feat: Major directory reorganization and cleanup

Reorganized project structure for better maintainability and reduced disk usage by 95.9% (11 GB -> 451 MB). Directory Reorganization (85% reduction in root files): - Created docs/ with subdirectories (deployment, testing, database, etc.) - Created infrastructure/vpn-configs/ for VPN scripts - Moved 90+ files from root to organized locations - Archived obsolete documentation (context system, offline mode, zombie debugging) - Moved all test files to tests/ directory - Root directory: 119 files -> 18 files Disk Cleanup (10.55 GB recovered): - Deleted Rust build artifacts: 9.6 GB (target/ directories) - Deleted Python virtual environments: 161 MB (venv/ directories) - Deleted Python cache: 50 KB (__pycache__/) New Structure: - docs/ - All documentation organized by category - docs/archives/ - Obsolete but preserved documentation - infrastructure/ - VPN configs and SSH setup - tests/ - All test files consolidated - logs/ - Ready for future logs Benefits: - Cleaner root directory (18 vs 119 files) - Logical organization of documentation - 95.9% disk space reduction - Faster navigation and discovery - Better portability (build artifacts excluded) Build artifacts can be regenerated: - Rust: cargo build --release (5-15 min per project) - Python: pip install -r requirements.txt (2-3 min) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-18 20:42:28 -07:00
parent 89e5118306
commit 06f7617718
96 changed files with 54 additions and 2639 deletions
--- a/infrastructure/vpn-configs/Utilities/Connect-PST-VPN-Standalone.ps1
+++ b/infrastructure/vpn-configs/Utilities/Connect-PST-VPN-Standalone.ps1
@@ -0,0 +1,140 @@
+# Standalone VPN connection script - copy this to any machine
+# No dependencies, includes everything needed
+
+$vpnName = "PST-NW-VPN"
+$username = "pst-admin"
+$password = "24Hearts$"
+$dnsServer = "192.168.0.2"
+$remoteNetwork = "192.168.0.0"
+$subnetMask = "255.255.255.0"
+
+Write-Host "=== PST VPN Connection ===" -ForegroundColor Cyan
+
+# Connect to VPN
+Write-Host "`n[1/3] Connecting to $vpnName..." -ForegroundColor Yellow
+$result = cmd /c "rasdial `"$vpnName`" $username $password" 2>&1
+
+if ($LASTEXITCODE -ne 0 -and $result -notlike "*Already connected*") {
+    Write-Host "[ERROR] Connection failed: $result" -ForegroundColor Red
+    exit 1
+}
+
+Write-Host "[OK] Connected to VPN" -ForegroundColor Green
+
+# Wait for interface to be ready
+Start-Sleep -Seconds 5
+
+# Find VPN interface
+Write-Host "`n[2/3] Configuring DNS and routes..." -ForegroundColor Yellow
+
+# Show all active interfaces for debugging
+Write-Host "Active network interfaces:" -ForegroundColor Gray
+Get-NetAdapter | Where-Object { $_.Status -eq "Up" } | ForEach-Object {
+    Write-Host "  - $($_.Name): $($_.InterfaceDescription)" -ForegroundColor DarkGray
+}
+
+# Try to find VPN interface - L2TP creates a PPP adapter with the connection name
+$vpnInterface = $null
+
+# Method 1: Look for exact match on connection name (most reliable)
+$vpnInterface = Get-NetAdapter | Where-Object {
+    ($_.InterfaceAlias -eq $vpnName -or
+     $_.InterfaceDescription -eq $vpnName -or
+     $_.Name -eq $vpnName) -and
+    $_.Status -eq "Up"
+} | Select-Object -First 1
+
+if ($vpnInterface) {
+    Write-Host "Found VPN interface by connection name" -ForegroundColor Gray
+}
+
+# Method 2: Look for PPP adapter (L2TP uses PPP)
+if (-not $vpnInterface) {
+    Write-Host "Trying PPP adapter pattern..." -ForegroundColor Gray
+    $vpnInterface = Get-NetAdapter | Where-Object {
+        $_.InterfaceDescription -like "*PPP*" -and $_.Status -eq "Up"
+    } | Select-Object -First 1
+}
+
+# Method 3: Look for WAN Miniport (fallback)
+if (-not $vpnInterface) {
+    Write-Host "Trying WAN Miniport pattern..." -ForegroundColor Gray
+    $vpnInterface = Get-NetAdapter | Where-Object {
+        $_.InterfaceDescription -like "*WAN*" -and $_.Status -eq "Up"
