Unable to connect to resource #98

New Issue

Closed

opened 2025-11-13 11:49:59 -06:00 by GiteaMirror · 10 comments

GiteaMirror commented 2025-11-13 11:49:59 -06:00

Owner

Copy Link

Originally created by @L3nski on GitHub (Feb 20, 2025).

I have tried multiple different hosts to install the newt agent on. I have tried my primary network as well as vlans.

Originally created by @L3nski on GitHub (Feb 20, 2025). I have tried multiple different hosts to install the newt agent on. I have tried my primary network as well as vlans. 

GiteaMirror closed this issue 2025-11-13 11:49:59 -06:00

GiteaMirror commented 2025-11-13 11:50:00 -06:00

Author

Owner

Copy Link

@Lokowitz commented on GitHub (Feb 20, 2025):

Hey,
is port 51820/udp open in your firewall in front of pangolin installation?

@Lokowitz commented on GitHub (Feb 20, 2025): Hey, is port 51820/udp open in your firewall in front of pangolin installation?

GiteaMirror commented 2025-11-13 11:50:00 -06:00

Author

Owner

Copy Link

@L3nski commented on GitHub (Feb 20, 2025):

According to the VPS yes. I have tried both in a VPS and on my local server.

@L3nski commented on GitHub (Feb 20, 2025): According to the VPS yes. I have tried both in a VPS and on my local server.

GiteaMirror commented 2025-11-13 11:50:00 -06:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (Feb 20, 2025):

A couple of things you could check: make sure the endpoint on the Newt logs and in the Gerbil section of the config.yml resolves to your VPS IP from your Newt location. Usually you can run nslookup to check.

Next make sure one more time nothing is blocking that port and you did allow UDP. UFW or iptables can block.

Finally if all that is good run a tcpdump on the VPS and filter for that port and see if you are getting packets. You can run newt to connect or see if you can connect with netcat

nslookup example.com
tcpdump -i any -n udp port 51820
nc -uv {vps_ip} 51820

@oschwartz10612 commented on GitHub (Feb 20, 2025): A couple of things you could check: make sure the endpoint on the Newt logs and in the Gerbil section of the config.yml resolves to your VPS IP from your Newt location. Usually you can run nslookup to check. Next make sure one more time nothing is blocking that port and you did allow UDP. UFW or iptables can block. Finally if all that is good run a tcpdump on the VPS and filter for that port and see if you are getting packets. You can run newt to connect or see if you can connect with netcat `nslookup example.com` `tcpdump -i any -n udp port 51820` `nc -uv {vps_ip} 51820`

GiteaMirror commented 2025-11-13 11:50:00 -06:00

Author

Owner

Copy Link

@L3nski commented on GitHub (Feb 21, 2025):

Thanks all for the advise. Looks like 51820 is blocked somehow but cant find where.

@L3nski commented on GitHub (Feb 21, 2025): Thanks all for the advise. Looks like 51820 is blocked somehow but cant find where.

GiteaMirror commented 2025-11-13 11:50:00 -06:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (Feb 21, 2025):

Hum that's odd. You could look through your VPS settings maybe in the hosting provider and also check UFW and IPTABLES rules to make sure it is not blocked.

Who is your hosting provider?

iptables -L
ufw show added

@oschwartz10612 commented on GitHub (Feb 21, 2025): Hum that's odd. You could look through your VPS settings maybe in the hosting provider and also check UFW and IPTABLES rules to make sure it is not blocked. Who is your hosting provider? `iptables -L` `ufw show added`

GiteaMirror commented 2025-11-13 11:50:01 -06:00

Author

Owner

Copy Link

@L3nski commented on GitHub (Feb 21, 2025):

VPS is RackNerd. I think that it has to do with my local firewall. I'm running PFSsense. Reason I say that is that it's not working even if I run. Pangolin locally so I feel like the Newt connection is the issue which is local in both cases. VPS iptables

@L3nski commented on GitHub (Feb 21, 2025): VPS is RackNerd. I think that it has to do with my local firewall. I'm running PFSsense. Reason I say that is that it's not working even if I run. Pangolin locally so I feel like the Newt connection is the issue which is local in both cases. VPS iptables <img width="1094" alt="Image" src="https://github.com/user-attachments/assets/03282ddc-ecce-4154-9912-043e23e4ca47" />

GiteaMirror commented 2025-11-13 11:50:01 -06:00

Author

Owner

Copy Link

@L3nski commented on GitHub (Feb 21, 2025):

Yes the port is supposed to be forwarded

@L3nski commented on GitHub (Feb 21, 2025): Yes the port is supposed to be forwarded

GiteaMirror commented 2025-11-13 11:50:01 -06:00

Author

Owner

Copy Link

@smoothml commented on GitHub (Feb 27, 2025):

I'm not sure if this is helpful, but it's tangentially related. I had this issue and Newt prompted me to open port 51280 on my Pangolin server. I did this and now everything works, though as far as I can tell no traffic is actually being sent to this port. Here are the Newt logs. The Failed to connect logs were because I rebooted my Pangolin server.

