Files

Mike Swanson 6c316aa701 Add VPN configuration tools and agent documentation

Created comprehensive VPN setup tooling for Peaceful Spirit L2TP/IPsec connection
and enhanced agent documentation framework.

VPN Configuration (PST-NW-VPN):
- Setup-PST-L2TP-VPN.ps1: Automated L2TP/IPsec setup with split-tunnel and DNS
- Connect-PST-VPN.ps1: Connection helper with PPP adapter detection, DNS (192.168.0.2), and route config (192.168.0.0/24)
- Connect-PST-VPN-Standalone.ps1: Self-contained connection script for remote deployment
- Fix-PST-VPN-Auth.ps1: Authentication troubleshooting for CHAP/MSChapv2
- Diagnose-VPN-Interface.ps1: Comprehensive VPN interface and routing diagnostic
- Quick-Test-VPN.ps1: Fast connectivity verification (DNS/router/routes)
- Add-PST-VPN-Route-Manual.ps1: Manual route configuration helper
- vpn-connect.bat, vpn-disconnect.bat: Simple batch file shortcuts
- OpenVPN config files (Windows-compatible, abandoned for L2TP)

Key VPN Implementation Details:
- L2TP creates PPP adapter with connection name as interface description
- UniFi auto-configures DNS (192.168.0.2) but requires manual route to 192.168.0.0/24
- Split-tunnel enabled (only remote traffic through VPN)
- All-user connection for pre-login auto-connect via scheduled task
- Authentication: CHAP + MSChapv2 for UniFi compatibility

Agent Documentation:
- AGENT_QUICK_REFERENCE.md: Quick reference for all specialized agents
- documentation-squire.md: Documentation and task management specialist agent
- Updated all agent markdown files with standardized formatting

Project Organization:
- Moved conversation logs to dedicated directories (guru-connect-conversation-logs, guru-rmm-conversation-logs)
- Cleaned up old session JSONL files from projects/msp-tools/
- Added guru-connect infrastructure (agent, dashboard, proto, scripts, .gitea workflows)
- Added guru-rmm server components and deployment configs

Technical Notes:
- VPN IP pool: 192.168.4.x (client gets 192.168.4.6)
- Remote network: 192.168.0.0/24 (router at 192.168.0.10)
- PSK: rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7
- Credentials: pst-admin / 24Hearts$

Files: 15 VPN scripts, 2 agent docs, conversation log reorganization,
guru-connect/guru-rmm infrastructure additions

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-01-18 11:51:47 -07:00

6.4 KiB

Raw Blame History

Session Log: Build Server Setup & Linux Agent Installer

Date: 2025-12-15/16 Focus: Native Windows/Linux service installers, Build server VM setup

Summary

Major session focused on creating production-ready agent installers and setting up a dedicated GuruRMM server VM.

Completed

Native Windows Service (from previous context)
- Created agent/src/service.rs with Windows SCM integration
- Uses windows-service crate for native service control
- Legacy NSSM service detection and cleanup
- Install/uninstall/start/stop/status commands
Linux Agent Installer Improvements
- Added --server-url, --api-key, --skip-legacy-check flags to install command
- Legacy systemd service detection and cleanup
- Auto-starts service when config is complete
- FIXED: Switched from glibc to musl static linking for universal compatibility
Site Code Authentication
- Added is_site_code_format() to detect WORD-WORD-NUMBER patterns
- Server now accepts site codes (e.g., SWIFT-CLOUD-6910) instead of long API keys
- Auto-registers agents under the matching site
Build Server VM (172.16.3.30)
- Ubuntu 22.04 VM created
- Installed: nginx, Rust, PostgreSQL, build-essential
- GuruRMM server binary deployed and running as systemd service
- Database migrated from Jupiter Docker to local PostgreSQL
- Nginx configured for downloads and API proxy
- Agent binary available at /downloads/gururmm-agent-linux-amd64

Issues Found (To Fix in Installer v2)

glibc version mismatch - FIXED with musl static linking
systemd ProtectSystem=strict blocks remote command execution
- Need targeted ReadWritePaths=/root/.ssh instead of disabling protection
- Or installer flag for "managed" vs "locked down" mode

Credentials & Configuration

Build Server (172.16.3.30)