+    } | Select-Object -First 1
+}
+
+if ($vpnInterface) {
+    Write-Host "Using interface: $($vpnInterface.Name) (Index: $($vpnInterface.InterfaceIndex))" -ForegroundColor Green
+    Write-Host "  Description: $($vpnInterface.InterfaceDescription)" -ForegroundColor Gray
+
+    # Set DNS
+    try {
+        Set-DnsClientServerAddress -InterfaceIndex $vpnInterface.InterfaceIndex -ServerAddresses $dnsServer -ErrorAction Stop
+        Write-Host "[OK] DNS set to $dnsServer" -ForegroundColor Green
+    }
+    catch {
+        Write-Host "[WARNING] Could not set DNS: $_" -ForegroundColor Yellow
+    }
+
+    # Add route
+    try {
+        Write-Host "Adding route for $remoteNetwork..." -ForegroundColor Gray
+
+        # Delete existing route
+        cmd /c "route delete $remoteNetwork" 2>&1 | Out-Null
+
+        # Add new route
+        $routeResult = cmd /c "route add $remoteNetwork mask $subnetMask 0.0.0.0 if $($vpnInterface.InterfaceIndex) metric 1" 2>&1
+
+        if ($LASTEXITCODE -eq 0) {
+            Write-Host "[OK] Route added for $remoteNetwork/24" -ForegroundColor Green
+        }
+        else {
+            Write-Host "[WARNING] Route add returned: $routeResult" -ForegroundColor Yellow
+        }
+    }
+    catch {
+        Write-Host "[WARNING] Could not add route: $_" -ForegroundColor Yellow
+    }
+}
+else {
+    Write-Host "[WARNING] Could not identify VPN interface!" -ForegroundColor Yellow
+    Write-Host "You may need to manually configure DNS and routes" -ForegroundColor Yellow
+}
+
+# Verify connection
+Write-Host "`n[3/3] Verification..." -ForegroundColor Yellow
+
+# Check rasdial status
+$connectionStatus = rasdial
+Write-Host "Connection status:" -ForegroundColor Gray
+Write-Host $connectionStatus -ForegroundColor DarkGray
+
+# Check route
+$routeCheck = route print | Select-String $remoteNetwork
+if ($routeCheck) {
+    Write-Host "[OK] Route to $remoteNetwork exists" -ForegroundColor Green
+}
+else {
+    Write-Host "[WARNING] Route to $remoteNetwork not found in routing table" -ForegroundColor Yellow
+}
+
+# Test connectivity
+Write-Host "`nTesting connectivity to $dnsServer..." -ForegroundColor Gray
+$pingResult = Test-Connection -ComputerName $dnsServer -Count 2 -Quiet
+
+if ($pingResult) {
+    Write-Host "[OK] Remote network is reachable!" -ForegroundColor Green
+}
+else {
+    Write-Host "[WARNING] Cannot ping $dnsServer" -ForegroundColor Yellow
+    Write-Host "This might be normal if ICMP is blocked" -ForegroundColor Gray
+}
+
+Write-Host "`n=== Connection Summary ===" -ForegroundColor Cyan
+Write-Host "VPN: Connected" -ForegroundColor Green
+Write-Host "DNS: Configured (if interface was found)" -ForegroundColor $(if ($vpnInterface) { "Green" } else { "Yellow" })
+Write-Host "Route: Configured (if interface was found)" -ForegroundColor $(if ($vpnInterface) { "Green" } else { "Yellow" })
+Write-Host "`nTo disconnect: rasdial `"$vpnName`" /disconnect" -ForegroundColor Gray
+Write-Host ""
--- a/infrastructure/vpn-configs/Utilities/Connect-PST-VPN.ps1
+++ b/infrastructure/vpn-configs/Utilities/Connect-PST-VPN.ps1
@@ -0,0 +1,99 @@
+# Connect to PST VPN and configure DNS
+# Can be run manually or by Task Scheduler
+
+$vpnName = "PST-NW-VPN"
+$username = "pst-admin"
+$password = "24Hearts$"
+$dnsServer = "192.168.0.2"
+$remoteNetwork = "192.168.0.0"
+$subnetMask = "255.255.255.0"
+
+# Connect to VPN
+Write-Host "Connecting to $vpnName..." -ForegroundColor Cyan
+$result = cmd /c "rasdial `"$vpnName`" $username $password" 2>&1
+
+if ($LASTEXITCODE -eq 0 -or $result -like "*Already connected*") {
+    Write-Host "[OK] Connected to VPN" -ForegroundColor Green
+
+    # Wait for interface to be ready
+    Start-Sleep -Seconds 5
+
+    # Configure DNS
+    Write-Host "Setting DNS to $dnsServer..." -ForegroundColor Cyan
+
+    try {
+        # Find the VPN interface - L2TP creates a PPP adapter with the connection name
