github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-08 05:39:49 -05:00
Code Issues 564 Packages Projects Releases 72 Wiki Activity

[GH-ISSUE #1006] Basic Wireguard connections not working after Pangolin restart #1722

New Issue
Closed
opened 2026-04-16 08:29:54 -05:00 by GiteaMirror · 12 comments
GiteaMirror commented 2026-04-16 08:29:54 -05:00
Owner
Copy Link

Originally created by @sstickel on GitHub (Jul 3, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/1006

Originally assigned to: @oschwartz10612 on GitHub.

Hello everybody.

As I was having trouble getting decent speeds using Newt I tested the Basic Wireguard Tunnel to connect my Nextcloud and Jellyfin to Pangolin. This worked almost flawlessly and the down speed is way higher now (Jellyfin Movie Download in the sub 5MB/s range using Newt and now almost hitting my upload limit at around 22MB/s)

The problem that I am facing is that all the Wireguard tunnels are dead after I restart the Pangolin stack. Pangolin no longer answers the handshake requests of all my Wireguard clients.

I found a workaround: Switch the resources that use Wireguard Sites to a different site and back to the original and the tunnels work again.

A second problem occurred today testing around a little bit. I installed Wireguard on my openWRT router at home and set up a raw tcp forward for testing with iperf3. I got a handshake but was unable to even ping 100.89.128.1. Pinging from the client side just did nothing, pinging the client IP (100.89.128.32) from inside the gerbil container resulted in this.

/ # ping 100.89.128.32
PING 100.89.128.32 (100.89.128.32): 56 data bytes
ping: sendto: Required key not available

Don't ask me what brought up the idea to test the following, but it worked: As soon as I created another (bogus) resource which was NOT raw tcp but a proxy to that openWRT wireguard site the raw forward started to work properly. Ping was possible from both sides, also the iperf forward worked.

If I can help out with logs, testing a dev version or whatever, please tell. If you think these are two independent bugs I will happily create another one and edit the other one out here.

Best,
Sebastian

Originally created by @sstickel on GitHub (Jul 3, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/1006 Originally assigned to: @oschwartz10612 on GitHub. Hello everybody. As I was having trouble getting decent speeds using Newt I tested the Basic Wireguard Tunnel to connect my Nextcloud and Jellyfin to Pangolin. This worked almost flawlessly and the down speed is way higher now (Jellyfin Movie Download in the sub 5MB/s range using Newt and now almost hitting my upload limit at around 22MB/s) The problem that I am facing is that all the Wireguard tunnels are dead after I restart the Pangolin stack. Pangolin no longer answers the handshake requests of all my Wireguard clients. I found a workaround: Switch the resources that use Wireguard Sites to a different site and back to the original and the tunnels work again. A second problem occurred today testing around a little bit. I installed Wireguard on my openWRT router at home and set up a raw tcp forward for testing with iperf3. I got a handshake but was unable to even ping 100.89.128.1. Pinging from the client side just did nothing, pinging the client IP (100.89.128.32) from inside the gerbil container resulted in this. `/ # ping 100.89.128.32` `PING 100.89.128.32 (100.89.128.32): 56 data bytes` `ping: sendto: Required key not available` Don't ask me what brought up the idea to test the following, but it worked: As soon as I created another (bogus) resource which was NOT raw tcp but a proxy to that openWRT wireguard site the raw forward started to work properly. Ping was possible from both sides, also the iperf forward worked. If I can help out with logs, testing a dev version or whatever, please tell. If you think these are two independent bugs I will happily create another one and edit the other one out here. Best, Sebastian
GiteaMirror added the networkingbug labels 2026-04-16 08:29:54 -05:00
GiteaMirror commented 2026-04-16 08:29:57 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Jul 3, 2025):

Hum I bet this is because for some reason Gerbil is not getting the config correctly from pangolin after a restart - or I am missing something to get the connection back up again. I will look into it.

It would help if you could give a log sample of when this occurs from the pangolin & gerbil side. I would want to see if Gerbil is creating the peers correctly with the right public key of the wireguard client on your network. Would you be able to provide that?

