github-starred/newt
2
0
Fork 0
mirror of https://github.com/fosrl/newt.git synced 2026-05-06 16:09:02 -05:00
Code Issues 227 Packages Projects Releases 40 Wiki Activity

[GH-ISSUE #161] ERROR: Failed to bring up WireGuard device: permission denied in termux (rootless Android) #2036

New Issue
Closed
opened 2026-05-03 05:43:51 -05:00 by GiteaMirror · 6 comments
GiteaMirror commented 2026-05-03 05:43:51 -05:00
Owner
Copy Link

Originally created by @dpurnam on GitHub (Oct 10, 2025).
Original GitHub issue: https://github.com/fosrl/newt/issues/161

Describe the Bug

I've almost given up on setting up a newt client inside the termux app on a non-root android phone (because newt claims to be userspace).

For now reverted to using a functional cloudflared tunnel, unwillingly.

I've tried using the newt binary for arm64, which had its own issues with CA certs verification for remote (pangolin) server, DNS issues (unable to ping 127.0.0.1:53) et al.

So i switched to using termux-udocker, which got me over with the issues above except the one below.

u0_a177@localhost:~/Termux-Udocker$ ./newt.sh 
PANGOLIN_ENDPOINT=https://pangolin.example.org -e NEWT_ID=704bj4md8u65wui -e NEWT_SECRET=<Redacted> -e DNS=1.1.1.1 -e MTU=1500 -e LOG_LEVEL=DEBUG -e KEEP_INTERFACE=true

