Thanks for the link! IIUIC, wireproxy is not similar, but complementary: you can run wiretap on the server-side and wireproxy on the client and have a complete user-space solution.
The focus here is on the fact that it runs in userspace. Tailscale in userspace does something similar where it receives packet "meta-data" and then just creates the packet that came through the tunnel and sends it out the lan interface. Is this what happens here? I do like the docker option ;)
Vanilla WireGuard doesn't provide a way to run a peer in userspace that can proxy traffic between another peer and an endpoint such as a web server because you need to be privileged to do things like work with raw packets. However, https://github.com/WireGuard/wireguard-go is a userspace implementation of WireGuard and has recently incorporated Google's userspace networking stack. This project uses these two userspace tools to "fake" a privileged WireGuard peer that proxies TCP, UDP, and (a small subset of) ICMP. It was written as a pentesting/red team utility for my team but it can also serve as a general makeshift VPN when you don't have privileges on a box you want to proxy through.
Kernel networking interfaces already work pretty well in containers (using network namespaces). You can eg run openvpn or some fancier SDN inside a container to tunnel its traffic with the default non-privileged permission set that
If you are running an old kernel from before Wireguard was merged to the mainline kernel, or want the extra safery from a memory safe language wireguard implementation this can be useful.
