WireGuard × AI × eBPF

TALK
TO YOUR
NETWORK

Natural language control for WireGuard. Ask questions. Get answers. See everything moving through your tunnel — in plain English, not packet dumps.

View on GitHub
tunnelmind — mcp session
// connected to wg0 · eBPF telemetry active
you > Which peers have been active in the last hour?
→ 3 active peers · peer:a3f9 (12.4 MB ↑↓) · peer:c821 (2.1 MB ↑) · peer:8d04 (last seen 4m ago)
you > Is anything trying to reach a known bad IP?
→ eBPF scan complete · 0 threats detected · 847 flows inspected
you > Block peer:c821 and log the reason
→ peer:c821 revoked · wg0 updated · event logged
// SYSTEM ARCHITECTURE
``` YOU + CLAUDE CLAUDE AI "which peers are active?" natural language query plain english response ↑ MCP SERVER — TUNNELMIND TUNNELMIND MCP list_peers query_traffic revoke_peer check_threats add_peer show_logs ··· KERNEL — YOUR SERVER WIREGUARD wg0 eBPF HOOKS TC ingress/egress · libbpf flow telemetry ip · bytes · flags · latency — — — — — — ENCRYPTED TUNNEL — — — — — — INTERNET — — — — — — INTERFACE NEVER PUBLIC ```
01
Natural Language

Ask your network anything. WireGuard speaks back in plain English. No CLI, no config files, no guesswork — just a conversation with your infrastructure.

02
eBPF Intelligence

Deep packet inspection at the kernel level. Every flow through wg0 is tracked, classified, and queryable — in real time, with zero overhead on your traffic.

03
Your Rules. Your Data.

The MCP server never touches the public internet. Traffic telemetry stays on your host. No surveillance, no middlemen — just you and your tunnel.

THE NETWORK THAT ANSWERS TO YOU

NOT THE OTHER WAY AROUND

OPEN SOURCE. SELF HOSTED.

EARLY ACCESS

TunnelMind is in active development. Join the list and be among the first to deploy
the intelligence layer your WireGuard has been missing.

✓  Request sent. We'll be in touch via tunnelmind@proton.me

Questions? tunnelmind@proton.me