<!-- gh-comment-id:3032854348 --> @oschwartz10612 commented on GitHub (Jul 3, 2025): Hum I bet this is because for some reason Gerbil is not getting the config correctly from pangolin after a restart - or I am missing something to get the connection back up again. I will look into it. It would help if you could give a log sample of when this occurs from the pangolin & gerbil side. I would want to see if Gerbil is creating the peers correctly with the right public key of the wireguard client on your network. Would you be able to provide that?
GiteaMirror commented 2026-04-16 08:29:58 -05:00
Author
Owner
Copy Link

@sstickel commented on GitHub (Jul 3, 2025):

Sure. Is sufficient to save the output of the compose up or do you need more logs than that? I'm fit with Linux and server stuff but still new to docker.

<!-- gh-comment-id:3032876647 --> @sstickel commented on GitHub (Jul 3, 2025): Sure. Is sufficient to save the output of the compose up or do you need more logs than that? I'm fit with Linux and server stuff but still new to docker.
GiteaMirror commented 2026-04-16 08:29:59 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Jul 3, 2025):

I think that should be good!

<!-- gh-comment-id:3032882444 --> @oschwartz10612 commented on GitHub (Jul 3, 2025): I think that should be good!
GiteaMirror commented 2026-04-16 08:30:00 -05:00
Author
Owner
Copy Link

@sstickel commented on GitHub (Jul 4, 2025):

Here are the requested logs.

Before the line break is the startup of pangolin. The gerbil log lines showing the public keys match the sqlite db entries for my Newt peers. Strange to me is to see these four pub keys again being added by gerbil, but I have no idea if that is a problem. More interestingly the wireguard peers do not appear here!

The block after the line break is when I switched one of my resources that use a (non functioning) Wireguard peer to a Newt site. (from wW+jNXjVmPDtuJ to TYNFisWGRJ) In the moment I changed the resource to the Newt Site the public key of the Wireguard peer suddenly appears! (wW+jNXjVmPDtuJ)

Then after the next line break I changed the resource back to the Wireguard Site which then started to work as expected.

Here is the list of public keys from my sqlite db:


jpa6GZrlj9djbgmKUfFiP17KVTXJrOFj6AOn9YimKV0=	newt
ZgmFvHiYQfO7oczo6rhnAwCP76rwk3Eisc7YJUZOYiU=	newt
TYNFisWGRJue8eYWrSB/4Lm0snFfD2JchJqBj1KpDz4=	newt
shM1sYmANvDl3ItpKo794kUMB8XlimdfFQZAb/zRM18=	newt
wW+jNXjVmPDtuJiVO8BAsRYgZEeKMJKO3g276xHoXSA=	wireguard
pJy+t5xY6mwYC37gtWtkns92IIOY1pS5OCes8PvM9BA=	wireguard
gmNZ/zxzUz1BsNtwSpGrzF96TqXDMyZaLLZ+TnTLfTs=	wireguard
zGbHhJkkTzlvJl7fTFCkchKMQT6sv/VDlReg3bH49x0=	wireguard
ikLc2U9JauagdUfhDhr2G6QZZAHgphpxRAH8iCRdGQQ=	wireguard

There is also one error in the log regarding the client IP 100.89.128.16. This is a Newt raw TCP socket that works as expected, so I think I can safely ignore this error.

Hope this helps, if you need more information I will happily provide them.


