tools.openvpn_tools module

OpenVPN client management tools.

Manage OpenVPN client connections with split tunneling support. Uses route-nopull by default so no routes are added when connecting. Requires openvpn installed.

All tools require the UNSANDBOXED_EXEC privilege.

Encrypted connection profiles (audit, 2025): These tools operate on local filesystem paths (e.g. /etc/openvpn/client/<name>.conf) and optional systemd openvpn-client@ units. They do not expose a network login bundle comparable to SSH or database tools; auth material lives inside the referenced .conf/key files on the bot host. Per-user Redis encrypted profiles (openvpn prefix) are not implemented here; add save/list/delete + credential_profile only if a future handler accepts a stable JSON bundle (e.g. named path references) without pulling arbitrary secrets into chat.