azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6c316aa701a0113e2275a6990ed4ddee53460a66
claudetools/PST-VPN-Quick-Reference.txt
Mike Swanson 6c316aa701 Add VPN configuration tools and agent documentation 
Created comprehensive VPN setup tooling for Peaceful Spirit L2TP/IPsec connection
and enhanced agent documentation framework.

VPN Configuration (PST-NW-VPN):
- Setup-PST-L2TP-VPN.ps1: Automated L2TP/IPsec setup with split-tunnel and DNS
- Connect-PST-VPN.ps1: Connection helper with PPP adapter detection, DNS (192.168.0.2), and route config (192.168.0.0/24)
- Connect-PST-VPN-Standalone.ps1: Self-contained connection script for remote deployment
- Fix-PST-VPN-Auth.ps1: Authentication troubleshooting for CHAP/MSChapv2
- Diagnose-VPN-Interface.ps1: Comprehensive VPN interface and routing diagnostic
- Quick-Test-VPN.ps1: Fast connectivity verification (DNS/router/routes)
- Add-PST-VPN-Route-Manual.ps1: Manual route configuration helper
- vpn-connect.bat, vpn-disconnect.bat: Simple batch file shortcuts
- OpenVPN config files (Windows-compatible, abandoned for L2TP)

Key VPN Implementation Details:
- L2TP creates PPP adapter with connection name as interface description
- UniFi auto-configures DNS (192.168.0.2) but requires manual route to 192.168.0.0/24
- Split-tunnel enabled (only remote traffic through VPN)
- All-user connection for pre-login auto-connect via scheduled task
- Authentication: CHAP + MSChapv2 for UniFi compatibility

Agent Documentation:
- AGENT_QUICK_REFERENCE.md: Quick reference for all specialized agents
- documentation-squire.md: Documentation and task management specialist agent
- Updated all agent markdown files with standardized formatting

Project Organization:
- Moved conversation logs to dedicated directories (guru-connect-conversation-logs, guru-rmm-conversation-logs)
- Cleaned up old session JSONL files from projects/msp-tools/
- Added guru-connect infrastructure (agent, dashboard, proto, scripts, .gitea workflows)
- Added guru-rmm server components and deployment configs

Technical Notes:
- VPN IP pool: 192.168.4.x (client gets 192.168.4.6)
- Remote network: 192.168.0.0/24 (router at 192.168.0.10)
- PSK: rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7
- Credentials: pst-admin / 24Hearts$

Files: 15 VPN scripts, 2 agent docs, conversation log reorganization,
guru-connect/guru-rmm infrastructure additions

