WireGuard has an API, via Netlink. This might help you: https://git.zx2c4.com/wireguard-tools/tree/contrib/embeddable-wg-library https://git.zx2c4.com/wireguard-tools/tree/src/uapi/linux/wireguard.h It can handle 1M peers, yes.