A tunneling client for Pangolin https://docs.fossorial.io
Find a file
Owen Schwartz 5a5897ee6f
Merge pull request #387 from DanivosYoun/fix/ws-half-open-detection
Detect dead/half-open control websocket (read deadline + protocol ping)
2026-06-23 11:47:47 -07:00
.github Merge branch 'main' into dev 2026-06-04 11:29:09 -07:00
authdaemon Quiet some logs 2026-06-05 17:09:58 -07:00
bind Dont block waiting for a rebind signal 2026-01-18 11:36:42 -08:00
browsergateway Add some preflight check for vnc reachability 2026-06-09 16:01:45 -07:00
clients Merge branch 'rdp-ssh' into dev 2026-05-28 15:40:22 -07:00
device Make ipc cross platform 2025-12-08 12:17:11 -05:00
docker refactor: update Docker client imports and adjust container handling logic 2026-05-10 10:50:38 +02:00
examples Make logger extensible 2025-11-17 13:49:43 -05:00
healthcheck Dont time out the health checks for http 2026-06-08 15:27:08 -07:00
holepunch Allow passing public dns into resolve 2026-03-12 16:41:41 -07:00
internal testdata: add expected telemetry metrics for connection attempts and events 2025-10-28 23:17:05 +01:00
logger Working on more hp 2025-12-03 20:49:46 -05:00
nativessh Support commands over the ssh tunnel 2026-06-05 13:55:43 -07:00
netstack2 Handle browser gateway push pam auth 2026-06-04 11:28:20 -07:00
network Hard code the ifconfig path 2026-04-24 10:39:44 -07:00
packages Add to cicd 2026-05-28 15:38:09 -07:00
proxy Handle browser gateway push pam auth 2026-06-04 11:28:20 -07:00
public/screenshots Update readme 2025-07-28 12:02:10 -07:00
testing Add some test scripts for ws and move to testing/ 2026-04-29 15:57:31 -07:00
updates Fix windows compatibility issues 2026-06-04 11:47:49 -07:00
util Allow passing public dns into resolve 2026-03-12 16:41:41 -07:00
websocket fix(websocket): detect dead/half-open control connection (read deadline + protocol ping) 2026-06-22 11:51:03 +09:00
wgtester Quiet up logs 2025-12-22 14:31:44 -05:00
.dockerignore Add license 2025-01-04 21:22:32 -05:00
.env.example Update example domain 2026-02-16 17:54:19 -08:00
.gitignore chore: add direnv and nix result dirs to gitignore 2025-12-22 19:43:48 -05:00
.go-version Update .go-version 2025-08-28 17:32:27 +02:00
authdaemon.go Quiet some logs 2026-06-05 17:09:58 -07:00
clients.go Merge branch 'rdp-ssh' into dev 2026-05-28 15:40:22 -07:00
common.go Merge branch 'main' into watch-blueprint 2026-06-06 23:23:22 +02:00
common_test.go Merge branch 'main' into watch-blueprint 2026-06-06 23:23:22 +02:00
CONTRIBUTING.md Update domain 2025-10-19 15:12:15 -07:00
docker-compose.metrics.collector.yml Adding OpenTelemetry Metrics and Tracing 2025-10-11 18:19:51 +02:00
docker-compose.metrics.yml Adding OpenTelemetry Metrics and Tracing 2025-10-11 18:19:51 +02:00
docker-compose.yml Update example domain 2026-02-16 17:54:19 -08:00
Dockerfile Add advantech router app updates 2026-05-28 15:38:09 -07:00
entrypoint.sh Allow use of env vars 2025-01-07 20:51:33 -05:00
flake.lock chore(nix): use nixpkgs-unstable branch and update flake inputs 2025-12-03 23:33:47 -05:00
flake.nix Update Flake 2026-06-04 11:51:40 -07:00
get-newt.sh Update log message 2026-05-11 10:34:30 -07:00
go.mod Merge branch 'main' into watch-blueprint 2026-06-06 23:23:22 +02:00
go.sum Merge branch 'main' into watch-blueprint 2026-06-06 23:23:22 +02:00
LICENSE Add license 2025-01-04 21:22:32 -05:00
main.go Add more context to error message 2026-06-09 20:50:02 -07:00
Makefile Merge branch 'main' into dev 2026-05-28 15:38:46 -07:00
newt.iss Update iss 2026-02-25 14:57:32 -08:00
README.md Update readme 2025-12-10 16:24:22 -05:00
reexec_unix.go Add restart endpoint 2026-05-28 15:38:09 -07:00
reexec_windows.go Add restart endpoint 2026-05-28 15:38:09 -07:00
SECURITY.md Update domain 2025-10-19 15:12:15 -07:00
self-signed-certs-for-mtls.sh feat/mtls-support-cert-script 2025-03-31 00:52:48 +02:00
service_unix.go Kind of working 2025-12-10 15:32:49 -05:00
service_windows.go Use logger not printf 2026-06-04 16:57:51 -07:00
stub.go Kind of working - revert if not 2025-11-26 17:57:27 -05:00
updown.py Add updown script capabilities 2025-03-07 12:35:46 -05:00

Newt

PkgGoDev GitHub License Go Report Card

Newt is a fully user space WireGuard tunnel client and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. By using Newt, you don't need to manage complex WireGuard tunnels and NATing.

Installation and Documentation

Newt is used with Pangolin and Gerbil as part of the larger system. See documentation below:

Key Functions

Registers with Pangolin

Using the Newt ID and a secret, the client will make HTTP requests to Pangolin to receive a session token. Using that token, it will connect to a websocket and maintain that connection. Control messages will be sent over the websocket.

Receives WireGuard Control Messages

When Newt receives WireGuard control messages, it will use the information encoded (endpoint, public key) to bring up a WireGuard tunnel using netstack fully in user space. It will ping over the tunnel to ensure the peer on the Gerbil side is brought up.

Receives Proxy Control Messages

When Newt receives WireGuard control messages, it will use the information encoded to create a local low level TCP and UDP proxies attached to the virtual tunnel in order to relay traffic to programmed targets.

Build

Binary

Make sure to have Go 1.25 installed.

make

Nix Flake

nix build

Binary will be at ./result/bin/newt

Development shell available with nix develop

Licensing

Newt is dual licensed under the AGPLv3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us.

Contributions

Please see CONTRIBUTIONS in the repository for guidelines and best practices.