root@rs /opt/pangolin # docker compose up
[+] Running 4/4
 ✔ Network pangolin    Created                                                                                                                                                                                                                                                                                                                                                                                                    0.0s 
 ✔ Container pangolin  Created                                                                                                                                                                                                                                                                                                                                                                                                    0.1s 
 ✔ Container gerbil    Created                                                                                                                                                                                                                                                                                                                                                                                                    0.1s 
 ✔ Container traefik   Created                                                                                                                                                                                                                                                                                                                                                                                                    0.1s 
Attaching to gerbil, pangolin, traefik
pangolin  | 
pangolin  | > @fosrl/pangolin@0.0.0 start:sqlite
pangolin  | > DB_TYPE=sqlite NODE_OPTIONS=--enable-source-maps NODE_ENV=development ENVIRONMENT=prod sh -c 'node dist/migrations.mjs && node dist/server.mjs'
pangolin  | 
pangolin  | Starting migrations from version 1.5.1
pangolin  | Migrations to run: 
pangolin  | All migrations completed successfully
pangolin  | 2025-07-04T09:53:43.344Z [info]: API server is running on http://localhost:3000
pangolin  | 2025-07-04T09:53:43.344Z [info]: Internal server is running on http://localhost:3001
pangolin  | 2025-07-04T09:53:43.732Z [info]: Next.js server is running on http://localhost:3002
gerbil    | INFO: 2025/07/04 09:53:52 Fetching remote config from http://pangolin:3001/api/v1/gerbil/get-config
gerbil    | INFO: 2025/07/04 09:53:52 Created WireGuard interface wg0
gerbil    | INFO: 2025/07/04 09:53:52 Assigned IP address 100.89.128.1/24 to interface wg0
gerbil    | INFO: 2025/07/04 09:53:52 Attempting to delete existing MSS clamping rule for chain INPUT
gerbil    | INFO: 2025/07/04 09:53:52 Attempting to delete existing MSS clamping rule for chain OUTPUT
gerbil    | INFO: 2025/07/04 09:53:52 Attempting to delete existing MSS clamping rule for chain FORWARD
gerbil    | INFO: 2025/07/04 09:53:52 Adding MSS clamping rule for chain INPUT
gerbil    | INFO: 2025/07/04 09:53:52 Successfully added and verified MSS clamping rule for chain INPUT
gerbil    | INFO: 2025/07/04 09:53:52 Adding MSS clamping rule for chain OUTPUT
gerbil    | INFO: 2025/07/04 09:53:52 Successfully added and verified MSS clamping rule for chain OUTPUT
gerbil    | INFO: 2025/07/04 09:53:52 Adding MSS clamping rule for chain FORWARD
gerbil    | INFO: 2025/07/04 09:53:52 Successfully added and verified MSS clamping rule for chain FORWARD
gerbil    | INFO: 2025/07/04 09:53:52 WireGuard interface wg0 created and configured
gerbil    | INFO: 2025/07/04 09:53:52 Starting server on :3003
traefik   | 2025-07-04T09:53:52Z INF Traefik version 3.4.1 built on 2025-05-27T12:45:16Z version=3.4.1
traefik   | 2025-07-04T09:53:52Z INF 
traefik   | Stats collection is disabled.
traefik   | Help us improve Traefik by turning this feature on :)
traefik   | More details on: https://doc.traefik.io/traefik/contributing/data-collection/
traefik   | 
traefik   | 2025-07-04T09:53:52Z INF Loading plugins... plugins=["badger"]
traefik   | 2025-07-04T09:53:53Z INF Plugins loaded. plugins=["badger"]