+        $vpnInterface = Get-NetAdapter | Where-Object {
+            ($_.InterfaceAlias -eq $vpnName -or
+             $_.InterfaceDescription -eq $vpnName -or
+             $_.Name -eq $vpnName) -and
+            $_.Status -eq "Up"
+        } | Select-Object -First 1
+
+        # If not found, try PPP adapter pattern
+        if (-not $vpnInterface) {
+            Write-Host "Trying PPP adapter search..." -ForegroundColor Gray
+            $vpnInterface = Get-NetAdapter | Where-Object {
+                $_.InterfaceDescription -like "*PPP*" -and $_.Status -eq "Up"
+            } | Select-Object -First 1
+        }
+
+        # Last resort: WAN Miniport
+        if (-not $vpnInterface) {
+            Write-Host "Trying WAN Miniport search..." -ForegroundColor Gray
+            $vpnInterface = Get-NetAdapter | Where-Object {
+                $_.InterfaceDescription -like "*WAN*" -and $_.Status -eq "Up"
+            } | Select-Object -First 1
+        }
+
+        if ($vpnInterface) {
+            Write-Host "Found VPN interface: $($vpnInterface.Name) ($($vpnInterface.InterfaceDescription))" -ForegroundColor Gray
+
+            Set-DnsClientServerAddress -InterfaceIndex $vpnInterface.InterfaceIndex -ServerAddresses $dnsServer
+            Write-Host "[OK] DNS configured: $dnsServer" -ForegroundColor Green
+
+            # Verify DNS
+            $dns = Get-DnsClientServerAddress -InterfaceIndex $vpnInterface.InterfaceIndex -AddressFamily IPv4
+            Write-Host "Current DNS: $($dns.ServerAddresses -join ', ')" -ForegroundColor Gray
+
+            # Add route for remote network (UniFi L2TP requirement)
+            Write-Host "Adding route for remote network $remoteNetwork..." -ForegroundColor Cyan
+
+            try {
+                # Remove existing route if present (avoid duplicates)
+                route delete $remoteNetwork 2>$null | Out-Null
+
+                # Add persistent route through VPN interface
+                $routeCmd = "route add $remoteNetwork mask $subnetMask 0.0.0.0 if $($vpnInterface.InterfaceIndex) metric 1"
+                cmd /c $routeCmd 2>&1 | Out-Null
+
+                if ($LASTEXITCODE -eq 0) {
+                    Write-Host "[OK] Route added: $remoteNetwork/$subnetMask via VPN" -ForegroundColor Green
+                }
+                else {
+                    Write-Host "[WARNING] Route command returned code $LASTEXITCODE" -ForegroundColor Yellow
+                }
+
+                # Verify route
+                $routes = route print | Select-String $remoteNetwork
+                if ($routes) {
+                    Write-Host "Route verified in routing table" -ForegroundColor Gray
+                }
+            }
+            catch {
+                Write-Host "[WARNING] Failed to add route: $_" -ForegroundColor Yellow
+                Write-Host "You may need to manually add route: route add $remoteNetwork mask $subnetMask 0.0.0.0 if $($vpnInterface.InterfaceIndex)" -ForegroundColor Yellow
+            }
+        }
+        else {
+            Write-Host "[WARNING] VPN interface not found or not active" -ForegroundColor Yellow
+        }
+    }
+    catch {
+        Write-Host "[ERROR] Failed to configure VPN: $_" -ForegroundColor Red
+    }
+}
+else {
+    Write-Host "[ERROR] Connection failed: $result" -ForegroundColor Red
+    exit 1
+}
--- a/infrastructure/vpn-configs/Utilities/Diagnose-VPN-Interface.ps1
+++ b/infrastructure/vpn-configs/Utilities/Diagnose-VPN-Interface.ps1
@@ -0,0 +1,106 @@
+# Diagnose VPN interface while connected
+# Run this WHILE VPN IS CONNECTED
+
+Write-Host "=== VPN Interface Diagnostic ===" -ForegroundColor Cyan
+Write-Host ""
+
+# Check VPN connection status
+Write-Host "[1] VPN Connection Status:" -ForegroundColor Yellow
+$rasStatus = rasdial
+Write-Host $rasStatus -ForegroundColor Gray
+Write-Host ""
+
+# Show ALL network adapters (including disconnected, hidden, etc.)
