRt31p/pf3Do0snrnkNoZJVHao+SPn6z8y/aPKBqA
Bw09piph1o9sjyWlX/yhb/VVZwKBgQD6Pt0jkQmDbgYJoILPJAdzH9Vg4lVSWL0C
2AUozmrsp6ZKBcQXkhFTt9wN84G3lzy4rYM6BC2258dUKpSFze/f99DM/EX9ubD9
9yNrm+p2ajnNVX1jRyHcgVg+z1gcaGMN/Jpz0b3xA5H6C6kGF/qUDEWGejT2r7JX
c9Ov5286HQKBgQCbGLH8FVPBwL6X8rdZcauHFy6mchRBxqFAsmROTgkJHTC5dqdr
OFs6dmQ7wwYLqRn/IBs4PiVyfubbBLstATM8+KCbXxkI5ZKq1sEJhH/Z9YAy38H3
UQyoQCu8zl3OKveHzGRfE0jVlwG54DY35otllEQSjLvNJfbH/XeBnvNJhQKBgQDE
QOrjCssANRgtEqGj2+ivw8ZvHfG2C/vnsAyTzRaUFILYSJ9ZsOc/1dCRbGhN2CD5
4LIqnL5RVILBokcqjLBT4KDzMeGeM7P36IrxyKxfQ72jKCmW42FN8m6Hi8rZNJCC
lpl2vYYN7zPbequLKOEOnHUmGs9Qq8fcx+y7ZnCXjQKBgGVPn0xU9nLbRbko9Hbx
/BaWjd4ryA6DDd+MpXqyEotE/UwYECYHhAPjGRRlkMcPVUOQcpurEs4hH1Fgblmy
UJ8mGfmEErKM5Qm+l3kxY6OazKYSgnHhRfncFsF2iRkZkjyxkz2pGgAlNOh6Bhyg
SemRwTL0fxdUFksgE+kJo9DY
-----END PRIVATE KEY-----
</key>

206
infrastructure/vpn-configs/Reference/PST-VPN-Quick-Reference.txt Normal file
View File

@@ -0,0 +1,206 @@
PST VPN - Quick Reference Guide
================================
CONFIGURATION SUMMARY
---------------------
VPN Name: PST-NW-VPN
Server: 64.139.88.249
Type: L2TP/IPsec with Pre-Shared Key (UniFi)
Username: pst-admin
Password: 24Hearts$
PSK: rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7
Tunnel Mode: SPLIT-TUNNEL (only remote traffic uses VPN)
DNS: 192.168.0.2
Remote Network: 192.168.0.0/24 (auto-routed)
INSTALLATION
------------
Run as Administrator:
cd D:\ClaudeTools
.\Setup-PST-L2TP-VPN.ps1
CONNECTION METHODS
------------------
IMPORTANT: For all-user VPN connections, credentials must be provided!
Method 1: PowerShell Script (RECOMMENDED - includes DNS + route config)
powershell -File D:\ClaudeTools\Connect-PST-VPN.ps1
(This is what the scheduled task uses)
Method 2: Batch file shortcut (simple connection)
Double-click: D:\ClaudeTools\vpn-connect.bat
(DNS and route must be configured separately)
Method 3: Command line with credentials
rasdial "PST-NW-VPN" pst-admin "24Hearts$"
(DNS and route must be configured separately)
Method 4: Windows GUI
Settings > Network & Internet > VPN > PST-NW-VPN > Connect
Enter credentials when prompted
(DNS and route must be configured separately)
Method 5: Automatic at startup
Scheduled task connects automatically (uses Method 1)
IMPORTANT: DO NOT use "rasdial PST-NW-VPN" without credentials!
This will fail with error 691 because saved credentials don't work
for all-user connections accessed via rasdial.
DISCONNECTION
-------------
rasdial "PST-NW-VPN" /disconnect
Or use batch file:
D:\ClaudeTools\vpn-disconnect.bat
UNIFI L2TP ROUTE REQUIREMENT (IMPORTANT!)
------------------------------------------
UniFi L2TP VPN requires an explicit route to be added for the remote network.
Without this route, traffic won't flow through the VPN even when connected!
The Connect-PST-VPN.ps1 script automatically adds this route:
Route: 192.168.0.0 mask 255.255.255.0 via VPN interface
If you connect manually with "rasdial", you MUST add the route manually:
powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1
Or manually:
route add 192.168.0.0 mask 255.255.255.0 0.0.0.0 if [VPN-INTERFACE-INDEX] metric 1
SPLIT-TUNNEL EXPLAINED
----------------------
With split-tunnel enabled:
- Only traffic to the remote network (192.168.0.x) goes through VPN
- Internet traffic goes directly through your local connection
- This improves performance for non-VPN traffic
- Reduces load on the VPN server
Without split-tunnel (full tunnel):
- ALL traffic would go through the VPN
- Including internet browsing, streaming, etc.
- Slower for general internet use
DNS CONFIGURATION
-----------------
DNS Server: 192.168.0.2
Why this matters:
- This DNS server can resolve hostnames on the remote network
- Example: "server.peacefulspirit.local" will resolve correctly
- Without this DNS, you'd need to use IP addresses
The Connect-PST-VPN.ps1 script automatically sets this DNS
when connecting through scheduled task or manual script execution.
Manual DNS configuration (if needed):
$vpnAdapter = Get-NetAdapter | Where-Object {$_.InterfaceDescription -like "*L2TP*" -and $_.Status -eq "Up"}
Set-DnsClientServerAddress -InterfaceIndex $vpnAdapter.InterfaceIndex -ServerAddresses "192.168.0.2"
VERIFICATION
------------
Check VPN status:
rasdial
Check VPN connection details:
Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection
Check DNS settings:
Get-NetAdapter | Where-Object {$_.InterfaceDescription -like "*L2TP*"} | Get-DnsClientServerAddress
Check routing (split-tunnel verification):
route print
Look for routes to 192.168.0.0/24 through VPN interface
Default route (0.0.0.0) should NOT be through VPN
Test DNS resolution:
nslookup server.peacefulspirit.local 192.168.0.2
AUTO-CONNECT DETAILS
--------------------
Scheduled Task: PST-VPN-AutoConnect
Script Location: C:\Windows\System32\Connect-PST-VPN.ps1
Trigger: At system startup
User: SYSTEM (runs before login)
Delay: 30 seconds after startup
View task:
Get-ScheduledTask -TaskName "PST-VPN-AutoConnect"
Disable auto-connect:
Disable-ScheduledTask -TaskName "PST-VPN-AutoConnect"
Enable auto-connect:
Enable-ScheduledTask -TaskName "PST-VPN-AutoConnect"
Remove auto-connect:
Unregister-ScheduledTask -TaskName "PST-VPN-AutoConnect" -Confirm:$false
TROUBLESHOOTING
---------------
Connection fails:
- Verify server is reachable: ping 64.139.88.249
- Check Windows Firewall allows L2TP
- Verify credentials are correct
VPN connects but can't reach remote network:
- THIS IS THE MOST COMMON ISSUE with UniFi L2TP!
- The route is missing - run: powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1
- Or use Connect-PST-VPN.ps1 which adds route automatically
- Verify route exists: route print | findstr 192.168.0.0
- Test: ping 192.168.0.2 (should work if route is correct)
DNS not working:
- Reconnect using Connect-PST-VPN.ps1 script
- Manually set DNS (see DNS CONFIGURATION above)
- Check DNS server is reachable: ping 192.168.0.2
Split-tunnel not working:
- Verify: Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection
- Check SplitTunneling property is True
- Reconnect if changed
Internet slow after VPN connect:
- This suggests full-tunnel mode (all traffic through VPN)
- Verify split-tunnel: Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection
- Should show: SplitTunneling: True
- If False, run: Set-VpnConnection -Name "PST-NW-VPN" -SplitTunneling $true -AllUserConnection
Route verification:
- Check routing table: route print | findstr 192.168.0.0
- Should see entry for 192.168.0.0 with metric 1
- Interface should be the L2TP adapter
- If missing, run: powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1
MANAGEMENT COMMANDS
-------------------
View all VPN connections:
Get-VpnConnection -AllUserConnection
Modify split-tunnel setting:
Set-VpnConnection -Name "PST-NW-VPN" -SplitTunneling $true -AllUserConnection
Remove VPN connection:
Remove-VpnConnection -Name "PST-NW-VPN" -AllUserConnection -Force
View IPsec configuration:
Get-VpnConnectionIPsecConfiguration -ConnectionName "PST-NW-VPN"
FILES CREATED
-------------
D:\ClaudeTools\Setup-PST-L2TP-VPN.ps1 - Main setup script
D:\ClaudeTools\Connect-PST-VPN.ps1 - Connection helper (with DNS & route config)
D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1 - Manual route configuration helper
C:\Windows\System32\Connect-PST-VPN.ps1 - System copy of connection helper
D:\ClaudeTools\PST-VPN-Quick-Reference.txt - This file

