github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-08 05:39:49 -05:00
Code Issues 564 Packages Projects Releases 72 Wiki Activity

[GH-ISSUE #2430] Admin account fails to handshake with peers using Pangolin VPN client #6963

New Issue
Open
opened 2026-04-25 15:57:14 -05:00 by GiteaMirror · 13 comments
GiteaMirror commented 2026-04-25 15:57:14 -05:00
Owner
Copy Link

Originally created by @regnighc on GitHub (Feb 7, 2026).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/2430

Describe the Bug

The admin account fails to handshake with all peers using the VPN client.

Tested it on Windows, Linux, Android and results are all the same.

All other accounts are perfectly fine and handshake without issues to all peers.

Tested on multiple networks including the same network as pangolin server.

This was not always a problem, it started when I updated all containers to the latest release, I admit I cant remember which version I was on before when it worked but I had not updated since about December 25.

Environment

  • OS Type & Version: Ubuntu 22.04, 24.04, Windows 10 & 11, Android 15
  • Pangolin Version: 1.15.2
  • Gerbil Version: 1.3.0
  • Traefik Version: 3.4.0
  • Newt Version: 1.9.0
  • Olm Version: (if applicable): N/A
  • Pangolin VPN Version: Android(0.1.5), Windows(0.5.1), Linux CLI(0.3.1)

To Reproduce

Connect using Pangolin VPN client on any platform with the Owner/Admin account, observe that status is disconnected to all sites, and logs show all peers failing to handshake

Expected Behavior

Expect to connect and be connected to peers with successful handshake, as happens with any other user I create.

Originally created by @regnighc on GitHub (Feb 7, 2026). Original GitHub issue: https://github.com/fosrl/pangolin/issues/2430 ### Describe the Bug The admin account fails to handshake with all peers using the VPN client. Tested it on Windows, Linux, Android and results are all the same. All other accounts are perfectly fine and handshake without issues to all peers. Tested on multiple networks including the same network as pangolin server. This was not always a problem, it started when I updated all containers to the latest release, I admit I cant remember which version I was on before when it worked but I had not updated since about December 25. ### Environment - OS Type & Version: Ubuntu 22.04, 24.04, Windows 10 & 11, Android 15 - Pangolin Version: 1.15.2 - Gerbil Version: 1.3.0 - Traefik Version: 3.4.0 - Newt Version: 1.9.0 - Olm Version: (if applicable): N/A - Pangolin VPN Version: Android(0.1.5), Windows(0.5.1), Linux CLI(0.3.1) ### To Reproduce Connect using Pangolin VPN client on any platform with the Owner/Admin account, observe that status is disconnected to all sites, and logs show all peers failing to handshake ### Expected Behavior Expect to connect and be connected to peers with successful handshake, as happens with any other user I create.
GiteaMirror added the stale label 2026-04-25 15:57:14 -05:00
GiteaMirror commented 2026-04-25 15:57:15 -05:00
Author
Owner
Copy Link

@groott commented on GitHub (Feb 7, 2026):

I have the same issue. I updated newt from 1.7.0 to 1.9.0. I tried downgrading to 1.8.0 and 1.7.0, but same results. Here are newt logs:

INFO: 2026/02/07 20:42:13 Newt version 1.9.0
INFO: 2026/02/07 20:42:13 Config file does not exist at /root/.config/newt-client/config.json, will create it
INFO: 2026/02/07 20:42:13 Server version: 1.15.2
ERROR: 2026/02/07 20:42:13 Failed to connect: failed to connect to WebSocket: websocket: bad handshake. Retrying in 3s...
INFO: 2026/02/07 20:42:16 Server version: 1.15.2
ERROR: 2026/02/07 20:42:16 Failed to connect: failed to connect to WebSocket: websocket: bad handshake. Retrying in 3s...
INFO: 2026/02/07 20:42:19 Server version: 1.15.2
ERROR: 2026/02/07 20:42:19 Failed to connect: failed to connect to WebSocket: websocket: bad handshake. Retrying in 3s...
<!-- gh-comment-id:3865124201 --> @groott commented on GitHub (Feb 7, 2026): I have the same issue. I updated newt from 1.7.0 to 1.9.0. I tried downgrading to 1.8.0 and 1.7.0, but same results. Here are newt logs: ``` INFO: 2026/02/07 20:42:13 Newt version 1.9.0 INFO: 2026/02/07 20:42:13 Config file does not exist at /root/.config/newt-client/config.json, will create it INFO: 2026/02/07 20:42:13 Server version: 1.15.2 ERROR: 2026/02/07 20:42:13 Failed to connect: failed to connect to WebSocket: websocket: bad handshake. Retrying in 3s... INFO: 2026/02/07 20:42:16 Server version: 1.15.2 ERROR: 2026/02/07 20:42:16 Failed to connect: failed to connect to WebSocket: websocket: bad handshake. Retrying in 3s... INFO: 2026/02/07 20:42:19 Server version: 1.15.2 ERROR: 2026/02/07 20:42:19 Failed to connect: failed to connect to WebSocket: websocket: bad handshake. Retrying in 3s... ```
GiteaMirror commented 2026-04-25 15:57:15 -05:00
Author
Owner
Copy Link

