This PR attempts to not send out any challenges at all until the libp2p host has signaled that the node is public. The current level of filtering for public IP addresses does not totally work in that if you have a public IPv6 address but it's inaccessible due to a firewall then we will still reach out too early and hit a failure. Some of the current problems with this are:
It delays how long the user has to wait to get a cert due to the internal backoff
It's extra wasted work for both the client and server
The user will see error logs that either they'll be concerned about or learn to ignore entirely, neither of which is really right here
AFAICT this does not work due to a mismatch between the ObsAddrManager and EvtLocalReachabilityChanged as emitted by autonat:
This PR attempts to not send out any challenges at all until the libp2p host has signaled that the node is public. The current level of filtering for public IP addresses does not totally work in that if you have a public IPv6 address but it's inaccessible due to a firewall then we will still reach out too early and hit a failure. Some of the current problems with this are:
AFAICT this does not work due to a mismatch between the ObsAddrManager and EvtLocalReachabilityChanged as emitted by autonat:
This seems like a bug we'd ideally fix within go-libp2p, but maybe I'm missing something
cc @sukunrt @MarcoPolo @lidel → please discuss in https://github.com/ipshipyard/p2p-forge/issues/7