MCP server for Pritunl Enterprise VPN management
Project description
Pritunl VPN MCP Server
MCP server for managing Pritunl Enterprise VPN instances. Provides 35 tools for organizations, users, servers, routes, hosts, and settings.
Prerequisites
- Python 3.10+
- Pritunl Enterprise subscription (required for API access)
- API token and secret from Pritunl admin console
Configuration
Authentication: Pritunl uses HMAC-based API authentication with a token/secret pair. Generate these in the Pritunl web console under Users → API Keys.
Option 1: config.json
cp config.json.example config.json
# Edit config.json with your API credentials
Option 2: Environment Variables
export PRITUNL_HOST="https://vpn.example.com"
export PRITUNL_API_TOKEN="your-api-token"
export PRITUNL_API_SECRET="your-api-secret"
export PRITUNL_VERIFY_SSL="true"
export PRITUNL_TIMEOUT="30"
Configuration Fields
| Field | Env Var | Required | Default | Description |
|---|---|---|---|---|
host |
PRITUNL_HOST |
Yes | — | Pritunl server URL |
api_token |
PRITUNL_API_TOKEN |
Yes | — | API token |
api_secret |
PRITUNL_API_SECRET |
Yes | — | API secret |
verify_ssl |
PRITUNL_VERIFY_SSL |
No | true |
Verify TLS certificates |
timeout |
PRITUNL_TIMEOUT |
No | 30 |
Request timeout in seconds |
The config file path can also be set via PRITUNL_CONFIG env var or --config CLI flag.
Installation
Option 1: Using uv (Recommended)
uv is a fast Python package manager. Install it first:
# macOS/Linux
curl -LsSf https://astral.sh/uv/install.sh | sh
No additional installation needed — uvx will handle dependencies automatically.
Option 2: Using pip
pip install bibliocommons-mcp-pritunl
# or for development
pip install -e ".[dev]"
AI Client Setup
Quick Links: Amazon Q | Claude Desktop | VS Code | GitHub Copilot | Cline | Zed | Cursor | Kiro IDE | Kiro CLI
Amazon Q Developer (VS Code)
{
"amazonQ.mcp.servers": {
"pritunl": {
"command": "uvx",
"args": ["--from", "/absolute/path/to/pritunl", "bibliocommons-mcp-pritunl"]
}
}
}
Claude Desktop
Config location:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"pritunl": {
"command": "uvx",
"args": ["--from", "/absolute/path/to/pritunl", "bibliocommons-mcp-pritunl"]
}
}
}
VS Code (with MCP Extension)
{
"mcp.servers": {
"pritunl": {
"command": "uvx",
"args": ["--from", "/absolute/path/to/pritunl", "bibliocommons-mcp-pritunl"]
}
}
}
GitHub Copilot (VS Code)
{
"github.copilot.chat.mcp.servers": {
"pritunl": {
"command": "uvx",
"args": ["--from", "/absolute/path/to/pritunl", "bibliocommons-mcp-pritunl"]
}
}
}
Cline (VS Code Extension)
{
"cline.mcpServers": {
"pritunl": {
"command": "uvx",
"args": ["--from", "/absolute/path/to/pritunl", "bibliocommons-mcp-pritunl"]
}
}
}
Zed Editor
Open settings (Cmd+, / Ctrl+,) → Language Models → Configure MCP Servers:
{
"mcpServers": {
"pritunl": {
"command": "uvx",
"args": ["--from", "/absolute/path/to/pritunl", "bibliocommons-mcp-pritunl"]
}
}
}
Cursor IDE
{
"mcp.servers": {
"pritunl": {
"command": "uvx",
"args": ["--from", "/absolute/path/to/pritunl", "bibliocommons-mcp-pritunl"]
}
}
}
Kiro IDE
{
"mcpServers": {
"pritunl": {
"command": "uvx",
"args": ["--from", "/absolute/path/to/pritunl", "bibliocommons-mcp-pritunl"]
}
}
}
Kiro CLI
Create or edit ~/.kiro/settings/mcp.json (user level) or <project-root>/.kiro/settings/mcp.json (project level):
{
"mcpServers": {
"pritunl": {
"command": "uvx",
"args": ["--from", "/absolute/path/to/pritunl", "bibliocommons-mcp-pritunl"]
}
}
}
Configuration Notes
- Replace
/absolute/path/to/pritunlwith the actual path to the server directory. - Using
uvx: Automatically manages dependencies in isolated environments. - Using
pythondirectly: Requirespip install bibliocommons-mcp-pritunlfirst. Use"command": "python", "args": ["-m", "bibliocommons_mcp_pritunl"]instead. - Restart your AI client after adding the configuration.