Running with image default (built-in) Entrypoint/CMD:
INFO: 2025/10/10 08:40:49 Newt version 1.5.2
DEBUG: 2025/10/10 08:40:50 Config already provided, skipping loading from file
DEBUG: 2025/10/10 08:40:50 Endpoint: https://pangolin.example.org
DEBUG: 2025/10/10 08:40:50 Log Level: DEBUG
DEBUG: 2025/10/10 08:40:50 Docker Network Validation Enabled: false
DEBUG: 2025/10/10 08:40:50 Health Check Certificate Enforcement: false
DEBUG: 2025/10/10 08:40:50 Dns: 1.1.1.1
DEBUG: 2025/10/10 08:40:50 MTU: 1500
DEBUG: 2025/10/10 08:40:50 Creating new health check monitor with certificate enforcement: false
DEBUG: 2025/10/10 08:40:50 Received token: <Redacted>
DEBUG: 2025/10/10 08:40:50 Config has not changed, skipping save
DEBUG: 2025/10/10 08:40:50 Public key: <Redacted>
INFO: 2025/10/10 08:40:50 Websocket connected
DEBUG: 2025/10/10 08:40:50 Requesting exit nodes from server
DEBUG: 2025/10/10 08:40:50 Sending message: newt/wg/register, data: map[backwardsCompatible:true newtVersion:1.5.2 publicKey:2PGpCtS6T16+iIkeOrubeiDVw9VbHl/sWerUTgjBSnU=]
DEBUG: 2025/10/10 08:40:50 Sending message: newt/ping/request, data: map[noCloud:false]
DEBUG: 2025/10/10 08:40:50 Received ping message
DEBUG: 2025/10/10 08:40:50 Only one exit node available, using it directly: pangolin.example.org
DEBUG: 2025/10/10 08:40:50 Sending message: newt/wg/register, data: map[newtVersion:1.5.2 pingResults:[{ExitNodeID:1 LatencyMs:0 Weight:1 Error: Name:Exit Node JwHxjc5q Endpoint:pangolin.example.org WasPreviouslyConnected:true}] publicKey:<Redacted>]
DEBUG: 2025/10/10 08:40:51 Received registration message
DEBUG: 2025/10/10 08:40:51 Received registration message data: map[endpoint:pangolin.example.org:51820 publicKey:JwHxjc5qHIwugLIXvyEx4MAmUYXCRgM4RgjlgpT3+z4= serverIP:100.89.128.1 targets:map[tcp:[] udp:[]] tunnelIP:100.89.128.20]
DEBUG: 2025/10/10 08:40:51 Received: {Type:newt/wg/connect Data:map[endpoint:pangolin.example.org:51820 publicKey:<Redacted> serverIP:100.89.128.1 targets:map[tcp:[] udp:[]] tunnelIP:100.89.128.20]}
INFO: 2025/10/10 08:40:51 Connecting to endpoint: pangolin.example.org
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: handshake worker 3 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: encryption worker 1 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: decryption worker 1 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: handshake worker 1 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: encryption worker 2 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: decryption worker 2 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: decryption worker 3 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: handshake worker 2 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: handshake worker 4 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: encryption worker 4 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: decryption worker 4 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: handshake worker 6 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: encryption worker 6 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: decryption worker 6 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: encryption worker 5 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: event worker - started
DEBUG: wireguard: 2025/10/10 08:40:51 Interface up requested
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: encryption worker 3 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: handshake worker 5 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: decryption worker 5 - started
DEBUG: wireguard: 2025/10/10 08:40:51 Routine: TUN reader - started
ERROR: wireguard: 2025/10/10 08:40:51 Unable to update bind: permission denied
DEBUG: wireguard: 2025/10/10 08:40:51 Interface state was Down, requested Up, now Down
DEBUG: wireguard: 2025/10/10 08:40:51 UAPI: Updating private key
DEBUG: wireguard: 2025/10/10 08:40:51 peer(JwHx…3+z4) - UAPI: Created
DEBUG: wireguard: 2025/10/10 08:40:51 peer(JwHx…3+z4) - UAPI: Adding allowedip
DEBUG: wireguard: 2025/10/10 08:40:51 peer(JwHx…3+z4) - UAPI: Updating endpoint
DEBUG: wireguard: 2025/10/10 08:40:51 peer(JwHx…3+z4) - UAPI: Updating persistent keepalive interval
ERROR: wireguard: 2025/10/10 08:40:51 Unable to update bind: permission denied
DEBUG: wireguard: 2025/10/10 08:40:51 Interface state was Down, requested Up, now Down
ERROR: 2025/10/10 08:40:51 Failed to bring up WireGuard device: permission denied
DEBUG: 2025/10/10 08:40:51 WireGuard device created. Lets ping the server now...
DEBUG: 2025/10/10 08:40:51 Testing initial connection with reliable ping...
DEBUG: 2025/10/10 08:40:51 Pinging 100.89.128.1
DEBUG: 2025/10/10 08:40:56 Ping attempt 1/5 failed: failed to read ICMP packet: i/o timeout
DEBUG: 2025/10/10 08:40:56 Pinging 100.89.128.1
DEBUG: 2025/10/10 08:41:01 Ping attempt 2/5 failed: failed to read ICMP packet: i/o timeout
DEBUG: 2025/10/10 08:41:01 Pinging 100.89.128.1
DEBUG: 2025/10/10 08:41:07 Ping attempt 3/5 failed: failed to read ICMP packet: i/o timeout
DEBUG: 2025/10/10 08:41:08 Pinging 100.89.128.1
DEBUG: 2025/10/10 08:41:14 Ping attempt 4/5 failed: failed to read ICMP packet: i/o timeout
DEBUG: 2025/10/10 08:41:14 Pinging 100.89.128.1
DEBUG: 2025/10/10 08:41:22 Ping attempt 5/5 failed: failed to read ICMP packet: i/o timeout
WARN: 2025/10/10 08:41:22 Initial reliable ping failed, but continuing: all 5 ping attempts failed, last error: failed to read ICMP packet: i/o timeout

Environment

  • OS Type & Version: termux pkg (non-root Android Phone)
  • Pangolin Version: latest
  • Gerbil Version: latest
  • Traefik Version: 3.4
  • Newt Version: latest
  • Olm Version: (Not applicable)

To Reproduce

used a very simple docker compose with udocker:

u0_a177@localhost:~/Termux-Udocker$ cat newt/docker-compose.yml 
services:
  newt:
    image: fosrl/newt
    container_name: newt
    restart: unless-stopped
    environment:
      PANGOLIN_ENDPOINT: https://pangolin.example.org
      NEWT_ID: <Redacted>
      NEWT_SECRET: <Redacted>
      DNS: 1.1.1.1
      MTU: 1500
      LOG_LEVEL: DEBUG
      KEEP_INTERFACE: true

But simple --env arguments for udocker should also be enough instead of a compose file

Expected Behavior

A working newt client?

