cloudconnexa-mcp-server by OpenVPN - MCP Server

OpenVPN MCP Server for CloudConnexa

This MCP server enables interaction with your CloudConnexa environment through standardized tools that can be used by any MCP client of your choice, such as 5ire, Claude Desktop and Cursor. It empowers AI assistants to manage your CloudConnexa environment and fulfil requests made in natural language.

📋 Prerequisites
⚙️ Setting up your OpenVPN MCP Server for CloudConnexa
🤖 Adding the MCP Server to 5ire App
🤖 Adding GPT-5 model to 5ire App
💬 Example Prompts
🛠 Available Tools
🧯 Troubleshooting
🤝 Contributing
📄 License

📋 Prerequisites

To use the OpenVPN MCP Server for CloudConnexa, you’ll need:

CloudConnexa account
Docker:
- Visit docker.com
- Download Docker desktop for your operating system
- Install Docker by following the instructions for your operating system
- Open Docker and ensure it is running
A supported MCP client (any of those):
- 5ire
- Claude Desktop (v1.9+)
- Claude Code
- Cursor
- VS Code with

⚙️ Setting up your OpenVPN MCP Server for CloudConnexa

1. Generate Your API Token

Fill in a name, click Create, and copy your Public API Client ID and Public API Client Secret

Toggle Enable API for this Cloud ID should be set to enabled

2. In the root of the downloaded repository build the docker container:

docker build -t mcp-server-public .

3. Start the MCP server:

In Terminal run:

bash start.sh

Then download 5ire App and complete the MCP setup:

🤖 Adding the MCP Server to 5ire App

1. In 5ire App go to Tools and click on +Local button 2. This will open the Add New Tool modal. Fill in the following details:

Tool Key: openvpnmcp
Name: OpenVPN MCP
URL: http://0.0.0.0:9999/sse

3. Click Save

4. Switch the toggle to ON to turn on the MCP server

6. Head to Workspace → Providers and add your LLM Provider API key

7. Click New Chat

8. Select your desired LLM model and enter the prompt: "Discover graphql_schema and tell me what tools are available?"

That's it, your MCP server is now connected to 5ire App and you can ask your AI assistant to execute any of the available tools. Check out the example prompts section in this README for some suggestions.

🤖 Adding GPT-5 model to 5ire App

GPT-5 has performed best during our tests, however it is not available by default in 5ire App. Here are brief instructions on how to add it as an available model:

1. In 5ire App head to: Workspace → Providers → OpenAI and click the "+ Model" button

2. Fill in gpt-5 for Name and Display Name

3. Set Context Window to 400000 and Max Tokens to 16384 -

4. Set Input Price to $1.25 and Output Price to $0

5. Toggle Tools to ON

6. Click Save

7. Go to New Chat change temperature to 1.0 (GPT-5 requires >1) and adjust Max Tokens value

These are example values, you should adjust them based on your own cost estimation for using GPT-5.

💬 Example Prompts

"What are the available tools in graphql_schema"

This prompt is required to be run once in order for the MCP client to discover all available tools

Here are some examples of queries:

"Which users are online right now?"
"What is my device posture policy?"
"Show DNS logs for yesterday"
"Show me a summary of my configuration"

Currently only read-only tools are available, but we are working on expanding the list of available tools.