Available Tools
Status (2 tools)
| Tool | Description |
|---|---|
get_status |
Get Pritunl system status (server count, host count, org count, online users) |
get_events |
Get real-time event stream from Pritunl |
Organizations (5 tools)
| Tool | Description |
|---|---|
list_organizations |
List all organizations |
get_organization |
Get organization details by ID |
create_organization |
Create a new organization |
update_organization |
Update an organization's name |
delete_organization |
Delete an organization |
Users (7 tools)
| Tool | Description |
|---|---|
list_users |
List all users in an organization |
get_user |
Get user details by organization and user ID |
create_user |
Create a new user in an organization |
update_user |
Update a user's properties (name, email, disabled status) |
delete_user |
Delete a user from an organization |
get_user_audit |
Get audit log for a specific user |
get_user_key_download_url |
Get temporary key download links for a user |
Servers (10 tools)
| Tool | Description |
|---|---|
list_servers |
List all VPN servers |
get_server |
Get VPN server details by ID |
create_server |
Create a new VPN server |
update_server |
Update a VPN server (merges changes with current config) |
delete_server |
Delete a VPN server |
start_server |
Start a VPN server |
stop_server |
Stop a VPN server |
restart_server |
Restart a VPN server |
get_server_output |
Get server log output |
get_server_bandwidth |
Get server bandwidth statistics (periods: 1m, 5m, 30m, 2h, 1d) |
Server Routes (4 tools)
| Tool | Description |
|---|---|
list_server_routes |
List all routes on a VPN server |
add_server_route |
Add a route to a VPN server |
update_server_route |
Update a route on a VPN server |
delete_server_route |
Delete a route from a VPN server |
Server Organizations (2 tools)
| Tool | Description |
|---|---|
attach_organization |
Attach an organization to a VPN server |
detach_organization |
Detach an organization from a VPN server |
Hosts (3 tools)
| Tool | Description |
|---|---|
list_hosts |
List all Pritunl hosts |
get_host |
Get host details by ID |
list_server_hosts |
List hosts attached to a VPN server |
Settings (2 tools)
| Tool | Description |
|---|---|
get_settings |
Get global Pritunl settings |
update_settings |
Update global Pritunl settings (merges changes with current) |
Read-Only Mode
Exclude all destructive (create/update/delete) tools:
# CLI flag
python -m bibliocommons_mcp_pritunl --read-only
# Environment variable
export PRITUNL_READ_ONLY=true
In read-only mode, the following 20 tools are excluded: create_organization, update_organization, delete_organization, create_user, update_user, delete_user, create_server, update_server, delete_server, start_server, stop_server, restart_server, add_server_route, update_server_route, delete_server_route, attach_organization, detach_organization, update_settings.
Docker
docker build -t pritunl-mcp .
docker run --rm \
-e PRITUNL_HOST="https://vpn.example.com" \
-e PRITUNL_API_TOKEN="your-token" \
-e PRITUNL_API_SECRET="your-secret" \
pritunl-mcp
Pass --read-only to restrict to read-only tools:
docker run --rm \
-e PRITUNL_HOST="https://vpn.example.com" \
-e PRITUNL_API_TOKEN="your-token" \
-e PRITUNL_API_SECRET="your-secret" \
pritunl-mcp --read-only
Web UI
A REST API with interactive Swagger documentation is available:
python -m bibliocommons_mcp_pritunl.webui
Access the Swagger UI at: http://localhost:8000/docs
Standalone MCP Server
python -m bibliocommons_mcp_pritunl
CLI Flags
| Flag | Env Var | Description |
|---|---|---|
--config PATH |
PRITUNL_CONFIG |
Path to config.json |
--read-only |
PRITUNL_READ_ONLY |
Exclude destructive tools |
--expanded |
PRITUNL_EXPANDED |
Register all tools individually instead of gateway mode |
--transport stdio|http |
PRITUNL_TRANSPORT |
Transport mode (default: stdio) |
--port PORT |
PRITUNL_PORT |
HTTP port (default: 8000) |
--version |
— | Show version and exit |
Gateway Mode (Default)
By default, the server exposes 2 tools instead of 35 individual tools:
| Tool | Purpose |
|---|---|
pritunl_api |
Execute any Pritunl VPN action by name with a params dict |
pritunl_help |
Search available actions, parameters, and descriptions |
The AI assistant calls pritunl_help to discover available actions, then calls pritunl_api(action="list_servers", params={}) to execute them.
To register all individual tools (previous behavior), use --expanded:
python -m bibliocommons_mcp_pritunl --expanded
Development
# Install with dev dependencies
pip install -e ".[dev]"
# Run tests
pytest
# Run tests with coverage
pytest --cov=bibliocommons_mcp_pritunl
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bibliocommons_mcp_pritunl-1.0.0.tar.gz.
File metadata
- Download URL: bibliocommons_mcp_pritunl-1.0.0.tar.gz
- Upload date:
- Size: 19.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f8798d1b0949ad4f663928fd6c929769ff31d186977a75cd66550e71762fa344
|
|
| MD5 |
9611bb53a5fe471795df468b6fc4af91
|
|
| BLAKE2b-256 |
7cad84bbc553563f6b1b0616aa421dac40ede61da07a7ae212f96d57439d918d
|
File details
Details for the file bibliocommons_mcp_pritunl-1.0.0-py3-none-any.whl.
File metadata
- Download URL: bibliocommons_mcp_pritunl-1.0.0-py3-none-any.whl
- Upload date:
- Size: 12.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1f0aefd7d0b5b5e45031c692fbcc8e9727f8dc50d523f919da11a7590f025a5f
|
|
| MD5 |
a201d90c8b504f9feef5caa28632ed07
|
|
| BLAKE2b-256 |
edd7ce696c4fefccb1528b00669bca94535195b3a60f166c6c1922051aadb90c
|
