# Peaceful Spirit VPN - Quick Setup Guide ## One-Liner Setup (Run as Administrator) ### Basic VPN Connection with Split Tunneling ```powershell Add-VpnConnection -Name "Peaceful Spirit VPN" -ServerAddress "98.190.129.150" -TunnelType L2tp -L2tpPsk "z5zkNBds2V9eIkdey09Zm6Khil3DAZs8" -AuthenticationMethod MsChapv2 -EncryptionLevel Required -AllUserConnection -RememberCredential -SplitTunneling $true Add-VpnConnectionRoute -ConnectionName "Peaceful Spirit VPN" -DestinationPrefix "192.168.0.0/24" -AllUserConnection ``` ### Complete Setup with Saved Credentials ```powershell # Create connection with split tunneling Add-VpnConnection -Name "Peaceful Spirit VPN" -ServerAddress "98.190.129.150" -TunnelType L2tp -L2tpPsk "z5zkNBds2V9eIkdey09Zm6Khil3DAZs8" -AuthenticationMethod MsChapv2 -EncryptionLevel Required -AllUserConnection -RememberCredential -SplitTunneling $true # Add route for CC network (192.168.0.0/24) Add-VpnConnectionRoute -ConnectionName "Peaceful Spirit VPN" -DestinationPrefix "192.168.0.0/24" -AllUserConnection # Configure DNS Set-DnsClientServerAddress -InterfaceAlias "Peaceful Spirit VPN" -ServerAddresses "192.168.0.2" # Save credentials rasdial "Peaceful Spirit VPN" "pst-admin" "24Hearts$" rasdial "Peaceful Spirit VPN" /disconnect # Enable pre-logon access Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "UseRasCredentials" -Value 1 -Type DWord ``` --- ## Full Script Method **Setup-PeacefulSpiritVPN.ps1** - Ready-to-run with actual credentials: ```powershell .\Setup-PeacefulSpiritVPN.ps1 ``` **Create-PeacefulSpiritVPN.ps1** - Interactive with parameters: ```powershell # Interactive (prompts for all details) .\Create-PeacefulSpiritVPN.ps1 # With parameters .\Create-PeacefulSpiritVPN.ps1 -VpnServer "98.190.129.150" -Username "pst-admin" -Password "24Hearts$" -L2tpPsk "z5zkNBds2V9eIkdey09Zm6Khil3DAZs8" -RemoteNetwork "192.168.0.0/24" -DnsServer "192.168.0.2" ``` --- ## Tunnel Types | Type | Description | When to Use | |------|-------------|-------------| | **L2tp** | L2TP/IPSec with Pre-Shared Key | Most common, secure, requires PSK | | **Pptp** | Point-to-Point Tunneling | Legacy, less secure, simple setup | | **Sstp** | Secure Socket Tunneling | Windows-only, uses HTTPS | | **IKEv2** | Internet Key Exchange v2 | Mobile devices, auto-reconnect | | **Automatic** | Let Windows choose | Use if unsure | --- ## Split Tunneling and Routes **Split tunneling** routes only specific traffic through the VPN, while other traffic uses your local internet connection. ### Enable Split Tunneling ```powershell # Add -SplitTunneling $true when creating connection Add-VpnConnection ` -Name "Peaceful Spirit VPN" ` -ServerAddress "98.190.129.150" ` -TunnelType L2tp ` -L2tpPsk "z5zkNBds2V9eIkdey09Zm6Khil3DAZs8" ` -AuthenticationMethod MsChapv2 ` -EncryptionLevel Required ` -SplitTunneling $true ` -AllUserConnection ` -RememberCredential ``` ### Add Route for Specific Network ```powershell # Route traffic for 192.168.0.0/24 through VPN Add-VpnConnectionRoute -ConnectionName "Peaceful Spirit VPN" -DestinationPrefix "192.168.0.0/24" -AllUserConnection ``` ### Configure DNS for VPN ```powershell # Set DNS server for VPN interface Set-DnsClientServerAddress -InterfaceAlias "Peaceful Spirit VPN" -ServerAddresses "192.168.0.2" ``` ### Peaceful Spirit CC Network Configuration **UniFi Router at Country Club:** - Remote Network: 192.168.0.0/24 - DNS Server: 192.168.0.2 - Gateway: 192.168.0.10 **Traffic Flow with Split Tunneling:** - Traffic to 192.168.0.0/24 → VPN tunnel - All other traffic (internet, etc.) → Local connection ### View Routes ```powershell # View all routes for VPN connection