# WireGuard VPN Setup Scripts

These scripts automate the installation and configuration of a WireGuard-based VPN setup for a network vulnerability scanner project. They include:

- A **client setup script** to establish a reverse tunnel from a remote site
- A **server setup script** for the central scanner to receive connections

---

##  VPN Client Setup (`setup-wireguard-client.sh`)

This script installs WireGuard on a remote machine, generates keys, and sets up a reverse tunnel to the scanner server using the WireGuard protocol.

###  Configuration

Before running, edit the following values inside the script:

- `WG_ADDRESS`: IP address of the client in the VPN (e.g., `10.0.0.2/24`)
- `WG_SERVER_PUBLIC_KEY`: Public key of the server
- `WG_SERVER_ENDPOINT`: IP and port of the server (e.g., `192.0.2.1:51820`)
- `WG_ALLOWED_IPS`: Use `0.0.0.0/0` to tunnel all traffic through the VPN
- `WG_IFACE`: Network interface used for NAT (e.g., `enp0s3`)

###  Usage

```bash
chmod +x setup-wireguard-client.sh
sudo ./setup-wireguard-client.sh
```

---

##  VPN Server Setup (`setup-wireguard-server-no-postup.sh`)

This script installs WireGuard on the central scanning server, generates a keypair, and configures it to accept connections from clients.

###  Configuration

Before running, edit the script:

- `WG_ADDRESS`: Server IP in the VPN (e.g., `10.0.0.1/32`)
- `WG_LISTEN_PORT`: Port to listen on (e.g., `123`)
- `WG_PEER_PUBLIC_KEY`: Public key of the client
- `WG_ALLOWED_IPS`: Must include the client's tunnel IP (e.g., `10.0.0.2/32`) and any **internal subnets** the server needs to access through the client (e.g., `192.168.0.0/24`)

###  Usage

```bash
chmod +x setup-wireguard-server-no-postup.sh
sudo ./setup-wireguard-server-no-postup.sh
```

---

## Notes

- Ensure the client's real internal subnets are listed in `AllowedIPs` on the server.
- You can connect multiple clients by repeating the `[Peer]` block in the server’s config.
- Keys are stored under `/etc/wireguard/`. Do not expose them publicly.
- You need to exchange public keys from scanner to client and vice versa to put in the conf file which in both it in /etc/wireguard/${WG_INTERFACE}.conf depending on what you put as the wg_interface.

###  Useful Commands

```bash
sudo wg show                   # Show the status of WireGuard connection
sudo wg-quick down wg0    # Bring down the VPN
sudo wg-quick up wg0      # Bring up the VPN
```