Merge pull request #5 from fosrl/dev

Add tip and MTU set to 1280

.gitignore

@@ -1 +1,2 @@
-newt
+newt
+.DS_Store

Makefile

@@ -11,7 +11,16 @@ test:
 	docker run fosrl/newt:latest
 
 local: 
-	 CGO_ENABLED=0 go build -o newt
+	CGO_ENABLED=0 go build -o newt
+
+all_arches:
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -o newt_linux_arm64
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o newt_linux_amd64
+	CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o newt_darwin_arm64
+	CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o newt_darwin_amd64
+	CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o newt_windows_amd64.exe
+	CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build -o newt_freebsd_amd64
+	CGO_ENABLED=0 GOOS=freebsd GOARCH=arm64 go build -o newt_freebsd_arm64
 
 clean:
 	rm newt

README.md

@@ -19,7 +19,7 @@ _Sample output of a Newt container connected to Pangolin and hosting various res
 
 ### Registers with Pangolin
 
-Using the Newt ID and a secret the client will make HTTP requests to Pangolin to receive a session token. Using that token it will connect to a websocket and maintain that connection. Control messages will be sent over the websocket.
+Using the Newt ID and a secret, the client will make HTTP requests to Pangolin to receive a session token. Using that token, it will connect to a websocket and maintain that connection. Control messages will be sent over the websocket.
 
 ### Receives WireGuard Control Messages
 
@@ -27,7 +27,7 @@ When Newt receives WireGuard control messages, it will use the information encod
 
 ### Receives Proxy Control Messages
 
-When Newt receives WireGuard control messages, it will use the information encoded to crate local low level TCP and UDP proxies attached to the virtual tunnel in order to relay traffic to programmed targets.
+When Newt receives WireGuard control messages, it will use the information encoded to create a local low level TCP and UDP proxies attached to the virtual tunnel in order to relay traffic to programmed targets.
 
 ## CLI Args
 
@@ -98,4 +98,4 @@ Newt is dual licensed under the AGPLv3 and the Fossorial Commercial license. For
 
 ## Contributions
 
-Please see [CONTRIBUTIONS](./CONTRIBUTING.md) in the repository for guidelines and best practices.
+Please see [CONTRIBUTIONS](./CONTRIBUTING.md) in the repository for guidelines and best practices.

SECURITY.md

@@ -0,0 +1,14 @@
+# Security Policy
+
+If you discover a security vulnerability, please follow the steps below to responsibly disclose it to us:
+
+1. **Do not create a public GitHub issue or discussion post.** This could put the security of other users at risk.
+2. Send a detailed report to [security@fossorial.io](mailto:security@fossorial.io) or send a **private** message to a maintainer on [Discord](https://discord.gg/HCJR8Xhme4). Include:
+
+- Description and location of the vulnerability.
+- Potential impact of the vulnerability.
+- Steps to reproduce the vulnerability.
+- Potential solutions to fix the vulnerability.
+- Your name/handle and a link for recognition (optional).
+
+We aim to address the issue as soon as possible.

docker-compose.yml

@@ -6,4 +6,5 @@ services:
     environment:
       - PANGOLIN_ENDPOINT=https://example.com
       - NEWT_ID=2ix2t8xk22ubpfy 
-      - NEWT_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2 
+      - NEWT_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2 
+      - LOG_LEVEL=DEBUG

main.go

@@ -12,6 +12,7 @@ import (
 	"net/netip"
 	"os"
 	"os/signal"
+	"strconv"
 	"strings"
 	"syscall"
 	"time"
@@ -123,6 +124,7 @@ func startPingCheck(tnet *netstack.Net, serverIP string, stopChan chan struct{})
 				err := ping(tnet, serverIP)
 				if err != nil {
 					logger.Warn("Periodic ping failed: %v", err)
+					logger.Warn("HINT: Do you have UDP port 51280 (or the port in config.yml) open on your Pangolin server?")
 				}
 			case <-stopChan:
 				logger.Info("Stopping ping check")
@@ -247,6 +249,8 @@ func main() {
 		endpoint   string
 		id         string
 		secret     string
+		mtu        string
+		mtuInt     int
 		dns        string
 		privateKey wgtypes.Key
 		err        error
@@ -257,6 +261,7 @@ func main() {
 	endpoint = os.Getenv("PANGOLIN_ENDPOINT")
 	id = os.Getenv("NEWT_ID")
 	secret = os.Getenv("NEWT_SECRET")
+	mtu = os.Getenv("MTU")
 	dns = os.Getenv("DNS")
 	logLevel = os.Getenv("LOG_LEVEL")
 
@@ -269,6 +274,9 @@ func main() {
 	if secret == "" {
 		flag.StringVar(&secret, "secret", "", "Newt secret")
 	}
+	if mtu == "" {
+		flag.StringVar(&mtu, "mtu", "1280", "MTU to use")
+	}
 	if dns == "" {
 		flag.StringVar(&dns, "dns", "8.8.8.8", "DNS server to use")
 	}
@@ -286,6 +294,12 @@ func main() {
 		logger.Fatal("endpoint, id, and secret are required either via CLI flags or environment variables")
 	}
 
+	// parse the mtu string into an int
+	mtuInt, err = strconv.Atoi(mtu)
+	if err != nil {
+		logger.Fatal("Failed to parse MTU: %v", err)
+	}
+
 	privateKey, err = wgtypes.GeneratePrivateKey()
 	if err != nil {
 		logger.Fatal("Failed to generate private key: %v", err)
@@ -333,7 +347,8 @@ func main() {
 			err = pingWithRetry(tnet, wgData.ServerIP)
 			if err != nil {
 				// Handle complete failure after all retries
-				logger.Error("Failed to ping %s: %v", wgData.ServerIP, err)
+				logger.Warn("Failed to ping %s: %v", wgData.ServerIP, err)
+				logger.Warn("HINT: Do you have UDP port 51280 (or the port in config.yml) open on your Pangolin server?")
 			}
 			return
 		}
@@ -353,7 +368,7 @@ func main() {
 		tun, tnet, err = netstack.CreateNetTUN(
 			[]netip.Addr{netip.MustParseAddr(wgData.TunnelIP)},
 			[]netip.Addr{netip.MustParseAddr(dns)},
-			1420)
+			mtuInt)
 		if err != nil {
 			logger.Error("Failed to create TUN device: %v", err)
 		}