From 01c75a47105fd144044aa8d98e0d037d5735fb5d Mon Sep 17 00:00:00 2001 From: Owen Date: Mon, 22 Dec 2025 15:14:47 -0500 Subject: [PATCH] Add wildcards and clarify icmp --- manage/resources/private/alias.mdx | 6 ++++++ manage/resources/private/destinations.mdx | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/manage/resources/private/alias.mdx b/manage/resources/private/alias.mdx index 9b9d2b4..90e816b 100644 --- a/manage/resources/private/alias.mdx +++ b/manage/resources/private/alias.mdx @@ -15,6 +15,12 @@ A alias can only be created for a Resource that is a single host (IP or FQDN). A Since aliases cannot be single-label domains, you must avoid using domain names that do not contain a dot (e.g., `pangolin`). A domain like `pangolin.net`, which includes a dot, is acceptable. Instead of a single-label domain, you should consider using a subdomain of a domain you control, such as `router.mywebsite.com`, or an existing private/internal domain name, like `router.internal` or `router.corp`. +### Wildcards + +Wildcards allow you to define aliases that match multiple hostnames using special characters in the FQDN. For example, in an alias like `*.host-0?.autoco.internal`, the asterisk `*` matches any sequence of characters (including none), and the question mark `?` matches exactly one character. + +If you use a wildcard such as `*.proxy.internal`, it will match any hostname that ends with `.proxy.internal` and has something before the dot—such as `host.proxy.internal`, `longerhost.proxy.internal`, or even `sub.host.proxy.internal`. However, the wildcard will not match the base domain itself (`autoco.internal` without anything before the dot). + ## Custom Upstream DNS Aliases work by overriding the DNS of your computer running the client so that all DNS requests are sent to the Pangolin client for resolution. The dns server on your computer is typically `100.96.128.1` (the first address inside of your utility subnet on the org) when connected to the tunnel which will forward request to an upstream server. By default, we use `9.9.9.9`, but this upstream address can be configured using [the flag](/manage/clients/configure-client) in the CLI / Olm or in the client settings. diff --git a/manage/resources/private/destinations.mdx b/manage/resources/private/destinations.mdx index c8d3a49..56e9122 100644 --- a/manage/resources/private/destinations.mdx +++ b/manage/resources/private/destinations.mdx @@ -28,7 +28,7 @@ It is recommended that you create overlapping resources only if absolutely requi ## ICMP End to End? -Pangolin supports testing connectivity to Resources using ICMP ping requests. However, it's important to note that while the Pangolin client can send ICMP echo requests to the destination, the actual ping request is captured and replayed from the Newt binary to the actually destination. This means that requests are not end to end but are still an effective way to test connectivity to a resource. +Pangolin supports testing connectivity to Resources using ICMP ping requests. However, it's important to note that while the Pangolin client can send ICMP echo requests to the destination, **the actual ping request is captured and replayed from the Newt binary to the actually destination**. This means that requests are not end to end but are still an effective way to test connectivity to a resource. ## Unicast Only?