[GH-ISSUE #776] Multiple exit nodes issue? #3567

New Issue

Closed

opened 2026-04-20 07:34:46 -05:00 by GiteaMirror · 5 comments

GiteaMirror commented 2026-04-20 07:34:46 -05:00

Owner

Copy Link

Originally created by @RichyHBM on GitHub (May 24, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/776

Originally assigned to: @oschwartz10612 on GitHub.

Hello, I recently changed my VPS and as a result I moved pangolin by copying the db.sqlite, on the new server I had issues connecting and created (and setup) a new newt config.

The logs showed pangolin/gerbal giving itself the ip 100.89.130.1/24, however the logs for newt showed the config returning 100.89.128.1/24, and subsequently caused the ping to fail, presumably because the wireguard connection was never fully made.

Eventually I removed the old db, and recreated pangolin which fixed the issue, but I looked at the sql data out of curiosity and found the following in the exitNodes table:

exitNoideId       name                                  address
1                          Exit Node XHuz1LpS        100.89.128.1/24
2                          Exit Node aXvLf78h         100.89.129.1/24
3                          Exit Node 3Yjr1IJA            100.89.130.1/24

Which makes me think something is collecting the wrong exit node data, pressumably its the pangolin server?

Originally created by @RichyHBM on GitHub (May 24, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/776 Originally assigned to: @oschwartz10612 on GitHub. Hello, I recently changed my VPS and as a result I moved pangolin by copying the db.sqlite, on the new server I had issues connecting and created (and setup) a new newt config. The logs showed pangolin/gerbal giving itself the ip `100.89.130.1/24`, however the logs for newt showed the config returning `100.89.128.1/24`, and subsequently caused the ping to fail, presumably because the wireguard connection was never fully made. Eventually I removed the old db, and recreated pangolin which fixed the issue, but I looked at the sql data out of curiosity and found the following in the exitNodes table: ``` exitNoideId name address 1 Exit Node XHuz1LpS 100.89.128.1/24 2 Exit Node aXvLf78h 100.89.129.1/24 3 Exit Node 3Yjr1IJA 100.89.130.1/24 ``` Which makes me think something is collecting the wrong exit node data, pressumably its the pangolin server?

GiteaMirror added the needs investigating label 2026-04-20 07:34:46 -05:00

GiteaMirror closed this issue 2026-04-20 07:34:47 -05:00

GiteaMirror commented 2026-04-20 07:34:48 -05:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (May 24, 2025):

Hum okay yeah so it created 3 exit nodes when it should really only ever have one. I think this is because the key from --generateAndSaveKeyTo changed when you moved VPS perhaps and it created new ones based on the logic. I will look into this.

<!-- gh-comment-id:2906359400 --> @oschwartz10612 commented on GitHub (May 24, 2025): Hum okay yeah so it created 3 exit nodes when it should really only ever have one. I think this is because the key from --generateAndSaveKeyTo changed when you moved VPS perhaps and it created new ones based on the logic. I will look into this.

GiteaMirror commented 2026-04-20 07:34:48 -05:00

Author

Owner

Copy Link

@RichyHBM commented on GitHub (May 24, 2025):

That is possible, I also deleted the key file, and also deleted and recreated the site before completely nuking the old instance. Would that not have caused there to be 4 entries? Or because when I recreated it I deleted the old one properly it correctly removed it from the db?

<!-- gh-comment-id:2906903404 --> @RichyHBM commented on GitHub (May 24, 2025): That is possible, I also deleted the key file, and also deleted and recreated the site before completely nuking the old instance. Would that not have caused there to be 4 entries? Or because when I recreated it I deleted the old one properly it correctly removed it from the db?

GiteaMirror commented 2026-04-20 07:34:49 -05:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (May 27, 2025):

It could have but not 100% on the order you did everything. It creates an exit node if there is not already one matching the key sent by the Gerbil container on a restart and if the gerbil container has no key file it creates a new one. I think this is something that should change so it just updates the pub key instead of creating a new one.

<!-- gh-comment-id:2912799503 --> @oschwartz10612 commented on GitHub (May 27, 2025): It could have but not 100% on the order you did everything. It creates an exit node if there is not already one matching the key sent by the Gerbil container on a restart and if the gerbil container has no key file it creates a new one. I think this is something that should change so it just updates the pub key instead of creating a new one.

GiteaMirror commented 2026-04-20 07:34:49 -05:00

Author

Owner

Copy Link

@krzwiatrzyk commented on GitHub (Jun 28, 2025):

Had the same case right now while trying to run Pangolin in Kubernetes without using persistent storage. After Gerbil pod is recreated, it is impossible to establish proper wirguard connection (ICMP ping wont succeed).

<!-- gh-comment-id:3016099512 --> @krzwiatrzyk commented on GitHub (Jun 28, 2025): Had the same case right now while trying to run Pangolin in Kubernetes without using persistent storage. After Gerbil pod is recreated, it is impossible to establish proper wirguard connection (ICMP ping wont succeed).

GiteaMirror commented 2026-04-20 07:34:49 -05:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (Jun 30, 2025):

Yeah we are working on some node stuff right now what should help this situation. But yeah you need to persist that key file for gerbil otherwise it will register a new exit node and you will be a in a sticky situation because your sites are on the old node. I would recomend editing the db and removing the new exit node and updaing the public key column to match your new key.

<!-- gh-comment-id:3019890763 --> @oschwartz10612 commented on GitHub (Jun 30, 2025): Yeah we are working on some node stuff right now what should help this situation. But yeah you need to persist that key file for gerbil otherwise it will register a new exit node and you will be a in a sticky situation because your sites are on the old node. I would recomend editing the db and removing the new exit node and updaing the public key column to match your new key.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/npm_and_yarn/fast-uri-3.1.2

crowdin_dev

dev

s3

dependabot/npm_and_yarn/fast-xml-builder-1.2.0

dependabot/npm_and_yarn/axios-1.15.2

dependabot/npm_and_yarn/next-intl-4.9.2

dependabot/npm_and_yarn/prod-patch-updates-64dd675a88

dependabot/npm_and_yarn/dev-minor-updates-10ef4f0f15

dependabot/docker/node-26-alpine

dependabot/docker/docker/library/node-26-slim

dependabot/npm_and_yarn/multi-7bdfbe8666

resource-policies

redis

newt-install-commands

dependabot/npm_and_yarn/multi-d2fd79378c

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/postcss-8.5.10

miloschwartz-patch-2

dependabot/github_actions/actions/setup-node-6.4.0

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

cross-org-idp

update-readme

miloschwartz-patch-1

breakout-sites-tables

revert-2766-feature/systemd-install-instructions

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.18.3-s.3

1.18.3-s.2

1.18.3

1.18.3-s.1

1.18.3-s.0

1.18.2-s.5

1.18.2-s.4

1.18.2-s.3

1.18.2-s.2

1.18.2-s.1

1.18.2

1.18.2-s.0

1.18.1-s.7

1.18.1-s.6

1.18.1-s.5

1.18.1-s.4

1.18.1-s.3

1.18.1-s.2

1.18.1

1.18.1-s.1

1.18.1-s.0

1.18.0-s.2

1.18.0-s.1

1.18.0

1.18.0-s.0

1.17.1-s.7

1.17.1-s.6

1.18.0-rc.0

1.17.1-s.5

1.17.1-s.4

1.17.1-s.3

1.17.1

1.17.1-s.2

1.17.1-s.1

1.17.1-s.0

1.17.0-s.4

1.17.0

1.17.0-s.3

1.17.0-s.2

1.17.0-s.1

1.17.0-s.0

1.17.0-rc.0

1.16.2-s.22

1.16.2-s.21

1.16.2-s.20

1.16.2-s.19

1.16.2-s.18

1.16.2-s.17

1.16.2-s.16

1.16.2-s.15

1.16.2-s.14

1.16.2-s.13

1.16.2-s.12

1.16.2-s.11

1.16.2-s.10

1.16.2-s.9

1.16.2-s.8

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4-s.1

1.15.4

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.2

1.15.1-s.1

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

wontfix

No Label needs investigating

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#3567