Feb 27 20:40:54 my-server newt[3950078]: ERROR: 2025/02/27 20:40:54 Ping failed: use of closed network connection
Feb 27 20:40:54 my-server newt[3950078]: ERROR: 2025/02/27 20:40:54 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: connect: no route to host. R>
Feb 27 20:41:04 my-server newt[3950078]: ERROR: 2025/02/27 20:41:04 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: connect: no route to host. R>
Feb 27 20:41:14 my-server newt[3950078]: ERROR: 2025/02/27 20:41:14 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: connect: no route to host. R>
Feb 27 20:41:24 my-server newt[3950078]: ERROR: 2025/02/27 20:41:24 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: connect: no route to host. R>
Feb 27 20:41:34 my-server newt[3950078]: ERROR: 2025/02/27 20:41:34 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: connect: no route to host. R>
Feb 27 20:41:44 my-server newt[3950078]: ERROR: 2025/02/27 20:41:44 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: connect: no route to host. R>
Feb 27 20:41:54 my-server newt[3950078]: ERROR: 2025/02/27 20:41:54 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: connect: no route to host. R>
Feb 27 20:42:34 my-server newt[3950078]: ERROR: 2025/02/27 20:42:34 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: i/o timeout. Retrying in 10s>
Feb 27 20:43:14 my-server newt[3950078]: ERROR: 2025/02/27 20:43:14 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: i/o timeout. Retrying in 10s>
Feb 27 20:43:25 my-server newt[3950078]: ERROR: 2025/02/27 20:43:25 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": EOF. Retrying in 10s...
Feb 27 20:43:35 my-server newt[3950078]: INFO: 2025/02/27 20:43:35 Sent registration message
Feb 27 20:43:35 my-server newt[3950078]: INFO: 2025/02/27 20:43:35 Received registration message
Feb 27 20:43:35 my-server newt[3950078]: INFO: 2025/02/27 20:43:35 Already connected! But I will send a ping anyway...
Feb 27 20:43:35 my-server newt[3950078]: INFO: 2025/02/27 20:43:35 Ping attempt 1 of 5
Feb 27 20:43:35 my-server newt[3950078]: INFO: 2025/02/27 20:43:35 Pinging 100.89.128.1
Feb 27 20:43:45 my-server newt[3950078]: WARN: 2025/02/27 20:43:45 Ping attempt 1 failed: failed to read ICMP packet: i/o timeout
Feb 27 20:43:47 my-server newt[3950078]: INFO: 2025/02/27 20:43:47 Ping attempt 2 of 5
Feb 27 20:43:47 my-server newt[3950078]: INFO: 2025/02/27 20:43:47 Pinging 100.89.128.1
Feb 27 20:43:57 my-server newt[3950078]: WARN: 2025/02/27 20:43:57 Ping attempt 2 failed: failed to read ICMP packet: i/o timeout
Feb 27 20:43:59 my-server newt[3950078]: INFO: 2025/02/27 20:43:59 Ping attempt 3 of 5
Feb 27 20:43:59 my-server newt[3950078]: INFO: 2025/02/27 20:43:59 Pinging 100.89.128.1
Feb 27 20:44:09 my-server newt[3950078]: WARN: 2025/02/27 20:44:09 Ping attempt 3 failed: failed to read ICMP packet: i/o timeout
Feb 27 20:44:11 my-server newt[3950078]: INFO: 2025/02/27 20:44:11 Ping attempt 4 of 5
Feb 27 20:44:11 my-server newt[3950078]: INFO: 2025/02/27 20:44:11 Pinging 100.89.128.1
Feb 27 20:44:21 my-server newt[3950078]: WARN: 2025/02/27 20:44:21 Ping attempt 4 failed: failed to read ICMP packet: i/o timeout
Feb 27 20:44:23 my-server newt[3950078]: INFO: 2025/02/27 20:44:23 Ping attempt 5 of 5
Feb 27 20:44:23 my-server newt[3950078]: INFO: 2025/02/27 20:44:23 Pinging 100.89.128.1
Feb 27 20:44:33 my-server newt[3950078]: WARN: 2025/02/27 20:44:33 Ping attempt 5 failed: failed to read ICMP packet: i/o timeout
Feb 27 20:44:33 my-server newt[3950078]: WARN: 2025/02/27 20:44:33 Failed to ping 100.89.128.1: all ping attempts failed after 5 tries, last error: failed to read ICMP packet: i/o timeout
Feb 27 20:44:33 my-server newt[3950078]: WARN: 2025/02/27 20:44:33 HINT: Do you have UDP port 51280 (or the port in config.yml) open on your Pangolin server?