121
infrastructure/vpn-configs/Setup/Install-PST-VPN.ps1 Normal file
View File

@@ -0,0 +1,121 @@
# PST VPN Installation Script
# Run this script as Administrator (Right-click > Run as Administrator)
Write-Host "Installing PST VPN Configuration..." -ForegroundColor Cyan
# Check if running as Administrator
$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if (-not $isAdmin) {
Write-Host "ERROR: This script must be run as Administrator!" -ForegroundColor Red
Write-Host "Right-click PowerShell and select 'Run as Administrator', then run this script again." -ForegroundColor Yellow
pause
exit 1
}
# Define paths
$sourceDir = "D:\ClaudeTools"
$destDir = "C:\Program Files\OpenVPN\config"
# Check if OpenVPN is installed
if (-not (Test-Path $destDir)) {
Write-Host "ERROR: OpenVPN does not appear to be installed!" -ForegroundColor Red
Write-Host "Expected directory not found: $destDir" -ForegroundColor Yellow
Write-Host "Please install OpenVPN GUI first from: https://openvpn.net/community-downloads/" -ForegroundColor Yellow
pause
exit 1
}
# Copy configuration files
Write-Host "`nCopying configuration files..." -ForegroundColor Yellow
try {
Copy-Item "$sourceDir\PST-NW-VPN-Windows.ovpn" -Destination $destDir -Force
Write-Host "[OK] Copied PST-NW-VPN-Windows.ovpn" -ForegroundColor Green
Copy-Item "$sourceDir\PST-NW-VPN-auth.txt" -Destination $destDir -Force
Write-Host "[OK] Copied PST-NW-VPN-auth.txt" -ForegroundColor Green
}
catch {
Write-Host "[ERROR] Failed to copy files: $_" -ForegroundColor Red
pause
exit 1
}
# Secure the credentials file
Write-Host "`nSecuring credentials file..." -ForegroundColor Yellow
$authFile = "$destDir\PST-NW-VPN-auth.txt"
try {
# Get current ACL
$acl = Get-Acl $authFile
# Disable inheritance and remove inherited permissions
$acl.SetAccessRuleProtection($true, $false)
# Remove all existing rules
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null }
# Add SYSTEM - Full Control
$systemRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
"SYSTEM", "FullControl", "Allow"
)
$acl.AddAccessRule($systemRule)
# Add Administrators - Full Control
$adminRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
"Administrators", "FullControl", "Allow"
)
$acl.AddAccessRule($adminRule)
# Apply the ACL
Set-Acl $authFile $acl
Write-Host "[OK] Credentials file secured (SYSTEM and Administrators only)" -ForegroundColor Green
}
catch {
Write-Host "[WARNING] Could not secure credentials file: $_" -ForegroundColor Yellow
Write-Host "Please manually secure this file via Properties > Security" -ForegroundColor Yellow
}
# Check for OpenVPN service
Write-Host "`nChecking OpenVPN Interactive Service..." -ForegroundColor Yellow
$service = Get-Service -Name "OpenVPNServiceInteractive" -ErrorAction SilentlyContinue
if ($service) {
Write-Host "[OK] OpenVPN Interactive Service found" -ForegroundColor Green
if ($service.StartType -ne "Automatic") {
Write-Host "Setting service to Automatic startup..." -ForegroundColor Yellow
Set-Service -Name "OpenVPNServiceInteractive" -StartupType Automatic
Write-Host "[OK] Service set to Automatic" -ForegroundColor Green
}
if ($service.Status -ne "Running") {
Write-Host "Starting OpenVPN Interactive Service..." -ForegroundColor Yellow
Start-Service -Name "OpenVPNServiceInteractive"
Write-Host "[OK] Service started" -ForegroundColor Green
}
}
else {
Write-Host "[WARNING] OpenVPN Interactive Service not found" -ForegroundColor Yellow
Write-Host "You may need to reinstall OpenVPN with service components" -ForegroundColor Yellow
}
# Summary
Write-Host "`n========================================" -ForegroundColor Cyan
Write-Host "Installation Complete!" -ForegroundColor Green
Write-Host "========================================" -ForegroundColor Cyan
Write-Host "`nConfiguration files installed to:" -ForegroundColor White
Write-Host " $destDir" -ForegroundColor Gray
Write-Host "`nNext steps:" -ForegroundColor White
Write-Host " 1. Open OpenVPN GUI (system tray)" -ForegroundColor Gray
Write-Host " 2. Right-click > Connect to 'PST-NW-VPN-Windows'" -ForegroundColor Gray
Write-Host " 3. Optionally configure 'Start on Boot' for auto-connect" -ForegroundColor Gray
Write-Host "`nConnection Details:" -ForegroundColor White
Write-Host " Server: 64.139.88.249:1194" -ForegroundColor Gray
Write-Host " Username: pst-admin (auto-login configured)" -ForegroundColor Gray
Write-Host "`n"
pause

178
infrastructure/vpn-configs/Setup/PST-L2TP-VPN-Manual-Setup.txt Normal file
View File

@@ -0,0 +1,178 @@
PST L2TP/IPsec VPN - Manual Setup Guide
========================================
Connection Details:
-------------------
VPN Name: PST-NW-VPN
Server: 64.139.88.249
Type: L2TP/IPsec with Pre-Shared Key
Username: pst-admin
Password: 24Hearts$
Pre-Shared Key (PSK): rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7
AUTOMATED SETUP (RECOMMENDED):
===============================
Run as Administrator in PowerShell:
cd D:\ClaudeTools
.\Setup-PST-L2TP-VPN.ps1
This will:
- Create the VPN connection (all users)
- Configure L2TP/IPsec with PSK
- Save credentials
- Set up auto-connect at startup
MANUAL SETUP:
==============
Method 1: Using PowerShell (Quick)
-----------------------------------
Run as Administrator:
# Create VPN connection
Add-VpnConnection -Name "PST-NW-VPN" -ServerAddress "64.139.88.249" -TunnelType L2tp -EncryptionLevel Required -AuthenticationMethod MSChapv2 -L2tpPsk "rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7" -AllUserConnection -RememberCredential -Force
# Connect and save credentials
rasdial "PST-NW-VPN" pst-admin 24Hearts$
# Disconnect
rasdial "PST-NW-VPN" /disconnect
Method 2: Using Windows GUI
----------------------------
1. Open Settings > Network & Internet > VPN
2. Click "Add VPN"
3. VPN provider: Windows (built-in)
4. Connection name: PST-NW-VPN
5. Server name or address: 64.139.88.249
6. VPN type: L2TP/IPsec with pre-shared key
7. Pre-shared key: rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7
8. Type of sign-in info: User name and password
9. User name: pst-admin
10. Password: 24Hearts$
11. Check "Remember my sign-in info"
12. Click Save
PRE-LOGIN AUTO-CONNECT SETUP:
==============================
Option 1: Task Scheduler (Recommended)
---------------------------------------
1. Open Task Scheduler (taskschd.msc)
2. Create Task (not Basic Task)
3. General tab:
- Name: PST-VPN-AutoConnect
- Run whether user is logged on or not
- Run with highest privileges
4. Triggers tab:
- New > At startup
- Delay task for: 30 seconds (optional)
5. Actions tab:
- Action: Start a program
- Program: C:\Windows\System32\rasdial.exe
- Arguments: "PST-NW-VPN" pst-admin 24Hearts$
6. Conditions tab:
- Uncheck "Start only if on AC power"
7. Settings tab:
- Check "Run task as soon as possible after scheduled start is missed"
8. Click OK
Option 2: Startup Script
-------------------------
Create: C:\Windows\System32\GroupPolicy\Machine\Scripts\Startup\connect-vpn.bat
Content:
@echo off
timeout /t 30 /nobreak
rasdial "PST-NW-VPN" pst-admin 24Hearts$
Then:
1. Run gpedit.msc
2. Computer Configuration > Windows Settings > Scripts > Startup
3. Add > Browse > Select connect-vpn.bat
4. OK
TESTING:
========
Test Connection:
rasdial "PST-NW-VPN"
Check Status:
rasdial
Disconnect:
rasdial "PST-NW-VPN" /disconnect
View Connection Details:
Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection
VERIFY PRE-LOGIN:
=================
1. Reboot the computer
2. At the login screen, press Ctrl+Alt+Del
3. Click the network icon (bottom right)
4. You should see "PST-NW-VPN" listed
5. It should show as "Connected" if auto-connect worked
TROUBLESHOOTING:
================
Connection fails:
- Check server address: ping 64.139.88.249
- Verify Windows Firewall allows L2TP (UDP 500, 1701, 4500)
- Try disabling "Require encryption" temporarily
Error 789 (L2TP connection attempt failed):
- Windows Firewall may be blocking
- Registry fix required for NAT-T
Registry Fix for NAT-T (if needed):
Run as Administrator:
reg add HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 2 /f
Then reboot.
Error 691 (Access denied):
- Check username/password
- Verify server allows L2TP connections
Can't see VPN at login screen:
- Ensure connection was created with -AllUserConnection flag
- Verify RasMan service is running: services.msc
- Check "Remote Access Connection Manager" is set to Automatic
REMOVING VPN:
=============
Remove VPN connection:
Remove-VpnConnection -Name "PST-NW-VPN" -AllUserConnection -Force
Remove auto-connect task:
Unregister-ScheduledTask -TaskName "PST-VPN-AutoConnect" -Confirm:$false
SECURITY NOTES:
===============
- Credentials are stored in Windows Credential Manager
- PSK is stored in the VPN connection settings
- For maximum security, use certificate-based auth instead of PSK
- The scheduled task contains password in plain text - secure task XML file permissions
ADVANTAGES OVER OPENVPN:
========================
- Built into Windows (no third-party software)
- Native pre-login support
- Simple configuration
- Managed through Windows settings
- Works with Windows RAS/RRAS services

