mirror of
https://github.com/fosrl/pangolin.git
synced 2026-05-06 12:55:03 -05:00
[GH-ISSUE #2446] Newt Tunnel can not connect to VPS #4111
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/pangolin#4111
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @OscarsWorldTech on GitHub (Feb 10, 2026).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/2446
Describe the Bug
I just brought up a new Hertzner VPS and installed pangolin on it. I can reach the dashboard just fine, but when I am trying to install a site the VM that I am installing to will not connect. I have verified that the Hetzner firewall allows 80, 443, 51820, 21820 as well as my firewall allows it. Here is what happens after I run newt with the id and secret and endpoint:
INFO: 2026/02/10 14:21:37 Newt version 1.9.0
INFO: 2026/02/10 14:21:37 Server version: 1.15.2
INFO: 2026/02/10 14:21:37 Websocket connected
INFO: 2026/02/10 14:21:37 Connecting to endpoint: pangolin.oscarsworld.tech
INFO: 2026/02/10 14:21:57 SendMessageInterval timed out after 10 attempts for message type: newt/wg/get-config
WARN: 2026/02/10 14:22:08 Initial reliable ping failed, but continuing: all 5 ping attempts failed, last error: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:22:13 Ping attempt 1 failed: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:22:18 Ping attempt 2 failed: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:22:25 Ping attempt 3 failed: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:22:32 Ping attempt 4 failed: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:22:39 Ping attempt 5 failed: failed to read ICMP packet: i/o timeout
INFO: 2026/02/10 14:22:39 Increasing ping retry delay to 3s
WARN: 2026/02/10 14:22:47 Ping attempt 6 failed: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:22:55 Ping attempt 7 failed: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:22:57 Periodic ping failed (2 consecutive failures): all 2 ping attempts failed, last error: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:23:03 Ping attempt 8 failed: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:23:11 Ping attempt 9 failed: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:23:19 Ping attempt 10 failed: failed to read ICMP packet: i/o timeout
INFO: 2026/02/10 14:23:19 Increasing ping retry delay to 4.5s
WARN: 2026/02/10 14:23:28 Periodic ping failed (3 consecutive failures): all 2 ping attempts failed, last error: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:23:29 Ping attempt 11 failed: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:23:38 Ping attempt 12 failed: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:23:48 Ping attempt 13 failed: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:23:57 Ping attempt 14 failed: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:23:59 Periodic ping failed (4 consecutive failures): all 2 ping attempts failed, last error: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:23:59 Connection to server lost after 4 failures. Continuous reconnection attempts will be made.
INFO: 2026/02/10 14:23:59 Stopping ping check
INFO: 2026/02/10 14:23:59 Connecting to endpoint: pangolin.oscarsworld.tech
WARN: 2026/02/10 14:23:59 Failed to start hole punch: hole punch already running
WARN: 2026/02/10 14:24:30 Initial reliable ping failed, but continuing: all 5 ping attempts failed, last error: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:24:35 Ping attempt 1 failed: failed to read ICMP packet: i/o timeout
WARN: 2026/02/10 14:24:40 Ping attempt 2 failed: failed to read ICMP packet: i/o timeout
Environment
To Reproduce
Expected Behavior
I should be able to automatically connect the tunnel
@OscarsWorldTech commented on GitHub (Feb 10, 2026):
Also adding that the Pangolin docker logs do show that it is adding a peer with the ID, but for some reason I still can not connect
EDIT: Just tried to create a tunnel from the Hetzner VPS to a another non-Hetzner VPS and it is still not connecting
@hands0fblue commented on GitHub (Feb 12, 2026):
I have been having similar issues. I run my domain through Cloudflare and I had to remove the proxy and go to DNS only. My Newt tunnels now connect after a restart and the log look like this...
newt | INFO: 2026/02/12 04:08:07 Newt version 1.9.0
newt | INFO: 2026/02/12 04:08:08 Config file does not exist at /root/.config/newt-client/config.json, will create it
newt | INFO: 2026/02/12 04:08:08 Server version: 1.15.2
newt | INFO: 2026/02/12 04:08:08 Saving config to: /root/.config/newt-client/config.json
newt | INFO: 2026/02/12 04:08:08 Websocket connected
newt | INFO: 2026/02/12 04:08:08 Connecting to endpoint: xxx.xxx.xxx.xxx
newt | INFO: 2026/02/12 04:08:08 Tunnel connection to server established successfully!
newt | INFO: 2026/02/12 04:08:10 Client connectivity setup. Ready to accept connections from client
When I attempt to connect to my wildcard domains I get stuck in a redirect look so I still think there is something wrong with my DNS settings somewhere. If I figure out what I am doing wrong I will post and update.
If you use Cloudflare the docs are here https://docs.pangolin.net/self-host/advanced/cloudflare-proxy#cloudflare-proxy.
P.S. You should only need to open firewall ports for the VPS. Newt acts as a VPN client and will bypass your firewall.
@oschwartz10612 commented on GitHub (Feb 12, 2026):
^^^ all good advice. Make sure UDP ports 21820 and 51820 are open.
@OscarsWorldTech commented on GitHub (Feb 12, 2026):
Hi all,
What i ended up doing was completely rebuilding the vps and verifying ports were open. It was able to connect after that.