Newt is a fully user-space WireGuard tunnel client and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. It simplifies WireGuard tunnel management by eliminating the need for complex NAT configurations.
Newt is typically used alongside Pangolin and Gerbil as part of a broader system.
Key Features of Newt
- Registers with Pangolin: The client authenticates using a Newt ID and secret to receive a session token. It then establishes a WebSocket connection for control messages.
- WireGuard Control Messages: Newt sets up a WireGuard tunnel in user space using netstack and ensures connectivity with a peer on the Gerbil side.
- Proxy Control Messages: Newt creates local TCP/UDP proxies attached to the virtual tunnel for traffic relaying.
Step-by-Step Installation Guide
Download Newt and make it executable
sudo su
wget -O newt "https://github.com/fosrl/newt/releases/download/1.1.2/newt_linux_amd64" && chmod +x ./newt
Run Newt with your credentials
./newt \
--id 31frd0uzbjvp721 \
--secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 \
--endpoint https://example.com
Install Newt permanently to your system
Move the binary to /usr/local/bin for system-wide access:
sudo mv ./newt /usr/local/bin/newt
Create a systemd service for automatic startup
Create a new systemd service file:
sudo nano /etc/systemd/system/newt.service
Add the following content:
[Unit]
Description=Newt VPN Client
After=network.target
[Service]
ExecStart=/usr/local/bin/newt --id 31frd0uzbjvp721 --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 --endpoint https://example.com
Restart=always
User=root
[Install]
WantedBy=multi-user.target
Enable and start the service
sudo systemctl daemon-reload && sudo systemctl enable newt && sudo systemctl start newt
Check service status
sudo systemctl status newt
Reference: https://docs.fossorial.io/Newt/overview