@regnighc commented on GitHub (Feb 8, 2026):

I have the same issue. I updated newt from 1.7.0 to 1.9.0. I tried downgrading to 1.8.0 and 1.7.0, but same results. Here are newt logs:

INFO: 2026/02/07 20:42:13 Newt version 1.9.0
INFO: 2026/02/07 20:42:13 Config file does not exist at /root/.config/newt-client/config.json, will create it
INFO: 2026/02/07 20:42:13 Server version: 1.15.2
ERROR: 2026/02/07 20:42:13 Failed to connect: failed to connect to WebSocket: websocket: bad handshake. Retrying in 3s...
INFO: 2026/02/07 20:42:16 Server version: 1.15.2
ERROR: 2026/02/07 20:42:16 Failed to connect: failed to connect to WebSocket: websocket: bad handshake. Retrying in 3s...
INFO: 2026/02/07 20:42:19 Server version: 1.15.2
ERROR: 2026/02/07 20:42:19 Failed to connect: failed to connect to WebSocket: websocket: bad handshake. Retrying in 3s...

I get slightly different errors in the logs to this actually, I wonder do other accounts work for you too? My errors are: handshake did not complete in 5 seconds. Prefixed by each peer ID

<!-- gh-comment-id:3866581274 --> @regnighc commented on GitHub (Feb 8, 2026): > I have the same issue. I updated newt from 1.7.0 to 1.9.0. I tried downgrading to 1.8.0 and 1.7.0, but same results. Here are newt logs: > > ``` > INFO: 2026/02/07 20:42:13 Newt version 1.9.0 > INFO: 2026/02/07 20:42:13 Config file does not exist at /root/.config/newt-client/config.json, will create it > INFO: 2026/02/07 20:42:13 Server version: 1.15.2 > ERROR: 2026/02/07 20:42:13 Failed to connect: failed to connect to WebSocket: websocket: bad handshake. Retrying in 3s... > INFO: 2026/02/07 20:42:16 Server version: 1.15.2 > ERROR: 2026/02/07 20:42:16 Failed to connect: failed to connect to WebSocket: websocket: bad handshake. Retrying in 3s... > INFO: 2026/02/07 20:42:19 Server version: 1.15.2 > ERROR: 2026/02/07 20:42:19 Failed to connect: failed to connect to WebSocket: websocket: bad handshake. Retrying in 3s... > ``` I get slightly different errors in the logs to this actually, I wonder do other accounts work for you too? My errors are: handshake did not complete in 5 seconds. Prefixed by each peer ID
GiteaMirror commented 2026-04-25 15:57:15 -05:00
Author
Owner
Copy Link

@github-actions[bot] commented on GitHub (Feb 23, 2026):

This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

<!-- gh-comment-id:3942015800 --> @github-actions[bot] commented on GitHub (Feb 23, 2026): This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.
GiteaMirror commented 2026-04-25 15:57:15 -05:00
Author
Owner
Copy Link

@regnighc commented on GitHub (Feb 23, 2026):

Any help here please developers?

<!-- gh-comment-id:3942029042 --> @regnighc commented on GitHub (Feb 23, 2026): Any help here please developers?
GiteaMirror commented 2026-04-25 15:57:16 -05:00
Author
Owner
Copy Link

@LaurenceJJones commented on GitHub (Feb 25, 2026):

Hey, on the docker compose side of the server can you ensure that gerbil is exposing the ports it needs for vpn client mostly 21820/udp (check its bounded in compose and no firewall is blocking this port).

@groott your issue is slightly different as the context of the OP is that vpn client is failing to handshake rather than newt itself? correct me if I got the wrong context @regnighc

<!-- gh-comment-id:3960467048 --> @LaurenceJJones commented on GitHub (Feb 25, 2026): Hey, on the docker compose side of the server can you ensure that gerbil is exposing the ports it needs for vpn client mostly `21820/udp` (check its bounded in compose and no firewall is blocking this port). @groott your issue is slightly different as the context of the OP is that vpn client is failing to handshake rather than newt itself? correct me if I got the wrong context @regnighc
GiteaMirror commented 2026-04-25 15:57:16 -05:00
Author
Owner
Copy Link

@miloschwartz commented on GitHub (Feb 25, 2026):

@regnighc Echoing Laurence: check that 21820/udp is open on the Pangolin Server and UDP traffic is not being blocked somewhere. This is usually the culprit.

Ensure Newt, Gerbil, Pangolin are up to date. Send any relevant logs from the clients and Newt if something looks funky.

The account type shouldn't matter. Try with a different account and see if you get the same result.

<!-- gh-comment-id:3961873946 --> @miloschwartz commented on GitHub (Feb 25, 2026): @regnighc Echoing Laurence: check that 21820/udp is open on the Pangolin Server and UDP traffic is not being blocked somewhere. This is usually the culprit. Ensure Newt, Gerbil, Pangolin are up to date. Send any relevant logs from the clients and Newt if something looks funky. The account type shouldn't matter. Try with a different account and see if you get the same result.
GiteaMirror commented 2026-04-25 15:57:17 -05:00
Author
Owner
Copy Link

@regnighc commented on GitHub (Feb 27, 2026):

Hi

@regnighc Echoing Laurence: check that 21820/udp is open on the Pangolin Server and UDP traffic is not being blocked somewhere. This is usually the culprit.

