# Certs
# Modify CNs as needed

$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=AarniP2SRootCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign

New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature `
-Subject "CN=AarniP2SChildCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

# Export RootCert (cert manager)
https://docs.microsoft.com/fi-fi/azure/vpn-gateway/vpn-gateway-certificates-point-to-site#install

# Install RootCert to Azure and _SAVE_
- sikdata-vpn/User VPN configuration

# REMEMBER TO PRESS SAVE IN AZURE BEFORE NEXT STEP

# Download Client setup
- Download VPN client button

# Run correct exe (x64 vs x86)

# Windows settings VPN, connect to sikdata-vnet (should be installed by the executable)

# PROFIT!!!

$connectTestResult = Test-NetConnection -ComputerName 192.168.0.4 -Port 445
if ($connectTestResult.TcpTestSucceeded) {
    # Save the password so the drive will persist on reboot
    cmd.exe /C "cmdkey /add:`"192.168.0.4`" /user:`"Azure\sikdata`" /pass:`"<password>`""
    # Mount the drive
    New-PSDrive -Name Z -PSProvider FileSystem -Root "\\192.168.0.4\sikdata" -Persist
} else {
    Write-Error -Message "Unable to reach the Azure storage account via port 445. Check to make sure your organization or ISP is not blocking port 445, or use Azure P2S VPN, Azure S2S VPN, or Express Route to tunnel SMB traffic over a different port."
}