Merge branch 'FT/vpn-server'

README.md

 # Virtual Machine for VPN setup
 
-Configure a virtual machine to connect to a VPN (FortiNet) through a proxy
-
-## Requirements
-
-- `FortiClient` backup file with `.conf` extension.
+Configure a virtual machine to connect to a VPN (FortiNet) through a proxy for Linux systems
 
 ## References
 
@@ -12,25 +8,15 @@ Configure a virtual machine to connect to a VPN (FortiNet) through a proxy
 - [dev.to](https://dev.to/sannae/setting-up-windows-virtual-test-environments-with-vagrant-4k1b)
 - [Vagrant Boxes](https://portal.cloud.hashicorp.com/vagrant/discover)
 
-## Setup
-
-### Vagrant
-
-> Steps from [developer.hashicorp.com](https://developer.hashicorp.com/vagrant/install)
-
-Install Vagrant in Ubuntu/Debian distros:
-
-```sh
-# Add official repository
-wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
-echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
-# Install vagrant
-sudo apt update && sudo apt install vagrant
-```
+## Requirements
 
-### VirtualBox
+- `FortiClient` backup file with `.conf` extension.
+- [VirtualBox](https://www.virtualbox.org/wiki/Downloads)
+- [Vagrant](https://developer.hashicorp.com/vagrant/install)
+- `corkscrew` (Optional) For SSH connections with proxies
+- `sshpass` (Optional) For SSH connections with plain text passwords
 
-Install VirtualBox from [here](https://www.virtualbox.org/wiki/Downloads)
+## Setup
 
 ### Run the virtual machine
 
@@ -51,35 +37,20 @@ Copy your `FortiClient` backup file in `./files` folder and follow these steps:
 - In `System`, click the `Restore` button and select your backup file in `C:\vagrant\files` path.
 - Add the backup file, the password and clic the `Ok` button.
 
-#### Enable proxy
-
-In Windows, open the `squid` program from the Windows menu. Right clicking on `Squid Server` tray icon and select the option `Open Squid Configuration`.
-Replace the file content with [this file](src/config/squid-proxy.conf).
-
-> **NOTE:** Change your local network value in `squid-proxy.conf` file
-
-Then, restart the `squid` service.
-
 #### Add proxy in host
 
-Test your proxy with `curl`:
-
-```sh
-curl -x http://windows-vpn:3128 -I http://www.google.com
-```
-
-Add the proxy `windows-vpn:3128` in your network settings or web browser.
+Add the automatic proxy file `http://192.168.56.10:8080/proxy.pac` in your network settings and/or web browser.
 
 #### Add proxy in git
 
-Steps from [here](https://gist.github.com/evantoli/f8c23a37eb3558ab8765)
+> Steps from [here](https://gist.github.com/evantoli/f8c23a37eb3558ab8765)
 
-> **NOTE:** Add your git server IP or domain in `GIT_PRIVATE_SERVER` variable
+Add proxy in git for private git server.
 
 ```sh
 # Add proxy by git server domain or IP
-GIT_PRIVATE_SERVER=http://domain.com
-PROXY_SERVER=http://windows-vpn:3128
+GIT_PRIVATE_SERVER=http://192.168.11.78
+PROXY_SERVER=http://192.168.56.10:3128
 git config --global "http.$GIT_PRIVATE_SERVER.proxy" $PROXY_SERVER
 # Check global configuration
 cat ~/.gitconfig
@@ -88,21 +59,15 @@ cat ~/.gitconfig
 #### Add proxy in NMAP
 
 ```sh
-nmap --proxies http://windows-vpn:3128 $PRIVATE_DOMAIN_OR_IP
+nmap --proxies http://192.168.56.10:3128 $PRIVATE_DOMAIN_OR_IP
 ```
 
 #### Add proxy for SSH connection
 
-> `corkscrew` required
-
-```sh
-# Install corkscrew (in Debian-based distributions)
-sudo apt -y install corkscrew
-# Install sshpass password provider for plain text data
-sudo apt -y install sshpass
-```
+> `corkscrew` required for proxy setup
+> `sshpass` required for connections with plain text passwords
 
-Copy and check the bash scripts [here](src/scripts/bash/).
+Copy and modify the bash scripts [here](src/scripts/bash/).
 
 ## Useful commands
 
@@ -115,4 +80,6 @@ vagrant halt
 vagrant destroy
 # Reload configuration from Vagrantfile
 vagrant reload
+# Make provioning
+vagrant provision
 ```
\ No newline at end of file

Vagrantfile

@@ -6,19 +6,13 @@
 # backwards compatibility). Please don't change it unless you know what
 # you're doing.
 Vagrant.configure("2") do |config|
-  # The most common configuration options are documented and commented below.
-  # For a complete reference, please see the online documentation at
-  # https://docs.vagrantup.com.
-
-  # Every Vagrant development environment requires a box. You can search for
-  # boxes at https://vagrantcloud.com/search.
 
   config.vm.box = "gusztavvargadr/windows-11"
   config.vm.box_version = "2302.0.2409"
   config.vm.hostname = "windows-vpn"
   
   ## Enable bridge network
-  config.vm.network "public_network"
+  config.vm.network "private_network", ip: "192.168.56.10"
 
   # VirtualBox settings
   config.vm.provider "virtualbox" do |vb|
@@ -32,14 +26,21 @@ Vagrant.configure("2") do |config|
 
   # Provisioning
 
-  ## Run the external script to install Chocolatey
+  ## Add custom Windows settings
+  config.vm.provision "shell", path: "src/scripts/ps/WindowsSettings.ps1"
+  ## Install Chocolatey
   config.vm.provision "shell", path: "src/scripts/ps/ChocolateyInstall.ps1"
   ## Install Chocolatey packages
   config.vm.provision "shell", path: "src/scripts/ps/ChocolateyInstallPackages.ps1"
-  ## Change timezone
-  config.vm.provision "shell", inline: <<-SHELL
-    Write-Output "=== Change timezone ==="
-    tzutil /s "SA Pacific Standard Time"
-  SHELL
+  ## Set up proxy
+  config.vm.provision "file", source: "./src/config/squid-proxy.conf", destination: "C:/Squid/etc/squid/squid.conf"
+  ## Set up PAC
+  config.vm.provision "shell", path: "src/scripts/ps/PacInstall.ps1"
+  ## Restart machine
+  config.vm.provision :shell do |shell|
+    shell.privileged = true
+    shell.inline = 'echo rebooting'
+    shell.reboot = true
+  end
   
 end

src/config/proxy.pac

+function FindProxyForURL(url, host) {
+    // Only use proxy if the destination IP is 192.168.11.0/24
+    if (isInNet(host, "192.168.11.0", "255.255.255.0")) {
+        return "PROXY 192.168.56.10:3128";
+    }
+    // For everything else, connect directly
+    return "DIRECT";
+}
\ No newline at end of file

src/config/squid-proxy.conf

 http_port 3128
-acl localnet src 192.168.56.0/24 # Change to your local network!
+acl localnet src 192.168.56.0/24
 http_access allow localnet
\ No newline at end of file

src/scripts/bash/ssh-connection-plain-text.sh

@@ -3,7 +3,7 @@
 # Connect to SSH server using HTTP proxy
 
 # Proxy server data
-PROXY_SERVER=windows-vpn
+PROXY_SERVER=192.168.56.10
 PROXY_PORT=3128
 # SSH server data
 SSH_SERVER=domain.com

src/scripts/bash/ssh-connection-private-key.sh

@@ -3,7 +3,7 @@
 # Connect to SSH server using HTTP proxy
 
 # Proxy server data
-PROXY_SERVER=windows-vpn
+PROXY_SERVER=192.168.56.10
 PROXY_PORT=3128
 # SSH server data
 SSH_SERVER=domain.com

src/scripts/bash/ssh-tunnel-plain-text.sh

@@ -3,7 +3,7 @@
 # Generate SSH tunnel using HTTP proxy
 
 # Proxy server data
-PROXY_SERVER=windows-vpn
+PROXY_SERVER=192.168.56.10
 PROXY_PORT=3128
 # SSH server data
 SSH_SERVER=domain.com

src/scripts/bash/ssh-tunnel-private-key.sh

@@ -3,7 +3,7 @@
 # Generate SSH tunnel using HTTP proxy
 
 # Proxy server data
-PROXY_SERVER=windows-vpn
+PROXY_SERVER=192.168.56.10
 PROXY_PORT=3128
 # SSH server data
 SSH_SERVER=domain.com

src/scripts/ps/PacInstall.ps1

+# PAC (Proxy Auto-Config) scheduled task setup
+
+# Set Execution Policy
+Set-ExecutionPolicy Bypass -Force
+
+# Variables
+$taskName = "StartPACServer"
+$proxyScriptPath = "C:\\vagrant\src\scripts\ps\PacServer.ps1"
+
+# Check if the scheduled task already exists
+if (Get-ScheduledTask -TaskName $taskName -ErrorAction SilentlyContinue) {
+    Write-Host "Scheduled Task '$taskName' already exists. Skipping creation."
+}
+else {
+    Write-Host "Scheduled Task '$taskName' does not exist. Creating..."
+    $Action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-ExecutionPolicy Bypass -File $proxyScriptPath"
+    $Trigger = New-ScheduledTaskTrigger -AtStartup
+    $Principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest
+    $Settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries
+    Register-ScheduledTask -TaskName $taskName -Action $Action -Trigger $Trigger -Principal $Principal -Settings $Settings
+}
+
+# Open port 8080 in Windows Firewall if not already open
+if (-not (Get-NetFirewallRule -DisplayName "Allow Proxy PAC Server" -ErrorAction SilentlyContinue)) {
+  New-NetFirewallRule -DisplayName "Allow Proxy PAC Server" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow
+  Write-Host "Firewall rule created to allow inbound connections on port 8080."
+}
+else {
+  Write-Host "Firewall rule 'Allow Proxy PAC Server' already exists. Skipping creation."
+}
\ No newline at end of file

src/scripts/ps/PacServer.ps1

+# PAC (Proxy Auto-Config) setup
+
+# Create small web server
+$listener = [System.Net.HttpListener]::new()
+$listener.Prefixes.Add("http://*:8080/")
+$listener.Start()
+
+Write-Host "Serving proxy.pac on http://localhost:8080/proxy.pac"
+
+while ($listener.IsListening) {
+    $context = $listener.GetContext()
+    $response = $context.Response
+    $buffer = [System.IO.File]::ReadAllBytes("C:\vagrant\src\config\proxy.pac")
+    $response.ContentLength64 = $buffer.Length
+    $response.OutputStream.Write($buffer, 0, $buffer.Length)
+    $response.OutputStream.Close()
+}
\ No newline at end of file

src/scripts/ps/WindowsSettings.ps1

+# Change timezone
+tzutil /s "SA Pacific Standard Time"
+
+# Add shortcuts
+## Get the desktop path for the current user
+$desktopPath = [Environment]::GetFolderPath("Desktop")
+## PowerShell
+### Create the shortcut path
+$shortcutPath = Join-Path $desktopPath "PowerShell.lnk"
+### Create the WScript.Shell COM object
+$WshShell = New-Object -ComObject WScript.Shell
+### Create the shortcut
+$shortcut = $WshShell.CreateShortcut($shortcutPath)
+### Set the target path to PowerShell
+$shortcut.TargetPath = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
+### Save the shortcut
+$shortcut.Save()
+
+# Change wallpaper
+## Remove any set wallpaper
+Set-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name "Wallpaper" -Value ""
+## Force a solid color (e.g., black)
+Set-ItemProperty -Path "HKCU:\Control Panel\Colors" -Name "Background" -Value "0 0 0"
+## Refresh the desktop to apply wallpaper removal
+RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters ,1 ,True
+
+# Set dark mode for system and apps
+## Change registry values
+Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "AppsUseLightTheme" -Value 0
+Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "SystemUsesLightTheme" -Value 0
+## Restart explorer.exe
+Stop-Process -Name explorer -Force
+Start-Process explorer.exe
\ No newline at end of file