azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6c316aa701a0113e2275a6990ed4ddee53460a66
claudetools/PST-L2TP-VPN-Manual-Setup.txt
Mike Swanson 6c316aa701 Add VPN configuration tools and agent documentation 
Created comprehensive VPN setup tooling for Peaceful Spirit L2TP/IPsec connection
and enhanced agent documentation framework.

VPN Configuration (PST-NW-VPN):
- Setup-PST-L2TP-VPN.ps1: Automated L2TP/IPsec setup with split-tunnel and DNS
- Connect-PST-VPN.ps1: Connection helper with PPP adapter detection, DNS (192.168.0.2), and route config (192.168.0.0/24)
- Connect-PST-VPN-Standalone.ps1: Self-contained connection script for remote deployment
- Fix-PST-VPN-Auth.ps1: Authentication troubleshooting for CHAP/MSChapv2
- Diagnose-VPN-Interface.ps1: Comprehensive VPN interface and routing diagnostic
- Quick-Test-VPN.ps1: Fast connectivity verification (DNS/router/routes)
- Add-PST-VPN-Route-Manual.ps1: Manual route configuration helper
- vpn-connect.bat, vpn-disconnect.bat: Simple batch file shortcuts
- OpenVPN config files (Windows-compatible, abandoned for L2TP)

Key VPN Implementation Details:
- L2TP creates PPP adapter with connection name as interface description
- UniFi auto-configures DNS (192.168.0.2) but requires manual route to 192.168.0.0/24
- Split-tunnel enabled (only remote traffic through VPN)
- All-user connection for pre-login auto-connect via scheduled task
- Authentication: CHAP + MSChapv2 for UniFi compatibility

Agent Documentation:
- AGENT_QUICK_REFERENCE.md: Quick reference for all specialized agents
- documentation-squire.md: Documentation and task management specialist agent
- Updated all agent markdown files with standardized formatting

Project Organization:
- Moved conversation logs to dedicated directories (guru-connect-conversation-logs, guru-rmm-conversation-logs)
- Cleaned up old session JSONL files from projects/msp-tools/
- Added guru-connect infrastructure (agent, dashboard, proto, scripts, .gitea workflows)
- Added guru-rmm server components and deployment configs

Technical Notes:
- VPN IP pool: 192.168.4.x (client gets 192.168.4.6)
- Remote network: 192.168.0.0/24 (router at 192.168.0.10)
- PSK: rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7
- Credentials: pst-admin / 24Hearts$

Files: 15 VPN scripts, 2 agent docs, conversation log reorganization,
guru-connect/guru-rmm infrastructure additions

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-18 11:51:47 -07:00

179 lines
4.5 KiB
Plaintext
Raw Blame History

PST L2TP/IPsec VPN - Manual Setup Guide
========================================
Connection Details:
-------------------
VPN Name: PST-NW-VPN
Server: 64.139.88.249
Type: L2TP/IPsec with Pre-Shared Key
Username: pst-admin
Password: 24Hearts$
Pre-Shared Key (PSK): rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7
AUTOMATED SETUP (RECOMMENDED):
===============================
Run as Administrator in PowerShell:
cd D:\ClaudeTools
.\Setup-PST-L2TP-VPN.ps1
This will:
- Create the VPN connection (all users)
- Configure L2TP/IPsec with PSK
- Save credentials
- Set up auto-connect at startup
MANUAL SETUP:
==============
Method 1: Using PowerShell (Quick)
-----------------------------------
Run as Administrator:
# Create VPN connection
Add-VpnConnection -Name "PST-NW-VPN" -ServerAddress "64.139.88.249" -TunnelType L2tp -EncryptionLevel Required -AuthenticationMethod MSChapv2 -L2tpPsk "rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7" -AllUserConnection -RememberCredential -Force
# Connect and save credentials
rasdial "PST-NW-VPN" pst-admin 24Hearts$
# Disconnect
rasdial "PST-NW-VPN" /disconnect
Method 2: Using Windows GUI
----------------------------
1. Open Settings > Network & Internet > VPN
2. Click "Add VPN"
3. VPN provider: Windows (built-in)
4. Connection name: PST-NW-VPN
5. Server name or address: 64.139.88.249
6. VPN type: L2TP/IPsec with pre-shared key
7. Pre-shared key: rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7
8. Type of sign-in info: User name and password
9. User name: pst-admin
10. Password: 24Hearts$
11. Check "Remember my sign-in info"
12. Click Save
PRE-LOGIN AUTO-CONNECT SETUP:
==============================
Option 1: Task Scheduler (Recommended)
---------------------------------------
1. Open Task Scheduler (taskschd.msc)
2. Create Task (not Basic Task)
3. General tab:
- Name: PST-VPN-AutoConnect
- Run whether user is logged on or not
- Run with highest privileges
4. Triggers tab:
- New > At startup
- Delay task for: 30 seconds (optional)
5. Actions tab:
- Action: Start a program
- Program: C:\Windows\System32\rasdial.exe
- Arguments: "PST-NW-VPN" pst-admin 24Hearts$
6. Conditions tab:
- Uncheck "Start only if on AC power"
7. Settings tab:
- Check "Run task as soon as possible after scheduled start is missed"
8. Click OK
Option 2: Startup Script
-------------------------
Create: C:\Windows\System32\GroupPolicy\Machine\Scripts\Startup\connect-vpn.bat
Content:
@echo off
timeout /t 30 /nobreak
rasdial "PST-NW-VPN" pst-admin 24Hearts$
Then:
1. Run gpedit.msc
2. Computer Configuration > Windows Settings > Scripts > Startup
3. Add > Browse > Select connect-vpn.bat
4. OK
TESTING:
========
Test Connection:
rasdial "PST-NW-VPN"
Check Status:
rasdial
Disconnect:
rasdial "PST-NW-VPN" /disconnect
View Connection Details:
Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection
VERIFY PRE-LOGIN:
=================
1. Reboot the computer
2. At the login screen, press Ctrl+Alt+Del
3. Click the network icon (bottom right)
4. You should see "PST-NW-VPN" listed
5. It should show as "Connected" if auto-connect worked
TROUBLESHOOTING:
================
Connection fails:
- Check server address: ping 64.139.88.249
- Verify Windows Firewall allows L2TP (UDP 500, 1701, 4500)
- Try disabling "Require encryption" temporarily
Error 789 (L2TP connection attempt failed):
- Windows Firewall may be blocking
- Registry fix required for NAT-T
Registry Fix for NAT-T (if needed):
Run as Administrator:
reg add HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 2 /f
Then reboot.
Error 691 (Access denied):
- Check username/password
- Verify server allows L2TP connections
Can't see VPN at login screen:
- Ensure connection was created with -AllUserConnection flag
- Verify RasMan service is running: services.msc
- Check "Remote Access Connection Manager" is set to Automatic
REMOVING VPN:
=============
Remove VPN connection:
Remove-VpnConnection -Name "PST-NW-VPN" -AllUserConnection -Force
Remove auto-connect task:
Unregister-ScheduledTask -TaskName "PST-VPN-AutoConnect" -Confirm:$false
SECURITY NOTES:
===============
- Credentials are stored in Windows Credential Manager
- PSK is stored in the VPN connection settings
- For maximum security, use certificate-based auth instead of PSK
- The scheduled task contains password in plain text - secure task XML file permissions
ADVANTAGES OVER OPENVPN:
========================
- Built into Windows (no third-party software)
- Native pre-login support
- Simple configuration
- Managed through Windows settings
- Works with Windows RAS/RRAS services
Reference in New Issue View Git Blame Copy Permalink