+Write-Host "[2] ALL Network Adapters (including disconnected):" -ForegroundColor Yellow
+Get-NetAdapter | Select-Object Name, InterfaceDescription, Status, InterfaceIndex |
+    Format-Table -AutoSize
+Write-Host ""
+
+# Show adapters with "WAN" in the name
+Write-Host "[3] WAN Miniport Adapters:" -ForegroundColor Yellow
+Get-NetAdapter | Where-Object {
+    $_.InterfaceDescription -like "*WAN*"
+} | Select-Object Name, InterfaceDescription, Status, InterfaceIndex |
+    Format-Table -AutoSize
+Write-Host ""
+
+# Show RAS connections (another way to see VPN)
+Write-Host "[4] RAS Connections:" -ForegroundColor Yellow
+try {
+    Get-VpnConnection | Select-Object Name, ConnectionStatus, ServerAddress |
+        Format-Table -AutoSize
+}
+catch {
+    Write-Host "Could not query VPN connections" -ForegroundColor Gray
+}
+Write-Host ""
+
+# Show IP configuration for all interfaces
+Write-Host "[5] IP Configuration:" -ForegroundColor Yellow
+Get-NetIPAddress | Where-Object {
+    $_.AddressFamily -eq "IPv4"
+} | Select-Object InterfaceAlias, IPAddress, InterfaceIndex |
+    Format-Table -AutoSize
+Write-Host ""
+
+# Show routing table
+Write-Host "[6] Routing Table (looking for VPN routes):" -ForegroundColor Yellow
+Write-Host "Full routing table:" -ForegroundColor Gray
+route print
+Write-Host ""
+
+# Check if we can reach remote network WITHOUT explicit route
+Write-Host "[7] Testing connectivity to remote network:" -ForegroundColor Yellow
+
+Write-Host "Testing DNS server (192.168.0.2)..." -ForegroundColor Gray
+$pingDNS = Test-Connection -ComputerName 192.168.0.2 -Count 2 -ErrorAction SilentlyContinue
+
+if ($pingDNS) {
+    Write-Host "[OK] DNS server 192.168.0.2 IS reachable!" -ForegroundColor Green
+    Write-Host "Average response time: $([math]::Round(($pingDNS | Measure-Object -Property ResponseTime -Average).Average, 2))ms" -ForegroundColor Green
+}
+else {
+    Write-Host "[INFO] DNS server 192.168.0.2 not reachable" -ForegroundColor Yellow
+}
+
+Write-Host "Testing router (192.168.0.10)..." -ForegroundColor Gray
+$pingRouter = Test-Connection -ComputerName 192.168.0.10 -Count 2 -ErrorAction SilentlyContinue
+
+if ($pingRouter) {
+    Write-Host "[OK] Router 192.168.0.10 IS reachable!" -ForegroundColor Green
+    Write-Host "Average response time: $([math]::Round(($pingRouter | Measure-Object -Property ResponseTime -Average).Average, 2))ms" -ForegroundColor Green
+}
+else {
+    Write-Host "[INFO] Router 192.168.0.10 not reachable" -ForegroundColor Yellow
+}
+
+if ($pingDNS -or $pingRouter) {
+    Write-Host "`n[IMPORTANT] Remote network IS accessible!" -ForegroundColor Green
+    Write-Host "This means routes might be automatically configured by UniFi!" -ForegroundColor Green
+}
+else {
+    Write-Host "`n[INFO] Remote network not reachable" -ForegroundColor Gray
+    Write-Host "This is expected if routes aren't configured" -ForegroundColor Gray
+}
+Write-Host ""
+
+# Try traceroute to see the path
+Write-Host "[8] Traceroute to 192.168.0.2 (first 5 hops):" -ForegroundColor Yellow
+try {
+    $trace = Test-NetConnection -ComputerName 192.168.0.2 -TraceRoute -Hops 5 -WarningAction SilentlyContinue
+    if ($trace.TraceRoute) {
