Add information about hole punching improvements

2026-02-19 11:26:42 +00:00 · 2025-12-11 14:39:39 -05:00
parent 1a755588a6
commit edec8aa9b8
3 changed files with 75 additions and 53 deletions
--- a/manage/clients/understanding-clients.mdx
+++ b/manage/clients/understanding-clients.mdx
@@ -63,7 +63,7 @@ Clients can relay traffic through a Pangolin server - through Gerbil specificall
 While functional, it does not always connect reliably and can fall back to relaying. We plan to work to improve the reliability over time by implementing more methods for those behind CGNAT or hard nats.
-Take a look at [these docs](https://tailscale.com/kb/1361/firewall) for some firewall changes you might be able to make to improve hole punch reliability and performance.
+Take a look at [some things you can do to improve reliability](/manage/sites/configure-site#nat-traversal-tweaks) if you are not getting reliable hole punching.
 This should help to:
 - Increase performance (speed/bandwidth)
--- a/manage/sites/configure-site.mdx
+++ b/manage/sites/configure-site.mdx
@@ -27,6 +27,12 @@ description: "Configure Newt for connecting to Pangolin sites"
  **Example**: `https://pangolin.example.com`
 </ResponseField>
 <ResponseField name="port" type="integer">
  Port for the peers to connect to Newt on. This can be used to keep a static port open in firewalls instead of default random ports.
  **Example**: `34534`
 </ResponseField>
 <ResponseField name="mtu" type="integer">
  MTU for the internal WireGuard interface.
@@ -199,6 +205,10 @@ When both environment variables and CLI arguments are provided, CLI arguments ta
  Newt secret for authentication (equivalent to `--secret`)
 </ResponseField>
 <ResponseField name="PORT" type="integer">
    Port for the peers to connect to Newt on (equivalent to `--port`)
 </ResponseField>
 <ResponseField name="MTU" type="integer">
  MTU for the internal WireGuard interface (equivalent to `--mtu`)
@@ -486,3 +496,11 @@ newt \
 --tls-client-key ./client.key \
 --tls-client-ca ./ca.crt
 ```
 ## NAT Traversal Tweaks
 Newt supports NAT traversal to allow clients to connect directly to Newt sites without relaying through the Pangolin server, improving performance and reducing latency.
 In some environment depending on the NAT type and firewall, you may need to tweak some settings to get optimal connectivity in the firewall itself. Take a look at [these docs](https://tailscale.com/kb/1361/firewall) for some firewall changes you might be able to make.
 Another option is to keep newt listening for client connections on a static port. This allows you to open a specific port in your firewall for Newt client connections instead of random high ports. You can do this by setting the `--port` flag or `PORT` environment variable and then opening this port in the your firewall to DNAT to Newt.
--- a/manage/sites/install-site.mdx
+++ b/manage/sites/install-site.mdx
@@ -15,9 +15,13 @@ Use this command to automatically install Newt. It detects your system architect
 curl -fsSL https://static.pangolin.net/get-newt.sh | bash
 ```
 #### Windows
 If you would like to use Newt on Windows as a service or with clients, wintun.dll is sometimes required. Please use latest installer from [GitHub releases](https://github.com/fosrl/newt/releases/latest).
 ### Manual Download
-Binaries for Linux, macOS, and Windows are available in the [GitHub releases](https://github.com/fosrl/newt/releases) for ARM and AMD64 (x86_64) architectures.
+Binaries for Linux, macOS, and Windows are available in the [GitHub releases](https://github.com/fosrl/newt/releases/latest) for ARM and AMD64 (x86_64) architectures.
 Download and install manually: