Skip to content

fosrl/newt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

561 Commits
.github
.github
 
 
bind
bind
 
 
clients
clients
 
 
device
device
 
 
docker
docker
 
 
examples
examples
 
 
healthcheck
healthcheck
 
 
holepunch
holepunch
 
 
internal
internal
 
 
logger
logger
 
 
netstack2
netstack2
 
 
network
network
 
 
proxy
proxy
 
 
public/screenshots
public/screenshots
 
 
updates
updates
 
 
util
util
 
 
websocket
websocket
 
 
wgtester
wgtester
 
 
.dockerignore
.dockerignore
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
.go-version
.go-version
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
blueprint.yaml
blueprint.yaml
 
 
clients.go
clients.go
 
 
common.go
common.go
 
 
docker-compose.metrics.collector.yml
docker-compose.metrics.collector.yml
 
 
docker-compose.metrics.yml
docker-compose.metrics.yml
 
 
docker-compose.yml
docker-compose.yml
 
 
entrypoint.sh
entrypoint.sh
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 
get-newt.sh
get-newt.sh
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
newt.iss
newt.iss
 
 
self-signed-certs-for-mtls.sh
self-signed-certs-for-mtls.sh
 
 
service_unix.go
service_unix.go
 
 
service_windows.go
service_windows.go
 
 
stub.go
stub.go
 
 
updown.py
updown.py
 
 

Repository files navigation

Newt

PkgGoDev GitHub License Go Report Card

Newt is a fully user space WireGuard tunnel client and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. By using Newt, you don't need to manage complex WireGuard tunnels and NATing.

Installation and Documentation

Newt is used with Pangolin and Gerbil as part of the larger system. See documentation below:

Key Functions

Registers with Pangolin

Using the Newt ID and a secret, the client will make HTTP requests to Pangolin to receive a session token. Using that token, it will connect to a websocket and maintain that connection. Control messages will be sent over the websocket.

Receives WireGuard Control Messages

When Newt receives WireGuard control messages, it will use the information encoded (endpoint, public key) to bring up a WireGuard tunnel using netstack fully in user space. It will ping over the tunnel to ensure the peer on the Gerbil side is brought up.

Receives Proxy Control Messages

When Newt receives WireGuard control messages, it will use the information encoded to create a local low level TCP and UDP proxies attached to the virtual tunnel in order to relay traffic to programmed targets.

Build

Binary

Make sure to have Go 1.25 installed.

make

Nix Flake

nix build

Binary will be at ./result/bin/newt

Development shell available with nix develop

Licensing

Newt is dual licensed under the AGPLv3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us.

Contributions

Please see CONTRIBUTIONS in the repository for guidelines and best practices.

About

Pangolin tunneled site & network connector

docs.pangolin.net

Topics

vpn overlay-network hacktoberfest tunnel-client wireguard userspace-networking

Resources

Readme

License

AGPL-3.0 license

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

631 stars

Watchers

6 watching

Forks

58 forks
Report repository

Releases 27

1.7.0 Latest
Dec 12, 2025
+ 26 releases

Packages

 
 
 

Contributors 18

+ 4 contributors

Languages