nym icon indicating copy to clipboard operation
nym copied to clipboard

Published 20 hours ago verified publisher icon nymtech

Address filter check on nym-network-requester (v.1.1.19 onwards)

Open sergio737446 opened this issue 1 year ago • 5 comments

INEXPLICABLE (FOR ME) BEHAVIOR OF NYM-NETWORK-REQUESTER

PREFACE vps1 = node in USA vps2 = node in Italy

  1. The allowed.list file on the 2 vps is perfectly the same
  2. nym-network-requester on each vps is linked to nym-gateway on the same machine
  3. on my pc, I inited with different names my nym-socks5-client ./nym-socks5-client init --id <name_for_vps1> --gateway <gateway1_id> --provider <generated_client_on_vps1> ./nym-socks5-client init --id <name_for_vps2> --gateway <gateway2_id> --provider <generated_client_on_vps2> thus, I can run selectively the client: ./nym-socks5-client run --id <name_for_vps1> ./nym-socks5-client run --id <name_for_vps2>
    The scope is to verify that my local Telegram desktop is working with every vps using one or the other
  4. Telegram desktop installed on a ubuntu linux 22.04 desktop

LOGGING 2023-06-08T07:00:38.279Z WARN nym_network_requester::allowed_hosts::filter > Error parsing domain: "2001:67c:4e8:f004:0:0:0:a" 2023-06-08T07:00:38.279Z WARN nym_network_requester::allowed_hosts::filter > Blocked outbound connection to 2001:67c:4e8:f004:0:0:0:a:443, add it to allowed.list if needed 2023-06-08T07:00:38.279Z INFO nym_network_requester::core > Domain "2001:67c:4e8:f004:0:0:0:a:443" failed filter check ..... 2023-06-08T07:21:05.443Z WARN nym_network_requester::allowed_hosts::filter > Error parsing domain: "2001:67c:4e8:f004:0:0:0:b" 2023-06-08T07:21:05.444Z WARN nym_network_requester::allowed_hosts::filter > Blocked outbound connection to 2001:67c:4e8:f004:0:0:0:b:443, add it to allowed.list if needed 2023-06-08T07:21:05.444Z INFO nym_network_requester::core > Domain "2001:67c:4e8:f004:0:0:0:b:443" failed filter check ..... 2023-06-08T07:34:26.714Z WARN nym_network_requester::allowed_hosts::filter > Error parsing domain: "2001:67c:4e8:f002:0:0:0:a" 2023-06-08T07:34:26.714Z WARN nym_network_requester::allowed_hosts::filter > Blocked outbound connection to 2001:67c:4e8:f002:0:0:0:a:443, add it to allowed.list if needed 2023-06-08T07:34:26.715Z INFO nym_network_requester::core > Domain "2001:67c:4e8:f002:0:0:0:a:443" failed filter check 2023 ..... 2023-06-08T07:37:14.970Z WARN nym_network_requester::allowed_hosts::filter > Error parsing domain: "2001:b28:f23f:f005:0:0:0:a" 2023-06-08T07:37:14.970Z WARN nym_network_requester::allowed_hosts::filter > Blocked outbound connection to 2001:b28:f23f:f005:0:0:0:a:443, add it to allowed.list if needed 2023-06-08T07:37:14.971Z INFO nym_network_requester::core > Domain "2001:b28:f23f:f005:0:0:0:a:443" failed filter check

***** please, note that some (not all: the first one ipv6 is not) of those ipv6 (one is 2001:67c:4e8:f004:0:0:0:b for example) are present in the allowed.list in appendix!

BEHAVIOR OF THE ISSUE The evident behavior is that the Telegram desktop window, upon start, stays totally empty (blank screen and "connecting") and there is no blue shield in the bottom-left corner I do this test at least every day on both vps's. It is not just once that I noted this behavior

SOLUTION It is sufficient and necessary stop and start the nym-network-requester.service on the (in that moment) linked vps to solve the issue; restart of Telegram desktop or nym-socks5-client don't change this: sudo service nym-network-requester stop sudo service nym-network-requester start I found this solution by trying: 1 close and reopen telegram desktop 2 close and reopen nym-socks5-client without any change. Only after rerunning nym-network-requester.service did I get rid of the problem. This seems to be the only way out, and every time it works

IMPORTANT FINAL CONSIDERATIONS

  • The docs regarding the network requester - https://nymtech.net/docs/nodes/network-requester-setup.html, are not totally correct about the position of the files allowed.list and unknown.list but maybe someone already Schermata del 2023-06-08 08-12-04 image_2023-06-08_182518367 raised an issue, perhaps in github, if I am not wrong
  • I stopped the network-requester service, put a VOID allowed.list and a VOID unknown.list, and then started the service. On my side, I re-run the nym-socks5-client and Telegram worked the same! To this regard, could this thing have sense? Am I crazy? I did not find in the unknown.list any of these ip addresses reported. The behavior seems to be that the logs trace a failed filter check, but the traffic is not really stopped. Screenshots of what I report are available, in case.

APPENDIX
on both machines, I run as a service: ExecStart=nym-network-requester run --id --enable-statistics

paste of the contents of my allowed.list file follows: <BOF> // Copyright 2020 - Nym Technologies SA [email protected] // SPDX-License-Identifier: Apache-2.0 // in use from 2023-03-08 - copied from Nym Docs (I use only telegram)

Keybase

#keybaseapi.com #s3.amazonaws.com #amazonaws.com #twitter.com #keybase.io #gist.githubusercontent.com

Used to for uptime healthcheck (see the section on testing your requester below for more)

nymtech.net

Blockstream Green Bitcoin Wallet

#blockstream.info #blockstream.com #greenaddress.it

Electrum Bitcoin Wallet

#electrum.org

Helios Ethereum Client

#alchemy.com #lightclientdata.org

Telegram - these IPs have been copied from https://core.telegram.org/resources/cidr.txt as Telegram does

not seem to route by domain as the other apps on this list do

91.108.56.0/22 91.108.4.0/22 91.108.8.0/22 91.108.16.0/22 91.108.12.0/22 149.154.160.0/20 91.105.192.0/23 91.108.20.0/22 185.76.151.0/24 2001:b28:f23d::/48 2001:b28:f23f::/48 2001:67c:4e8::/48 2001:b28:f23c::/48 2a0a:f280::/32

these were added because they were reported in the logs

2001:67c:4e8:f002:0:0:0:a 2001:67c:4e8:f002:0:0:0:b 2001:67c:4e8:f004:0:0:0:b 2001:b28:f23f:f005:0:0:0:a td.telegram.org telegram.org <EOF>

sergio737446 avatar Jun 08 '23 16:06 sergio737446