Address filter check on nym-network-requester (v.1.1.19 onwards)

[sergio737446]

INEXPLICABLE (FOR ME) BEHAVIOR OF NYM-NETWORK-REQUESTER

PREFACE
vps1 = node in USA
vps2 = node in Italy

1. The allowed.list file on the 2 vps is perfectly the same
2. nym-network-requester on each vps is linked to nym-gateway on the same machine
3. on my pc, I inited with different names my nym-socks5-client
   ./nym-socks5-client init --id <name_for_vps1> --gateway <gateway1_id> --provider <generated_client_on_vps1>
   ./nym-socks5-client init --id <name_for_vps2> --gateway <gateway2_id> --provider <generated_client_on_vps2>
   thus, I can run selectively the client:
   ./nym-socks5-client run --id <name_for_vps1>
   ./nym-socks5-client run --id <name_for_vps2>
   The scope is to verify that my local Telegram desktop is working with every vps using one or the other
4. Telegram desktop installed on a ubuntu linux 22.04 desktop

LOGGING
2023-06-08T07:00:38.279Z WARN nym_network_requester::allowed_hosts::filter > Error parsing domain: "2001:67c:4e8:f004:0:0:0:a"
2023-06-08T07:00:38.279Z WARN nym_network_requester::allowed_hosts::filter > Blocked outbound connection to 2001:67c:4e8:f004:0:0:0:a:443, add it to allowed.list if needed
2023-06-08T07:00:38.279Z INFO nym_network_requester::core > Domain "2001:67c:4e8:f004:0:0:0:a:443" failed filter check
.....
2023-06-08T07:21:05.443Z WARN nym_network_requester::allowed_hosts::filter > Error parsing domain: "2001:67c:4e8:f004:0:0:0:b"
2023-06-08T07:21:05.444Z WARN nym_network_requester::allowed_hosts::filter > Blocked outbound connection to 2001:67c:4e8:f004:0:0:0:b:443, add it to allowed.list if needed
2023-06-08T07:21:05.444Z INFO nym_network_requester::core > Domain "2001:67c:4e8:f004:0:0:0:b:443" failed filter check
.....
2023-06-08T07:34:26.714Z WARN nym_network_requester::allowed_hosts::filter > Error parsing domain: "2001:67c:4e8:f002:0:0:0:a"
2023-06-08T07:34:26.714Z WARN nym_network_requester::allowed_hosts::filter > Blocked outbound connection to 2001:67c:4e8:f002:0:0:0:a:443, add it to allowed.list if needed
2023-06-08T07:34:26.715Z INFO nym_network_requester::core > Domain "2001:67c:4e8:f002:0:0:0:a:443" failed filter check
2023
.....
2023-06-08T07:37:14.970Z WARN nym_network_requester::allowed_hosts::filter > Error parsing domain: "2001:b28:f23f:f005:0:0:0:a"
2023-06-08T07:37:14.970Z WARN nym_network_requester::allowed_hosts::filter > Blocked outbound connection to 2001:b28:f23f:f005:0:0:0:a:443, add it to allowed.list if needed
2023-06-08T07:37:14.971Z INFO nym_network_requester::core > Domain "2001:b28:f23f:f005:0:0:0:a:443" failed filter check

***** please, note that some (not all: the first one ipv6 is not) of those ipv6 (one is 2001:67c:4e8:f004:0:0:0:b for example) are present in the allowed.list in appendix!

BEHAVIOR OF THE ISSUE
The evident behavior is that the Telegram desktop window, upon start, stays totally empty (blank screen and "connecting") and there is no blue shield in the bottom-left corner
I do this test at least every day on both vps's. It is not just once that I noted this behavior

SOLUTION
It is sufficient and necessary stop and start the nym-network-requester.service on the (in that moment) linked vps to solve the issue; restart of Telegram desktop or nym-socks5-client don't change this:
sudo service nym-network-requester stop
sudo service nym-network-requester start
I found this solution by trying:
1 close and reopen telegram desktop
2 close and reopen nym-socks5-client
without any change. Only after rerunning nym-network-requester.service did I get rid of the problem. This seems to be the only way out, and every time it works

IMPORTANT FINAL CONSIDERATIONS

• The docs regarding the network requester - https://nymtech.net/docs/nodes/network-requester-setup.html, are not totally correct about the position of the files allowed.list and unknown.list
  but maybe someone already
  
  
  raised an issue, perhaps in github, if I am not wrong
• I stopped the network-requester service, put a VOID allowed.list and a VOID unknown.list, and then started the service. On my side, I re-run the nym-socks5-client and Telegram worked the same! To this regard, could this thing have sense? Am I crazy? I did not find in the unknown.list any of these ip addresses reported. The behavior seems to be that the logs trace a failed filter check, but the traffic is not really stopped.
  Screenshots of what I report are available, in case.

APPENDIX
on both machines, I run as a service:
ExecStart=nym-network-requester run --id --enable-statistics

paste of the contents of my allowed.list file follows:

// Copyright 2020 - Nym Technologies SA [email protected]
// SPDX-License-Identifier: Apache-2.0
// in use from 2023-03-08 - copied from Nym Docs (I use only telegram)

Keybase

#keybaseapi.com
#s3.amazonaws.com
#amazonaws.com
#twitter.com
#keybase.io
#gist.githubusercontent.com

Used to for uptime healthcheck (see the section on testing your requester below for more)

nymtech.net

Blockstream Green Bitcoin Wallet

#blockstream.info
#blockstream.com
#greenaddress.it

Electrum Bitcoin Wallet

#electrum.org

Helios Ethereum Client

#alchemy.com
#lightclientdata.org

Telegram - these IPs have been copied from https://core.telegram.org/resources/cidr.txt as Telegram does

not seem to route by domain as the other apps on this list do

91.108.56.0/22
91.108.4.0/22
91.108.8.0/22
91.108.16.0/22
91.108.12.0/22
149.154.160.0/20
91.105.192.0/23
91.108.20.0/22
185.76.151.0/24
2001:b28:f23d::/48
2001:b28:f23f::/48
2001:67c:4e8::/48
2001:b28:f23c::/48
2a0a:f280::/32

these were added because they were reported in the logs

2001:67c:4e8:f002:0:0:0:a
2001:67c:4e8:f002:0:0:0:b
2001:67c:4e8:f004:0:0:0:b
2001:b28:f23f:f005:0:0:0:a
td.telegram.org
telegram.org

[sergio737446]

Sorry there was a bad paste of the text of my issue when pasting here, there was a bad interpretationof the "#"

[sergio737446]

An update: I noted that, some hours later, something appeared in the unknown.list file. Please, take note of the date of the two files, that I originally created with some second between the two on the day june, 08. It seems to me that more or less 12 hours after the creation of the files, there was this change in unknown.list. Meanwhile, I opened Telegram in my local pc 2/3 times, staying more or less linked for 1 hour or so. Today june, 9 I did not open Telegram, as it can be seen in the screenshots that I send here.

[sergio737446]

[sergio737446]

From then on:

[sergio737446]

One last thing: since I noted that this issue happens almost surely if I stay more than 48 hours without try to run my nym-socks5-client, if you want you are able to test it by yourself.
I usually keep running the nym-network-requester as a service on the server. I avoided to run nym-socks5-client to connect my telegram desktop to my vps for about three days, Now, when I try to use Telegram in connection to the vps, it presents the problem: it stays freezed to the blank window.
If you ask me the gateway id and the complete nym client id of the network-requester, I will provide it to you. So you could do the command
./nym-socks5-client init --id --gateway <my_gateway> --provider <my_provider>
and then try it by yourself.