Get Connected in 3 Steps
Generate a Personal Access Token
Go to your ClosedVPN dashboard → Settings → Personal Access Tokens → Generate New Token.
Configure Your AI Client
Select your AI client below for the exact configuration snippet.
Add a remote MCP server via the Codex CLI or codex.json config.
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
Edit ~/.claude/settings.json or use the Claude Code settings UI.
Edit ~/.cursor/mcp.json (global) or .cursor/mcp.json in your project root.
.cursor/mcp.json to .gitignore — never commit tokens to version control.macOS/Linux: ~/.codeium/windsurf/mcp_config.json
Windows: %USERPROFILE%\.codeium\windsurf\mcp_config.json
Create or edit .vscode/mcp.json in your workspace.
Start Using
Open a new chat and try these prompts:
List my organizations
→ list_organizations
Show VPN report for my org
→ list_organizations → get_vpn_report_stats
How many threats were blocked in my org?
→ get_threat_prevention_stats → returns threatsBlocked count
Create a new organization called Engineering Team
→ create_organization(name: "Engineering Team")
Invite [email protected] as a member
→ get_organization → invite_user(email, role)
31 Tools, Invoked Automatically
Your AI reads each tool's description and calls the right one based on your request — no manual selection needed.
| Tool | Description |
|---|---|
| list_organizations | List all active organizations you belong to |
| get_organization | Get full details, members, and VPN info for an organization |
| create_organization | Create a new organization with a name and VPN assignment |
| update_organization | Update organization name or settings |
| delete_organization | Delete an organization (owner only) |
| select_organization | Switch your active/selected organization context |
| leave_organization | Leave an organization you belong to |
| invite_user | Invite a user to an organization via email |
| update_user_role | Change a member's role (owner / member) |
| remove_user | Remove a member from an organization |
| Tool | Description |
|---|---|
| get_vpn_config_template | Get the full JSON template with field guide before creating |
| list_vpn_configs | List all active VPN configurations |
| get_vpn_config | Get full details of a specific VPN config |
| create_vpn_config | Create a new VPN config with full JSON config blob |
| update_vpn_config | Update an existing VPN configuration |
| delete_vpn_config | Delete a VPN configuration |
| execute_vpn_command | Execute a predefined command on a VPN server via SSH |
| Tool | Description |
|---|---|
| get_vpn_user_stats | Get your VPN connection status (IP, bytes, duration) |
| download_certificate | Generate or retrieve your VPN client certificate |
| list_available_vpns | List all active VPN gateways |
| Tool | Description |
|---|---|
| get_vpn_report_stats | Get traffic data, online users, and license usage |
| get_threat_prevention_stats | Get threat prevention analytics (threats blocked, risk score, protected users, total connections) |
| Tool | Description |
|---|---|
| list_notifications | List all unread notifications |
| mark_notification_read | Mark a specific notification as read |
| mark_all_notifications_read | Mark all notifications as read |
| get_activity_logs | Get the last 50 activity audit trail entries |
| Tool | Description |
|---|---|
| get_user_profile | Get your profile info (name, email, avatar, settings) |
| update_user_profile | Update name, phone, company, notification preferences |
| Tool | Description |
|---|---|
| list_pats | List all active Personal Access Tokens |
| generate_pat | Generate a new Personal Access Token |
| delete_pat | Deactivate a Personal Access Token by name |
Secure Authentication
ClosedVPN MCP uses Personal Access Tokens (PAT) for authentication. Every request must include your PAT in the Authorization header.
- PATs inherit your account permissions — AI can only do what you can do
- Tokens can have expiration dates for added security
- Revoke tokens instantly from your dashboard if compromised
- Token values are hashed with bcrypt — we never store the raw value
- Each MCP session is independently authenticated
How It Works
Claude Code
Cursor
Windsurf
VS Code
Bearer <token>
31 Tools
Streamable HTTP
VPN Servers
Reports
Test with MCP Inspector
The MCP Inspector is a browser-based UI for exploring and testing all 31 tools interactively — perfect for validating your PAT and understanding tool schemas before connecting an AI client.
- Go to inspector.tools.modelcontextprotocol.com
- Set Transport to
Streamable HTTP - Set URL to
https://closedvpn.io/mcp - Add Header → Key:
Authorization· Value:Bearer YOUR_PAT_TOKEN - Click Connect — all 31 tools appear in the sidebar
- Click any tool → fill in parameters → click Run to test live