traefik   | 2025-07-04T09:53:53Z INF Starting provider aggregator *aggregator.ProviderAggregator
traefik   | 2025-07-04T09:53:53Z INF Starting provider *file.Provider
traefik   | 2025-07-04T09:53:53Z INF Starting provider *traefik.Provider
traefik   | 2025-07-04T09:53:53Z INF Starting provider *http.Provider
traefik   | 2025-07-04T09:53:53Z INF Starting provider *acme.ChallengeTLSALPN
traefik   | 2025-07-04T09:53:53Z INF Starting provider *acme.Provider
traefik   | 2025-07-04T09:53:53Z INF Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=letsencrypt.acme
traefik   | 2025-07-04T09:53:55Z ERR Error while dialing backend error="dial tcp 100.89.128.16:50955: connect: no route to host"
pangolin  | 2025-07-04T09:53:57.802Z [info]: Establishing websocket connection
pangolin  | 2025-07-04T09:53:57.802Z [info]: Client added to tracking - Newt ID: 58cefwmtcfk92kk, Total connections: 1
pangolin  | 2025-07-04T09:53:57.802Z [info]: WebSocket connection established - Newt ID: 58cefwmtcfk92kk
pangolin  | 2025-07-04T09:53:57.842Z [info]: Handling register message!
gerbil    | INFO: 2025/07/04 09:53:57 Peer shM1sYmANvDl3ItpKo794kUMB8XlimdfFQZAb/zRM18= added successfully
pangolin  | 2025-07-04T09:53:57.863Z [info]: Peer added successfully: {"peer":"Peer added successfully"}
pangolin  | 2025-07-04T09:53:58.588Z [info]: Establishing websocket connection
pangolin  | 2025-07-04T09:53:58.588Z [info]: Client added to tracking - Newt ID: hglj9l46ljrs0u2, Total connections: 1
pangolin  | 2025-07-04T09:53:58.588Z [info]: WebSocket connection established - Newt ID: hglj9l46ljrs0u2
pangolin  | 2025-07-04T09:53:58.635Z [info]: Handling register message!
gerbil    | INFO: 2025/07/04 09:53:58 Peer ZgmFvHiYQfO7oczo6rhnAwCP76rwk3Eisc7YJUZOYiU= added successfully
pangolin  | 2025-07-04T09:53:58.640Z [info]: Peer added successfully: {"peer":"Peer added successfully"}
pangolin  | 2025-07-04T09:54:01.239Z [info]: Establishing websocket connection
pangolin  | 2025-07-04T09:54:01.239Z [info]: Client added to tracking - Newt ID: d2pkkkp41actnpq, Total connections: 1
pangolin  | 2025-07-04T09:54:01.239Z [info]: WebSocket connection established - Newt ID: d2pkkkp41actnpq
pangolin  | 2025-07-04T09:54:01.286Z [info]: Handling register message!
gerbil    | INFO: 2025/07/04 09:54:01 Peer TYNFisWGRJue8eYWrSB/4Lm0snFfD2JchJqBj1KpDz4= added successfully
pangolin  | 2025-07-04T09:54:01.291Z [info]: Peer added successfully: {"peer":"Peer added successfully"}
pangolin  | 2025-07-04T09:54:03.548Z [info]: Establishing websocket connection
pangolin  | 2025-07-04T09:54:03.548Z [info]: Client added to tracking - Newt ID: v6uhdkc4vjas0oq, Total connections: 1
pangolin  | 2025-07-04T09:54:03.548Z [info]: WebSocket connection established - Newt ID: v6uhdkc4vjas0oq
pangolin  | 2025-07-04T09:54:03.588Z [info]: Handling register message!
gerbil    | INFO: 2025/07/04 09:54:03 Peer jpa6GZrlj9djbgmKUfFiP17KVTXJrOFj6AOn9YimKV0= added successfully
pangolin  | 2025-07-04T09:54:03.592Z [info]: Peer added successfully: {"peer":"Peer added successfully"}
pangolin  | 2025-07-04T09:54:15.337Z [info]: Handling register message!
gerbil    | INFO: 2025/07/04 09:54:15 Peer shM1sYmANvDl3ItpKo794kUMB8XlimdfFQZAb/zRM18= added successfully
pangolin  | 2025-07-04T09:54:15.343Z [info]: Peer added successfully: {"peer":"Peer added successfully"}
pangolin  | 2025-07-04T09:54:20.593Z [info]: Handling register message!
gerbil    | INFO: 2025/07/04 09:54:20 Peer jpa6GZrlj9djbgmKUfFiP17KVTXJrOFj6AOn9YimKV0= added successfully
pangolin  | 2025-07-04T09:54:20.598Z [info]: Peer added successfully: {"peer":"Peer added successfully"}
pangolin  | 2025-07-04T09:54:27.288Z [info]: Handling register message!
gerbil    | INFO: 2025/07/04 09:54:27 Peer ZgmFvHiYQfO7oczo6rhnAwCP76rwk3Eisc7YJUZOYiU= added successfully
pangolin  | 2025-07-04T09:54:27.293Z [info]: Peer added successfully: {"peer":"Peer added successfully"}
pangolin  | 2025-07-04T09:54:29.902Z [info]: Handling register message!
gerbil    | INFO: 2025/07/04 09:54:29 Peer TYNFisWGRJue8eYWrSB/4Lm0snFfD2JchJqBj1KpDz4= added successfully
pangolin  | 2025-07-04T09:54:29.906Z [info]: Peer added successfully: {"peer":"Peer added successfully"}



