# WireGuard VPN Client in Docker

This is a side module for a broader project focused on network vulnerability scanning. It enables remote scanning by establishing a **reverse VPN tunnel** between the remote client and the central scanner.

The containerized WireGuard client connects securely to the main scanner’s server, making the remote network accessible for scanning — as if the scanner were directly connected to it.

---

## Features

- Automatically generates a WireGuard key pair (if not present)
- Accepts configuration via Docker environment variables
- Enables NAT and IP forwarding for reverse tunneling
- Runs with `network_mode: host` to provide full LAN visibility
- Lightweight and easy to deploy on Linux systems

---

##  Setup Instructions

### 1. Configure Your `docker-compose.yml`

Edit the environment section and replace placeholders with actual values:

```yaml
WG_ADDRESS: "10.0.0.2/24"
WG_SERVER_PUBLIC_KEY: "YOUR_REAL_PUBLIC_KEY_HERE"
WG_SERVER_ENDPOINT: "YOUR.SERVER.IP.HERE:51820"
WG_ALLOWED_IPS: "0.0.0.0/0"
WG_KEEPALIVE: "25"
WG_IFACE: "enp0s3"  # Replace with your actual network interface
```

### 3. Build and Start the Container

```bash
sudo docker-compose build
sudo docker-compose up -d
```

### 4. Check Logs

```bash
sudo docker logs wireguard-client
```
You should see:

    The public key of the client

    Confirmation of the wg0 interface being created

    No config syntax errors