@smoothml commented on GitHub (Feb 27, 2025): I'm not sure if this is helpful, but it's tangentially related. I had this issue and Newt prompted me to open port **51280** on my Pangolin server. I did this and now everything works, though as far as I can tell no traffic is actually being sent to this port. Here are the Newt logs. The `Failed to connect` logs were because I rebooted my Pangolin server. ``` Feb 27 20:40:54 my-server newt[3950078]: ERROR: 2025/02/27 20:40:54 Ping failed: use of closed network connection Feb 27 20:40:54 my-server newt[3950078]: ERROR: 2025/02/27 20:40:54 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: connect: no route to host. R> Feb 27 20:41:04 my-server newt[3950078]: ERROR: 2025/02/27 20:41:04 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: connect: no route to host. R> Feb 27 20:41:14 my-server newt[3950078]: ERROR: 2025/02/27 20:41:14 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: connect: no route to host. R> Feb 27 20:41:24 my-server newt[3950078]: ERROR: 2025/02/27 20:41:24 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: connect: no route to host. R> Feb 27 20:41:34 my-server newt[3950078]: ERROR: 2025/02/27 20:41:34 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: connect: no route to host. R> Feb 27 20:41:44 my-server newt[3950078]: ERROR: 2025/02/27 20:41:44 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: connect: no route to host. R> Feb 27 20:41:54 my-server newt[3950078]: ERROR: 2025/02/27 20:41:54 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: connect: no route to host. R> Feb 27 20:42:34 my-server newt[3950078]: ERROR: 2025/02/27 20:42:34 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: i/o timeout. Retrying in 10s> Feb 27 20:43:14 my-server newt[3950078]: ERROR: 2025/02/27 20:43:14 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": dial tcp xxx.xxx.xxx.xxx:443: i/o timeout. Retrying in 10s> Feb 27 20:43:25 my-server newt[3950078]: ERROR: 2025/02/27 20:43:25 Failed to connect: failed to get token: failed to request new token: Post "https://pangolin.example.com/api/v1/auth/newt/get-token": EOF. Retrying in 10s... Feb 27 20:43:35 my-server newt[3950078]: INFO: 2025/02/27 20:43:35 Sent registration message Feb 27 20:43:35 my-server newt[3950078]: INFO: 2025/02/27 20:43:35 Received registration message Feb 27 20:43:35 my-server newt[3950078]: INFO: 2025/02/27 20:43:35 Already connected! But I will send a ping anyway... Feb 27 20:43:35 my-server newt[3950078]: INFO: 2025/02/27 20:43:35 Ping attempt 1 of 5 Feb 27 20:43:35 my-server newt[3950078]: INFO: 2025/02/27 20:43:35 Pinging 100.89.128.1 Feb 27 20:43:45 my-server newt[3950078]: WARN: 2025/02/27 20:43:45 Ping attempt 1 failed: failed to read ICMP packet: i/o timeout Feb 27 20:43:47 my-server newt[3950078]: INFO: 2025/02/27 20:43:47 Ping attempt 2 of 5 Feb 27 20:43:47 my-server newt[3950078]: INFO: 2025/02/27 20:43:47 Pinging 100.89.128.1 Feb 27 20:43:57 my-server newt[3950078]: WARN: 2025/02/27 20:43:57 Ping attempt 2 failed: failed to read ICMP packet: i/o timeout Feb 27 20:43:59 my-server newt[3950078]: INFO: 2025/02/27 20:43:59 Ping attempt 3 of 5 Feb 27 20:43:59 my-server newt[3950078]: INFO: 2025/02/27 20:43:59 Pinging 100.89.128.1 Feb 27 20:44:09 my-server newt[3950078]: WARN: 2025/02/27 20:44:09 Ping attempt 3 failed: failed to read ICMP packet: i/o timeout Feb 27 20:44:11 my-server newt[3950078]: INFO: 2025/02/27 20:44:11 Ping attempt 4 of 5 Feb 27 20:44:11 my-server newt[3950078]: INFO: 2025/02/27 20:44:11 Pinging 100.89.128.1 Feb 27 20:44:21 my-server newt[3950078]: WARN: 2025/02/27 20:44:21 Ping attempt 4 failed: failed to read ICMP packet: i/o timeout Feb 27 20:44:23 my-server newt[3950078]: INFO: 2025/02/27 20:44:23 Ping attempt 5 of 5 Feb 27 20:44:23 my-server newt[3950078]: INFO: 2025/02/27 20:44:23 Pinging 100.89.128.1 Feb 27 20:44:33 my-server newt[3950078]: WARN: 2025/02/27 20:44:33 Ping attempt 5 failed: failed to read ICMP packet: i/o timeout Feb 27 20:44:33 my-server newt[3950078]: WARN: 2025/02/27 20:44:33 Failed to ping 100.89.128.1: all ping attempts failed after 5 tries, last error: failed to read ICMP packet: i/o timeout Feb 27 20:44:33 my-server newt[3950078]: WARN: 2025/02/27 20:44:33 HINT: Do you have UDP port 51280 (or the port in config.yml) open on your Pangolin server? ```