Ensure Newt, Gerbil, Pangolin are up to date. Send any relevant logs from the clients and Newt if something looks funky.

The account type shouldn't matter. Try with a different account and see if you get the same result.

Hi, it is exposed and open, I have multiple other users including my own 2nd account that works absolutely fine, its literally just the admin account

<!-- gh-comment-id:3973865763 --> @regnighc commented on GitHub (Feb 27, 2026): Hi > [@regnighc](https://github.com/regnighc) Echoing Laurence: check that 21820/udp is open on the Pangolin Server and UDP traffic is not being blocked somewhere. This is usually the culprit. > > Ensure Newt, Gerbil, Pangolin are up to date. Send any relevant logs from the clients and Newt if something looks funky. > > The account type shouldn't matter. Try with a different account and see if you get the same result. Hi, it is exposed and open, I have multiple other users including my own 2nd account that works absolutely fine, its literally just the admin account
GiteaMirror commented 2026-04-25 15:57:17 -05:00
Author
Owner
Copy Link

@LaurenceJJones commented on GitHub (Feb 28, 2026):

Hi

@regnighc Echoing Laurence: check that 21820/udp is open on the Pangolin Server and UDP traffic is not being blocked somewhere. This is usually the culprit.
Ensure Newt, Gerbil, Pangolin are up to date. Send any relevant logs from the clients and Newt if something looks funky.
The account type shouldn't matter. Try with a different account and see if you get the same result.

Hi, it is exposed and open, I have multiple other users including my own 2nd account that works absolutely fine, its literally just the admin account

Okay that is very odd, best way for us to get more details if you connect via the pangolin cli could you run after connecting pangolin logs .

if you dont want to share them here (shouldnt be any PII) could you send the output to laurence at pangolin.net.

<!-- gh-comment-id:3976648084 --> @LaurenceJJones commented on GitHub (Feb 28, 2026): > Hi > > > [@regnighc](https://github.com/regnighc) Echoing Laurence: check that 21820/udp is open on the Pangolin Server and UDP traffic is not being blocked somewhere. This is usually the culprit. > > Ensure Newt, Gerbil, Pangolin are up to date. Send any relevant logs from the clients and Newt if something looks funky. > > The account type shouldn't matter. Try with a different account and see if you get the same result. > > Hi, it is exposed and open, I have multiple other users including my own 2nd account that works absolutely fine, its literally just the admin account Okay that is very odd, best way for us to get more details if you connect via the `pangolin` cli could you run after connecting `pangolin logs` . if you dont want to share them here (shouldnt be any PII) could you send the output to `laurence` at `pangolin.net`.
GiteaMirror commented 2026-04-25 15:57:17 -05:00
Author
Owner
Copy Link

@regnighc commented on GitHub (Mar 9, 2026):

Okay, will get you this information tomorrow. Thanks

<!-- gh-comment-id:4026403160 --> @regnighc commented on GitHub (Mar 9, 2026): Okay, will get you this information tomorrow. Thanks
GiteaMirror commented 2026-04-25 15:57:18 -05:00
Author
Owner
Copy Link

@github-actions[bot] commented on GitHub (Mar 24, 2026):

This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

<!-- gh-comment-id:4114597554 --> @github-actions[bot] commented on GitHub (Mar 24, 2026): This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.
GiteaMirror commented 2026-04-25 15:57:18 -05:00
Author
Owner
Copy Link

@derkrasseleo commented on GitHub (Mar 31, 2026):

I am also running into this issue when running pangolin in a proxmox LXC container

<!-- gh-comment-id:4165316388 --> @derkrasseleo commented on GitHub (Mar 31, 2026): I am also running into this issue when running pangolin in a proxmox LXC container
GiteaMirror commented 2026-04-25 15:57:19 -05:00
Author
Owner
Copy Link

@LaurenceJJones commented on GitHub (Apr 1, 2026):

@derkrasseleo if you can provide logs or more information then we debug further, either run pangolin up with --attach flag or if not run pangolin logs to get the latest logs. (prefer to use attach as pangolin logs only get last lines from the log file)

just checked my email and seems OP never sent me the logs so still got nothing to debug further.

<!-- gh-comment-id:4169277941 --> @LaurenceJJones commented on GitHub (Apr 1, 2026): @derkrasseleo if you can provide logs or more information then we debug further, either run pangolin up with `--attach` flag or if not run `pangolin logs` to get the latest logs. (prefer to use attach as pangolin logs only get last lines from the log file) just checked my email and seems OP never sent me the logs so still got nothing to debug further.
GiteaMirror commented 2026-04-25 15:57:19 -05:00
Author
Owner
Copy Link

@github-actions[bot] commented on GitHub (Apr 16, 2026):

This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

<!-- gh-comment-id:4256614530 --> @github-actions[bot] commented on GitHub (Apr 16, 2026): This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label stale
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#6963
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?