Model Context Protocol

CLOSEDVPN MCP SERVER
MANAGE YOUR VPN WITH AI

Connect Claude, Cursor, Windsurf, VS Code, or any MCP-compatible AI agent to ClosedVPN. Manage organizations, VPN configs, reports, threat prevention, and more — all through natural language.

https://closedvpn.io/mcp
0
Install Steps
31
MCP Tools
5+
AI Clients
Free
To Connect

Connect Your AI to
ClosedVPN

The Model Context Protocol (MCP) is an open standard that lets AI assistants securely connect to your tools and data. With ClosedVPN's MCP server, your AI agent can manage your entire VPN infrastructure — create organizations, configure VPN nodes, generate certificates, view reports, and more.

Secure by Default
PAT-based authentication. Your AI acts with your permissions only — nothing more.
Real-time Data
Direct access to live VPN stats, threat prevention data, and connection status.
AI-Native
Works with Claude Desktop, Claude Code, Cursor, Windsurf, VS Code, and any MCP client.

Get Connected in 3 Steps

Step 1

Generate a Personal Access Token

Go to your ClosedVPN dashboard → Settings → Personal Access Tokens → Generate New Token.

Important: Save your token immediately after generation — it will not be shown again.
Step 2

Configure Your AI Client

Select your AI client below for the exact configuration snippet.

Add a remote MCP server via the Codex CLI or codex.json config.

JSON
{ "mcpServers": { "closedvpn": { "type": "remote", "url": "https://closedvpn.io/mcp", "headers": { "Authorization": "Bearer YOUR_PAT_TOKEN" } } } }
Codex natively supports remote MCP servers — no proxy needed.

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

JSON
{ "mcpServers": { "closedvpn": { "command": "npx", "args": [ "-y", "mcp-remote", "https://closedvpn.io/mcp", "--header", "Authorization:Bearer YOUR_PAT_TOKEN" ] } } }
Restart Claude Desktop after saving — ClosedVPN tools appear automatically.

Edit ~/.claude/settings.json or use the Claude Code settings UI.

JSON
{ "mcpServers": { "closedvpn": { "type": "http", "url": "https://closedvpn.io/mcp", "headers": { "Authorization": "Bearer YOUR_PAT_TOKEN" } } } }

Edit ~/.cursor/mcp.json (global) or .cursor/mcp.json in your project root.

JSON
{ "mcpServers": { "closedvpn": { "url": "https://closedvpn.io/mcp", "headers": { "Authorization": "Bearer YOUR_PAT_TOKEN" } } } }
Add .cursor/mcp.json to .gitignore — never commit tokens to version control.

macOS/Linux: ~/.codeium/windsurf/mcp_config.json
Windows: %USERPROFILE%\.codeium\windsurf\mcp_config.json

JSON
{ "mcpServers": { "closedvpn": { "url": "https://closedvpn.io/mcp", "headers": { "Authorization": "Bearer YOUR_PAT_TOKEN" } } } }
Restart Windsurf after saving the config.

Create or edit .vscode/mcp.json in your workspace.

JSON
{ "servers": { "closedvpn": { "type": "http", "url": "https://closedvpn.io/mcp", "headers": { "Authorization": "Bearer ${input:closedvpnPAT}" } } }, "inputs": [ { "type": "promptString", "id": "closedvpnPAT", "description": "ClosedVPN Personal Access Token", "password": true } ] }
VS Code securely prompts for your PAT at runtime — nothing stored in the file.
Step 3

Start Using

Open a new chat and try these prompts:

List my organizations

list_organizations

Show VPN report for my org

list_organizationsget_vpn_report_stats

How many threats were blocked in my org?

get_threat_prevention_stats → returns threatsBlocked count

Create a new organization called Engineering Team

create_organization(name: "Engineering Team")

Invite [email protected] as a member

get_organizationinvite_user(email, role)

31 Tools, Invoked Automatically

Your AI reads each tool's description and calls the right one based on your request — no manual selection needed.