gerbil    | INFO: 2025/07/04 10:01:26 Peer wW+jNXjVmPDtuJiVO8BAsRYgZEeKMJKO3g276xHoXSA= added successfully
pangolin  | 2025-07-04T10:01:26.500Z [info]: Peer added successfully: {"peer":"Peer added successfully"}
pangolin  | 2025-07-04T10:01:26.675Z [info]: Checking Docker socket for site 9 with Newt d2pkkkp41actnpq
pangolin  | 2025-07-04T10:01:26.720Z [info]: Handling Docker socket check response
pangolin  | 2025-07-04T10:01:26.720Z [info]: Newt ID: d2pkkkp41actnpq, Site ID: 9
pangolin  | 2025-07-04T10:01:26.720Z [info]: Docker socket availability for Newt d2pkkkp41actnpq: available=false, socketPath=
pangolin  | 2025-07-04T10:01:26.720Z [warn]: Newt d2pkkkp41actnpq does not have Docker socket access
pangolin  | 2025-07-04T10:01:26.720Z [info]: Handling Docker socket check response
pangolin  | 2025-07-04T10:01:26.720Z [info]: Newt ID: d2pkkkp41actnpq, Site ID: 9
pangolin  | 2025-07-04T10:01:26.720Z [info]: Docker socket availability for Newt d2pkkkp41actnpq: available=false, socketPath=
pangolin  | 2025-07-04T10:01:26.720Z [warn]: Newt d2pkkkp41actnpq does not have Docker socket access