Get-VpnConnectionRoute -ConnectionName "Peaceful Spirit VPN" -AllUserConnection # View routing table route print ``` ### Remove Route ```powershell # Remove specific route Remove-VpnConnectionRoute -ConnectionName "Peaceful Spirit VPN" -DestinationPrefix "192.168.0.0/24" -AllUserConnection ``` --- ## Manual Commands ### Create VPN Connection ```powershell Add-VpnConnection ` -Name "Peaceful Spirit VPN" ` -ServerAddress "98.190.129.150" ` -TunnelType L2tp ` -L2tpPsk "z5zkNBds2V9eIkdey09Zm6Khil3DAZs8" ` -AuthenticationMethod MsChapv2 ` -EncryptionLevel Required ` -AllUserConnection ` -RememberCredential ` -SplitTunneling $true ``` ### Add Route and DNS ```powershell # Add route for CC network Add-VpnConnectionRoute -ConnectionName "Peaceful Spirit VPN" -DestinationPrefix "192.168.0.0/24" -AllUserConnection # Configure DNS Set-DnsClientServerAddress -InterfaceAlias "Peaceful Spirit VPN" -ServerAddresses "192.168.0.2" ``` ### Save Credentials for Pre-Login ```powershell # Method 1: Using rasdial (simple) rasdial "Peaceful Spirit VPN" "username" "password" rasdial "Peaceful Spirit VPN" /disconnect # Method 2: Using Set-VpnConnectionProxy Set-VpnConnectionProxy -Name "Peaceful Spirit VPN" -AllUserConnection ``` ### Enable Pre-Login VPN (Registry) ```powershell Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "UseRasCredentials" -Value 1 -Type DWord ``` ### Verify Connection ```powershell # List all VPN connections Get-VpnConnection -AllUserConnection # Check specific connection Get-VpnConnection -Name "Peaceful Spirit VPN" -AllUserConnection # Test connection rasdial "Peaceful Spirit VPN" # Check connection status Get-VpnConnection -Name "Peaceful Spirit VPN" -AllUserConnection | Select-Object Name, ConnectionStatus ``` --- ## Connection Management ### Connect to VPN ```powershell # PowerShell rasdial "Peaceful Spirit VPN" # With credentials rasdial "Peaceful Spirit VPN" "username" "password" # Using cmdlet (Get-VpnConnection -Name "Peaceful Spirit VPN").Connect() ``` ### Disconnect from VPN ```powershell # PowerShell rasdial "Peaceful Spirit VPN" /disconnect # All connections rasdial /disconnect ``` ### Check Status ```powershell # Current status Get-VpnConnection -Name "Peaceful Spirit VPN" -AllUserConnection | Select-Object Name, ConnectionStatus, ServerAddress # Detailed info Get-VpnConnection -Name "Peaceful Spirit VPN" -AllUserConnection | Format-List * ``` ### Remove Connection ```powershell Remove-VpnConnection -Name "Peaceful Spirit VPN" -AllUserConnection -Force ``` --- ## Pre-Login Access Setup ### Requirements 1. VPN must be created with `-AllUserConnection` flag 2. Credentials must be saved at system level 3. Registry setting must be enabled 4. User must be able to see network icon at login screen ### Steps ```powershell # 1. Create connection (all-user) Add-VpnConnection -Name "Peaceful Spirit VPN" -ServerAddress "vpn.server.com" -TunnelType L2tp -L2tpPsk "PSK" -AllUserConnection -RememberCredential # 2. Save credentials rasdial "Peaceful Spirit VPN" "username" "password" rasdial "Peaceful Spirit VPN" /disconnect # 3. Enable pre-logon Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "UseRasCredentials" -Value 1 -Type DWord # 4. Modify rasphone.pbk (if needed) $pbk = "$env:ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk" (Get-Content $pbk) -replace "UseRasCredentials=0", "UseRasCredentials=1" | Set-Content $pbk ``` ### Verify Pre-Login Access 1. Lock computer (Win+L) 2. Click network icon (bottom right) 3. VPN connection should be visible 4. Click "Connect" - should connect without prompting for credentials --- ## Troubleshooting ### VPN Not