150
infrastructure/vpn-configs/Setup/PST-VPN-Setup-Instructions.txt Normal file
View File

@@ -0,0 +1,150 @@
PEACEFULE SPIRIT VPN SETUP - Pre-Login Auto-Connect with OpenVPN GUI
========================================================================
Files Created:
--------------
1. PST-NW-VPN-Windows.ovpn (Modified config for Windows)
2. PST-NW-VPN-auth.txt (Credentials file)
INSTALLATION STEPS:
===================
Step 1: Install OpenVPN GUI (if not already installed)
-------------------------------------------------------
1. Download OpenVPN GUI from: https://openvpn.net/community-downloads/
2. Install using default settings
3. Install as Administrator to enable system service mode
Step 2: Copy Configuration Files to OpenVPN Config Directory
-------------------------------------------------------------
You need to copy both files to the OpenVPN config directory:
OPTION A - For System-Wide Service (Pre-Login):
Copy both files to: C:\Program Files\OpenVPN\config\
Commands (Run as Administrator in PowerShell):
Copy-Item "D:\ClaudeTools\PST-NW-VPN-Windows.ovpn" -Destination "C:\Program Files\OpenVPN\config\"
Copy-Item "D:\ClaudeTools\PST-NW-VPN-auth.txt" -Destination "C:\Program Files\OpenVPN\config\"
OPTION B - For User-Level Only (Not Pre-Login):
Copy both files to: C:\Users\YourUsername\OpenVPN\config\
Step 3: Verify File Permissions (IMPORTANT for Security)
---------------------------------------------------------
The credentials file should be protected:
1. Right-click PST-NW-VPN-auth.txt
2. Properties > Security tab
3. Click "Advanced"
4. Remove "Users" group (leave only SYSTEM and Administrators)
5. Apply changes
Step 4: Configure OpenVPN Interactive Service (for Pre-Login)
--------------------------------------------------------------
1. Press Win+R, type: services.msc
2. Find "OpenVPNServiceInteractive" or "OpenVPN Interactive Service"
3. Right-click > Properties
4. Set "Startup type" to: Automatic
5. Click "Start" to start the service now
6. Click "OK"
Step 5: Connect to VPN
----------------------
OPTION A - Using OpenVPN GUI (User Interface):
1. Right-click OpenVPN GUI icon in system tray
2. Select "PST-NW-VPN-Windows" > Connect
3. Connection should auto-authenticate with saved credentials
OPTION B - Using Command Line (for testing):
Run as Administrator:
cd "C:\Program Files\OpenVPN\bin"
openvpn-gui --connect PST-NW-VPN-Windows.ovpn
Step 6: Configure Auto-Connect on Startup (Optional)
-----------------------------------------------------
To automatically connect when Windows starts:
1. Right-click OpenVPN GUI icon in system tray
2. Settings > Advanced
3. Check "Launch on Windows startup"
4. Check "Silent connection (always)"
5. In the main window, right-click the connection
6. Select "Start on Boot"
Alternative: Using Windows Task Scheduler for Pre-Login Auto-Connect
---------------------------------------------------------------------
1. Open Task Scheduler (taskschd.msc)
2. Create Task (not Basic Task)
3. General tab:
- Name: "PST VPN Auto-Connect"
- Select "Run whether user is logged on or not"
- Check "Run with highest privileges"
4. Triggers tab:
- New > At startup
5. Actions tab:
- Program: C:\Program Files\OpenVPN\bin\openvpn.exe
- Arguments: --config "C:\Program Files\OpenVPN\config\PST-NW-VPN-Windows.ovpn"
- Start in: C:\Program Files\OpenVPN\bin
6. Conditions tab:
- Uncheck "Start the task only if the computer is on AC power"
7. Click OK and enter administrator credentials
VERIFICATION:
=============
1. Check connection status in OpenVPN GUI
2. Visit https://whatismyipaddress.com/ to verify your IP changed
3. Expected IP: 64.139.88.249 (the VPN server)
TROUBLESHOOTING:
================
Connection fails:
- Check Windows Firewall allows OpenVPN
- Verify credentials in PST-NW-VPN-auth.txt are correct
- Check logs: C:\Program Files\OpenVPN\log\
Service won't start:
- Run as Administrator
- Check Event Viewer for OpenVPN errors
- Verify TAP adapter is installed (should be installed with OpenVPN)
Credential issues:
- Ensure auth file has exactly 2 lines: username on line 1, password on line 2
- No extra spaces or blank lines
- File must be in same directory as .ovpn file
KEY CHANGES MADE FROM ORIGINAL CONFIG:
=======================================
1. Removed Linux-specific lines:
- user nobody
- group nogroup
(These cause errors on Windows)
2. Added credentials file reference:
- auth-user-pass PST-NW-VPN-auth.txt
(Enables auto-login)
3. Renamed config file to indicate Windows compatibility
SECURITY NOTES:
===============
- The PST-NW-VPN-auth.txt file contains your password in plain text
- Ensure file permissions restrict access to Administrators only
- Do not share this file or commit to version control
- Consider using Windows Credential Manager for additional security
CONNECTION DETAILS:
===================
VPN Server: 64.139.88.249:1194
Protocol: TCP
Username: pst-admin
Encryption: AES-256-CBC with SHA1 auth
Gateway: Full tunnel (all traffic routed through VPN)
SUPPORT:
========
If you encounter issues, check:
1. OpenVPN logs in system tray menu
2. Windows Event Viewer > Application logs
3. Verify network connectivity to 64.139.88.249:1194

233
infrastructure/vpn-configs/Setup/Setup-PST-L2TP-VPN.ps1 Normal file
View File

