[GH-ISSUE #243] Newt binaries don't respect --port flag #546

New Issue

Closed

opened 2026-04-16 03:32:08 -05:00 by GiteaMirror · 3 comments

GiteaMirror commented 2026-04-16 03:32:08 -05:00

Owner

Copy Link

Originally created by @serguma88 on GitHub (Feb 24, 2026).
Original GitHub issue: https://github.com/fosrl/newt/issues/243

Describe the Bug

I am using newt binaries installed with curl -fsSL https://static.pangolin.net/get-newt.sh | bash
Whenever I run newt on the CLI with the --port flag it does not seem to be taken into account, but still selects one port at random.
This prevents me from forwarding the port to avoid relay connections (as any restart of newt would result in a new port being selected).

Environment

• OS Type & Version: Debian 13
• Pangolin Version: 1.15.4
• Gerbil Version: 1.3.0
• Traefik Version: 3.6
• Newt Version: 1.10.0 (was also not working on 1.9.0)
• Olm Version: N/A

To Reproduce

Run newt --port 55500 --id ID --secret SECRET --endpoint https://pangolin.my.domain , connect to the client via Pangolin ios app. Random port is selected (visible in the Status --> Sites tab)

Expected Behavior

Clients connect on port 55000

Originally created by @serguma88 on GitHub (Feb 24, 2026). Original GitHub issue: https://github.com/fosrl/newt/issues/243 ### Describe the Bug I am using newt binaries installed with `curl -fsSL https://static.pangolin.net/get-newt.sh | bash` Whenever I run newt on the CLI with the `--port` flag it does not seem to be taken into account, but still selects one port at random. This prevents me from forwarding the port to avoid relay connections (as any restart of newt would result in a new port being selected). ### Environment - OS Type & Version: Debian 13 - Pangolin Version: 1.15.4 - Gerbil Version: 1.3.0 - Traefik Version: 3.6 - Newt Version: 1.10.0 (was also not working on 1.9.0) - Olm Version: N/A ### To Reproduce Run `newt --port 55500 --id ID --secret SECRET --endpoint https://pangolin.my.domain` , connect to the client via Pangolin ios app. Random port is selected (visible in the Status --> Sites tab) ### Expected Behavior Clients connect on port 55000

GiteaMirror closed this issue 2026-04-16 03:32:08 -05:00

GiteaMirror commented 2026-04-16 03:32:09 -05:00

Author

Owner

Copy Link

@AntonVonDelta commented on GitHub (Feb 25, 2026):

This bug also affects me. It looks like it uses the port for some traffic at container start and some nat hole punching it seems but then it stops using it. I managed to fix nat hole punching by enabling static port in opensense for outbound traffic but exposing this port together with using --port did not work at all

<!-- gh-comment-id:3959249054 --> @AntonVonDelta commented on GitHub (Feb 25, 2026): This bug also affects me. It looks like it uses the port for some traffic at container start and some nat hole punching it seems but then it stops using it. I managed to fix nat hole punching by enabling static port in opensense for outbound traffic but exposing this port together with using --port did not work at all

GiteaMirror commented 2026-04-16 03:32:10 -05:00

Author

Owner

Copy Link

@serguma88 commented on GitHub (Feb 28, 2026):

Issue still seems to be there in 1.10.1, flag gets completely ignored, debug logs don't even show any kind of error:

Mar 01 00:26:38 newt newt[389]: INFO: 2026/03/01 00:26:38 Newt version 1.10.1
Mar 01 00:26:38 newt newt[389]: DEBUG: 2026/03/01 00:26:38 Starting metrics server on 127.0.0.1:2112
Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Config already provided, skipping loading from file
Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Endpoint: https://pangolin.my.domain
Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Log Level: DEBUG
Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Docker Network Validation Enabled: false
Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Health Check Certificate Enforcement: false
Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Dns: 9.9.9.9
Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 MTU: 1280
Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Setting up clients with netstack2...
Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Created shared UDP socket on port 57381 (refcount: 2)
Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Creating new health check monitor with certificate enforcement: false

<!-- gh-comment-id:3978602224 --> @serguma88 commented on GitHub (Feb 28, 2026): Issue still seems to be there in 1.10.1, flag gets completely ignored, debug logs don't even show any kind of error: ``` Mar 01 00:26:38 newt newt[389]: INFO: 2026/03/01 00:26:38 Newt version 1.10.1 Mar 01 00:26:38 newt newt[389]: DEBUG: 2026/03/01 00:26:38 Starting metrics server on 127.0.0.1:2112 Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Config already provided, skipping loading from file Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Endpoint: https://pangolin.my.domain Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Log Level: DEBUG Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Docker Network Validation Enabled: false Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Health Check Certificate Enforcement: false Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Dns: 9.9.9.9 Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 MTU: 1280 Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Setting up clients with netstack2... Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Created shared UDP socket on port 57381 (refcount: 2) Mar 01 00:26:39 newt newt[389]: DEBUG: 2026/03/01 00:26:39 Creating new health check monitor with certificate enforcement: false ```

GiteaMirror commented 2026-04-16 03:32:11 -05:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (Mar 4, 2026):

I fixed this in 7920295b8c

doing a release shortly

<!-- gh-comment-id:3994457199 --> @oschwartz10612 commented on GitHub (Mar 4, 2026): I fixed this in 7920295b8c9a955faaecc5dddd7c6f2f485398c1 doing a release shortly

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/go_modules/prod-patch-updates-6805a9e229

dependabot/go_modules/golang.zx2c4.com/wireguard/windows-1.0.1

dependabot/docker/minor-updates-1134f52710

dev

fix-nix

dependabot/github_actions/actions/setup-go-6.4.0

dependabot/github_actions/docker/build-push-action-7.1.0

dependabot/github_actions/aws-actions/configure-aws-credentials-6.1.0

dependabot/github_actions/softprops/action-gh-release-3.0.0

logging-provision

1.12.3

1.12.2

v1.12.2

1.12.1

v1.12.1

1.12.0

v1.12.0

v1.12.0-rc.1

1.12.0-rc.0

1.11.0

v1.11.0

1.10.4

1.10.3

v1.10.3

1.10.2

v1.10.2

1.10.1

v1.10.1

1.10.0

v1.10.0

1.9.5

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

v1.9.0

1.8.1

v1.8.1

v1.8.0

1.8.0

1.8.0-rc.0

1.7.0

1.6.1

1.7.0-rc.0

1.6.0

v1.0.1

1.4.9

1.5.2

1.5.1

1.5.0

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.1.3

1.1.2

1.1.1

1.1.0

1.0.0

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

bug

dependencies

enhancement

good first issue

help wanted

Improvement

needs investigating

pull-request

Mirrored from GitHub Pull Request

stale

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/newt#546