Originally created by @dpurnam on GitHub (Oct 10, 2025). Original GitHub issue: https://github.com/fosrl/newt/issues/161 ### Describe the Bug I've almost given up on setting up a newt client inside the termux app on a non-root android phone (because newt claims to be userspace). For now reverted to using a functional cloudflared tunnel, unwillingly. I've tried using the newt binary for arm64, which had its own issues with CA certs verification for remote (pangolin) server, DNS issues (unable to ping 127.0.0.1:53) et al. So i switched to using termux-udocker, which got me over with the issues above except the one below. ``` u0_a177@localhost:~/Termux-Udocker$ ./newt.sh PANGOLIN_ENDPOINT=https://pangolin.example.org -e NEWT_ID=704bj4md8u65wui -e NEWT_SECRET=<Redacted> -e DNS=1.1.1.1 -e MTU=1500 -e LOG_LEVEL=DEBUG -e KEEP_INTERFACE=true Running with image default (built-in) Entrypoint/CMD: INFO: 2025/10/10 08:40:49 Newt version 1.5.2 DEBUG: 2025/10/10 08:40:50 Config already provided, skipping loading from file DEBUG: 2025/10/10 08:40:50 Endpoint: https://pangolin.example.org DEBUG: 2025/10/10 08:40:50 Log Level: DEBUG DEBUG: 2025/10/10 08:40:50 Docker Network Validation Enabled: false DEBUG: 2025/10/10 08:40:50 Health Check Certificate Enforcement: false DEBUG: 2025/10/10 08:40:50 Dns: 1.1.1.1 DEBUG: 2025/10/10 08:40:50 MTU: 1500 DEBUG: 2025/10/10 08:40:50 Creating new health check monitor with certificate enforcement: false DEBUG: 2025/10/10 08:40:50 Received token: <Redacted> DEBUG: 2025/10/10 08:40:50 Config has not changed, skipping save DEBUG: 2025/10/10 08:40:50 Public key: <Redacted> INFO: 2025/10/10 08:40:50 Websocket connected DEBUG: 2025/10/10 08:40:50 Requesting exit nodes from server DEBUG: 2025/10/10 08:40:50 Sending message: newt/wg/register, data: map[backwardsCompatible:true newtVersion:1.5.2 publicKey:2PGpCtS6T16+iIkeOrubeiDVw9VbHl/sWerUTgjBSnU=] DEBUG: 2025/10/10 08:40:50 Sending message: newt/ping/request, data: map[noCloud:false] DEBUG: 2025/10/10 08:40:50 Received ping message DEBUG: 2025/10/10 08:40:50 Only one exit node available, using it directly: pangolin.example.org DEBUG: 2025/10/10 08:40:50 Sending message: newt/wg/register, data: map[newtVersion:1.5.2 pingResults:[{ExitNodeID:1 LatencyMs:0 Weight:1 Error: Name:Exit Node JwHxjc5q Endpoint:pangolin.example.org WasPreviouslyConnected:true}] publicKey:<Redacted>] DEBUG: 2025/10/10 08:40:51 Received registration message DEBUG: 2025/10/10 08:40:51 Received registration message data: map[endpoint:pangolin.example.org:51820 publicKey:JwHxjc5qHIwugLIXvyEx4MAmUYXCRgM4RgjlgpT3+z4= serverIP:100.89.128.1 targets:map[tcp:[] udp:[]] tunnelIP:100.89.128.20] DEBUG: 2025/10/10 08:40:51 Received: {Type:newt/wg/connect Data:map[endpoint:pangolin.example.org:51820 publicKey:<Redacted> serverIP:100.89.128.1 targets:map[tcp:[] udp:[]] tunnelIP:100.89.128.20]} INFO: 2025/10/10 08:40:51 Connecting to endpoint: pangolin.example.org DEBUG: wireguard: 2025/10/10 08:40:51 Routine: handshake worker 3 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: encryption worker 1 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: decryption worker 1 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: handshake worker 1 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: encryption worker 2 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: decryption worker 2 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: decryption worker 3 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: handshake worker 2 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: handshake worker 4 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: encryption worker 4 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: decryption worker 4 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: handshake worker 6 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: encryption worker 6 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: decryption worker 6 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: encryption worker 5 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: event worker - started DEBUG: wireguard: 2025/10/10 08:40:51 Interface up requested DEBUG: wireguard: 2025/10/10 08:40:51 Routine: encryption worker 3 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: handshake worker 5 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: decryption worker 5 - started DEBUG: wireguard: 2025/10/10 08:40:51 Routine: TUN reader - started ERROR: wireguard: 2025/10/10 08:40:51 Unable to update bind: permission denied DEBUG: wireguard: 2025/10/10 08:40:51 Interface state was Down, requested Up, now Down DEBUG: wireguard: 2025/10/10 08:40:51 UAPI: Updating private key DEBUG: wireguard: 2025/10/10 08:40:51 peer(JwHx…3+z4) - UAPI: Created DEBUG: wireguard: 2025/10/10 08:40:51 peer(JwHx…3+z4) - UAPI: Adding allowedip DEBUG: wireguard: 2025/10/10 08:40:51 peer(JwHx…3+z4) - UAPI: Updating endpoint DEBUG: wireguard: 2025/10/10 08:40:51 peer(JwHx…3+z4) - UAPI: Updating persistent keepalive interval ERROR: wireguard: 2025/10/10 08:40:51 Unable to update bind: permission denied DEBUG: wireguard: 2025/10/10 08:40:51 Interface state was Down, requested Up, now Down ERROR: 2025/10/10 08:40:51 Failed to bring up WireGuard device: permission denied DEBUG: 2025/10/10 08:40:51 WireGuard device created. Lets ping the server now... DEBUG: 2025/10/10 08:40:51 Testing initial connection with reliable ping... DEBUG: 2025/10/10 08:40:51 Pinging 100.89.128.1 DEBUG: 2025/10/10 08:40:56 Ping attempt 1/5 failed: failed to read ICMP packet: i/o timeout DEBUG: 2025/10/10 08:40:56 Pinging 100.89.128.1 DEBUG: 2025/10/10 08:41:01 Ping attempt 2/5 failed: failed to read ICMP packet: i/o timeout DEBUG: 2025/10/10 08:41:01 Pinging 100.89.128.1 DEBUG: 2025/10/10 08:41:07 Ping attempt 3/5 failed: failed to read ICMP packet: i/o timeout DEBUG: 2025/10/10 08:41:08 Pinging 100.89.128.1 DEBUG: 2025/10/10 08:41:14 Ping attempt 4/5 failed: failed to read ICMP packet: i/o timeout DEBUG: 2025/10/10 08:41:14 Pinging 100.89.128.1 DEBUG: 2025/10/10 08:41:22 Ping attempt 5/5 failed: failed to read ICMP packet: i/o timeout WARN: 2025/10/10 08:41:22 Initial reliable ping failed, but continuing: all 5 ping attempts failed, last error: failed to read ICMP packet: i/o timeout ``` ### Environment - OS Type & Version: termux pkg (non-root Android Phone) - Pangolin Version: latest - Gerbil Version: latest - Traefik Version: 3.4 - Newt Version: latest - Olm Version: (Not applicable) ### To Reproduce used a very simple docker compose with udocker: ``` u0_a177@localhost:~/Termux-Udocker$ cat newt/docker-compose.yml services: newt: image: fosrl/newt container_name: newt restart: unless-stopped environment: PANGOLIN_ENDPOINT: https://pangolin.example.org NEWT_ID: <Redacted> NEWT_SECRET: <Redacted> DNS: 1.1.1.1 MTU: 1500 LOG_LEVEL: DEBUG KEEP_INTERFACE: true ``` But simple --env arguments for udocker should also be enough instead of a compose file ### Expected Behavior A working newt client?
GiteaMirror added the wontfix label 2026-05-03 05:43:51 -05:00
GiteaMirror commented 2026-05-03 05:43:52 -05:00
Author
Owner
Copy Link