@@ -0,0 +1,233 @@
# PST L2TP/IPsec VPN Setup Script
# Run as Administrator
Write-Host "========================================" -ForegroundColor Cyan
Write-Host "PST L2TP/IPsec VPN Setup" -ForegroundColor Cyan
Write-Host "========================================" -ForegroundColor Cyan
# Check if running as Administrator
$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if (-not $isAdmin) {
Write-Host "`n[ERROR] This script must be run as Administrator!" -ForegroundColor Red
Write-Host "Right-click PowerShell and select 'Run as Administrator'" -ForegroundColor Yellow
pause
exit 1
}
# VPN Configuration
$vpnName = "PST-NW-VPN"
$serverAddress = "64.139.88.249"
$psk = "rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7"
$username = "pst-admin"
$password = "24Hearts$"
Write-Host "`nStep 1: Creating VPN Connection..." -ForegroundColor Yellow
# Remove existing VPN connection if it exists
$existing = Get-VpnConnection -Name $vpnName -AllUserConnection -ErrorAction SilentlyContinue
if ($existing) {
Write-Host "Removing existing VPN connection..." -ForegroundColor Gray
Remove-VpnConnection -Name $vpnName -AllUserConnection -Force
}
# Create new L2TP/IPsec VPN connection (All Users - for pre-login)
try {
Add-VpnConnection `
-Name $vpnName `
-ServerAddress $serverAddress `
-TunnelType L2tp `
-EncryptionLevel Required `
-AuthenticationMethod MSChapv2 `
-L2tpPsk $psk `
-AllUserConnection `
-RememberCredential `
-PassThru `
-Force
Write-Host "[OK] VPN connection created" -ForegroundColor Green
}
catch {
Write-Host "[ERROR] Failed to create VPN connection: $_" -ForegroundColor Red
pause
exit 1
}
Write-Host "`nStep 2: Configuring Split-Tunnel and DNS..." -ForegroundColor Yellow
# Configure split-tunnel (don't route all traffic through VPN)
try {
Set-VpnConnection -Name $vpnName -SplitTunneling $true -AllUserConnection
Write-Host "[OK] Split-tunneling enabled (only remote network traffic uses VPN)" -ForegroundColor Green
}
catch {
Write-Host "[WARNING] Could not enable split-tunneling: $_" -ForegroundColor Yellow
}
# Set DNS server for VPN connection
try {
# Get the VPN interface (will be available after first connection)
# We'll set this after the test connection
Write-Host "[INFO] DNS will be configured after first connection" -ForegroundColor Gray
}
catch {
Write-Host "[WARNING] Could not configure DNS: $_" -ForegroundColor Yellow
}
Write-Host "`nStep 3: Configuring IPsec Settings..." -ForegroundColor Yellow
# Set VPN connection to use pre-shared key
try {
Set-VpnConnectionIPsecConfiguration `
-ConnectionName $vpnName `
-AuthenticationTransformConstants SHA256128 `
-CipherTransformConstants AES128 `
-EncryptionMethod AES128 `
-IntegrityCheckMethod SHA256 `
-DHGroup Group14 `
-PfsGroup None `
-Force
Write-Host "[OK] IPsec settings configured" -ForegroundColor Green
}
catch {
Write-Host "[WARNING] Could not set advanced IPsec settings: $_" -ForegroundColor Yellow
Write-Host "Using default IPsec configuration" -ForegroundColor Gray
}
Write-Host "`nStep 4: Saving VPN Credentials..." -ForegroundColor Yellow
# Create secure credential
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
# Save credentials using rasdial (works for pre-login)
try {
# Use rasdial to save credentials in the system
$rasDialCmd = "rasdial `"$vpnName`" $username $password"
# Connect once to save credentials, then disconnect
Write-Host "Testing connection and saving credentials..." -ForegroundColor Gray
$result = cmd /c "rasdial `"$vpnName`" $username $password" 2>&1
if ($LASTEXITCODE -eq 0) {
Write-Host "[OK] Connection successful - credentials saved" -ForegroundColor Green
# Configure DNS for VPN interface
Start-Sleep -Seconds 3
Write-Host "Configuring DNS server (192.168.0.2)..." -ForegroundColor Gray
try {
# Get the VPN interface
$vpnInterface = Get-NetAdapter | Where-Object { $_.InterfaceDescription -like "*WAN Miniport (L2TP)*" -and $_.Status -eq "Up" }
if ($vpnInterface) {
Set-DnsClientServerAddress -InterfaceIndex $vpnInterface.InterfaceIndex -ServerAddresses "192.168.0.2"
Write-Host "[OK] DNS set to 192.168.0.2" -ForegroundColor Green
}
else {
Write-Host "[WARNING] Could not find active VPN interface for DNS config" -ForegroundColor Yellow
}
}
catch {
Write-Host "[WARNING] Could not set DNS: $_" -ForegroundColor Yellow
}
# Disconnect
Start-Sleep -Seconds 2
rasdial $vpnName /disconnect | Out-Null
Write-Host "[OK] Disconnected" -ForegroundColor Green
}
else {
Write-Host "[WARNING] Connection test failed, but credentials may be saved" -ForegroundColor Yellow
Write-Host "Error: $result" -ForegroundColor Gray
}
}
catch {
Write-Host "[WARNING] Could not test connection: $_" -ForegroundColor Yellow
}
Write-Host "`nStep 5: Configuring Auto-Connect (Optional)..." -ForegroundColor Yellow
Write-Host "Creating Task Scheduler job for auto-connect at startup..." -ForegroundColor Gray
# Create a scheduled task to connect at startup (before login)
$taskName = "PST-VPN-AutoConnect"
# Remove existing task if present
Unregister-ScheduledTask -TaskName $taskName -Confirm:$false -ErrorAction SilentlyContinue
# Copy the connection script to a system location
$scriptSource = "D:\ClaudeTools\Connect-PST-VPN.ps1"
$scriptDest = "C:\Windows\System32\Connect-PST-VPN.ps1"
if (Test-Path $scriptSource) {
Copy-Item $scriptSource -Destination $scriptDest -Force
Write-Host "[OK] Connection script copied to system directory" -ForegroundColor Green
}
# Create task action to run PowerShell script
$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-ExecutionPolicy Bypass -WindowStyle Hidden -File `"$scriptDest`""
# Create task trigger (at startup)
$trigger = New-ScheduledTaskTrigger -AtStartup
# Create task principal (run as SYSTEM for pre-login)
$principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount -RunLevel Highest
# Create task settings
$settings = New-ScheduledTaskSettingsSet `
-AllowStartIfOnBatteries `
-DontStopIfGoingOnBatteries `
-StartWhenAvailable `
-RestartCount 3 `
-RestartInterval (New-TimeSpan -Minutes 1)
# Register the task
try {
Register-ScheduledTask `
-TaskName $taskName `
-Action $action `
-Trigger $trigger `
-Principal $principal `
-Settings $settings `
-Description "Auto-connect to PST VPN at system startup" | Out-Null
Write-Host "[OK] Auto-connect scheduled task created" -ForegroundColor Green
}
catch {
Write-Host "[WARNING] Could not create scheduled task: $_" -ForegroundColor Yellow
}
# Summary
Write-Host "`n========================================" -ForegroundColor Cyan
Write-Host "Setup Complete!" -ForegroundColor Green
Write-Host "========================================" -ForegroundColor Cyan
Write-Host "`nVPN Configuration:" -ForegroundColor White
Write-Host " Name: $vpnName" -ForegroundColor Gray
Write-Host " Server: $serverAddress" -ForegroundColor Gray
Write-Host " Type: L2TP/IPsec with Pre-Shared Key" -ForegroundColor Gray
Write-Host " Username: $username" -ForegroundColor Gray
Write-Host " Tunnel Mode: Split-Tunnel (only remote traffic uses VPN)" -ForegroundColor Gray
Write-Host " DNS Server: 192.168.0.2" -ForegroundColor Gray
Write-Host " Auto-connect: Enabled (scheduled task)" -ForegroundColor Gray
Write-Host "`nConnection Methods:" -ForegroundColor White
Write-Host " 1. Windows Settings > Network > VPN > '$vpnName' > Connect" -ForegroundColor Gray
Write-Host " 2. Command line: powershell -File C:\Windows\System32\Connect-PST-VPN.ps1" -ForegroundColor Gray
Write-Host " 3. Simple: rasdial `"$vpnName`" (DNS must be set manually)" -ForegroundColor Gray
Write-Host " 4. Automatic at startup (via scheduled task with DNS config)" -ForegroundColor Gray
Write-Host "`nPre-Login Connection:" -ForegroundColor White
Write-Host " - This VPN is available to all users" -ForegroundColor Gray
Write-Host " - Will auto-connect at system startup" -ForegroundColor Gray
Write-Host " - Credentials are saved system-wide" -ForegroundColor Gray
Write-Host "`nManagement:" -ForegroundColor White
Write-Host " - View connection: Get-VpnConnection -Name '$vpnName' -AllUserConnection" -ForegroundColor Gray
Write-Host " - Connect manually: rasdial '$vpnName'" -ForegroundColor Gray
Write-Host " - Disconnect: rasdial '$vpnName' /disconnect" -ForegroundColor Gray
Write-Host " - Remove VPN: Remove-VpnConnection -Name '$vpnName' -AllUserConnection" -ForegroundColor Gray
Write-Host " - Remove auto-connect: Unregister-ScheduledTask -TaskName '$taskName'" -ForegroundColor Gray
Write-Host "`n"
pause

55
infrastructure/vpn-configs/Troubleshooting/Add-PST-VPN-Route-Manual.ps1 Normal file
View File

