github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-08 05:39:49 -05:00
Code Issues 564 Packages Projects Releases 72 Wiki Activity

Installing Pangolin on a Server with Pre-existing WireGuard server #485

New Issue
Closed
opened 2025-11-13 12:01:54 -06:00 by GiteaMirror · 6 comments
GiteaMirror commented 2025-11-13 12:01:54 -06:00
Owner
Copy Link

Originally created by @afunworm on GitHub (Jul 11, 2025).

Hello.

I'm trying to install Pangolin on my server. This server hosts a WireGuard server already, so the port 51820/UDP is already taken. My plan is to change the port to 51888 for Gerbil.

I've tried the changing the port in docker-compose.yml:

  ports:
    - 51888:51820/udp

And change the start_port and IP address (since I'm behind Cloudflare) for config/config.yml:

gerbil:
    start_port: 51888
    base_endpoint: "IP_OF_THE_VPS_WHERE_PANGOLIN_AND_MY_CURRENT_WIREGUARD_SERVER_ARE_ON"

I have also made sure that my VPS firewall ports are open for 51888/UDP. All VPS firewalls are disabled.

Then, I tried both adding site using Newt & WireGuard. None of them shows the site being online. Here's what the log has in Newt container:

Here's what the Newt container looks like:

services:
  newt:
    image: fosrl/newt
    container_name: newt
    restart: unless-stopped
    environment:
      - PANGOLIN_ENDPOINT=https://pangolin.example.com
      - NEWT_ID=<ID>
      - NEWT_SECRET=<SECRET>

And here is the log from Newt:

INFO: 2025/07/11 19:29:26 Connecting to endpoint: MY_VPS_IP_ADDRESS
WARN: 2025/07/11 19:29:28 Ping attempt 1 failed: failed to read ICMP packet: i/o timeout
WARN: 2025/07/11 19:29:30 Ping attempt 2 failed: failed to read ICMP packet: i/o timeout
WARN: 2025/07/11 19:29:33 Periodic ping failed (2 consecutive failures): failed to read ICMP packet: i/o timeout
WARN: 2025/07/11 19:29:34 Ping attempt 3 failed: failed to read ICMP packet: i/o timeout
WARN: 2025/07/11 19:29:35 Periodic ping failed (3 consecutive failures): failed to read ICMP packet: i/o timeout
WARN: 2025/07/11 19:29:35 Connection to server lost. Continuous reconnection attempts will be made.
INFO: 2025/07/11 19:29:35 Received registration message
INFO: 2025/07/11 19:29:35 Stopping ping check

And log from Gerbil:

INFO: 2025/07/11 19:29:26 Peer FD0+LwY1UmWpeFzyoA5H1hkTyrgr6JdQbtAsUnZKwAU= added successfully

I'm not sure how to proceed. Also I don't know how to check log for adding sites using WireGuard instead of Newt.

Please advise.

Originally created by @afunworm on GitHub (Jul 11, 2025). Hello. I'm trying to install Pangolin on my server. This server hosts a WireGuard server already, so the port 51820/UDP is already taken. My plan is to change the port to 51888 for Gerbil. I've tried the changing the port in `docker-compose.yml`: ``` ports: - 51888:51820/udp ``` And change the start_port and IP address (since I'm behind Cloudflare) for `config/config.yml`: ``` gerbil: start_port: 51888 base_endpoint: "IP_OF_THE_VPS_WHERE_PANGOLIN_AND_MY_CURRENT_WIREGUARD_SERVER_ARE_ON" ``` I have also made sure that my VPS firewall ports are open for 51888/UDP. All VPS firewalls are disabled. Then, I tried both adding site using Newt & WireGuard. None of them shows the site being online. Here's what the log has in Newt container: Here's what the Newt container looks like: ``` services: newt: image: fosrl/newt container_name: newt restart: unless-stopped environment: - PANGOLIN_ENDPOINT=https://pangolin.example.com - NEWT_ID=<ID> - NEWT_SECRET=<SECRET> ``` And here is the log from Newt: ``` INFO: 2025/07/11 19:29:26 Connecting to endpoint: MY_VPS_IP_ADDRESS WARN: 2025/07/11 19:29:28 Ping attempt 1 failed: failed to read ICMP packet: i/o timeout WARN: 2025/07/11 19:29:30 Ping attempt 2 failed: failed to read ICMP packet: i/o timeout WARN: 2025/07/11 19:29:33 Periodic ping failed (2 consecutive failures): failed to read ICMP packet: i/o timeout WARN: 2025/07/11 19:29:34 Ping attempt 3 failed: failed to read ICMP packet: i/o timeout WARN: 2025/07/11 19:29:35 Periodic ping failed (3 consecutive failures): failed to read ICMP packet: i/o timeout WARN: 2025/07/11 19:29:35 Connection to server lost. Continuous reconnection attempts will be made. INFO: 2025/07/11 19:29:35 Received registration message INFO: 2025/07/11 19:29:35 Stopping ping check ``` And log from Gerbil: ``` INFO: 2025/07/11 19:29:26 Peer FD0+LwY1UmWpeFzyoA5H1hkTyrgr6JdQbtAsUnZKwAU= added successfully ``` I'm not sure how to proceed. Also I don't know how to check log for adding sites using WireGuard instead of Newt. Please advise.
GiteaMirror commented 2025-11-13 12:01:54 -06:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Jul 12, 2025):