@dpurnam commented on GitHub (Nov 20, 2025):

Some info that might help towards a possible resolution to this issue?

  1. Reddit Post indicates WG tunnel is possible in purely user space (which Newt currently claims to but actually cannot)
  2. Github for wgslirp the reddit poster used to build inside Termux App to create successful WG tunnel
  3. WG-slirp Reddit Post

I wish I could have contributed in a more meaningful way than just such.

<!-- gh-comment-id:3556341252 --> @dpurnam commented on GitHub (Nov 20, 2025): Some info that might help towards a possible resolution to this issue? 1. [Reddit Post](https://www.reddit.com/r/termux/comments/1odetah/i_got_unprivileged_wifi_direct_tethering_working/) indicates `WG tunnel` is possible in purely user space (which Newt **currently claims to but actually cannot**) 2. [Github for wgslirp](https://github.com/irctrakz/wgslirp) the reddit poster used to build inside Termux App to create successful `WG tunnel` 3. [WG-slirp Reddit Post](https://www.reddit.com/r/WireGuard/comments/1ni06ih/introducing_wireguard_slirp/) I wish I could have contributed in a more meaningful way than just such.
GiteaMirror commented 2026-05-03 05:43:53 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Nov 22, 2025):

This may be something related to the install on the android device but
also likely could be an issue Pangolin install itself.

Usually when the ping fails like that it is because port UDP 51820 is
not open on the VPS. Could you verify if it is open?

When you run newt on something other than the android device does it
connect?

<!-- gh-comment-id:3566904263 --> @oschwartz10612 commented on GitHub (Nov 22, 2025): This may be something related to the install on the android device but also likely could be an issue Pangolin install itself. Usually when the ping fails like that it is because port UDP 51820 is not open on the VPS. Could you verify if it is open? When you run newt on something other than the android device does it connect?
GiteaMirror commented 2026-05-03 05:43:53 -05:00
Author
Owner
Copy Link

@dpurnam commented on GitHub (Nov 24, 2025):

This may be something related to the install on the android device but
also likely could be an issue Pangolin install itself.

Usually when the ping fails like that it is because port UDP 51820 is
not open on the VPS. Could you verify if it is open?

When you run newt on something other than the android device does it
connect?

Thanks for the response.

Yes, Pangolin and all the other Newt clients (on multiple servers) are working fine.
it's just the termux environment, that newt won't work in. i tried termux-chroot as well

<!-- gh-comment-id:3572949730 --> @dpurnam commented on GitHub (Nov 24, 2025): > This may be something related to the install on the android device but > also likely could be an issue Pangolin install itself. > > Usually when the ping fails like that it is because port UDP 51820 is > not open on the VPS. Could you verify if it is open? > > When you run newt on something other than the android device does it > connect? Thanks for the response. Yes, Pangolin and all the other Newt clients (on multiple servers) are working fine. it's just the termux environment, that newt won't work in. i tried termux-chroot as well
GiteaMirror commented 2026-05-03 05:43:53 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Nov 25, 2025):

Are you able to do a tcpdump on the server or on the termux session and
see if udp 51820 packets are making it to the server?

<!-- gh-comment-id:3576546280 --> @oschwartz10612 commented on GitHub (Nov 25, 2025): Are you able to do a tcpdump on the server or on the termux session and see if udp 51820 packets are making it to the server?
GiteaMirror commented 2026-05-03 05:43:53 -05:00
Author
Owner
Copy Link

@dpurnam commented on GitHub (Nov 27, 2025):

I shall try a tcpdump and share soon.
Thank you

Are you able to do a tcpdump on the server or on the termux session and
see if udp 51820 packets are making it to the server?

<!-- gh-comment-id:3586255019 --> @dpurnam commented on GitHub (Nov 27, 2025): I shall try a tcpdump and share soon. Thank you > Are you able to do a tcpdump on the server or on the termux session and > see if udp 51820 packets are making it to the server? >
GiteaMirror commented 2026-05-03 05:43:54 -05:00
Author
Owner
Copy Link

@dpurnam commented on GitHub (Nov 28, 2025):

I shall try a tcpdump and share soon. Thank you

Are you able to do a tcpdump on the server or on the termux session and
see if udp 51820 packets are making it to the server?

tcpdump won't work in termux, so i resorted to using PCAPdroid on the rootless android host.