Appearing at Login Screen ```powershell # Verify it's an all-user connection Get-VpnConnection -AllUserConnection # Check registry setting Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "UseRasCredentials" # Re-enable if needed Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "UseRasCredentials" -Value 1 -Type DWord ``` ### Credentials Not Saved ```powershell # Save credentials again rasdial "Peaceful Spirit VPN" "username" "password" rasdial "Peaceful Spirit VPN" /disconnect # Check connection settings Get-VpnConnection -Name "Peaceful Spirit VPN" -AllUserConnection | Format-List * ``` ### Connection Fails ```powershell # Check server reachability Test-NetConnection -ComputerName "vpn.server.com" -Port 1723 # For PPTP Test-NetConnection -ComputerName "vpn.server.com" -Port 500 # For L2TP/IPSec Test-NetConnection -ComputerName "vpn.server.com" -Port 443 # For SSTP # Check Windows Event Log Get-WinEvent -LogName "Microsoft-Windows-RemoteAccess/Operational" -MaxEvents 20 ``` ### L2TP/IPSec Issues ```powershell # Enable L2TP behind NAT (if VPN server is behind NAT) Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\PolicyAgent" -Name "AssumeUDPEncapsulationContextOnSendRule" -Value 2 -Type DWord # Restart IPsec service Restart-Service PolicyAgent ``` --- ## Security Best Practices ### Use Strong Pre-Shared Keys ```powershell # Generate random PSK (32 characters) -join ((48..57) + (65..90) + (97..122) | Get-Random -Count 32 | ForEach-Object {[char]$_}) ``` ### Use Certificate Authentication (if available) ```powershell Add-VpnConnection ` -Name "Peaceful Spirit VPN" ` -ServerAddress "vpn.server.com" ` -TunnelType L2tp ` -AuthenticationMethod MachineCertificate ` -EncryptionLevel Required ` -AllUserConnection ``` ### Disable Split Tunneling (force all traffic through VPN) ```powershell Set-VpnConnection -Name "Peaceful Spirit VPN" -SplitTunneling $false -AllUserConnection ``` --- ## Batch Deployment ### Create VPN on Multiple Machines ```powershell # Save as Create-VPN.ps1 $computers = @("PC1", "PC2", "PC3") $vpnConfig = @{ Name = "Peaceful Spirit VPN" ServerAddress = "vpn.peacefulspirit.com" TunnelType = "L2tp" L2tpPsk = "YourPreSharedKey" Username = "vpnuser" Password = "VpnPassword123" } foreach ($computer in $computers) { Invoke-Command -ComputerName $computer -ScriptBlock { param($config) # Create connection Add-VpnConnection -Name $config.Name -ServerAddress $config.ServerAddress ` -TunnelType $config.TunnelType -L2tpPsk $config.L2tpPsk ` -AuthenticationMethod Pap -EncryptionLevel Required ` -AllUserConnection -RememberCredential # Save credentials rasdial $config.Name $config.Username $config.Password rasdial $config.Name /disconnect # Enable pre-login Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" ` -Name "UseRasCredentials" -Value 1 -Type DWord } -ArgumentList $vpnConfig } ``` --- ## Quick Reference Card ``` CREATE: Add-VpnConnection -Name "Name" -ServerAddress "server" -AllUserConnection CONNECT: rasdial "Name" DISCONNECT: rasdial "Name" /disconnect STATUS: Get-VpnConnection -Name "Name" -AllUserConnection REMOVE: Remove-VpnConnection -Name "Name" -AllUserConnection -Force PRE-LOGIN: Set-ItemProperty -Path "HKLM:\...\Winlogon" -Name "UseRasCredentials" -Value 1 SAVE CREDS: rasdial "Name" "user" "pass" && rasdial "Name" /disconnect ``` --- ## Common VPN Server Addresses - **Peaceful Spirit Production:** vpn.peacefulspirit.com - **By IP:** 192.168.x.x (if internal) - **Azure VPN Gateway:** xyz.vpn.azure.com - **AWS VPN:** ec2-xx-xx-xx-xx.compute.amazonaws.com --- **Last Updated:** 2026-01-19 **Tested On:** Windows 10, Windows 11, Windows Server 2019/2022