Organization Management — 10 tools
ToolDescription
list_organizationsList all active organizations you belong to
get_organizationGet full details, members, and VPN info for an organization
create_organizationCreate a new organization with a name and VPN assignment
update_organizationUpdate organization name or settings
delete_organizationDelete an organization (owner only)
select_organizationSwitch your active/selected organization context
leave_organizationLeave an organization you belong to
invite_userInvite a user to an organization via email
update_user_roleChange a member's role (owner / member)
remove_userRemove a member from an organization
VPN Configuration — 7 tools
ToolDescription
get_vpn_config_templateGet the full JSON template with field guide before creating
list_vpn_configsList all active VPN configurations
get_vpn_configGet full details of a specific VPN config
create_vpn_configCreate a new VPN config with full JSON config blob
update_vpn_configUpdate an existing VPN configuration
delete_vpn_configDelete a VPN configuration
execute_vpn_commandExecute a predefined command on a VPN server via SSH
VPN Status & Certificates — 3 tools
ToolDescription
get_vpn_user_statsGet your VPN connection status (IP, bytes, duration)
download_certificateGenerate or retrieve your VPN client certificate
list_available_vpnsList all active VPN gateways
Reports & Analytics — 2 tools
ToolDescription
get_vpn_report_statsGet traffic data, online users, and license usage
get_threat_prevention_statsGet threat prevention analytics (threats blocked, risk score, protected users, total connections)
Notifications & Activity — 4 tools
ToolDescription
list_notificationsList all unread notifications
mark_notification_readMark a specific notification as read
mark_all_notifications_readMark all notifications as read
get_activity_logsGet the last 50 activity audit trail entries
Profile Management — 2 tools
ToolDescription
get_user_profileGet your profile info (name, email, avatar, settings)
update_user_profileUpdate name, phone, company, notification preferences
Access Tokens — 3 tools
ToolDescription
list_patsList all active Personal Access Tokens
generate_patGenerate a new Personal Access Token
delete_patDeactivate a Personal Access Token by name

Secure Authentication

ClosedVPN MCP uses Personal Access Tokens (PAT) for authentication. Every request must include your PAT in the Authorization header.

HTTP Header
Authorization: Bearer YOUR_PAT_TOKEN
  • PATs inherit your account permissions — AI can only do what you can do
  • Tokens can have expiration dates for added security
  • Revoke tokens instantly from your dashboard if compromised
  • Token values are hashed with bcrypt — we never store the raw value
  • Each MCP session is independently authenticated

How It Works

AI Client
Claude Desktop
Claude Code
Cursor
Windsurf
VS Code
HTTPS + PAT
Authorization:
Bearer <token>
ClosedVPN MCP
closedvpn.io/mcp
31 Tools
Streamable HTTP
Backend
MongoDB
VPN Servers
Reports
Protocol
Streamable HTTP (MCP 2024-11-05)
Endpoint
https://closedvpn.io/mcp
Sessions
Auto — created on POST, closed on DELETE

Test with MCP Inspector

The MCP Inspector is a browser-based UI for exploring and testing all 31 tools interactively — perfect for validating your PAT and understanding tool schemas before connecting an AI client.

Connect via MCP Inspector
  1. Go to inspector.tools.modelcontextprotocol.com
  2. Set Transport to Streamable HTTP
  3. Set URL to https://closedvpn.io/mcp
  4. Add Header → Key: Authorization · Value: Bearer YOUR_PAT_TOKEN
  5. Click Connect — all 31 tools appear in the sidebar
  6. Click any tool → fill in parameters → click Run to test live
If tools load correctly in Inspector, they will work in any MCP client. Use this to verify your PAT before configuring Claude or Cursor.

Add AI to Your VPN
In Under a Minute.

Generate a PAT, paste two lines of config into Claude or Cursor, and start managing your VPN with AI.

Get PAT Token Quick Start