gerbil    | INFO: 2025/07/04 10:01:34 Peer wW+jNXjVmPDtuJiVO8BAsRYgZEeKMJKO3g276xHoXSA= added successfully
pangolin  | 2025-07-04T10:01:34.813Z [info]: Peer added successfully: {"peer":"Peer added successfully"}
<!-- gh-comment-id:3035454889 --> @sstickel commented on GitHub (Jul 4, 2025): Here are the requested logs. Before the line break is the startup of pangolin. The gerbil log lines showing the public keys match the sqlite db entries for my Newt peers. Strange to me is to see these four pub keys again being added by gerbil, but I have no idea if that is a problem. More interestingly the wireguard peers do not appear here! The block after the line break is when I switched one of my resources that use a (non functioning) Wireguard peer to a Newt site. (from `wW+jNXjVmPDtuJ` to `TYNFisWGRJ`) In the moment I changed the resource to the Newt Site the public key of the Wireguard peer suddenly appears! (`wW+jNXjVmPDtuJ`) Then after the next line break I changed the resource back to the Wireguard Site which then started to work as expected. Here is the list of public keys from my sqlite db: ``` jpa6GZrlj9djbgmKUfFiP17KVTXJrOFj6AOn9YimKV0= newt ZgmFvHiYQfO7oczo6rhnAwCP76rwk3Eisc7YJUZOYiU= newt TYNFisWGRJue8eYWrSB/4Lm0snFfD2JchJqBj1KpDz4= newt shM1sYmANvDl3ItpKo794kUMB8XlimdfFQZAb/zRM18= newt wW+jNXjVmPDtuJiVO8BAsRYgZEeKMJKO3g276xHoXSA= wireguard pJy+t5xY6mwYC37gtWtkns92IIOY1pS5OCes8PvM9BA= wireguard gmNZ/zxzUz1BsNtwSpGrzF96TqXDMyZaLLZ+TnTLfTs= wireguard zGbHhJkkTzlvJl7fTFCkchKMQT6sv/VDlReg3bH49x0= wireguard ikLc2U9JauagdUfhDhr2G6QZZAHgphpxRAH8iCRdGQQ= wireguard ``` There is also one error in the log regarding the client IP 100.89.128.16. This is a Newt raw TCP socket that works as expected, so I think I can safely ignore this error. Hope this helps, if you need more information I will happily provide them. ``` root@rs /opt/pangolin # docker compose up [+] Running 4/4 ✔ Network pangolin Created 0.0s ✔ Container pangolin Created 0.1s ✔ Container gerbil Created 0.1s ✔ Container traefik Created 0.1s Attaching to gerbil, pangolin, traefik pangolin | pangolin | > @fosrl/pangolin@0.0.0 start:sqlite pangolin | > DB_TYPE=sqlite NODE_OPTIONS=--enable-source-maps NODE_ENV=development ENVIRONMENT=prod sh -c 'node dist/migrations.mjs && node dist/server.mjs' pangolin | pangolin | Starting migrations from version 1.5.1 pangolin | Migrations to run: pangolin | All migrations completed successfully pangolin | 2025-07-04T09:53:43.344Z [info]: API server is running on http://localhost:3000 pangolin | 2025-07-04T09:53:43.344Z [info]: Internal server is running on http://localhost:3001 pangolin | 2025-07-04T09:53:43.732Z [info]: Next.js server is running on http://localhost:3002 gerbil | INFO: 2025/07/04 09:53:52 Fetching remote config from http://pangolin:3001/api/v1/gerbil/get-config gerbil | INFO: 2025/07/04 09:53:52 Created WireGuard interface wg0 gerbil | INFO: 2025/07/04 09:53:52 Assigned IP address 100.89.128.1/24 to interface wg0 gerbil | INFO: 2025/07/04 09:53:52 Attempting to delete existing MSS clamping rule for chain INPUT gerbil | INFO: 2025/07/04 09:53:52 Attempting to delete existing MSS clamping rule for chain OUTPUT gerbil | INFO: 2025/07/04 09:53:52 Attempting to delete existing MSS clamping rule for chain FORWARD gerbil | INFO: 2025/07/04 09:53:52 Adding MSS clamping rule for chain INPUT gerbil | INFO: 2025/07/04 09:53:52 Successfully added and verified MSS clamping rule for chain INPUT gerbil | INFO: 2025/07/04 09:53:52 Adding MSS clamping rule for chain OUTPUT gerbil | INFO: 2025/07/04 09:53:52 Successfully added and verified MSS clamping rule for chain OUTPUT gerbil | INFO: 2025/07/04 09:53:52 Adding MSS clamping rule for chain FORWARD gerbil | INFO: 2025/07/04 09:53:52 Successfully added and verified MSS clamping rule for chain FORWARD gerbil | INFO: 2025/07/04 09:53:52 WireGuard interface wg0 created and configured gerbil | INFO: 2025/07/04 09:53:52 Starting server on :3003 traefik | 2025-07-04T09:53:52Z INF Traefik version 3.4.1 built on 2025-05-27T12:45:16Z version=3.4.1 traefik | 2025-07-04T09:53:52Z INF traefik | Stats collection is disabled. traefik | Help us improve Traefik by turning this feature on :) traefik | More details on: https://doc.traefik.io/traefik/contributing/data-collection/ traefik | traefik | 2025-07-04T09:53:52Z INF Loading plugins... plugins=["badger"] traefik | 2025-07-04T09:53:53Z INF Plugins loaded. plugins=["badger"] traefik | 2025-07-04T09:53:53Z INF Starting provider aggregator *aggregator.ProviderAggregator traefik | 2025-07-04T09:53:53Z INF Starting provider *file.Provider traefik | 2025-07-04T09:53:53Z INF Starting provider *traefik.Provider traefik | 2025-07-04T09:53:53Z INF Starting provider *http.Provider traefik | 2025-07-04T09:53:53Z INF Starting provider *acme.ChallengeTLSALPN traefik | 2025-07-04T09:53:53Z INF Starting provider *acme.Provider traefik | 2025-07-04T09:53:53Z INF Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=letsencrypt.acme