@@ -0,0 +1,55 @@
# Manual route configuration for PST VPN
# Run this if auto-route setup fails or after manual rasdial connection
$remoteNetwork = "192.168.0.0"
$subnetMask = "255.255.255.0"
Write-Host "Finding VPN interface..." -ForegroundColor Cyan
# Find the L2TP VPN interface (appears as PPP adapter)
$vpnInterface = Get-NetAdapter | Where-Object {
($_.InterfaceAlias -eq "PST-NW-VPN" -or
$_.InterfaceDescription -eq "PST-NW-VPN" -or
$_.InterfaceDescription -like "*PPP*") -and
$_.Status -eq "Up"
} | Select-Object -First 1
if (-not $vpnInterface) {
Write-Host "[ERROR] VPN interface not found!" -ForegroundColor Red
Write-Host "Make sure you're connected to the VPN first:" -ForegroundColor Yellow
Write-Host ' rasdial "PST-NW-VPN"' -ForegroundColor Gray
exit 1
}
Write-Host "[OK] Found VPN interface: $($vpnInterface.InterfaceAlias) (Index: $($vpnInterface.InterfaceIndex))" -ForegroundColor Green
# Remove existing route (if any)
Write-Host "Removing old route (if exists)..." -ForegroundColor Cyan
route delete $remoteNetwork 2>$null | Out-Null
# Add new route
Write-Host "Adding route: $remoteNetwork mask $subnetMask" -ForegroundColor Cyan
$routeCmd = "route add $remoteNetwork mask $subnetMask 0.0.0.0 if $($vpnInterface.InterfaceIndex) metric 1"
cmd /c $routeCmd
if ($LASTEXITCODE -eq 0) {
Write-Host "[OK] Route added successfully!" -ForegroundColor Green
# Show the route
Write-Host "`nRoute details:" -ForegroundColor Cyan
route print | Select-String $remoteNetwork
# Test connectivity
Write-Host "`nTesting connectivity to remote network..." -ForegroundColor Cyan
Write-Host "Pinging 192.168.0.2..." -ForegroundColor Gray
ping 192.168.0.2 -n 2
}
else {
Write-Host "[ERROR] Failed to add route!" -ForegroundColor Red
Write-Host "Try running as Administrator" -ForegroundColor Yellow
}
Write-Host "`nTo make this route persistent across reboots:" -ForegroundColor Yellow
Write-Host " route add $remoteNetwork mask $subnetMask 0.0.0.0 if $($vpnInterface.InterfaceIndex) metric 1 -p" -ForegroundColor Gray
Write-Host "`nNote: For VPN connections, auto-route on connect is better than persistent routes." -ForegroundColor Gray

134
infrastructure/vpn-configs/Troubleshooting/Fix-PST-VPN-Auth.ps1 Normal file
View File

@@ -0,0 +1,134 @@
# Troubleshoot and fix PST VPN authentication
# Run as Administrator
Write-Host "PST VPN Authentication Troubleshooter" -ForegroundColor Cyan
Write-Host "======================================`n" -ForegroundColor Cyan
$vpnName = "PST-NW-VPN"
# Check if running as admin
$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if (-not $isAdmin) {
Write-Host "[ERROR] Must run as Administrator!" -ForegroundColor Red
pause
exit 1
}
# Get current VPN settings
Write-Host "Current VPN Configuration:" -ForegroundColor Yellow
$vpn = Get-VpnConnection -Name $vpnName -AllUserConnection -ErrorAction SilentlyContinue
if (-not $vpn) {
Write-Host "[ERROR] VPN connection '$vpnName' not found!" -ForegroundColor Red
Write-Host "Run Setup-PST-L2TP-VPN.ps1 first" -ForegroundColor Yellow
pause
exit 1
}
Write-Host " Server: $($vpn.ServerAddress)" -ForegroundColor Gray
Write-Host " Tunnel Type: $($vpn.TunnelType)" -ForegroundColor Gray
Write-Host " Auth Method: $($vpn.AuthenticationMethod -join ', ')" -ForegroundColor Gray
Write-Host " Encryption: $($vpn.EncryptionLevel)" -ForegroundColor Gray
Write-Host " Split Tunnel: $($vpn.SplitTunneling)" -ForegroundColor Gray
# Check authentication settings
Write-Host "`nChecking authentication settings..." -ForegroundColor Yellow
# For UniFi, we need to ensure proper authentication
Write-Host "Configuring authentication for UniFi L2TP..." -ForegroundColor Cyan
try {
# Remove and recreate with correct settings
Write-Host "Reconfiguring VPN with UniFi-compatible settings..." -ForegroundColor Gray
Remove-VpnConnection -Name $vpnName -AllUserConnection -Force -ErrorAction SilentlyContinue
# Create with PAP or CHAP (UniFi may require these instead of MSChapv2)
Add-VpnConnection `
-Name $vpnName `
-ServerAddress "64.139.88.249" `
-TunnelType L2tp `
-EncryptionLevel Optional `
-AuthenticationMethod Chap,MSChapv2 `
-L2tpPsk "rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7" `
-AllUserConnection `
-RememberCredential `
-SplitTunneling $true `
-Force
Write-Host "[OK] VPN recreated with CHAP + MSChapv2 authentication" -ForegroundColor Green
# Configure IPsec
Set-VpnConnectionIPsecConfiguration `
-ConnectionName $vpnName `
-AuthenticationTransformConstants SHA256128 `
-CipherTransformConstants AES128 `
-EncryptionMethod AES128 `
-IntegrityCheckMethod SHA256 `
-DHGroup Group14 `
-PfsGroup None `
-Force `
-ErrorAction SilentlyContinue
Write-Host "[OK] IPsec configuration updated" -ForegroundColor Green
}
catch {
Write-Host "[WARNING] Configuration update had issues: $_" -ForegroundColor Yellow
}
# Test connection
Write-Host "`nTesting connection..." -ForegroundColor Yellow
Write-Host "Username: pst-admin" -ForegroundColor Gray
Write-Host "Attempting to connect..." -ForegroundColor Gray
$result = cmd /c 'rasdial "PST-NW-VPN" pst-admin "24Hearts$"' 2>&1
if ($LASTEXITCODE -eq 0) {
Write-Host "`n[SUCCESS] Connection successful!" -ForegroundColor Green
Start-Sleep -Seconds 2
# Show connection status
rasdial
# Disconnect
Write-Host "`nDisconnecting..." -ForegroundColor Gray
rasdial "PST-NW-VPN" /disconnect | Out-Null
}
else {
Write-Host "`n[FAILED] Connection still failing" -ForegroundColor Red
Write-Host "Error: $result" -ForegroundColor Gray
Write-Host "`n=== TROUBLESHOOTING STEPS ===" -ForegroundColor Yellow
Write-Host ""
Write-Host "1. Verify credentials on UniFi server:" -ForegroundColor White
Write-Host " - Login to UniFi controller" -ForegroundColor Gray
Write-Host " - Settings > VPN > L2TP Remote Access VPN" -ForegroundColor Gray
Write-Host " - Check that user 'pst-admin' exists with correct password" -ForegroundColor Gray
Write-Host ""
Write-Host "2. Check UniFi VPN server settings:" -ForegroundColor White
Write-Host " - Ensure L2TP VPN is enabled" -ForegroundColor Gray
Write-Host " - Verify pre-shared key matches: rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7" -ForegroundColor Gray
Write-Host " - Check authentication methods allowed (CHAP/MSChapv2)" -ForegroundColor Gray
Write-Host ""
Write-Host "3. Verify network connectivity:" -ForegroundColor White
Write-Host " - Can you reach the server? Run: ping 64.139.88.249" -ForegroundColor Gray
Write-Host " - Check if ports are open: UDP 500, 1701, 4500" -ForegroundColor Gray
Write-Host ""
Write-Host "4. Try alternative authentication:" -ForegroundColor White
Write-Host " - The server may require PAP authentication" -ForegroundColor Gray
Write-Host " - Try enabling PAP in Windows (see below)" -ForegroundColor Gray
Write-Host ""
Write-Host "5. Registry fix for PAP (if needed):" -ForegroundColor White
Write-Host " Run: rasphone -d `"PST-NW-VPN`"" -ForegroundColor Gray
Write-Host " Security tab > Advanced > Check 'Allow these protocols:'" -ForegroundColor Gray
Write-Host " Enable: 'Unencrypted password (PAP)' and 'Challenge Handshake (CHAP)'" -ForegroundColor Gray
Write-Host ""
Write-Host "6. Common UniFi L2TP issues:" -ForegroundColor White
Write-Host " - Username might need @domain suffix (e.g., pst-admin@peacefulspirit)" -ForegroundColor Gray
Write-Host " - Check if user account is enabled on UniFi" -ForegroundColor Gray
Write-Host " - Verify RADIUS server is not required" -ForegroundColor Gray
}
Write-Host ""
pause