Nothing in the logs indicates any trace of the Termux Terminal IP is attempting a contact with the Pangolin Server on port 41820 that gerbil is configured with. Same for port 51820, in case that's how newt starts.

IMHO, the UDP packets are flowing fine because the client from within the termux session successfully seems to be able to 'DNS resolve' the Pangolin endpoint.

Would you like to create any private link that I can upload the PCAP logs to?

Edit1: I setup a Wireguard Client onthe Android and configured a new site using it and My Apps within the termux terminal are accessible over Pango'ed URL's. But this defeats the purpose in this use case. We need to use Newt as a Service or binary from within termux terminal

Edit2: I successfully setup the termux package sing-box using the WG tunnel info from Pangolin Dashboard inside the termux terminal.

But here's what might interest you.
when i used the profile/config json below, i got the exact same 'permission denied' error as that of newt keeps throwing. I had to change the 'system' value to 'false' to successfully make it work

{
  "log": {  
    "level": "info"  
  },  
  "endpoints": [
    {
      "type": "wireguard",
      "tag": "wg-ep",
      "system": true,
      "name": "wg0",
      "mtu": 1420,
      "address": [
        "100.89.128.24/30"
      ],
      "private_key": "myPrivateKey",
      "listen_port": 51820,
      "peers": [
        {
          "address": "myPangoEP",
          "port": 41820,
          "public_key": "myPublicKey",
          "pre_shared_key": "",
          "allowed_ips": [
            "100.89.128.1/32"
          ],
          "persistent_keepalive_interval": 5,
          "reserved": [0, 0, 0]
        }
      ]
    }
  ]
}

I strongly believe, by now, that newt is not yet user-space client. unless - we get an argument or something like that in future - to explicitly not create/touch any system/kernel level stuff.

<!-- gh-comment-id:3587573498 --> @dpurnam commented on GitHub (Nov 28, 2025): > I shall try a tcpdump and share soon. Thank you > > > Are you able to do a tcpdump on the server or on the termux session and > > see if udp 51820 packets are making it to the server? tcpdump won't work in termux, so i resorted to using PCAPdroid on the rootless android host. Nothing in the logs indicates any trace of the Termux Terminal IP is attempting a contact with the Pangolin Server on port 41820 that gerbil is configured with. Same for port 51820, in case that's how newt starts. IMHO, the UDP packets are flowing fine because the client from within the termux session successfully seems to be able to 'DNS resolve' the Pangolin endpoint. Would you like to create any private link that I can upload the PCAP logs to? Edit1: I setup a Wireguard Client onthe Android and configured a new site using it and My Apps within the termux terminal are accessible over Pango'ed URL's. But this defeats the purpose in this use case. We need to use Newt as a Service or binary from within termux terminal Edit2: I successfully setup the termux package [sing-box](https://github.com/SagerNet/sing-box) using the WG tunnel info from Pangolin Dashboard inside the termux terminal. But here's what might interest you. when i used the profile/config json below, i got the exact same 'permission denied' error as that of newt keeps throwing. I had to change the 'system' value to 'false' to successfully make it work ``` { "log": { "level": "info" }, "endpoints": [ { "type": "wireguard", "tag": "wg-ep", "system": true, "name": "wg0", "mtu": 1420, "address": [ "100.89.128.24/30" ], "private_key": "myPrivateKey", "listen_port": 51820, "peers": [ { "address": "myPangoEP", "port": 41820, "public_key": "myPublicKey", "pre_shared_key": "", "allowed_ips": [ "100.89.128.1/32" ], "persistent_keepalive_interval": 5, "reserved": [0, 0, 0] } ] } ] } ``` I strongly believe, by now, that newt is not yet user-space client. unless - we get an argument or something like that in future - to explicitly not create/touch any system/kernel level stuff.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
dependencies
enhancement
good first issue
help wanted
Improvement
needs investigating
pull-request
Mirrored from GitHub Pull Request
 stale
wontfix
No Label wontfix
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/newt#2036
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?