# Connect to PST VPN and configure DNS
# Can be run manually or by Task Scheduler

$vpnName = "PST-NW-VPN"
$username = "pst-admin"
$password = "24Hearts$"
$dnsServer = "192.168.0.2"
$remoteNetwork = "192.168.0.0"
$subnetMask = "255.255.255.0"

# Connect to VPN
Write-Host "Connecting to $vpnName..." -ForegroundColor Cyan
$result = cmd /c "rasdial `"$vpnName`" $username $password" 2>&1

if ($LASTEXITCODE -eq 0 -or $result -like "*Already connected*") {
    Write-Host "[OK] Connected to VPN" -ForegroundColor Green

    # Wait for interface to be ready
    Start-Sleep -Seconds 5

    # Configure DNS
    Write-Host "Setting DNS to $dnsServer..." -ForegroundColor Cyan

    try {
        # Find the VPN interface - L2TP creates a PPP adapter with the connection name
        $vpnInterface = Get-NetAdapter | Where-Object {
            ($_.InterfaceAlias -eq $vpnName -or
             $_.InterfaceDescription -eq $vpnName -or
             $_.Name -eq $vpnName) -and
            $_.Status -eq "Up"
        } | Select-Object -First 1

        # If not found, try PPP adapter pattern
        if (-not $vpnInterface) {
            Write-Host "Trying PPP adapter search..." -ForegroundColor Gray
            $vpnInterface = Get-NetAdapter | Where-Object {
                $_.InterfaceDescription -like "*PPP*" -and $_.Status -eq "Up"
            } | Select-Object -First 1
        }

        # Last resort: WAN Miniport
        if (-not $vpnInterface) {
            Write-Host "Trying WAN Miniport search..." -ForegroundColor Gray
            $vpnInterface = Get-NetAdapter | Where-Object {
                $_.InterfaceDescription -like "*WAN*" -and $_.Status -eq "Up"
            } | Select-Object -First 1
        }

        if ($vpnInterface) {
            Write-Host "Found VPN interface: $($vpnInterface.Name) ($($vpnInterface.InterfaceDescription))" -ForegroundColor Gray

            Set-DnsClientServerAddress -InterfaceIndex $vpnInterface.InterfaceIndex -ServerAddresses $dnsServer
            Write-Host "[OK] DNS configured: $dnsServer" -ForegroundColor Green

            # Verify DNS
            $dns = Get-DnsClientServerAddress -InterfaceIndex $vpnInterface.InterfaceIndex -AddressFamily IPv4
            Write-Host "Current DNS: $($dns.ServerAddresses -join ', ')" -ForegroundColor Gray

            # Add route for remote network (UniFi L2TP requirement)
            Write-Host "Adding route for remote network $remoteNetwork..." -ForegroundColor Cyan

            try {
                # Remove existing route if present (avoid duplicates)
                route delete $remoteNetwork 2>$null | Out-Null

                # Add persistent route through VPN interface
                $routeCmd = "route add $remoteNetwork mask $subnetMask 0.0.0.0 if $($vpnInterface.InterfaceIndex) metric 1"
                cmd /c $routeCmd 2>&1 | Out-Null

                if ($LASTEXITCODE -eq 0) {
                    Write-Host "[OK] Route added: $remoteNetwork/$subnetMask via VPN" -ForegroundColor Green
                }
                else {
                    Write-Host "[WARNING] Route command returned code $LASTEXITCODE" -ForegroundColor Yellow
                }

                # Verify route
                $routes = route print | Select-String $remoteNetwork
                if ($routes) {
                    Write-Host "Route verified in routing table" -ForegroundColor Gray
                }
            }
            catch {
                Write-Host "[WARNING] Failed to add route: $_" -ForegroundColor Yellow
                Write-Host "You may need to manually add route: route add $remoteNetwork mask $subnetMask 0.0.0.0 if $($vpnInterface.InterfaceIndex)" -ForegroundColor Yellow
            }
        }
        else {
            Write-Host "[WARNING] VPN interface not found or not active" -ForegroundColor Yellow
        }
    }
    catch {
        Write-Host "[ERROR] Failed to configure VPN: $_" -ForegroundColor Red
    }
}
else {
    Write-Host "[ERROR] Connection failed: $result" -ForegroundColor Red
    exit 1
}