mirror of https://github.com/fosrl/newt.git synced 2026-05-03 16:10:24 +02:00

A tunneling client for Pangolin https://docs.fossorial.io

overlay-network tunnel-client userspace-networking vpn wireguard

Find a file

Owen Schwartz 57aa2e2e2c Merge pull request #336 from fosrl/dev 1.12.3		2026-04-29 16:02:49 -07:00
.github	Revert nix version in cicd	2026-04-22 11:40:12 -07:00
authdaemon	generate random user password	2026-02-26 10:30:24 -08:00
bind	Dont block waiting for a rebind signal	2026-01-18 11:36:42 -08:00
clients	Add logging	2026-04-11 21:56:28 -07:00
device	Make ipc cross platform	2025-12-08 12:17:11 -05:00
docker	Update logger to take in when initing	2025-11-17 21:49:07 -05:00
examples	Make logger extensible	2025-11-17 13:49:43 -05:00
healthcheck	Follow redirects by default for backward compat	2026-04-28 10:10:28 -07:00
holepunch	Allow passing public dns into resolve	2026-03-12 16:41:41 -07:00
internal	testdata: add expected telemetry metrics for connection attempts and events	2025-10-28 23:17:05 +01:00
logger	Working on more hp	2025-12-03 20:49:46 -05:00
netstack2	Support websocket upgrades in private HTTP proxy	2026-04-29 07:12:35 +01:00
network	Hard code the ifconfig path	2026-04-24 10:39:44 -07:00
proxy	Merge remote-tracking branch 'upstream/dev' into investigate/heap-leak-udp-proxy	2026-04-10 13:36:13 +01:00
public/screenshots	Update readme	2025-07-28 12:02:10 -07:00
testing	Add some test scripts for ws and move to testing/	2026-04-29 15:57:31 -07:00
updates	Show download script to update	2026-01-19 21:25:28 -08:00
util	Allow passing public dns into resolve	2026-03-12 16:41:41 -07:00
websocket	Fix nil pointer	2026-04-20 15:05:07 -07:00
wgtester	Quiet up logs	2025-12-22 14:31:44 -05:00
.dockerignore	Add license	2025-01-04 21:22:32 -05:00
.env.example	Update example domain	2026-02-16 17:54:19 -08:00
.gitignore	chore: add direnv and nix result dirs to gitignore	2025-12-22 19:43:48 -05:00
.go-version	Update .go-version	2025-08-28 17:32:27 +02:00
authdaemon.go	generate random user password	2026-02-26 10:30:24 -08:00
clients.go	Quiet up logs	2025-12-22 14:31:44 -05:00
common.go	Add provisioning blueprint file	2026-04-02 21:39:59 -04:00
common_test.go	Parse target strings with IPv6 support and strict validation	2026-03-07 21:32:36 -08:00
CONTRIBUTING.md	Update domain	2025-10-19 15:12:15 -07:00
docker-compose.metrics.collector.yml	Adding OpenTelemetry Metrics and Tracing	2025-10-11 18:19:51 +02:00
docker-compose.metrics.yml	Adding OpenTelemetry Metrics and Tracing	2025-10-11 18:19:51 +02:00
docker-compose.yml	Update example domain	2026-02-16 17:54:19 -08:00
Dockerfile	Set newt version in dockerfile	2026-03-08 11:28:56 -07:00
entrypoint.sh	Allow use of env vars	2025-01-07 20:51:33 -05:00
flake.lock	chore(nix): use nixpkgs-unstable branch and update flake inputs	2025-12-03 23:33:47 -05:00
flake.nix	Update version	2026-04-14 14:22:48 -07:00
get-newt.sh	Find old bins and support freebsd	2026-04-16 21:47:48 -07:00
go.mod	chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	2026-04-09 02:00:10 +00:00
go.sum	chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	2026-04-09 02:00:10 +00:00
LICENSE	Add license	2025-01-04 21:22:32 -05:00
main.go	Fix crashing when removing hc	2026-04-27 15:03:36 -07:00
Makefile	Add ldflags version to local	2026-04-13 17:00:06 -07:00
newt.iss	Update iss	2026-02-25 14:57:32 -08:00
README.md	Update readme	2025-12-10 16:24:22 -05:00
SECURITY.md	Update domain	2025-10-19 15:12:15 -07:00
self-signed-certs-for-mtls.sh	feat/mtls-support-cert-script	2025-03-31 00:52:48 +02:00
service_unix.go	Kind of working	2025-12-10 15:32:49 -05:00
service_windows.go	Adjust debug function	2025-12-11 12:21:54 -05:00
stub.go	Kind of working - revert if not	2025-11-26 17:57:27 -05:00
updown.py	Add updown script capabilities	2025-03-07 12:35:46 -05:00

README.md

Newt

Newt is a fully user space WireGuard tunnel client and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. By using Newt, you don't need to manage complex WireGuard tunnels and NATing.

Installation and Documentation

Newt is used with Pangolin and Gerbil as part of the larger system. See documentation below:

Full Documentation

Key Functions

Registers with Pangolin

Using the Newt ID and a secret, the client will make HTTP requests to Pangolin to receive a session token. Using that token, it will connect to a websocket and maintain that connection. Control messages will be sent over the websocket.

Receives WireGuard Control Messages

When Newt receives WireGuard control messages, it will use the information encoded (endpoint, public key) to bring up a WireGuard tunnel using netstack fully in user space. It will ping over the tunnel to ensure the peer on the Gerbil side is brought up.

Receives Proxy Control Messages

When Newt receives WireGuard control messages, it will use the information encoded to create a local low level TCP and UDP proxies attached to the virtual tunnel in order to relay traffic to programmed targets.

Build

Binary

Make sure to have Go 1.25 installed.

make

Nix Flake

nix build

Binary will be at ./result/bin/newt

Development shell available with nix develop

Licensing

Newt is dual licensed under the AGPLv3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us.

Contributions

Please see CONTRIBUTIONS in the repository for guidelines and best practices.