Hostname: gururmm
SSH: root with WSL key
Services:
- GuruRMM Server: systemd gururmm-server, port 3001
- PostgreSQL: local, port 5432
- Nginx: port 80 (proxy to API + downloads)
- GuruRMM Agent: systemd gururmm-agent

Database (now on 172.16.3.30)

Host: localhost
Database: gururmm
User: gururmm
Password: 43617ebf7eb242e814ca9988cc4df5ad

Site Codes

Main Office: SWIFT-CLOUD-6910

Agent Downloads

URL: http://172.16.3.30/downloads/gururmm-agent-linux-amd64
Or via NPM: https://rmm-api.azcomputerguru.com/downloads/gururmm-agent-linux-amd64

Key Files Modified

Agent

agent/Cargo.toml - Switched to rustls for static linking
agent/src/main.rs - Added install flags, legacy detection, site code support
agent/src/service.rs - Windows native service implementation
agent/scripts/install.sh - Bootstrap installer script

Server

server/src/ws/mod.rs - Added is_site_code_format(), site code auth support

Install Commands

Linux (Site Code)

curl -fsSL http://172.16.3.30/downloads/gururmm-agent-linux-amd64 -o /tmp/gururmm-agent && \
chmod +x /tmp/gururmm-agent && \
sudo /tmp/gururmm-agent install \
  --server-url wss://rmm-api.azcomputerguru.com/ws \
  --api-key SWIFT-CLOUD-6910

Windows

# Download and install (from elevated prompt)
.\gururmm-agent.exe install --server-url wss://rmm-api.azcomputerguru.com/ws --api-key SWIFT-CLOUD-6910

Pending Tasks

Update NPM proxy - Change rmm-api.azcomputerguru.com to forward to 172.16.3.30:3001
Stop old Docker containers on Jupiter (gururmm-server, gururmm-db)
Fix systemd security for agent command execution (ReadWritePaths)
Add Windows binary to downloads on build server
Set up dashboard hosting on build server

Architecture (New)

                    ┌─────────────────────────────────────┐
                    │     172.16.3.30 (gururmm VM)        │
                    │                                     │
 Internet ──────────┼──► nginx (:80)                     │
   (via NPM)        │       ├──► /api/* → localhost:3001 │
                    │       ├──► /ws    → localhost:3001 │
                    │       ├──► /downloads/* → static   │
                    │       └──► /*     → dashboard      │
                    │                                     │
                    │    GuruRMM Server (:3001)          │
                    │    PostgreSQL (:5432)              │
                    │    Rust build toolchain            │
                    └─────────────────────────────────────┘

Commands Reference

Remote Command via RMM API

curl -X POST "http://172.16.3.30:3001/api/agents/{AGENT_ID}/command" \
  -H "Content-Type: application/json" \
  -d '{"command_type": "shell", "command": "whoami"}'

Check Command Result

curl "http://172.16.3.30:3001/api/commands/{COMMAND_ID}"

Server Logs

ssh root@172.16.3.30 "journalctl -u gururmm-server -f"

Session Update (End of Session)

Completed This Session

All Docker containers removed from Jupiter (gururmm-server, gururmm-db, gururmm-dashboard, gururmm-downloads)
Dashboard deployed to build server at /var/www/gururmm/dashboard/
Nginx configured to serve dashboard + API + downloads
Node.js 20.x installed on build server for future dashboard builds
All agents reconnected to new server successfully

Current State

Build Server (172.16.3.30) is now the sole GuruRMM server
Dashboard: https://rmm-api.azcomputerguru.com/
API: https://rmm-api.azcomputerguru.com/api/
Downloads: https://rmm-api.azcomputerguru.com/downloads/
WebSocket: wss://rmm-api.azcomputerguru.com/ws

Pending Tasks (Next Session)

Install certbot and get Let's Encrypt SSL certificate
Configure firewall (ufw)
Install and configure fail2ban
Harden SSH configuration
Enable automatic security updates
Optimize PostgreSQL and nginx
Fix systemd ReadWritePaths for agent command execution

Services Running on 172.16.3.30

systemctl status gururmm-server  # API server
systemctl status gururmm-agent   # Local agent
systemctl status postgresql      # Database
systemctl status nginx           # Web server

6.4 KiB Raw Blame History