Hi! When you change the start port in the config that changes the port inside of the container. So try to use:

  ports:
    - 51888:51888/udp
@oschwartz10612 commented on GitHub (Jul 12, 2025): Hi! When you change the start port in the config that changes the port inside of the container. So try to use: ``` ports: - 51888:51888/udp ```
GiteaMirror commented 2025-11-13 12:01:55 -06:00
Author
Owner
Copy Link

@afunworm commented on GitHub (Jul 12, 2025):

Hi! When you change the start port in the config that changes the port inside of the container. So try to use:

  ports:
    - 51888:51888/udp

This is it! Thank you so much!!!

@afunworm commented on GitHub (Jul 12, 2025): > Hi! When you change the start port in the config that changes the port inside of the container. So try to use: > > ``` > ports: > - 51888:51888/udp > ``` This is it! Thank you so much!!!
GiteaMirror commented 2025-11-13 12:01:55 -06:00
Author
Owner
Copy Link

@hiagocosta commented on GitHub (Jul 16, 2025):

is it possible to use this wireguard tunnel instead gerbil's tunnel?

@hiagocosta commented on GitHub (Jul 16, 2025): is it possible to use this wireguard tunnel instead gerbil's tunnel?
GiteaMirror commented 2025-11-13 12:01:55 -06:00
Author
Owner
Copy Link

@afunworm commented on GitHub (Jul 17, 2025):

is it possible to use this wireguard tunnel instead gerbil's tunnel?

I opted in for the cleanest route, which is just to create a separate network for WireGuard for Gerbil to use. But there is an option to use any WireGuard client in the settings. That should work. You just need to handle the NAT manually.

@afunworm commented on GitHub (Jul 17, 2025): > is it possible to use this wireguard tunnel instead gerbil's tunnel? I opted in for the cleanest route, which is just to create a separate network for WireGuard for Gerbil to use. But there is an option to use any WireGuard client in the settings. That should work. You just need to handle the NAT manually.
GiteaMirror commented 2025-11-13 12:01:55 -06:00
Author
Owner
Copy Link

@hiagocosta commented on GitHub (Jul 18, 2025):

is it possible to use this wireguard tunnel instead gerbil's tunnel?

I opted in for the cleanest route, which is just to create a separate network for WireGuard for Gerbil to use. But there is an option to use any WireGuard client in the settings. That should work. You just need to handle the NAT manually.

do you know how can I do that?

@hiagocosta commented on GitHub (Jul 18, 2025): > > is it possible to use this wireguard tunnel instead gerbil's tunnel? > > I opted in for the cleanest route, which is just to create a separate network for WireGuard for Gerbil to use. But there is an option to use any WireGuard client in the settings. That should work. You just need to handle the NAT manually. do you know how can I do that?
GiteaMirror commented 2025-11-13 12:01:56 -06:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Jul 18, 2025):

@hiagocosta You can actually run Gerbil as a binary and configure it with the CLI commands to manage your existing WG interface I think. https://docs.fossorial.io/Gerbil/overview

But I would not really recommend this. I would try to keep your existing setup separate from what Pangolin is going to try to manage I think it might just be safer and easier.

@oschwartz10612 commented on GitHub (Jul 18, 2025): @hiagocosta You can actually run Gerbil as a binary and configure it with the CLI commands to manage your existing WG interface I think. https://docs.fossorial.io/Gerbil/overview But I would not really recommend this. I would try to keep your existing setup separate from what Pangolin is going to try to manage I think it might just be safer and easier.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#485
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?