Skip to main content

Mac and Windows

Each respective client has a preferences window with all currently available configuration parameters like DNS override and preferred DNS servers. In your desktop client, click the menu bar or system tray icon, select More in the menu, and click Preferences.

Screenshot of how to access preferences window on Mac client. The steps are the same on Windows.

Pangolin CLI

Refer to the documentation in the official repository for the available commands, default values, and more.

Olm CLI

Flags

id
string
required
Olm ID generated by Pangolin to identify the client.Example: 31frd0uzbjvp721
secret
string
required
A unique secret used to authenticate the client ID with the websocket.Example: h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6
Keep this secret private and secure. It’s used for authentication.
endpoint
string
required
The endpoint where both Gerbil and Pangolin reside for websocket connections.Example: https://pangolin.example.com
org
string
Organization ID to connect to.
user-token
string
User authentication token.
mtu
integer
MTU for the internal WireGuard interface.Default: 1280
dns
string
DNS server to use to resolve the endpoint.Default: 8.8.8.8
upstream-dns
string
Upstream DNS server(s), comma-separated.Default: 8.8.8.8:53
log-level
string
The log level to use for Olm output.Options: DEBUG, INFO, WARN, ERROR, FATALDefault: INFO
ping-interval
string
Interval for pinging the server.Default: 3s
ping-timeout
string
Timeout for each ping.Default: 5s
interface
string
Name of the WireGuard interface.Default: olm
enable-api
boolean
Enable API server for receiving connection requests.Default: false
http-addr
string
HTTP server address (e.g., ‘:9452’).Default: :9452
socket-path
string
Unix socket path (or named pipe on Windows).Default: /var/run/olm.sock (Linux/macOS) or olm (Windows)
disable-holepunch
boolean
Disable hole punching.Default: false
override-dns
boolean
Override system DNS settings.Default: false
tunnel-dns
boolean
Force connectivity to the upstream DNS server to go via the tunnel to a resource.Default: false
disable-relay
boolean
Disable relay connections.Default: false

Environment Variables

All CLI arguments can be set using environment variables as an alternative to command line flags. Environment variables are particularly useful when running Olm in containerized environments.
When both environment variables and CLI arguments are provided, CLI arguments take precedence.
PANGOLIN_ENDPOINT
string
Endpoint of your Pangolin server (equivalent to --endpoint)
OLM_ID
string
Olm ID generated by Pangolin (equivalent to --id)
OLM_SECRET
string
Olm secret for authentication (equivalent to --secret)
ORG
string
Organization ID to connect to (equivalent to --org)
USER_TOKEN
string
User authentication token (equivalent to --user-token)
MTU
integer
MTU for the internal WireGuard interface (equivalent to --mtu)Default: 1280
DNS
string
DNS server to use to resolve the endpoint (equivalent to --dns)Default: 8.8.8.8
UPSTREAM_DNS
string
Upstream DNS server(s), comma-separated (equivalent to --upstream-dns)Default: 8.8.8.8:53
LOG_LEVEL
string
Log level (equivalent to --log-level)Default: INFO
PING_INTERVAL
string
Interval for pinging the server (equivalent to --ping-interval)Default: 3s
PING_TIMEOUT
string
Timeout for each ping (equivalent to --ping-timeout)Default: 5s
INTERFACE
string
Name of the WireGuard interface (equivalent to --interface)Default: olm
ENABLE_API
boolean
Enable API server for receiving connection requests (equivalent to --enable-api)Set to “true” to enableDefault: false
HTTP_ADDR
string
HTTP server address (equivalent to --http-addr)Default: :9452
SOCKET_PATH
string
Unix socket path or Windows named pipe (equivalent to --socket-path)Default: /var/run/olm.sock (Linux/macOS) or olm (Windows)
DISABLE_HOLEPUNCH
boolean
Disable hole punching (equivalent to --disable-holepunch)Set to “true” to disableDefault: false
OVERRIDE_DNS
boolean
Override system DNS settings (equivalent to --override-dns)Set to “true” to enableDefault: false
DISABLE_RELAY
boolean
Disable relay connections (equivalent to --disable-relay)Set to “true” to disableDefault: false
CONFIG_FILE
string
Set to the location of a JSON file to load secret values

Loading secrets from files

You can use CONFIG_FILE to define a location of a config file to store the credentials between runs. 
$ cat ~/.config/olm-client/config.json
{
  "id": "spmzu8rbpzj1qq6",
  "secret": "f6v61mjutwme2kkydbw3fjo227zl60a2tsf5psw9r25hgae3",
  "endpoint": "https://app.pangolin.net",
  "org": "",
  "userToken": "",
  "mtu": 1280,
  "dns": "8.8.8.8",
  "upstreamDNS": ["8.8.8.8:53"],
  "interface": "olm",
  "logLevel": "INFO",
  "enableApi": false,
  "httpAddr": "",
  "socketPath": "/var/run/olm.sock",
  "pingInterval": "3s",
  "pingTimeout": "5s",
  "disableHolepunch": false,
  "overrideDNS": false,
  "disableRelay": false,
  "tlsClientCert": ""
}
This file is also written to when olm first starts up. So you do not need to run every time with —id and secret if you have run it once! Default locations:
  • macOS: ~/Library/Application Support/olm-client/config.json
  • Windows: %PROGRAMDATA%\olm\olm-client\config.json
  • Linux/Others: ~/.config/olm-client/config.json

API

Olm can be started with a HTTP or socket API to configure and manage it. See the API documentation for more details.