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-18 11:51:47 -07:00

207 lines
6.4 KiB
Plaintext
Raw Blame History

PST VPN - Quick Reference Guide
================================
CONFIGURATION SUMMARY
---------------------
VPN Name: PST-NW-VPN
Server: 64.139.88.249
Type: L2TP/IPsec with Pre-Shared Key (UniFi)
Username: pst-admin
Password: 24Hearts$
PSK: rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7
Tunnel Mode: SPLIT-TUNNEL (only remote traffic uses VPN)
DNS: 192.168.0.2
Remote Network: 192.168.0.0/24 (auto-routed)
INSTALLATION
------------
Run as Administrator:
cd D:\ClaudeTools
.\Setup-PST-L2TP-VPN.ps1
CONNECTION METHODS
------------------
IMPORTANT: For all-user VPN connections, credentials must be provided!
Method 1: PowerShell Script (RECOMMENDED - includes DNS + route config)
powershell -File D:\ClaudeTools\Connect-PST-VPN.ps1
(This is what the scheduled task uses)
Method 2: Batch file shortcut (simple connection)
Double-click: D:\ClaudeTools\vpn-connect.bat
(DNS and route must be configured separately)
Method 3: Command line with credentials
rasdial "PST-NW-VPN" pst-admin "24Hearts$"
(DNS and route must be configured separately)
Method 4: Windows GUI
Settings > Network & Internet > VPN > PST-NW-VPN > Connect
Enter credentials when prompted
(DNS and route must be configured separately)
Method 5: Automatic at startup
Scheduled task connects automatically (uses Method 1)
IMPORTANT: DO NOT use "rasdial PST-NW-VPN" without credentials!
This will fail with error 691 because saved credentials don't work
for all-user connections accessed via rasdial.
DISCONNECTION
-------------
rasdial "PST-NW-VPN" /disconnect
Or use batch file:
D:\ClaudeTools\vpn-disconnect.bat
UNIFI L2TP ROUTE REQUIREMENT (IMPORTANT!)
------------------------------------------
UniFi L2TP VPN requires an explicit route to be added for the remote network.
Without this route, traffic won't flow through the VPN even when connected!
The Connect-PST-VPN.ps1 script automatically adds this route:
Route: 192.168.0.0 mask 255.255.255.0 via VPN interface
If you connect manually with "rasdial", you MUST add the route manually:
powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1
Or manually:
route add 192.168.0.0 mask 255.255.255.0 0.0.0.0 if [VPN-INTERFACE-INDEX] metric 1
SPLIT-TUNNEL EXPLAINED
----------------------
With split-tunnel enabled:
- Only traffic to the remote network (192.168.0.x) goes through VPN
- Internet traffic goes directly through your local connection
- This improves performance for non-VPN traffic
- Reduces load on the VPN server
Without split-tunnel (full tunnel):
- ALL traffic would go through the VPN
- Including internet browsing, streaming, etc.
- Slower for general internet use
DNS CONFIGURATION
-----------------
DNS Server: 192.168.0.2
Why this matters:
- This DNS server can resolve hostnames on the remote network
- Example: "server.peacefulspirit.local" will resolve correctly
- Without this DNS, you'd need to use IP addresses
The Connect-PST-VPN.ps1 script automatically sets this DNS
when connecting through scheduled task or manual script execution.
Manual DNS configuration (if needed):
$vpnAdapter = Get-NetAdapter | Where-Object {$_.InterfaceDescription -like "*L2TP*" -and $_.Status -eq "Up"}
Set-DnsClientServerAddress -InterfaceIndex $vpnAdapter.InterfaceIndex -ServerAddresses "192.168.0.2"
VERIFICATION
------------
Check VPN status:
rasdial
Check VPN connection details:
Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection
Check DNS settings:
Get-NetAdapter | Where-Object {$_.InterfaceDescription -like "*L2TP*"} | Get-DnsClientServerAddress
Check routing (split-tunnel verification):
route print
Look for routes to 192.168.0.0/24 through VPN interface
Default route (0.0.0.0) should NOT be through VPN
Test DNS resolution:
nslookup server.peacefulspirit.local 192.168.0.2
AUTO-CONNECT DETAILS
--------------------
Scheduled Task: PST-VPN-AutoConnect
Script Location: C:\Windows\System32\Connect-PST-VPN.ps1
Trigger: At system startup
User: SYSTEM (runs before login)
Delay: 30 seconds after startup
View task:
Get-ScheduledTask -TaskName "PST-VPN-AutoConnect"
Disable auto-connect:
Disable-ScheduledTask -TaskName "PST-VPN-AutoConnect"
Enable auto-connect:
Enable-ScheduledTask -TaskName "PST-VPN-AutoConnect"
Remove auto-connect:
Unregister-ScheduledTask -TaskName "PST-VPN-AutoConnect" -Confirm:$false
TROUBLESHOOTING
---------------
Connection fails:
- Verify server is reachable: ping 64.139.88.249
- Check Windows Firewall allows L2TP
- Verify credentials are correct
VPN connects but can't reach remote network:
- THIS IS THE MOST COMMON ISSUE with UniFi L2TP!
- The route is missing - run: powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1
- Or use Connect-PST-VPN.ps1 which adds route automatically
- Verify route exists: route print | findstr 192.168.0.0
- Test: ping 192.168.0.2 (should work if route is correct)
DNS not working:
- Reconnect using Connect-PST-VPN.ps1 script
- Manually set DNS (see DNS CONFIGURATION above)
- Check DNS server is reachable: ping 192.168.0.2
Split-tunnel not working:
- Verify: Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection
- Check SplitTunneling property is True
- Reconnect if changed
Internet slow after VPN connect:
- This suggests full-tunnel mode (all traffic through VPN)
- Verify split-tunnel: Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection
- Should show: SplitTunneling: True
- If False, run: Set-VpnConnection -Name "PST-NW-VPN" -SplitTunneling $true -AllUserConnection
Route verification:
- Check routing table: route print | findstr 192.168.0.0
- Should see entry for 192.168.0.0 with metric 1
- Interface should be the L2TP adapter
- If missing, run: powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1
MANAGEMENT COMMANDS
-------------------
View all VPN connections:
Get-VpnConnection -AllUserConnection
Modify split-tunnel setting:
Set-VpnConnection -Name "PST-NW-VPN" -SplitTunneling $true -AllUserConnection
Remove VPN connection:
Remove-VpnConnection -Name "PST-NW-VPN" -AllUserConnection -Force
View IPsec configuration:
Get-VpnConnectionIPsecConfiguration -ConnectionName "PST-NW-VPN"
FILES CREATED
-------------
D:\ClaudeTools\Setup-PST-L2TP-VPN.ps1 - Main setup script
D:\ClaudeTools\Connect-PST-VPN.ps1 - Connection helper (with DNS & route config)
D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1 - Manual route configuration helper
C:\Windows\System32\Connect-PST-VPN.ps1 - System copy of connection helper
D:\ClaudeTools\PST-VPN-Quick-Reference.txt - This file
Reference in New Issue View Git Blame Copy Permalink