PST VPN - Quick Reference Guide ================================ CONFIGURATION SUMMARY --------------------- VPN Name: PST-NW-VPN Server: 64.139.88.249 Type: L2TP/IPsec with Pre-Shared Key (UniFi) Username: pst-admin Password: 24Hearts$ PSK: rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7 Tunnel Mode: SPLIT-TUNNEL (only remote traffic uses VPN) DNS: 192.168.0.2 Remote Network: 192.168.0.0/24 (auto-routed) INSTALLATION ------------ Run as Administrator: cd D:\ClaudeTools .\Setup-PST-L2TP-VPN.ps1 CONNECTION METHODS ------------------ IMPORTANT: For all-user VPN connections, credentials must be provided! Method 1: PowerShell Script (RECOMMENDED - includes DNS + route config) powershell -File D:\ClaudeTools\Connect-PST-VPN.ps1 (This is what the scheduled task uses) Method 2: Batch file shortcut (simple connection) Double-click: D:\ClaudeTools\vpn-connect.bat (DNS and route must be configured separately) Method 3: Command line with credentials rasdial "PST-NW-VPN" pst-admin "24Hearts$" (DNS and route must be configured separately) Method 4: Windows GUI Settings > Network & Internet > VPN > PST-NW-VPN > Connect Enter credentials when prompted (DNS and route must be configured separately) Method 5: Automatic at startup Scheduled task connects automatically (uses Method 1) IMPORTANT: DO NOT use "rasdial PST-NW-VPN" without credentials! This will fail with error 691 because saved credentials don't work for all-user connections accessed via rasdial. DISCONNECTION ------------- rasdial "PST-NW-VPN" /disconnect Or use batch file: D:\ClaudeTools\vpn-disconnect.bat UNIFI L2TP ROUTE REQUIREMENT (IMPORTANT!) ------------------------------------------ UniFi L2TP VPN requires an explicit route to be added for the remote network. Without this route, traffic won't flow through the VPN even when connected! The Connect-PST-VPN.ps1 script automatically adds this route: Route: 192.168.0.0 mask 255.255.255.0 via VPN interface If you connect manually with "rasdial", you MUST add the route manually: powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1 Or manually: route add 192.168.0.0 mask 255.255.255.0 0.0.0.0 if [VPN-INTERFACE-INDEX] metric 1 SPLIT-TUNNEL EXPLAINED ---------------------- With split-tunnel enabled: - Only traffic to the remote network (192.168.0.x) goes through VPN - Internet traffic goes directly through your local connection - This improves performance for non-VPN traffic - Reduces load on the VPN server Without split-tunnel (full tunnel): - ALL traffic would go through the VPN - Including internet browsing, streaming, etc. - Slower for general internet use DNS CONFIGURATION ----------------- DNS Server: 192.168.0.2 Why this matters: - This DNS server can resolve hostnames on the remote network - Example: "server.peacefulspirit.local" will resolve correctly - Without this DNS, you'd need to use IP addresses The Connect-PST-VPN.ps1 script automatically sets this DNS when connecting through scheduled task or manual script execution. Manual DNS configuration (if needed): $vpnAdapter = Get-NetAdapter | Where-Object {$_.InterfaceDescription -like "*L2TP*" -and $_.Status -eq "Up"} Set-DnsClientServerAddress -InterfaceIndex $vpnAdapter.InterfaceIndex -ServerAddresses "192.168.0.2" VERIFICATION ------------ Check VPN status: rasdial Check VPN connection details: Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection Check DNS settings: Get-NetAdapter | Where-Object {$_.InterfaceDescription -like "*L2TP*"} | Get-DnsClientServerAddress Check routing (split-tunnel verification): route print Look for routes to 192.168.0.0/24 through VPN interface Default route (0.0.0.0) should NOT be through VPN Test DNS resolution: nslookup server.peacefulspirit.local 192.168.0.2 AUTO-CONNECT DETAILS -------------------- Scheduled Task: PST-VPN-AutoConnect Script Location: C:\Windows\System32\Connect-PST-VPN.ps1 Trigger: At system startup User: SYSTEM (runs before login) Delay: 30 seconds after startup View task: Get-ScheduledTask -TaskName "PST-VPN-AutoConnect" Disable auto-connect: Disable-ScheduledTask -TaskName "PST-VPN-AutoConnect" Enable auto-connect: Enable-ScheduledTask -TaskName "PST-VPN-AutoConnect" Remove auto-connect: Unregister-ScheduledTask -TaskName "PST-VPN-AutoConnect" -Confirm:$false TROUBLESHOOTING --------------- Connection fails: - Verify server is reachable: ping 64.139.88.249 - Check Windows Firewall allows L2TP - Verify credentials are correct VPN connects but can't reach remote network: - THIS IS THE MOST COMMON ISSUE with UniFi L2TP! - The route is missing - run: powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1 - Or use Connect-PST-VPN.ps1 which adds route automatically - Verify route exists: route print | findstr 192.168.0.0 - Test: ping 192.168.0.2 (should work if route is correct) DNS not working: - Reconnect using Connect-PST-VPN.ps1 script - Manually set DNS (see DNS CONFIGURATION above) - Check DNS server is reachable: ping 192.168.0.2 Split-tunnel not working: - Verify: Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection - Check SplitTunneling property is True - Reconnect if changed Internet slow after VPN connect: - This suggests full-tunnel mode (all traffic through VPN) - Verify split-tunnel: Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection - Should show: SplitTunneling: True - If False, run: Set-VpnConnection -Name "PST-NW-VPN" -SplitTunneling $true -AllUserConnection Route verification: - Check routing table: route print | findstr 192.168.0.0 - Should see entry for 192.168.0.0 with metric 1 - Interface should be the L2TP adapter - If missing, run: powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1 MANAGEMENT COMMANDS ------------------- View all VPN connections: Get-VpnConnection -AllUserConnection Modify split-tunnel setting: Set-VpnConnection -Name "PST-NW-VPN" -SplitTunneling $true -AllUserConnection Remove VPN connection: Remove-VpnConnection -Name "PST-NW-VPN" -AllUserConnection -Force View IPsec configuration: Get-VpnConnectionIPsecConfiguration -ConnectionName "PST-NW-VPN" FILES CREATED ------------- D:\ClaudeTools\Setup-PST-L2TP-VPN.ps1 - Main setup script D:\ClaudeTools\Connect-PST-VPN.ps1 - Connection helper (with DNS & route config) D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1 - Manual route configuration helper C:\Windows\System32\Connect-PST-VPN.ps1 - System copy of connection helper D:\ClaudeTools\PST-VPN-Quick-Reference.txt - This file