+        Write-Host "Path:" -ForegroundColor Gray
+        $trace.TraceRoute | ForEach-Object { Write-Host "  $_" -ForegroundColor DarkGray }
+    }
+}
+catch {
+    Write-Host "Traceroute not available or failed" -ForegroundColor Gray
+}
+Write-Host ""
+
+Write-Host "=== Analysis ===" -ForegroundColor Cyan
+Write-Host "Look at the output above to identify:" -ForegroundColor White
+Write-Host "  1. Any adapter with 'WAN', 'PPP', 'L2TP', or 'RAS' in the description" -ForegroundColor Gray
+Write-Host "  2. Any new IP addresses that appeared after VPN connection" -ForegroundColor Gray
+Write-Host "  3. Routes to 192.168.0.0 or 10.x.x.x in the routing table" -ForegroundColor Gray
+Write-Host ""
--- a/infrastructure/vpn-configs/Utilities/Quick-Test-VPN.ps1
+++ b/infrastructure/vpn-configs/Utilities/Quick-Test-VPN.ps1
@@ -0,0 +1,83 @@
+# Quick VPN connectivity test
+# Run this after connecting to VPN
+
+Write-Host "Quick VPN Test" -ForegroundColor Cyan
+Write-Host "==============" -ForegroundColor Cyan
+Write-Host ""
+
+# Test 1: Check VPN is connected
+Write-Host "[1] Checking VPN connection..." -ForegroundColor Yellow
+$connected = rasdial | Select-String "PST-NW-VPN"
+
+if ($connected) {
+    Write-Host "[OK] VPN is connected" -ForegroundColor Green
+}
+else {
+    Write-Host "[ERROR] VPN not connected!" -ForegroundColor Red
+    Write-Host "Run: rasdial `"PST-NW-VPN`" pst-admin `"24Hearts$`"" -ForegroundColor Yellow
+    exit 1
+}
+
+# Test 2: DNS server
+Write-Host "`n[2] Testing DNS server (192.168.0.2)..." -ForegroundColor Yellow
+$dns = Test-Connection -ComputerName 192.168.0.2 -Count 2 -Quiet
+
+if ($dns) {
+    Write-Host "[OK] DNS server reachable" -ForegroundColor Green
+}
+else {
+    Write-Host "[FAIL] DNS server not reachable" -ForegroundColor Red
+}
+
+# Test 3: Router
+Write-Host "`n[3] Testing router (192.168.0.10)..." -ForegroundColor Yellow
+$router = Test-Connection -ComputerName 192.168.0.10 -Count 2 -Quiet
+
+if ($router) {
+    Write-Host "[OK] Router reachable" -ForegroundColor Green
+}
+else {
+    Write-Host "[FAIL] Router not reachable" -ForegroundColor Red
+}
+
+# Test 4: Check for route
+Write-Host "`n[4] Checking routing table..." -ForegroundColor Yellow
+$route = route print | Select-String "192.168.0.0"
+
+if ($route) {
+    Write-Host "[OK] Route to 192.168.0.0 exists" -ForegroundColor Green
+    Write-Host $route -ForegroundColor Gray
+}
+else {
+    Write-Host "[INFO] No explicit route to 192.168.0.0 found" -ForegroundColor Yellow
+}
+
+# Summary
+Write-Host "`n=== SUMMARY ===" -ForegroundColor Cyan
+
+if ($dns -and $router) {
+    Write-Host "[SUCCESS] VPN is fully functional!" -ForegroundColor Green
+    Write-Host "You can access the remote network at 192.168.0.x" -ForegroundColor Green
+}
+elseif ($dns -or $router) {
+    Write-Host "[PARTIAL] VPN connected but some hosts unreachable" -ForegroundColor Yellow
+    if (-not $route) {
+        Write-Host "Try adding route manually:" -ForegroundColor Yellow
+        Write-Host '  $vpn = Get-NetAdapter | Where-Object { $_.Status -eq "Up" -and $_.InterfaceDescription -like "*WAN*" }' -ForegroundColor Gray
