search

nymtech / nym

Nym provides strong network-level privacy against sophisticated end-to-end attackers, and anonymous transactions using blinded, re-randomizable, decentralized credentials.
https://nymtech.net
1.3k stars 236 forks source link

[Issue] Telegram IPv6 address fails filter check by Network Requester #1590

Open scarletbright opened 2 years ago

scarletbright commented 2 years ago

Describe the issue When using Telegram with locally installed NYM-client, connected to my remote Network requester, you can see in the Requester's logs that a couple of IPv6 addresses (belonging to Telegram Messenger Inc.) are being blocked, despite being on the allowed.list

Stack Traces extracts from the NYM Network Requester logs:

> Error parsing domain: "2001:67c:4e8:f002:0:0:0:a"
Sep 05 10:21:19 ubuntu-8gb-fsn1-1 nym-network-requester[186807]:  2022-09-05T10:21:19.034Z WARN  nym_network_requester::allowed_hosts > Blocked outbound connection to "2001:67c:4e8:f002:0:0:0:a:443", add it to allowed.list if needed
Sep 05 10:21:19 ubuntu-8gb-fsn1-1 nym-network-requester[186807]:  2022-09-05T10:21:19.848Z WARN  nym_network_requester::allowed_hosts > Blocked outbound connection to "2001:67c:4e8:f002:0:0:0:b:443", add it to allowed.list if needed
Sep 05 10:27:23 ubuntu-8gb-fsn1-1 nym-network-requester[186807]:  2022-09-05T10:27:23.108Z INFO  nym_network_requester::core           > Domain "2001:b28:f23d:f003:0:0:0:a:443" failed filter check
Sep 05 10:27:23 ubuntu-8gb-fsn1-1 nym-network-requester[186807]:  2022-09-05T10:27:23.479Z INFO  nym_network_requester::core           > Domain "2001:67c:4e8:f002:0:0:0:b:443" failed filter check

extract from allowed.list:

2001:67c:4e8::/48
2001:b28:f23c::/48
2001:b28:f23d::/48
2001:b28:f23f::/48

extract from local socks5-client:

 2022-09-05T10:30:48.623Z INFO  nym_socks5_client::socks::client       > Proxy for 2001:67c:4e8:f002:0:0:0:a:443 is finished (id: 6323949491413599084)
 2022-09-05T10:31:17.885Z INFO  nym_socks5_client::socks::client       > Proxy for 2001:67c:4e8:f002:0:0:0:b:443 is finished (id: 7014196861528825030)

Which area of Nym were you using?

Additional context NYM Network Requester is running on a remote server, the socks5-client - locally, on macOS 12.5.1

sven-hash commented 2 years ago

The domain api.telegram.org is pointing to this IP (2001:67c:4e8:f002:0:0:0:a) when using telegram client with IPv6 address

scarletbright commented 2 years ago

also happening with td.telegram.org

2022-09-06T01:39:40.263Z INFO nym_network_requester::core > Domain "td.telegram.org:443" failed filter check

tommyv1987 commented 1 year ago

Apologies for the slow reply here everyone, and maybe the issue isn't persisting now? @mfahampshire do you have further information about the ranges for telegram?

sven-hash commented 1 year ago

The problem still persists

2023-02-01T21:14:47.484Z WARN nym_network_requester::allowed_hosts::filter > Error parsing domain: "2001:67c:4e8:f002:0:0:0:a"

mmsinclair commented 1 year ago

@octol would you mind having a look to see if this is just a "warning for information" or if it fails to send the request that should go the telegram API. It may also be that the ipv6 range is not the allowed list for telegram (see https://core.telegram.org/resources/cidr.txt)