Skip to content

IPv6 parsing error: malformed exit node address from Pangolin Cloud API #209

New issue
New issue
Open
Open
IPv6 parsing error: malformed exit node address from Pangolin Cloud API#209
Assignees
oschwartz10612
Labels
bugSomething isn't working
@ashish-tandon

Description

@ashish-tandon
ashish-tandon
opened on Dec 16, 2025

Describe the Bug

## Issue Description

When newt requests WireGuard configuration from Pangolin Cloud via websocket, the API returns an exit node endpoint with a malformed IPv6 address format.

**Received**: `2607:5300:205:200::1349:51820`  
**Expected**: `[2607:5300:205:200::1349]:51820` (IPv6 addresses with ports must be enclosed in brackets)

## Error Details

The newt client logs show:

ERROR: Failed to split endpoint: address 2607:5300:205:200::1349:51820: too many colons in address
INFO: SendMessageInterval timed out after 10 attempts for message type: newt/wg/get-config


This prevents newt from parsing the endpoint and establishing the WireGuard connection.

## Environment

- **Newt Version**: 1.7.0
- **Pangolin Server Version**: 1.13.1 (self-hosted)
- **Affected Sites**: All newt sites (3 sites, all v1.7.0)
- **Configuration**: IPv6 disabled system-wide and in Docker, `base_endpoint` set to IPv4

## Configuration

- **Self-hosted Pangolin**: v1.13.1 with managed node `4giykuufnm22lg6`
- **Remote exit node**: v1.1.2 on OVH VPS
- **Newt Sites**:
  - inside.ashhl.ca (v1xak444467lq65)
  - outside.ashhl.com (4l7778rk2o7vbzu)
  - ovh.ashhl.ca (cqn4qphlb6741r2)

## Request

1. **Fix the malformed IPv6 format** in Pangolin Cloud API responses
   - Ensure IPv6 addresses with ports are properly formatted: `[IPv6]:port`

2. **OR provide IPv4-only exit nodes option**
   - Since IPv6 is disabled and we've configured for IPv4-only
   - A setting to prefer/force IPv4 exit nodes would resolve this

## Additional Context

- We've already updated `base_endpoint` in config.yml to IPv4 as suggested
- The issue persists because it's in the API response (exit node addresses), not local config
- IPv6 is disabled system-wide and in Docker on both systems

Labels to Add (if available)

  • bug
  • ipv6
  • api

Environment

Environment

On-Prem (Self-hosted Pangolin Server)

  • OS Type & Version: Debian GNU/Linux 13 (trixie)
  • Pangolin Version: 1.13.1 (fosrl/pangolin:postgresql-latest)
  • Gerbil Version: latest (fosrl/gerbil:latest)
  • Traefik Version: v3.4.0
  • Newt Version: 1.7.0
  • Olm Version: N/A

OVH VPS (Remote Exit Node)

  • OS Type & Version: Ubuntu 25.04
  • Pangolin Version: 1.1.2 (fosrl/pangolin-node:latest)
  • Gerbil Version: 1.3.0 (fosrl/gerbil:1.3.0)
  • Traefik Version: v3.5
  • Newt Version: 1.7.0
  • Olm Version: N/A

Affected Sites

All three newt sites (v1.7.0) are affected:

  • inside.ashhl.ca (ID: v1xak444467lq65) - On-prem Docker container
  • outside.ashhl.com (ID: 4l7778rk2o7vbzu) - On-prem base OS
  • ovh.ashhl.ca (ID: cqn4qphlb6741r2) - OVH VPS base OS

To Reproduce

Prerequisites

  1. Self-hosted Pangolin instance (v1.13.1) with managed node configuration
  2. Remote exit node (v1.1.2) or any exit node with IPv6 address
  3. Newt client v1.7.0 installed and configured
  4. IPv6 disabled system-wide (to force IPv4 preference)

Steps

  1. Configure newt site with valid credentials:

    newt --id <site-id> --secret <secret> --endpoint https://app.pangolin.net

  2. Newt connects to Pangolin Cloud via WebSocket successfully

  3. Newt requests WireGuard configuration: newt/wg/get-config

  4. Pangolin Cloud API responds with exit node endpoint containing malformed IPv6 address:

    • Received: 2607:5300:205:200::1349:51820
    • Expected: [2607:5300:205:200::1349]:51820

  5. Newt fails to parse the endpoint:

    ERROR: Failed to split endpoint: address 2607:5300:205:200::1349:51820: too many colons in address

  6. WireGuard configuration request times out:

    INFO: SendMessageInterval timed out after 10 attempts for message type: newt/wg/get-config

Configuration Files

  • config.yml has base_endpoint set to IPv4: 148.113.197.35
  • IPv6 disabled in system (/etc/sysctl.conf) and Docker
  • All services configured for IPv4-only operation

Expected Behavior

  1. Pangolin Cloud API should return properly formatted IPv6 addresses when IPv6 is used:

    • Format: [IPv6_address]:port
    • Example: [2607:5300:205:200::1349]:51820

  2. OR Pangolin Cloud API should return IPv4 exit node addresses when:

    • Client/system has IPv6 disabled
    • base_endpoint is configured with IPv4 address
    • Organization/site preference is set for IPv4

  3. Newt should successfully parse the endpoint and establish WireGuard connection

  4. Site should come online and show as connected in Pangolin dashboard

Expected Behavior

Actual Behavior

  1. Pangolin Cloud API returns malformed IPv6 address: 2607:5300:205:200::1349:51820
  2. Newt fails to parse due to "too many colons" error
  3. WireGuard configuration request times out
  4. Site remains offline despite WebSocket connection being established
  5. Error repeats every time newt attempts to get WireGuard configuration

Additional Context

  • This affects all newt sites regardless of deployment location
  • WebSocket connection to Pangolin Cloud works fine
  • Issue is specifically in the exit node address format returned by the API
  • Local base_endpoint configuration is correct (IPv4)
  • Issue persists even after updating base_endpoint to IPv4 on both instances

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions