--- sidebar_position: 6 --- # Remote Site Connection ## Context Integration of a remote site into the existing information system via site-to-site VPN, with deployment of a Read-Only Domain Controller (RODC) and application of Group Policies. ## Objectives - Configure a site-to-site IPsec VPN with pfSense - Deploy a RODC (Read-Only Domain Controller) - Extend Active Directory to the remote site - Apply GPOs adapted to the remote context - Set up automated backups ## Technologies Used - **pfSense**: firewall and IPsec VPN - **Windows Server**: AD DS, RODC - **Active Directory**: centralized identity management - **GPO**: Group Policies - **PowerShell**: backup scripts (Robocopy) - **VMware**: virtualization ## Architecture ``` Main Site Remote Site +-------------+ +-------------+ | DC | | RODC | | (AD DS) | | (Read | +------+------+ | Only) | | +------+------+ +------v------+ VPN IPsec +------v------+ | pfSense |<--------------->| pfSense | +-------------+ +-------------+ ``` ## Deliverables
GPO Work Hours Script (PowerShell) ```powershell <# .DESCRIPTION Script to set login hours from 6am to 8pm every day of the week .NOTES Creation date: 17/03/2025 .AUTHOR BENE Mael .VERSION 1.0 #> # Recursive retrieval of users (includes subgroup members) $users = Get-ADGroupMember -Identity OpenBank -Recursive | Select-Object -ExpandProperty SamAccountName # Create 21-byte array (168 hours in a week) $LogonHours = New-Object byte[] 21 # Sunday = index 0, Monday = index 1, ..., Saturday = index 6 # Set login hours (6am to 8pm) for all days of the week for ($day = 0; $day -le 6; $day++) { # Sunday (0) to Saturday (6) for ($hour = 5; $hour -lt 19; $hour++) { # From 6am to 8pm $byteIndex = [math]::Floor(($day * 24 + $hour) / 8) $bitIndex = ($day * 24 + $hour) % 8 $LogonHours[$byteIndex] = $LogonHours[$byteIndex] -bor (1 -shl $bitIndex) } } # Apply restriction to user foreach ($user in $users) { Set-ADUser -Identity $user -Replace @{logonHours=$LogonHours} } ```
GPO Work Hours Screenshot ![GPO work hours](/assets/projets-oc/p06/BENE_Mael_gpo_horairesdetravail.png)
GPO Flux Installation Script (Batch) ```batch @echo off REM User verification if "%username%"=="agarcia" ( echo Installing flux-setup.exe for %username% winget install -e --id flux.flux --silent --accept-package-agreements --accept-source-agreements ) else ( echo Installation not applicable for this user. exit /b ) ```
GPO Flux Installation Screenshot ![GPO Flux installation](/assets/projets-oc/p06/BENE_Mael_gpo_installflux.png)
GPO Removable Disk Restriction Screenshot ![GPO removable disk restriction](/assets/projets-oc/p06/BENE_Mael_gpo_restrictiondisqueamovible.png)
pfSense Nantes VPN Configuration (XML) ```xml 1 ikev2 opt1 194.0.0.1 inet address 194.0.0.2 address 194.0.0.1 aes 256 sha256 sha256 14 28800 bc4b31bbe6ac6eba857a44b8941ed31389cdb6c678635384b676ae34 pre_shared_key on off 10 5 1 67cf001195fba tunnel 1 network
10.0.2.0
24 network
10.0.1.0
24 esp aes 256 hmac_sha256 14 3600 10.0.1.1 disabled ```
pfSense Paris VPN Configuration (XML) ```xml 1 ikev2 opt1 194.0.0.2 inet address 194.0.0.1 address 194.0.0.2 aes 256 sha256 sha256 14 28800 bc4b31bbe6ac6eba857a44b8941ed31389cdb6c678635384b676ae34 pre_shared_key on off 10 5 1 67ceff22aa6e4 tunnel 1 network
10.0.1.0
24 network
10.0.2.0
24 esp aes 256 hmac_sha256 14 3600 10.0.2.1 disabled ```
PowerShell Backup Script (Robocopy) ```powershell <# .DESCRIPTION Script to copy data from drive D to G:\Mon Drive\projet6 .NOTES Creation date: 17/03/2025 .AUTHOR BENE Mael .VERSION 1.1 #> # Source and destination paths $SourcePath = "D:\" $DestinationPath = "G:\Mon Drive\projet6" # Copy files with Robocopy Write-Host "Copying data from $SourcePath to $DestinationPath..." -ForegroundColor Cyan try { Robocopy.exe "$SourcePath" "$DestinationPath" /E /COPY:DAT /R:2 /W:5 /MT:8 /XD "System Volume Information" "$RECYCLE.BIN" "Recovery" # Added exceptions for system files # Detailed result display switch ($LASTEXITCODE) { 0 { Write-Host "No files copied - All files were already synchronized." -ForegroundColor Green } 1 { Write-Host "Files copied successfully." -ForegroundColor Green } 2 { Write-Host "Additional files detected." -ForegroundColor Yellow } 4 { Write-Host "Mismatched files detected." -ForegroundColor Yellow } 8 { Write-Host "Copy errors detected." -ForegroundColor Red } 16 { Write-Host "Serious copy error." -ForegroundColor Red } default { Write-Host "Robocopy exit code: $LASTEXITCODE" -ForegroundColor Magenta } } } catch { Write-Host "Error executing Robocopy: $_" -ForegroundColor Red } Write-Host "Operation completed." -ForegroundColor Cyan ```
## Skills Acquired - Site-to-site IPsec VPN tunnel configuration - RODC deployment and management - Active Directory infrastructure extension - GPO design for remote sites - Backup automation with PowerShell