https://github.com/fosrl/newt

Pangolin tunneled site & network connector
https://github.com/fosrl/newt

hacktoberfest overlay-network tunnel-client userspace-networking vpn wireguard

Last synced: 27 days ago
JSON representation

Pangolin tunneled site & network connector

• Host: GitHub
• URL: https://github.com/fosrl/newt
• Owner: fosrl
• License: agpl-3.0
• Created: 2024-09-27T02:17:01.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2026-01-16T06:00:05.000Z (5 months ago)
• Last Synced: 2026-01-16T21:21:29.363Z (5 months ago)
• Topics: hacktoberfest, overlay-network, tunnel-client, userspace-networking, vpn, wireguard
• Language: Go
• Homepage: https://docs.pangolin.net
• Size: 13.5 MB
• Stars: 666
• Watchers: 6
• Forks: 60
• Open Issues: 29
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Security: SECURITY.md

Awesome Lists containing this project

README

          
# Newt

[![PkgGoDev](https://pkg.go.dev/badge/github.com/fosrl/newt)](https://pkg.go.dev/github.com/fosrl/newt)

[![GitHub License](https://img.shields.io/github/license/fosrl/newt)](https://github.com/fosrl/newt/blob/main/LICENSE)

[![Go Report Card](https://goreportcard.com/badge/github.com/fosrl/newt)](https://goreportcard.com/report/github.com/fosrl/newt)

Newt is a fully user space [WireGuard](https://www.wireguard.com/) tunnel client and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. By using Newt, you don't need to manage complex WireGuard tunnels and NATing.

### Installation and Documentation

Newt is used with Pangolin and Gerbil as part of the larger system. See documentation below:

-   [Full Documentation](https://docs.pangolin.net/manage/sites/understanding-sites)

## Key Functions

### Registers with Pangolin

Using the Newt ID and a secret, the client will make HTTP requests to Pangolin to receive a session token. Using that token, it will connect to a websocket and maintain that connection. Control messages will be sent over the websocket.

### Receives WireGuard Control Messages

When Newt receives WireGuard control messages, it will use the information encoded (endpoint, public key) to bring up a WireGuard tunnel using [netstack](https://github.com/WireGuard/wireguard-go/blob/master/tun/netstack/examples/http_server.go) fully in user space. It will ping over the tunnel to ensure the peer on the Gerbil side is brought up.

### Receives Proxy Control Messages

When Newt receives WireGuard control messages, it will use the information encoded to create a local low level TCP and UDP proxies attached to the virtual tunnel in order to relay traffic to programmed targets.

## Build

### Binary

Make sure to have Go 1.25 installed.

```bash

make

```

### Nix Flake

```bash

nix build

```

Binary will be at `./result/bin/newt`

Development shell available with `nix develop`

## Licensing

Newt is dual licensed under the AGPLv3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us.

## Contributions

Please see [CONTRIBUTIONS](./CONTRIBUTING.md) in the repository for guidelines and best practices.