🛠 Available Tools

Category	Tool	Description
Hosts and related	`hosts`	List all hosts.
	`hostById(id)`	Get a host by ID.
	`hostApplications(hostId)`	List applications attached to a host.
	`hostApplicationById(id)`	Get a specific host application.
	`hostServices(hostId)`	List IP-based services on a host.
	`hostServiceById(id)`	Get a host IP service by ID.
	`hostConnectors(hostId)`	List connectors associated with a host.
	`hostConnectorsById(id)`	Get a specific host connector.
Networks and related	`networks`	List all networks.
	`networkById(id)`	Get a network by ID.
	`networkApplications(networkId)`	List applications associated with a network.
	`networkApplicationById(id)`	Get a specific network application.
	`networkServices(networkId)`	List IP-based services on a network.
	`networkServiceById(id)`	Get a network IP service by ID.
	`networkRoutes(networkId)`	List network routes (IPv4/IPv6).
	`networkRouteById(id)`	Get a network route by ID.
	`networkConnectors(networkId)`	List connectors for a network.
	`networkConnectorsById(id)`	Get a specific network connector.
Traffic & sessions	`visitedDomains(startHour, hoursBack=1)`	Domain resolution stats for a time window.
	`sessions(startDate, endDate, ...)`	Retrieve session records (active/historical).
Users, groups, devices	`users`	List users.
	`userById(id)`	Get a user by ID.
	`userGroups`	List user groups.
	`userGroupById(id)`	Get a user group by ID.
	`devices(userId)`	List devices, optionally filtered by user.
	`deviceById(id, userId)`	Get a device by ID for a user.
	`vpnRegions`	List available VPN regions.
Access control	`accessGroups`	List access groups/policies.
	`accessGroupById(id)`	Get an access group by ID.
	`accessVisibilityEnabled`	Whether access visibility is enabled.
Device posture	`devicePostures`	List device posture policies.
	`devicePostureById(id)`	Get a device posture policy by ID.
DNS and logging	`dnsLogUserResolutionsEnabled`	Whether per-user DNS resolution logging is enabled.
	`dnsRecords`	List custom DNS records.
	`dnsRecordById(id)`	Get a DNS record by ID.
	`dnsServerAddresses`	Get DNS server addresses configured.
	`dnsProxyEnabled`	Whether DNS proxying is enabled.
	`defaultDnsSuffix`	Default DNS suffix.
	`dnsZones`	List DNS zones.
Location contexts	`locationContexts`	List location context policies.
	`locationContextById(id)`	Get a location context by ID.
SCIM	`scimCurrentUser`	Get SCIM token/config info for the current user.
	`scimUsers(startIndex, count, filter)`	SCIM-compliant user listing.
	`scimUserById(id)`	Get a SCIM user by ID.
Organization settings	`topology`	Current topology setting.
	`defaultRegion`	Default VPN region.
	`snat`	Whether SNAT is enabled.
	`subnet`	Organization subnets (IPv4/IPv6).
	`domainRoutingSubnet`	Subnet used for domain routing.
	`clientOptions`	Client option flags.
	`connectionTimeout`	Connection timeout (seconds).
	`defaultConnectAuth`	Default connect authentication policy.
	`deviceAllowancePerUser`	Max devices per user.
	`forceUpdateDeviceAllowance`	Force device allowance update flag.
	`deviceEnforcementLevel`	Device compliance enforcement level.
	`profileDistribution`	Client/profile distribution method.
	`twoFactorAuthEnabled`	Whether 2FA is enabled.
	`trustedDevicesAllowed`	Whether trusted devices are allowed.
	`ldapGroupMappings`	LDAP group-to-app mappings.
	`samlGroupMappings`	SAML group-to-app mappings.

Troubleshooting

GPT-5 model is not available

See the How to add GPT-5 model to 5ire App section

The LLM model does not support this temperature

GPT-5 model supports only temperature values of 1.0 or higher

Context window size reached

Just above the prompt in 5ire App you can change how many tokens should the context length be. If you often run into this error you can adjust this setting.

LLM replies that it can not reach MCP tools

Ensure that under Tools, the MCP server shows a green "Online" status, if not then turn the toggle ON. If it's still not working check in the terminal that the server is running.

LLM replies that it can not find any MCP tools

Try running this prompt: "Discover graphql_schema" then try again.

API credentials not working?

Try generating a new pair of credentials from CloudConnexa -> API & Logs -> API

Known issues

GPT-4 and o4-mini models struggle to build correct MCP tool requests in some instances. In comparison GPT-5 shows significantly more accurate performance.

Contributing

We welcome your contributions. Enhancements, bug reports, and documentation improvements are valued.

Fork this repository
Create a feature branch (e.g., git checkout -b feature/new-tool)
Submit a pull request for review

License

This project is licensed under the .

OpenVPN/cloudconnexa-mcp-server