traefik | 2025-07-04T09:53:55Z ERR Error while dialing backend error="dial tcp 100.89.128.16:50955: connect: no route to host" pangolin | 2025-07-04T09:53:57.802Z [info]: Establishing websocket connection pangolin | 2025-07-04T09:53:57.802Z [info]: Client added to tracking - Newt ID: 58cefwmtcfk92kk, Total connections: 1 pangolin | 2025-07-04T09:53:57.802Z [info]: WebSocket connection established - Newt ID: 58cefwmtcfk92kk pangolin | 2025-07-04T09:53:57.842Z [info]: Handling register message! gerbil | INFO: 2025/07/04 09:53:57 Peer shM1sYmANvDl3ItpKo794kUMB8XlimdfFQZAb/zRM18= added successfully pangolin | 2025-07-04T09:53:57.863Z [info]: Peer added successfully: {"peer":"Peer added successfully"} pangolin | 2025-07-04T09:53:58.588Z [info]: Establishing websocket connection pangolin | 2025-07-04T09:53:58.588Z [info]: Client added to tracking - Newt ID: hglj9l46ljrs0u2, Total connections: 1 pangolin | 2025-07-04T09:53:58.588Z [info]: WebSocket connection established - Newt ID: hglj9l46ljrs0u2 pangolin | 2025-07-04T09:53:58.635Z [info]: Handling register message! gerbil | INFO: 2025/07/04 09:53:58 Peer ZgmFvHiYQfO7oczo6rhnAwCP76rwk3Eisc7YJUZOYiU= added successfully pangolin | 2025-07-04T09:53:58.640Z [info]: Peer added successfully: {"peer":"Peer added successfully"} pangolin | 2025-07-04T09:54:01.239Z [info]: Establishing websocket connection pangolin | 2025-07-04T09:54:01.239Z [info]: Client added to tracking - Newt ID: d2pkkkp41actnpq, Total connections: 1 pangolin | 2025-07-04T09:54:01.239Z [info]: WebSocket connection established - Newt ID: d2pkkkp41actnpq pangolin | 2025-07-04T09:54:01.286Z [info]: Handling register message! gerbil | INFO: 2025/07/04 09:54:01 Peer TYNFisWGRJue8eYWrSB/4Lm0snFfD2JchJqBj1KpDz4= added successfully pangolin | 2025-07-04T09:54:01.291Z [info]: Peer added successfully: {"peer":"Peer added successfully"} pangolin | 2025-07-04T09:54:03.548Z [info]: Establishing websocket connection pangolin | 2025-07-04T09:54:03.548Z [info]: Client added to tracking - Newt ID: v6uhdkc4vjas0oq, Total connections: 1 pangolin | 2025-07-04T09:54:03.548Z [info]: WebSocket connection established - Newt ID: v6uhdkc4vjas0oq pangolin | 2025-07-04T09:54:03.588Z [info]: Handling register message! gerbil | INFO: 2025/07/04 09:54:03 Peer jpa6GZrlj9djbgmKUfFiP17KVTXJrOFj6AOn9YimKV0= added successfully pangolin | 2025-07-04T09:54:03.592Z [info]: Peer added successfully: {"peer":"Peer added successfully"} pangolin | 2025-07-04T09:54:15.337Z [info]: Handling register message! gerbil | INFO: 2025/07/04 09:54:15 Peer shM1sYmANvDl3ItpKo794kUMB8XlimdfFQZAb/zRM18= added successfully pangolin | 2025-07-04T09:54:15.343Z [info]: Peer added successfully: {"peer":"Peer added successfully"} pangolin | 2025-07-04T09:54:20.593Z [info]: Handling register message! gerbil | INFO: 2025/07/04 09:54:20 Peer jpa6GZrlj9djbgmKUfFiP17KVTXJrOFj6AOn9YimKV0= added successfully pangolin | 2025-07-04T09:54:20.598Z [info]: Peer added successfully: {"peer":"Peer added successfully"} pangolin | 2025-07-04T09:54:27.288Z [info]: Handling register message! gerbil | INFO: 2025/07/04 09:54:27 Peer ZgmFvHiYQfO7oczo6rhnAwCP76rwk3Eisc7YJUZOYiU= added successfully pangolin | 2025-07-04T09:54:27.293Z [info]: Peer added successfully: {"peer":"Peer added successfully"} pangolin | 2025-07-04T09:54:29.902Z [info]: Handling register message! gerbil | INFO: 2025/07/04 09:54:29 Peer TYNFisWGRJue8eYWrSB/4Lm0snFfD2JchJqBj1KpDz4= added successfully pangolin | 2025-07-04T09:54:29.906Z [info]: Peer added successfully: {"peer":"Peer added successfully"} gerbil | INFO: 2025/07/04 10:01:26 Peer wW+jNXjVmPDtuJiVO8BAsRYgZEeKMJKO3g276xHoXSA= added successfully pangolin | 2025-07-04T10:01:26.500Z [info]: Peer added successfully: {"peer":"Peer added successfully"} pangolin | 2025-07-04T10:01:26.675Z [info]: Checking Docker socket for site 9 with Newt d2pkkkp41actnpq pangolin | 2025-07-04T10:01:26.720Z [info]: Handling Docker socket check response pangolin | 2025-07-04T10:01:26.720Z [info]: Newt ID: d2pkkkp41actnpq, Site ID: 9 pangolin | 2025-07-04T10:01:26.720Z [info]: Docker socket availability for Newt d2pkkkp41actnpq: available=false, socketPath= pangolin | 2025-07-04T10:01:26.720Z [warn]: Newt d2pkkkp41actnpq does not have Docker socket access pangolin | 2025-07-04T10:01:26.720Z [info]: Handling Docker socket check response pangolin | 2025-07-04T10:01:26.720Z [info]: Newt ID: d2pkkkp41actnpq, Site ID: 9 pangolin | 2025-07-04T10:01:26.720Z [info]: Docker socket availability for Newt d2pkkkp41actnpq: available=false, socketPath= pangolin | 2025-07-04T10:01:26.720Z [warn]: Newt d2pkkkp41actnpq does not have Docker socket access gerbil | INFO: 2025/07/04 10:01:34 Peer wW+jNXjVmPDtuJiVO8BAsRYgZEeKMJKO3g276xHoXSA= added successfully pangolin | 2025-07-04T10:01:34.813Z [info]: Peer added successfully: {"peer":"Peer added successfully"} ```
GiteaMirror commented 2026-04-16 08:30:01 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Jul 4, 2025):

