This MCP server enables interaction with your CloudConnexa environment through standardized tools that can be used by any MCP client of your choice, such as 5ire, Claude Desktop and Cursor. It empowers AI assistants to manage your CloudConnexa environment and fulfil requests made in natural language.
- π Prerequisites
- βοΈ Setting up your OpenVPN MCP Server for CloudConnexa
- π€ Adding the MCP Server to 5ire App
- π€ Adding GPT-5 model to 5ire App
- π¬ Example Prompts
- π Available Tools
- π§― Troubleshooting
- π€ Contributing
- π License
To use the OpenVPN MCP Server for CloudConnexa, youβll need:
-
- Visit docker.com
- Download Docker desktop for your operating system
- Install Docker by following the instructions for your operating system
- Open Docker and ensure it is running
-
A supported MCP client (any of those):
- 5ire
- Claude Desktop (v1.9+)
- Claude Code
- Cursor
- VS Code with Cline plugin
Log in to CloudConnexa and navigate to API & Logs β API and click Create credentials
Fill in a name, click Create, and copy your Public API Client ID and Public API Client Secret
Toggle Enable API for this Cloud ID should be set to enabled
docker build -t mcp-server-public .
In Terminal run:
bash start.sh
Then download 5ire App and complete the MCP setup:
1. In 5ire App go to Tools and click on +Local button 2. This will open the Add New Tool modal. Fill in the following details:
- Tool Key: openvpnmcp
- Name: OpenVPN MCP
- URL: http://0.0.0.0:9999/sse
3. Click Save
4. Switch the toggle to ON to turn on the MCP server
6. Head to Workspace β Providers and add your LLM Provider API key
7. Click New Chat
8. Select your desired LLM model and enter the prompt: "Discover graphql_schema and tell me what tools are available?"
That's it, your MCP server is now connected to 5ire App and you can ask your AI assistant to execute any of the available tools. Check out the example prompts section in this README for some suggestions.
GPT-5 has performed best during our tests, however it is not available by default in 5ire App. Here are brief instructions on how to add it as an available model:
1. In 5ire App head to: Workspace β Providers β OpenAI and click the "+ Model" button
2. Fill in gpt-5 for Name and Display Name
3. Set Context Window to 400000 and Max Tokens to 16384 -
4. Set Input Price to $1.25 and Output Price to $0
5. Toggle Tools to ON
6. Click Save
7. Go to New Chat change temperature to 1.0 (GPT-5 requires >1) and adjust Max Tokens value
These are example values, you should adjust them based on your own cost estimation for using GPT-5.
"What are the available tools in graphql_schema"
This prompt is required to be run once in order for the MCP client to discover all available tools
Here are some examples of queries:
"Which users are online right now?"
"What is my device posture policy?"
"Show DNS logs for yesterday"
"Show me a summary of my configuration"
Currently only read-only tools are available, but we are working on expanding the list of available tools.
| Category | Tool | Description |
|---|---|---|
| Hosts and related | hosts |
List all hosts. |
hostById(id) |
Get a host by ID. | |
hostApplications(hostId) |
List applications attached to a host. | |
hostApplicationById(id) |
Get a specific host application. | |
hostServices(hostId) |
List IP-based services on a host. | |
hostServiceById(id) |
Get a host IP service by ID. | |
hostConnectors(hostId) |
List connectors associated with a host. | |
hostConnectorsById(id) |
Get a specific host connector. | |
| Networks and related | networks |
List all networks. |
networkById(id) |
Get a network by ID. | |
networkApplications(networkId) |
List applications associated with a network. | |
networkApplicationById(id) |
Get a specific network application. | |
networkServices(networkId) |
List IP-based services on a network. | |
networkServiceById(id) |
Get a network IP service by ID. | |
networkRoutes(networkId) |
List network routes (IPv4/IPv6). | |
networkRouteById(id) |
Get a network route by ID. | |
networkConnectors(networkId) |
List connectors for a network. | |
networkConnectorsById(id) |
Get a specific network connector. | |
| Traffic & sessions | visitedDomains(startHour, hoursBack=1) |
Domain resolution stats for a time window. |
sessions(startDate, endDate, ...) |
Retrieve session records (active/historical). | |
| Users, groups, devices | users |
List users. |
userById(id) |
Get a user by ID. | |
userGroups |
List user groups. | |
userGroupById(id) |
Get a user group by ID. | |
devices(userId) |
List devices, optionally filtered by user. | |
deviceById(id, userId) |
Get a device by ID for a user. | |
vpnRegions |
List available VPN regions. | |
| Access control | accessGroups |
List access groups/policies. |
accessGroupById(id) |
Get an access group by ID. | |
accessVisibilityEnabled |
Whether access visibility is enabled. | |
| Device posture | devicePostures |
List device posture policies. |
devicePostureById(id) |
Get a device posture policy by ID. | |
| DNS and logging | dnsLogUserResolutionsEnabled |
Whether per-user DNS resolution logging is enabled. |
dnsRecords |
List custom DNS records. | |
dnsRecordById(id) |
Get a DNS record by ID. | |
dnsServerAddresses |
Get DNS server addresses configured. | |
dnsProxyEnabled |
Whether DNS proxying is enabled. | |
defaultDnsSuffix |
Default DNS suffix. | |
dnsZones |
List DNS zones. | |
| Location contexts | locationContexts |
List location context policies. |
locationContextById(id) |
Get a location context by ID. | |
| SCIM | scimCurrentUser |
Get SCIM token/config info for the current user. |
scimUsers(startIndex, count, filter) |
SCIM-compliant user listing. | |
scimUserById(id) |
Get a SCIM user by ID. | |
| Organization settings | topology |
Current topology setting. |
defaultRegion |
Default VPN region. | |
snat |
Whether SNAT is enabled. | |
subnet |
Organization subnets (IPv4/IPv6). | |
domainRoutingSubnet |
Subnet used for domain routing. | |
clientOptions |
Client option flags. | |
connectionTimeout |
Connection timeout (seconds). | |
defaultConnectAuth |
Default connect authentication policy. | |
deviceAllowancePerUser |
Max devices per user. | |
forceUpdateDeviceAllowance |
Force device allowance update flag. | |
deviceEnforcementLevel |
Device compliance enforcement level. | |
profileDistribution |
Client/profile distribution method. | |
twoFactorAuthEnabled |
Whether 2FA is enabled. | |
trustedDevicesAllowed |
Whether trusted devices are allowed. | |
ldapGroupMappings |
LDAP group-to-app mappings. | |
samlGroupMappings |
SAML group-to-app mappings. |
- See the How to add GPT-5 model to 5ire App section
- GPT-5 model supports only temperature values of 1.0 or higher
- Just above the prompt in 5ire App you can change how many tokens should the context length be. If you often run into this error you can adjust this setting.
- Ensure that under Tools, the MCP server shows a green "Online" status, if not then turn the toggle ON. If it's still not working check in the terminal that the server is running.
- Try running this prompt: "Discover graphql_schema" then try again.
- Try generating a new pair of credentials from CloudConnexa -> API & Logs -> API
GPT-4 and o4-mini models struggle to build correct MCP tool requests in some instances. In comparison GPT-5 shows significantly more accurate performance.
We welcome your contributions. Enhancements, bug reports, and documentation improvements are valued.
-
Fork this repository
-
Create a feature branch (e.g., git checkout -b feature/new-tool)
-
Submit a pull request for review
This project is licensed under the Apache 2.0 license.