+        Write-Host '  route add 192.168.0.0 mask 255.255.255.0 0.0.0.0 if $($vpn.InterfaceIndex) metric 1' -ForegroundColor Gray
+    }
+}
+else {
+    Write-Host "[PROBLEM] Remote network not reachable" -ForegroundColor Red
+    Write-Host "Possible issues:" -ForegroundColor Yellow
+    Write-Host "  1. Route not configured (most common with UniFi L2TP)" -ForegroundColor Gray
+    Write-Host "  2. Remote firewall blocking ICMP" -ForegroundColor Gray
+    Write-Host "  3. VPN server not routing traffic" -ForegroundColor Gray
+    Write-Host ""
+    Write-Host "Next steps:" -ForegroundColor Cyan
+    Write-Host "  1. Run Diagnose-VPN-Interface.ps1 for detailed info" -ForegroundColor Gray
+    Write-Host "  2. Try manually adding route (see above)" -ForegroundColor Gray
+    Write-Host "  3. Check UniFi controller VPN settings" -ForegroundColor Gray
+}
+
+Write-Host ""
--- a/infrastructure/vpn-configs/Utilities/Show-VPN-Interface.ps1
+++ b/infrastructure/vpn-configs/Utilities/Show-VPN-Interface.ps1
@@ -0,0 +1,15 @@
+# Show all network interfaces to identify VPN adapter
+
+Write-Host "All Network Adapters:" -ForegroundColor Cyan
+Get-NetAdapter | Select-Object Name, InterfaceDescription, Status | Format-Table -AutoSize
+
+Write-Host "`nL2TP/VPN Related Adapters:" -ForegroundColor Cyan
+Get-NetAdapter | Where-Object {
+    $_.InterfaceDescription -like "*WAN*" -or
+    $_.InterfaceDescription -like "*L2TP*" -or
+    $_.InterfaceDescription -like "*VPN*" -or
+    $_.Name -like "*VPN*"
+} | Select-Object Name, InterfaceDescription, Status, InterfaceIndex | Format-Table -AutoSize
+
+Write-Host "`nActive (Up) Adapters:" -ForegroundColor Cyan
+Get-NetAdapter | Where-Object { $_.Status -eq "Up" } | Select-Object Name, InterfaceDescription, InterfaceIndex | Format-Table -AutoSize
--- a/infrastructure/vpn-configs/Utilities/Test-PST-VPN-Connectivity.ps1
+++ b/infrastructure/vpn-configs/Utilities/Test-PST-VPN-Connectivity.ps1
@@ -0,0 +1,76 @@
+# Test basic connectivity to PST VPN server
+# This helps isolate if the issue is network or authentication
+
+Write-Host "PST VPN Connectivity Test" -ForegroundColor Cyan
+Write-Host "=========================`n" -ForegroundColor Cyan
+
+$server = "64.139.88.249"
+
+# Test 1: Basic ICMP connectivity
+Write-Host "[Test 1] Pinging VPN server..." -ForegroundColor Yellow
+$ping = Test-Connection -ComputerName $server -Count 4 -ErrorAction SilentlyContinue
+
+if ($ping) {
+    $avgTime = ($ping | Measure-Object -Property ResponseTime -Average).Average
+    Write-Host "[OK] Server is reachable (Avg: $([math]::Round($avgTime, 2))ms)" -ForegroundColor Green
+}
+else {
+    Write-Host "[FAILED] Cannot reach server!" -ForegroundColor Red
+    Write-Host "Check your internet connection or firewall" -ForegroundColor Yellow
+    pause
+    exit 1
+}
+
+# Test 2: Check required ports (UDP 500, 1701, 4500 for L2TP/IPsec)
+Write-Host "`n[Test 2] Checking L2TP/IPsec ports..." -ForegroundColor Yellow
+Write-Host "Note: Port testing for UDP is limited in PowerShell" -ForegroundColor Gray
+
+# Check if VPN connection exists
+Write-Host "`n[Test 3] Checking VPN configuration..." -ForegroundColor Yellow
+$vpn = Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection -ErrorAction SilentlyContinue
