Connections should be intentional.
bLink is a WireGuard-based network manager designed to create, control, and maintain secure connections between systems.
It acts as the network layer of your infrastructure, handling peer provisioning, configuration, and connectivity without manual WireGuard setup.
What it does
- 🔗 Manage WireGuard peers and interfaces
- 📡 Establish secure tunnels between systems
- 🧾 Generate and manage configuration dynamically
- 🔐 Enforce network-level isolation
- ⚙️ Automate peer lifecycle (create, update, revoke)
Why it exists
WireGuard is simple.
Managing it at scale is not.
bLink exists to remove the friction of:
- editing config files
- distributing keys manually
- keeping peer state in sync
It turns WireGuard into something programmable.
How it works
bLink acts as a control plane for WireGuard.
- peers are registered and provisioned
- configs are generated automatically
- connections are established through secure tunnels
Each node becomes part of a controlled network, not just a standalone VPN setup.
Architecture
Built around:
- WireGuard for secure tunneling
- centralized control logic
- dynamic configuration generation
Designed for:
- multiple nodes
- evolving network topologies
- integration with other services
Status
bLink is currently in development.
It is being designed alongside bGate and bLock to form a unified system for managing exposure, connectivity, and access.
Ecosystem
bLink is the connection layer:
- bGate → manages exposure and routing
- bLink → manages connectivity
- bLock → manages identity and access
Everything passes through the gate.
Everything connects through the link.
Everything is enforced by the lock.