Hum yeah it feels like its not adding the wg peers when it boots up like it needs to. Will look into it ASAP!

<!-- gh-comment-id:3036835020 --> @oschwartz10612 commented on GitHub (Jul 4, 2025): Hum yeah it feels like its not adding the wg peers when it boots up like it needs to. Will look into it ASAP!
GiteaMirror commented 2026-04-16 08:30:02 -05:00
Author
Owner
Copy Link

@sstickel commented on GitHub (Jul 4, 2025):

If I can support you in any way, please tell me.
And dont be in extreme hurry because of me, please. I have a workaround. ;)

<!-- gh-comment-id:3037292541 --> @sstickel commented on GitHub (Jul 4, 2025): If I can support you in any way, please tell me. And dont be in extreme hurry because of me, please. I have a workaround. ;)
GiteaMirror commented 2026-04-16 08:30:03 -05:00
Author
Owner
Copy Link

@reans commented on GitHub (Jul 17, 2025):

same issue of mine. after adding port in config file and restart the old peers cannot back it seems the assign IP is not saving in pangolin.

<!-- gh-comment-id:3082050516 --> @reans commented on GitHub (Jul 17, 2025): same issue of mine. after adding port in config file and restart the old peers cannot back it seems the assign IP is not saving in pangolin.
GiteaMirror commented 2026-04-16 08:30:03 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Jul 17, 2025):

I think this will be fixed in the next release!

<!-- gh-comment-id:3084811368 --> @oschwartz10612 commented on GitHub (Jul 17, 2025): I think this will be fixed in the next release!
GiteaMirror commented 2026-04-16 08:30:04 -05:00
Author
Owner
Copy Link

@radokristof commented on GitHub (Sep 9, 2025):

This issue still persist? I have a similar issue and I don't know if its related

<!-- gh-comment-id:3272447580 --> @radokristof commented on GitHub (Sep 9, 2025): This issue still persist? I have a similar issue and I don't know if its related
GiteaMirror commented 2026-04-16 08:30:05 -05:00
Author
Owner
Copy Link

@sstickel commented on GitHub (Sep 10, 2025):

Haven't tried to restart Pangolin since. Pretty sure this is still an issue.

@oschwartz10612 ?

<!-- gh-comment-id:3273517095 --> @sstickel commented on GitHub (Sep 10, 2025): Haven't tried to restart Pangolin since. Pretty sure this is still an issue. @oschwartz10612 ?
GiteaMirror commented 2026-04-16 08:30:05 -05:00
Author
Owner
Copy Link

@sstickel commented on GitHub (Jan 14, 2026):

So, it is now a little bit more than 6 months since my journey into Panglin. Beside the mentionted two bugs (OP) the system ran without any hickups, but the machine was never restarted. As it
was really time to jump onto the latest Linux Kernel I pulled the Pangolin stack, did a full-upgrade and rebooted.

Unfortunatley the issue described in OP is still persistent in the latest version. Again, all of my Wireguard tunnels did not work properly until I did the workaround sequence mentioned in the OP.

If I can assist to find the root cause of this, please tell.

<!-- gh-comment-id:3748235719 --> @sstickel commented on GitHub (Jan 14, 2026): So, it is now a little bit more than 6 months since my journey into Panglin. Beside the mentionted two bugs (OP) the system ran without any hickups, but the machine was never restarted. As it was really time to jump onto the latest Linux Kernel I pulled the Pangolin stack, did a full-upgrade and rebooted. Unfortunatley the issue described in OP is still persistent in the latest version. Again, all of my Wireguard tunnels did not work properly until I did the workaround sequence mentioned in the OP. If I can assist to find the root cause of this, please tell.
GiteaMirror commented 2026-04-16 08:30:06 -05:00
Author
Owner
Copy Link

@sstickel commented on GitHub (Jan 15, 2026):

I have to correct myself. I looks like the old docker-compose.yml files in the documentation had the versions of pangolin and gerbil fixed to a version, now it's set to :latest. So basically my docker compose pull did (almost) nothing.

Changed the compose file pangolin:latest, gerbil:latest and traefik:v3.6 as in the documentation and all my bugs are gone. 👍

<!-- gh-comment-id:3754160282 --> @sstickel commented on GitHub (Jan 15, 2026): I have to correct myself. I looks like the old docker-compose.yml files in the documentation had the versions of pangolin and gerbil fixed to a version, now it's set to :latest. So basically my docker compose pull did (almost) nothing. Changed the compose file pangolin:latest, gerbil:latest and traefik:v3.6 as in the documentation and all my bugs are gone. 👍
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label bug networking
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#1722
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?