+
+if ($vpn) {
+    Write-Host "[OK] VPN connection exists" -ForegroundColor Green
+    Write-Host "  Server: $($vpn.ServerAddress)" -ForegroundColor Gray
+    Write-Host "  Tunnel: $($vpn.TunnelType)" -ForegroundColor Gray
+    Write-Host "  Auth: $($vpn.AuthenticationMethod -join ', ')" -ForegroundColor Gray
+
+    # Check PSK
+    Write-Host "`n[Test 4] Checking pre-shared key..." -ForegroundColor Yellow
+    try {
+        $ipsec = Get-VpnConnectionIPsecConfiguration -ConnectionName "PST-NW-VPN" -ErrorAction SilentlyContinue
+        if ($ipsec) {
+            Write-Host "[OK] IPsec configuration present" -ForegroundColor Green
+        }
+    }
+    catch {
+        Write-Host "[WARNING] Could not verify IPsec config" -ForegroundColor Yellow
+    }
+}
+else {
+    Write-Host "[FAILED] VPN connection not found" -ForegroundColor Red
+    Write-Host "Run Setup-PST-L2TP-VPN.ps1 first" -ForegroundColor Yellow
+    pause
+    exit 1
+}
+
+Write-Host "`n=== CONNECTIVITY SUMMARY ===" -ForegroundColor Cyan
+Write-Host "[OK] Server is reachable" -ForegroundColor Green
+Write-Host "[OK] VPN configuration exists" -ForegroundColor Green
+Write-Host ""
+Write-Host "The error 691 indicates:" -ForegroundColor Yellow
+Write-Host "  - Network connectivity is working" -ForegroundColor Gray
+Write-Host "  - The issue is with AUTHENTICATION" -ForegroundColor Gray
+Write-Host ""
+Write-Host "Common causes:" -ForegroundColor White
+Write-Host "  1. Incorrect username or password on UniFi server" -ForegroundColor Gray
+Write-Host "  2. User account not enabled/created on UniFi" -ForegroundColor Gray
+Write-Host "  3. Authentication method mismatch (CHAP vs MSChapv2 vs PAP)" -ForegroundColor Gray
+Write-Host "  4. Pre-shared key mismatch (less common with error 691)" -ForegroundColor Gray
+Write-Host ""
+Write-Host "Next steps:" -ForegroundColor Cyan
+Write-Host "  1. Verify on UniFi controller that user 'pst-admin' exists" -ForegroundColor Gray
+Write-Host "  2. Confirm the password is: 24Hearts$" -ForegroundColor Gray
+Write-Host "  3. Run: .\Fix-PST-VPN-Auth.ps1 to try different auth methods" -ForegroundColor Gray
+Write-Host ""
+pause
--- a/infrastructure/vpn-configs/Utilities/vpn-connect.bat
+++ b/infrastructure/vpn-configs/Utilities/vpn-connect.bat
@@ -0,0 +1,21 @@
+@echo off
+REM Quick VPN connection batch file
+REM Double-click to connect, or run from command line
+
+echo Connecting to PST VPN...
+rasdial "PST-NW-VPN" pst-admin "24Hearts$"
+
+if %ERRORLEVEL% EQU 0 (
+    echo.
+    echo [SUCCESS] Connected to VPN
+    echo.
+    echo For full configuration (DNS + Routes), run:
+    echo   powershell -File D:\ClaudeTools\Connect-PST-VPN.ps1
+    echo.
+) else (
+    echo.
+    echo [ERROR] Connection failed!
+    echo.
+)
+
+pause
--- a/infrastructure/vpn-configs/Utilities/vpn-disconnect.bat
+++ b/infrastructure/vpn-configs/Utilities/vpn-disconnect.bat
@@ -0,0 +1,13 @@
+@echo off
+REM Quick VPN disconnect batch file
+
+echo Disconnecting from PST VPN...
+rasdial "PST-NW-VPN" /disconnect
+
+if %ERRORLEVEL% EQU 0 (
+    echo [SUCCESS] Disconnected
+) else (
+    echo [INFO] VPN may not have been connected
+)
+
+pause