feat: implement dual ipv[4-6] stack and allow newt to ipv6 hole punch

[kevin-gillet]

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Description

see newt issue #126 (base problem)

Refactored the Networking Layer for Dual-Stack Support

• Problem: The core network package was the primary source of crashes. It was built exclusively for IPv4, using low-level raw sockets, manual packet building with gopacket, and IPv4-specific BPF filters. This design was fundamentally incompatible with IPv6.

• Solution: The entire network/network.go file was rewritten to use standard, high-level UDP sockets (net.ListenPacket). This modern approach allows the operating system's kernel to handle the complexities of both IPv4 and IPv6 packet creation. This change simplified the code by removing the gopacket dependency and all the complex raw socket management logic.

This is a big change and i tested all my common uses-cases, but I am not sure it will not break edge cases.

Corrected Hole Punching Address Parsing

• Problem: The initial hole punching logic failed because it used a simple strings.Split on colons (:) to find the port, which does not work for IPv6 addresses. It also attempted to perform DNS lookups on literal IP addresses.

• Solution: Replaced the brittle string manipulation with net.SplitHostPort and added a check to correctly parse literal IP addresses without sending them to a DNS resolver.

Please see fosrl/olm#28 also, i made the same fix to prevent Olm from trying to nameresolve a litteral ipv6.

How to test?

Built with GOOS=linux GOARCH=amd64 go build .

Successfully established a full ipv6 connection from Olm to Newt

Sep 06 02:46:06 newt-lxc-ubuntu25 systemd[1]: Started newt.service - Newt.
Sep 06 02:46:06 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:06 Newt version version_replaceme
Sep 06 02:46:06 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:06 [WGTester] Server started on 0.0.0.0:51181
Sep 06 02:46:06 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:06 Creating new health check monitor with certificate enforcement: false
Sep 06 02:46:07 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:07 Websocket connected
Sep 06 02:46:07 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:07 Requesting exit nodes from server
Sep 06 02:46:07 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:07 Requesting WireGuard configuration from remote server
Sep 06 02:46:07 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:07 Received ping message
Sep 06 02:46:07 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:07 Received registration message
Sep 06 02:46:07 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:07 Connecting to endpoint: <redacted>
Sep 06 02:46:07 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:07 Initial connection test successful
Sep 06 02:46:07 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:07 Tunnel connection to server established successfully!
Sep 06 02:46:07 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:07 Successfully added 0 health check targets
Sep 06 02:46:07 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:07 Started udp proxy to 127.0.0.1:51180
Sep 06 02:46:09 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:09 Received WireGuard clients configuration from remote server
Sep 06 02:46:09 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:09 Created WireGuard interface newt
Sep 06 02:46:09 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:09 Assigning IP address 100.90.128.5/24 to interface newt
Sep 06 02:46:09 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:09 Stopping UDP holepunch
Sep 06 02:46:09 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:09 WireGuard interface newt created and configured
Sep 06 02:46:09 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:09 Added peer with no endpoint!
Sep 06 02:46:09 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:09 Peer 6JWFIuf7Z0d3yV7zv6ViXxBu7WXytW1R3Zz/Do1eGnk= added successfully
Sep 06 02:46:13 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:13 Removing Endpoint for peer 6JWFIuf7Z0d3yV7zv6ViXxBu7WXytW1R3Zz/Do1eGnk=
Sep 06 02:46:13 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:13 Peer 6JWFIuf7Z0d3yV7zv6ViXxBu7WXytW1R3Zz/Do1eGnk= updated successfully
Sep 06 02:46:16 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:16 Peer 6JWFIuf7Z0d3yV7zv6ViXxBu7WXytW1R3Zz/Do1eGnk= removed successfully
Sep 06 02:46:16 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:16 Peer vx4p0cLDS2nb3YWZT0ERGEAv457J4wRGOZSRYGYgBAQ= added successfully
Sep 06 02:46:21 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:21 Removing Endpoint for peer vx4p0cLDS2nb3YWZT0ERGEAv457J4wRGOZSRYGYgBAQ=
Sep 06 02:46:21 newt-lxc-ubuntu25 newt[4621]: INFO: 2025/09/06 02:46:21 Peer vx4p0cLDS2nb3YWZT0ERGEAv457J4wRGOZSRYGYgBAQ= updated successfully


Sep 06 02:46:15 debian12-amd64 systemd[1]: Started olm.service - Olm.
Sep 06 02:46:15 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:15 Olm version version_replaceme
Sep 06 02:46:15 debian12-amd64 olm[796013]: WARN: 2025/09/06 02:46:15 Hole punching is enabled. This is EXPERIMENTAL and may not work in all environments.
Sep 06 02:46:15 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:15 Websocket Connected
Sep 06 02:46:15 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:15 Sent registration message
Sep 06 02:46:15 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:15 Sent initial ping message
Sep 06 02:46:15 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:15 Starting hole punch for 1 exit nodes
Sep 06 02:46:15 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:15 Starting UDP hole punch to 1 exit nodes
Sep 06 02:46:15 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:15 Resolved exit node: <redacted> -> [<redacted-ipv6>]:21820
Sep 06 02:46:16 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:16 Starting hole punch for 1 exit nodes
Sep 06 02:46:16 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:16 Stopping UDP holepunch for all exit nodes
Sep 06 02:46:16 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:16 UDP hole punch goroutine ended for all exit nodes
Sep 06 02:46:16 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:16 UDP hole punch goroutine ended
Sep 06 02:46:17 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:17 UAPI listener started
Sep 06 02:46:17 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:17 Started monitoring for site 3 at 100.90.128.3:52170
Sep 06 02:46:17 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:17 Configured peer e0ktJZ1LfUl3kNBqnsH9Z/KvpJo3oefdmalNOzOtcUQ=
Sep 06 02:46:17 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:17 Started monitoring for site 4 at 100.90.128.5:51181
Sep 06 02:46:17 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:17 Configured peer igCHCm70hKP3Fi5e6bBmnYF2+0wzphBShhcl7zHezHU=
Sep 06 02:46:17 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:17 Started monitoring peer 3
Sep 06 02:46:17 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:17 Started monitoring peer 4
Sep 06 02:46:17 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:17 WireGuard device created.
Sep 06 02:46:21 debian12-amd64 olm[796013]: WARN: 2025/09/06 02:46:21 Peer 4 is disconnected
Sep 06 02:46:21 debian12-amd64 olm[796013]: WARN: 2025/09/06 02:46:21 Peer 3 is disconnected
Sep 06 02:46:21 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:21 Sent relay message
Sep 06 02:46:21 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:21 Sent relay message
Sep 06 02:46:21 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:21 Adjusted peer 4 to point to relay!
Sep 06 02:46:21 debian12-amd64 olm[796013]: INFO: 2025/09/06 02:46:21 Adjusted peer 3 to point to relay!