140
infrastructure/vpn-configs/Utilities/Connect-PST-VPN-Standalone.ps1 Normal file
View File

@@ -0,0 +1,140 @@
# Standalone VPN connection script - copy this to any machine
# No dependencies, includes everything needed
$vpnName = "PST-NW-VPN"
$username = "pst-admin"
$password = "24Hearts$"
$dnsServer = "192.168.0.2"
$remoteNetwork = "192.168.0.0"
$subnetMask = "255.255.255.0"
Write-Host "=== PST VPN Connection ===" -ForegroundColor Cyan
# Connect to VPN
Write-Host "`n[1/3] Connecting to $vpnName..." -ForegroundColor Yellow
$result = cmd /c "rasdial `"$vpnName`" $username $password" 2>&1
if ($LASTEXITCODE -ne 0 -and $result -notlike "*Already connected*") {
Write-Host "[ERROR] Connection failed: $result" -ForegroundColor Red
exit 1
}
Write-Host "[OK] Connected to VPN" -ForegroundColor Green
# Wait for interface to be ready
Start-Sleep -Seconds 5
# Find VPN interface
Write-Host "`n[2/3] Configuring DNS and routes..." -ForegroundColor Yellow
# Show all active interfaces for debugging
Write-Host "Active network interfaces:" -ForegroundColor Gray
Get-NetAdapter | Where-Object { $_.Status -eq "Up" } | ForEach-Object {
Write-Host " - $($_.Name): $($_.InterfaceDescription)" -ForegroundColor DarkGray
}
# Try to find VPN interface - L2TP creates a PPP adapter with the connection name
$vpnInterface = $null
# Method 1: Look for exact match on connection name (most reliable)
$vpnInterface = Get-NetAdapter | Where-Object {
($_.InterfaceAlias -eq $vpnName -or
$_.InterfaceDescription -eq $vpnName -or
$_.Name -eq $vpnName) -and
$_.Status -eq "Up"
} | Select-Object -First 1
if ($vpnInterface) {
Write-Host "Found VPN interface by connection name" -ForegroundColor Gray
}
# Method 2: Look for PPP adapter (L2TP uses PPP)
if (-not $vpnInterface) {
Write-Host "Trying PPP adapter pattern..." -ForegroundColor Gray
$vpnInterface = Get-NetAdapter | Where-Object {
$_.InterfaceDescription -like "*PPP*" -and $_.Status -eq "Up"
} | Select-Object -First 1
}
# Method 3: Look for WAN Miniport (fallback)
if (-not $vpnInterface) {
Write-Host "Trying WAN Miniport pattern..." -ForegroundColor Gray
$vpnInterface = Get-NetAdapter | Where-Object {
$_.InterfaceDescription -like "*WAN*" -and $_.Status -eq "Up"
} | Select-Object -First 1
}
if ($vpnInterface) {
Write-Host "Using interface: $($vpnInterface.Name) (Index: $($vpnInterface.InterfaceIndex))" -ForegroundColor Green
Write-Host " Description: $($vpnInterface.InterfaceDescription)" -ForegroundColor Gray
# Set DNS
try {
Set-DnsClientServerAddress -InterfaceIndex $vpnInterface.InterfaceIndex -ServerAddresses $dnsServer -ErrorAction Stop
Write-Host "[OK] DNS set to $dnsServer" -ForegroundColor Green
}
catch {
Write-Host "[WARNING] Could not set DNS: $_" -ForegroundColor Yellow
}
# Add route
try {
Write-Host "Adding route for $remoteNetwork..." -ForegroundColor Gray
# Delete existing route
cmd /c "route delete $remoteNetwork" 2>&1 | Out-Null
# Add new route
$routeResult = cmd /c "route add $remoteNetwork mask $subnetMask 0.0.0.0 if $($vpnInterface.InterfaceIndex) metric 1" 2>&1
if ($LASTEXITCODE -eq 0) {
Write-Host "[OK] Route added for $remoteNetwork/24" -ForegroundColor Green
}
else {
Write-Host "[WARNING] Route add returned: $routeResult" -ForegroundColor Yellow
}
}
catch {
Write-Host "[WARNING] Could not add route: $_" -ForegroundColor Yellow
}
}
else {
Write-Host "[WARNING] Could not identify VPN interface!" -ForegroundColor Yellow
Write-Host "You may need to manually configure DNS and routes" -ForegroundColor Yellow
}
# Verify connection
Write-Host "`n[3/3] Verification..." -ForegroundColor Yellow
# Check rasdial status
$connectionStatus = rasdial
Write-Host "Connection status:" -ForegroundColor Gray
Write-Host $connectionStatus -ForegroundColor DarkGray
# Check route
$routeCheck = route print | Select-String $remoteNetwork
if ($routeCheck) {
Write-Host "[OK] Route to $remoteNetwork exists" -ForegroundColor Green
}
else {
Write-Host "[WARNING] Route to $remoteNetwork not found in routing table" -ForegroundColor Yellow
}
# Test connectivity
Write-Host "`nTesting connectivity to $dnsServer..." -ForegroundColor Gray
$pingResult = Test-Connection -ComputerName $dnsServer -Count 2 -Quiet
if ($pingResult) {
Write-Host "[OK] Remote network is reachable!" -ForegroundColor Green
}
else {
Write-Host "[WARNING] Cannot ping $dnsServer" -ForegroundColor Yellow
Write-Host "This might be normal if ICMP is blocked" -ForegroundColor Gray
}
Write-Host "`n=== Connection Summary ===" -ForegroundColor Cyan
Write-Host "VPN: Connected" -ForegroundColor Green
Write-Host "DNS: Configured (if interface was found)" -ForegroundColor $(if ($vpnInterface) { "Green" } else { "Yellow" })
Write-Host "Route: Configured (if interface was found)" -ForegroundColor $(if ($vpnInterface) { "Green" } else { "Yellow" })
Write-Host "`nTo disconnect: rasdial `"$vpnName`" /disconnect" -ForegroundColor Gray
Write-Host ""

99
infrastructure/vpn-configs/Utilities/Connect-PST-VPN.ps1 Normal file
View File

@@ -0,0 +1,99 @@
# Connect to PST VPN and configure DNS
# Can be run manually or by Task Scheduler
$vpnName = "PST-NW-VPN"
$username = "pst-admin"
$password = "24Hearts$"
$dnsServer = "192.168.0.2"
$remoteNetwork = "192.168.0.0"
$subnetMask = "255.255.255.0"
# Connect to VPN
Write-Host "Connecting to $vpnName..." -ForegroundColor Cyan
$result = cmd /c "rasdial `"$vpnName`" $username $password" 2>&1
if ($LASTEXITCODE -eq 0 -or $result -like "*Already connected*") {
Write-Host "[OK] Connected to VPN" -ForegroundColor Green
# Wait for interface to be ready
Start-Sleep -Seconds 5
# Configure DNS
Write-Host "Setting DNS to $dnsServer..." -ForegroundColor Cyan
try {
# Find the VPN interface - L2TP creates a PPP adapter with the connection name
$vpnInterface = Get-NetAdapter | Where-Object {
($_.InterfaceAlias -eq $vpnName -or
$_.InterfaceDescription -eq $vpnName -or
$_.Name -eq $vpnName) -and
$_.Status -eq "Up"
} | Select-Object -First 1
# If not found, try PPP adapter pattern
if (-not $vpnInterface) {
Write-Host "Trying PPP adapter search..." -ForegroundColor Gray
$vpnInterface = Get-NetAdapter | Where-Object {
$_.InterfaceDescription -like "*PPP*" -and $_.Status -eq "Up"
} | Select-Object -First 1
}
# Last resort: WAN Miniport
if (-not $vpnInterface) {
Write-Host "Trying WAN Miniport search..." -ForegroundColor Gray
$vpnInterface = Get-NetAdapter | Where-Object {
$_.InterfaceDescription -like "*WAN*" -and $_.Status -eq "Up"
} | Select-Object -First 1
}
if ($vpnInterface) {
Write-Host "Found VPN interface: $($vpnInterface.Name) ($($vpnInterface.InterfaceDescription))" -ForegroundColor Gray
Set-DnsClientServerAddress -InterfaceIndex $vpnInterface.InterfaceIndex -ServerAddresses $dnsServer
Write-Host "[OK] DNS configured: $dnsServer" -ForegroundColor Green
# Verify DNS
$dns = Get-DnsClientServerAddress -InterfaceIndex $vpnInterface.InterfaceIndex -AddressFamily IPv4
Write-Host "Current DNS: $($dns.ServerAddresses -join ', ')" -ForegroundColor Gray
# Add route for remote network (UniFi L2TP requirement)
Write-Host "Adding route for remote network $remoteNetwork..." -ForegroundColor Cyan
try {
# Remove existing route if present (avoid duplicates)
route delete $remoteNetwork 2>$null | Out-Null
# Add persistent route through VPN interface
$routeCmd = "route add $remoteNetwork mask $subnetMask 0.0.0.0 if $($vpnInterface.InterfaceIndex) metric 1"
cmd /c $routeCmd 2>&1 | Out-Null
if ($LASTEXITCODE -eq 0) {
Write-Host "[OK] Route added: $remoteNetwork/$subnetMask via VPN" -ForegroundColor Green
}
else {
Write-Host "[WARNING] Route command returned code $LASTEXITCODE" -ForegroundColor Yellow
}
# Verify route
$routes = route print | Select-String $remoteNetwork
if ($routes) {
Write-Host "Route verified in routing table" -ForegroundColor Gray
}
}
catch {
Write-Host "[WARNING] Failed to add route: $_" -ForegroundColor Yellow
Write-Host "You may need to manually add route: route add $remoteNetwork mask $subnetMask 0.0.0.0 if $($vpnInterface.InterfaceIndex)" -ForegroundColor Yellow
}
}
else {
Write-Host "[WARNING] VPN interface not found or not active" -ForegroundColor Yellow
}
}
catch {
Write-Host "[ERROR] Failed to configure VPN: $_" -ForegroundColor Red
}
}
else {
Write-Host "[ERROR] Connection failed: $result" -ForegroundColor Red
exit 1
}

106
infrastructure/vpn-configs/Utilities/Diagnose-VPN-Interface.ps1 Normal file
View File

@@ -0,0 +1,106 @@
# Diagnose VPN interface while connected
# Run this WHILE VPN IS CONNECTED
Write-Host "=== VPN Interface Diagnostic ===" -ForegroundColor Cyan
Write-Host ""
# Check VPN connection status
Write-Host "[1] VPN Connection Status:" -ForegroundColor Yellow
$rasStatus = rasdial
Write-Host $rasStatus -ForegroundColor Gray
Write-Host ""
# Show ALL network adapters (including disconnected, hidden, etc.)
Write-Host "[2] ALL Network Adapters (including disconnected):" -ForegroundColor Yellow
Get-NetAdapter | Select-Object Name, InterfaceDescription, Status, InterfaceIndex |
Format-Table -AutoSize
Write-Host ""
# Show adapters with "WAN" in the name
Write-Host "[3] WAN Miniport Adapters:" -ForegroundColor Yellow
Get-NetAdapter | Where-Object {
$_.InterfaceDescription -like "*WAN*"
} | Select-Object Name, InterfaceDescription, Status, InterfaceIndex |
Format-Table -AutoSize
Write-Host ""
# Show RAS connections (another way to see VPN)
Write-Host "[4] RAS Connections:" -ForegroundColor Yellow
try {
Get-VpnConnection | Select-Object Name, ConnectionStatus, ServerAddress |
Format-Table -AutoSize
}
catch {
Write-Host "Could not query VPN connections" -ForegroundColor Gray
}
Write-Host ""
# Show IP configuration for all interfaces
Write-Host "[5] IP Configuration:" -ForegroundColor Yellow
Get-NetIPAddress | Where-Object {
$_.AddressFamily -eq "IPv4"
} | Select-Object InterfaceAlias, IPAddress, InterfaceIndex |
Format-Table -AutoSize
Write-Host ""
# Show routing table
Write-Host "[6] Routing Table (looking for VPN routes):" -ForegroundColor Yellow
Write-Host "Full routing table:" -ForegroundColor Gray
route print
Write-Host ""
# Check if we can reach remote network WITHOUT explicit route
Write-Host "[7] Testing connectivity to remote network:" -ForegroundColor Yellow
Write-Host "Testing DNS server (192.168.0.2)..." -ForegroundColor Gray
$pingDNS = Test-Connection -ComputerName 192.168.0.2 -Count 2 -ErrorAction SilentlyContinue
if ($pingDNS) {
Write-Host "[OK] DNS server 192.168.0.2 IS reachable!" -ForegroundColor Green
Write-Host "Average response time: $([math]::Round(($pingDNS | Measure-Object -Property ResponseTime -Average).Average, 2))ms" -ForegroundColor Green
}
else {
Write-Host "[INFO] DNS server 192.168.0.2 not reachable" -ForegroundColor Yellow
}
Write-Host "Testing router (192.168.0.10)..." -ForegroundColor Gray
$pingRouter = Test-Connection -ComputerName 192.168.0.10 -Count 2 -ErrorAction SilentlyContinue
if ($pingRouter) {
Write-Host "[OK] Router 192.168.0.10 IS reachable!" -ForegroundColor Green
Write-Host "Average response time: $([math]::Round(($pingRouter | Measure-Object -Property ResponseTime -Average).Average, 2))ms" -ForegroundColor Green
}
else {
Write-Host "[INFO] Router 192.168.0.10 not reachable" -ForegroundColor Yellow
}
if ($pingDNS -or $pingRouter) {
Write-Host "`n[IMPORTANT] Remote network IS accessible!" -ForegroundColor Green
Write-Host "This means routes might be automatically configured by UniFi!" -ForegroundColor Green
}
else {
Write-Host "`n[INFO] Remote network not reachable" -ForegroundColor Gray
Write-Host "This is expected if routes aren't configured" -ForegroundColor Gray
}
Write-Host ""
# Try traceroute to see the path
Write-Host "[8] Traceroute to 192.168.0.2 (first 5 hops):" -ForegroundColor Yellow
try {
$trace = Test-NetConnection -ComputerName 192.168.0.2 -TraceRoute -Hops 5 -WarningAction SilentlyContinue
if ($trace.TraceRoute) {
Write-Host "Path:" -ForegroundColor Gray
$trace.TraceRoute | ForEach-Object { Write-Host " $_" -ForegroundColor DarkGray }
}
}
catch {
Write-Host "Traceroute not available or failed" -ForegroundColor Gray
}
Write-Host ""
Write-Host "=== Analysis ===" -ForegroundColor Cyan
Write-Host "Look at the output above to identify:" -ForegroundColor White
Write-Host " 1. Any adapter with 'WAN', 'PPP', 'L2TP', or 'RAS' in the description" -ForegroundColor Gray
Write-Host " 2. Any new IP addresses that appeared after VPN connection" -ForegroundColor Gray
Write-Host " 3. Routes to 192.168.0.0 or 10.x.x.x in the routing table" -ForegroundColor Gray
Write-Host ""

