# Test basic connectivity to PST VPN server
# This helps isolate if the issue is network or authentication

Write-Host "PST VPN Connectivity Test" -ForegroundColor Cyan
Write-Host "=========================`n" -ForegroundColor Cyan

$server = "64.139.88.249"

# Test 1: Basic ICMP connectivity
Write-Host "[Test 1] Pinging VPN server..." -ForegroundColor Yellow
$ping = Test-Connection -ComputerName $server -Count 4 -ErrorAction SilentlyContinue

if ($ping) {
    $avgTime = ($ping | Measure-Object -Property ResponseTime -Average).Average
    Write-Host "[OK] Server is reachable (Avg: $([math]::Round($avgTime, 2))ms)" -ForegroundColor Green
}
else {
    Write-Host "[FAILED] Cannot reach server!" -ForegroundColor Red
    Write-Host "Check your internet connection or firewall" -ForegroundColor Yellow
    pause
    exit 1
}

# Test 2: Check required ports (UDP 500, 1701, 4500 for L2TP/IPsec)
Write-Host "`n[Test 2] Checking L2TP/IPsec ports..." -ForegroundColor Yellow
Write-Host "Note: Port testing for UDP is limited in PowerShell" -ForegroundColor Gray

# Check if VPN connection exists
Write-Host "`n[Test 3] Checking VPN configuration..." -ForegroundColor Yellow
$vpn = Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection -ErrorAction SilentlyContinue

if ($vpn) {
    Write-Host "[OK] VPN connection exists" -ForegroundColor Green
    Write-Host "  Server: $($vpn.ServerAddress)" -ForegroundColor Gray
    Write-Host "  Tunnel: $($vpn.TunnelType)" -ForegroundColor Gray
    Write-Host "  Auth: $($vpn.AuthenticationMethod -join ', ')" -ForegroundColor Gray

    # Check PSK
    Write-Host "`n[Test 4] Checking pre-shared key..." -ForegroundColor Yellow
    try {
        $ipsec = Get-VpnConnectionIPsecConfiguration -ConnectionName "PST-NW-VPN" -ErrorAction SilentlyContinue
        if ($ipsec) {
            Write-Host "[OK] IPsec configuration present" -ForegroundColor Green
        }
    }
    catch {
        Write-Host "[WARNING] Could not verify IPsec config" -ForegroundColor Yellow
    }
}
else {
    Write-Host "[FAILED] VPN connection not found" -ForegroundColor Red
    Write-Host "Run Setup-PST-L2TP-VPN.ps1 first" -ForegroundColor Yellow
    pause
    exit 1
}

Write-Host "`n=== CONNECTIVITY SUMMARY ===" -ForegroundColor Cyan
Write-Host "[OK] Server is reachable" -ForegroundColor Green
Write-Host "[OK] VPN configuration exists" -ForegroundColor Green
Write-Host ""
Write-Host "The error 691 indicates:" -ForegroundColor Yellow
Write-Host "  - Network connectivity is working" -ForegroundColor Gray
Write-Host "  - The issue is with AUTHENTICATION" -ForegroundColor Gray
Write-Host ""
Write-Host "Common causes:" -ForegroundColor White
Write-Host "  1. Incorrect username or password on UniFi server" -ForegroundColor Gray
Write-Host "  2. User account not enabled/created on UniFi" -ForegroundColor Gray
Write-Host "  3. Authentication method mismatch (CHAP vs MSChapv2 vs PAP)" -ForegroundColor Gray
Write-Host "  4. Pre-shared key mismatch (less common with error 691)" -ForegroundColor Gray
Write-Host ""
Write-Host "Next steps:" -ForegroundColor Cyan
Write-Host "  1. Verify on UniFi controller that user 'pst-admin' exists" -ForegroundColor Gray
Write-Host "  2. Confirm the password is: 24Hearts$" -ForegroundColor Gray
Write-Host "  3. Run: .\Fix-PST-VPN-Auth.ps1 to try different auth methods" -ForegroundColor Gray
Write-Host ""
pause