GiteaMirror commented 2025-11-13 11:50:02 -06:00

Author

Owner

Copy Link

@x86txt commented on GitHub (Apr 6, 2025):

If you change the gerbil start_port in config.yml from 51280, you have to update the port forward in the docker-compose.yml also.

That's the cause of the ping failures.

I can't run any WG on port 51820, so I moved Newt to 51830 but I noticed the docker network proxy was still listening on 51820.

I made the change below and the site finally came up.

docker-compose.yml:

      - 51820:51820/udp

to

      - 51830:51830/udp

@x86txt commented on GitHub (Apr 6, 2025): If you change the gerbil ```start_port``` in config.yml from 51280, you have to update the port forward in the docker-compose.yml also. That's the cause of the ping failures. I can't run any WG on port 51820, so I moved Newt to 51830 but I noticed the docker network proxy was still listening on 51820. I made the change below and the site finally came up. docker-compose.yml: ``` ports: - 51820:51820/udp ``` to ``` ports: - 51830:51830/udp ```

GiteaMirror commented 2025-11-13 11:50:02 -06:00

Author

Owner

Copy Link

@Soitora commented on GitHub (Jul 29, 2025):

I can't run any WG on port 51820, so I moved Newt to 51830 but I noticed the docker network proxy was still listening on 51820.

Reading this comment solved 15 hours of debugging on my Unraid system. I was never able to test the 51822 port that Gerbil had as it was busy by other services, but now that I tried it, it solved every issue I had.

@Soitora commented on GitHub (Jul 29, 2025): > I can't run any WG on port 51820, so I moved Newt to 51830 but I noticed the docker network proxy was still listening on 51820. Reading this comment solved 15 hours of debugging on my Unraid system. I was never able to test the 51822 port that Gerbil had as it was busy by other services, but now that I tried it, it solved every issue I had.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/npm_and_yarn/prod-minor-updates-47a8475ba0

dependabot/npm_and_yarn/dev-patch-updates-c4a0f28f13

dependabot/go_modules/install/minor-updates-a98db8910e

crowdin_dev

dev

delete-domains

dependabot/npm_and_yarn/eslint-10.0.3

dependabot/npm_and_yarn/next-16.1.6

dependabot/npm_and_yarn/recharts-3.7.0

dependabot/go_modules/install/github.com/charmbracelet/huh-1.0.0

dependabot/github_actions/docker/login-action-4.0.0

dependabot/github_actions/actions/setup-node-6.3.0

jit

msg-opt

dependabot/docker/docker/library/node-25-slim

dependabot/github_actions/actions/upload-artifact-7.0.0

dependabot/github_actions/actions/setup-go-6.3.0

cache

multi-role

logs-database

ssh

cloud-multi-org

delete-account

new-pricing

msg-delivery

org-only-idp

cicd

clients-user

1.12.3

policies

patch

site-targets-auto-login

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4-s.1

1.15.4

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.2

1.15.1-s.1

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#98