83
infrastructure/vpn-configs/Utilities/Quick-Test-VPN.ps1 Normal file
View File

@@ -0,0 +1,83 @@
# Quick VPN connectivity test
# Run this after connecting to VPN
Write-Host "Quick VPN Test" -ForegroundColor Cyan
Write-Host "==============" -ForegroundColor Cyan
Write-Host ""
# Test 1: Check VPN is connected
Write-Host "[1] Checking VPN connection..." -ForegroundColor Yellow
$connected = rasdial | Select-String "PST-NW-VPN"
if ($connected) {
Write-Host "[OK] VPN is connected" -ForegroundColor Green
}
else {
Write-Host "[ERROR] VPN not connected!" -ForegroundColor Red
Write-Host "Run: rasdial `"PST-NW-VPN`" pst-admin `"24Hearts$`"" -ForegroundColor Yellow
exit 1
}
# Test 2: DNS server
Write-Host "`n[2] Testing DNS server (192.168.0.2)..." -ForegroundColor Yellow
$dns = Test-Connection -ComputerName 192.168.0.2 -Count 2 -Quiet
if ($dns) {
Write-Host "[OK] DNS server reachable" -ForegroundColor Green
}
else {
Write-Host "[FAIL] DNS server not reachable" -ForegroundColor Red
}
# Test 3: Router
Write-Host "`n[3] Testing router (192.168.0.10)..." -ForegroundColor Yellow
$router = Test-Connection -ComputerName 192.168.0.10 -Count 2 -Quiet
if ($router) {
Write-Host "[OK] Router reachable" -ForegroundColor Green
}
else {
Write-Host "[FAIL] Router not reachable" -ForegroundColor Red
}
# Test 4: Check for route
Write-Host "`n[4] Checking routing table..." -ForegroundColor Yellow
$route = route print | Select-String "192.168.0.0"
if ($route) {
Write-Host "[OK] Route to 192.168.0.0 exists" -ForegroundColor Green
Write-Host $route -ForegroundColor Gray
}
else {
Write-Host "[INFO] No explicit route to 192.168.0.0 found" -ForegroundColor Yellow
}
# Summary
Write-Host "`n=== SUMMARY ===" -ForegroundColor Cyan
if ($dns -and $router) {
Write-Host "[SUCCESS] VPN is fully functional!" -ForegroundColor Green
Write-Host "You can access the remote network at 192.168.0.x" -ForegroundColor Green
}
elseif ($dns -or $router) {
Write-Host "[PARTIAL] VPN connected but some hosts unreachable" -ForegroundColor Yellow
if (-not $route) {
Write-Host "Try adding route manually:" -ForegroundColor Yellow
Write-Host ' $vpn = Get-NetAdapter | Where-Object { $_.Status -eq "Up" -and $_.InterfaceDescription -like "*WAN*" }' -ForegroundColor Gray
Write-Host ' route add 192.168.0.0 mask 255.255.255.0 0.0.0.0 if $($vpn.InterfaceIndex) metric 1' -ForegroundColor Gray
}
}
else {
Write-Host "[PROBLEM] Remote network not reachable" -ForegroundColor Red
Write-Host "Possible issues:" -ForegroundColor Yellow
Write-Host " 1. Route not configured (most common with UniFi L2TP)" -ForegroundColor Gray
Write-Host " 2. Remote firewall blocking ICMP" -ForegroundColor Gray
Write-Host " 3. VPN server not routing traffic" -ForegroundColor Gray
Write-Host ""
Write-Host "Next steps:" -ForegroundColor Cyan
Write-Host " 1. Run Diagnose-VPN-Interface.ps1 for detailed info" -ForegroundColor Gray
Write-Host " 2. Try manually adding route (see above)" -ForegroundColor Gray
Write-Host " 3. Check UniFi controller VPN settings" -ForegroundColor Gray
}
Write-Host ""

15
infrastructure/vpn-configs/Utilities/Show-VPN-Interface.ps1 Normal file
View File

@@ -0,0 +1,15 @@
# Show all network interfaces to identify VPN adapter
Write-Host "All Network Adapters:" -ForegroundColor Cyan
Get-NetAdapter | Select-Object Name, InterfaceDescription, Status | Format-Table -AutoSize
Write-Host "`nL2TP/VPN Related Adapters:" -ForegroundColor Cyan
Get-NetAdapter | Where-Object {
$_.InterfaceDescription -like "*WAN*" -or
$_.InterfaceDescription -like "*L2TP*" -or
$_.InterfaceDescription -like "*VPN*" -or
$_.Name -like "*VPN*"
} | Select-Object Name, InterfaceDescription, Status, InterfaceIndex | Format-Table -AutoSize
Write-Host "`nActive (Up) Adapters:" -ForegroundColor Cyan
Get-NetAdapter | Where-Object { $_.Status -eq "Up" } | Select-Object Name, InterfaceDescription, InterfaceIndex | Format-Table -AutoSize

76
infrastructure/vpn-configs/Utilities/Test-PST-VPN-Connectivity.ps1 Normal file
View File

@@ -0,0 +1,76 @@
# Test basic connectivity to PST VPN server
# This helps isolate if the issue is network or authentication
Write-Host "PST VPN Connectivity Test" -ForegroundColor Cyan
Write-Host "=========================`n" -ForegroundColor Cyan
$server = "64.139.88.249"
# Test 1: Basic ICMP connectivity
Write-Host "[Test 1] Pinging VPN server..." -ForegroundColor Yellow
$ping = Test-Connection -ComputerName $server -Count 4 -ErrorAction SilentlyContinue
if ($ping) {
$avgTime = ($ping | Measure-Object -Property ResponseTime -Average).Average
Write-Host "[OK] Server is reachable (Avg: $([math]::Round($avgTime, 2))ms)" -ForegroundColor Green
}
else {
Write-Host "[FAILED] Cannot reach server!" -ForegroundColor Red
Write-Host "Check your internet connection or firewall" -ForegroundColor Yellow
pause
exit 1
}
# Test 2: Check required ports (UDP 500, 1701, 4500 for L2TP/IPsec)
Write-Host "`n[Test 2] Checking L2TP/IPsec ports..." -ForegroundColor Yellow
Write-Host "Note: Port testing for UDP is limited in PowerShell" -ForegroundColor Gray
# Check if VPN connection exists
Write-Host "`n[Test 3] Checking VPN configuration..." -ForegroundColor Yellow
$vpn = Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection -ErrorAction SilentlyContinue
if ($vpn) {
Write-Host "[OK] VPN connection exists" -ForegroundColor Green
Write-Host " Server: $($vpn.ServerAddress)" -ForegroundColor Gray
Write-Host " Tunnel: $($vpn.TunnelType)" -ForegroundColor Gray
Write-Host " Auth: $($vpn.AuthenticationMethod -join ', ')" -ForegroundColor Gray
# Check PSK
Write-Host "`n[Test 4] Checking pre-shared key..." -ForegroundColor Yellow
try {
$ipsec = Get-VpnConnectionIPsecConfiguration -ConnectionName "PST-NW-VPN" -ErrorAction SilentlyContinue
if ($ipsec) {
Write-Host "[OK] IPsec configuration present" -ForegroundColor Green
}
}
catch {
Write-Host "[WARNING] Could not verify IPsec config" -ForegroundColor Yellow
}
}
else {
Write-Host "[FAILED] VPN connection not found" -ForegroundColor Red
Write-Host "Run Setup-PST-L2TP-VPN.ps1 first" -ForegroundColor Yellow
pause
exit 1
}
Write-Host "`n=== CONNECTIVITY SUMMARY ===" -ForegroundColor Cyan
Write-Host "[OK] Server is reachable" -ForegroundColor Green
Write-Host "[OK] VPN configuration exists" -ForegroundColor Green
Write-Host ""
Write-Host "The error 691 indicates:" -ForegroundColor Yellow
Write-Host " - Network connectivity is working" -ForegroundColor Gray
Write-Host " - The issue is with AUTHENTICATION" -ForegroundColor Gray
Write-Host ""
Write-Host "Common causes:" -ForegroundColor White
Write-Host " 1. Incorrect username or password on UniFi server" -ForegroundColor Gray
Write-Host " 2. User account not enabled/created on UniFi" -ForegroundColor Gray
Write-Host " 3. Authentication method mismatch (CHAP vs MSChapv2 vs PAP)" -ForegroundColor Gray
Write-Host " 4. Pre-shared key mismatch (less common with error 691)" -ForegroundColor Gray
Write-Host ""
Write-Host "Next steps:" -ForegroundColor Cyan
Write-Host " 1. Verify on UniFi controller that user 'pst-admin' exists" -ForegroundColor Gray
Write-Host " 2. Confirm the password is: 24Hearts$" -ForegroundColor Gray
Write-Host " 3. Run: .\Fix-PST-VPN-Auth.ps1 to try different auth methods" -ForegroundColor Gray
Write-Host ""
pause

21
infrastructure/vpn-configs/Utilities/vpn-connect.bat Normal file
View File

@@ -0,0 +1,21 @@
@echo off
REM Quick VPN connection batch file
REM Double-click to connect, or run from command line
echo Connecting to PST VPN...
rasdial "PST-NW-VPN" pst-admin "24Hearts$"
if %ERRORLEVEL% EQU 0 (
echo.
echo [SUCCESS] Connected to VPN
echo.
echo For full configuration (DNS + Routes), run:
echo powershell -File D:\ClaudeTools\Connect-PST-VPN.ps1
echo.
) else (
echo.
echo [ERROR] Connection failed!
echo.
)
pause

13
infrastructure/vpn-configs/Utilities/vpn-disconnect.bat Normal file
View File

@@ -0,0 +1,13 @@
@echo off
REM Quick VPN disconnect batch file
echo Disconnecting from PST VPN...
rasdial "PST-NW-VPN" /disconnect
if %ERRORLEVEL% EQU 0 (
echo [SUCCESS] Disconnected
) else (
echo [INFO] VPN may not have been connected
)
pause