nym icon indicating copy to clipboard operation
nym copied to clipboard
verified publisher icon nymtech

[Issue] Telegram IPv6 address fails filter check by Network Requester

Open scarletbright opened this issue 3 years ago • 5 comments

Describe the issue When using Telegram with locally installed NYM-client, connected to my remote Network requester, you can see in the Requester's logs that a couple of IPv6 addresses (belonging to Telegram Messenger Inc.) are being blocked, despite being on the allowed.list

Stack Traces extracts from the NYM Network Requester logs:

> Error parsing domain: "2001:67c:4e8:f002:0:0:0:a"
Sep 05 10:21:19 ubuntu-8gb-fsn1-1 nym-network-requester[186807]:  2022-09-05T10:21:19.034Z WARN  nym_network_requester::allowed_hosts > Blocked outbound connection to "2001:67c:4e8:f002:0:0:0:a:443", add it to allowed.list if needed
Sep 05 10:21:19 ubuntu-8gb-fsn1-1 nym-network-requester[186807]:  2022-09-05T10:21:19.848Z WARN  nym_network_requester::allowed_hosts > Blocked outbound connection to "2001:67c:4e8:f002:0:0:0:b:443", add it to allowed.list if needed

Sep 05 10:27:23 ubuntu-8gb-fsn1-1 nym-network-requester[186807]:  2022-09-05T10:27:23.108Z INFO  nym_network_requester::core           > Domain "2001:b28:f23d:f003:0:0:0:a:443" failed filter check
Sep 05 10:27:23 ubuntu-8gb-fsn1-1 nym-network-requester[186807]:  2022-09-05T10:27:23.479Z INFO  nym_network_requester::core           > Domain "2001:67c:4e8:f002:0:0:0:b:443" failed filter check

extract from allowed.list:

2001:67c:4e8::/48
2001:b28:f23c::/48
2001:b28:f23d::/48
2001:b28:f23f::/48

extract from local socks5-client:

 2022-09-05T10:30:48.623Z INFO  nym_socks5_client::socks::client       > Proxy for 2001:67c:4e8:f002:0:0:0:a:443 is finished (id: 6323949491413599084)
 2022-09-05T10:31:17.885Z INFO  nym_socks5_client::socks::client       > Proxy for 2001:67c:4e8:f002:0:0:0:b:443 is finished (id: 7014196861528825030)

Which area of Nym were you using?

  • Version: nym binary(1.0.2)

Additional context NYM Network Requester is running on a remote server, the socks5-client - locally, on macOS 12.5.1

scarletbright avatar Sep 05 '22 10:09 scarletbright

The domain api.telegram.org is pointing to this IP (2001:67c:4e8:f002:0:0:0:a) when using telegram client with IPv6 address

sven-hash avatar Sep 05 '22 10:09 sven-hash

also happening with td.telegram.org

2022-09-06T01:39:40.263Z INFO nym_network_requester::core > Domain "td.telegram.org:443" failed filter check

scarletbright avatar Sep 06 '22 09:09 scarletbright

Apologies for the slow reply here everyone, and maybe the issue isn't persisting now? @mfahampshire do you have further information about the ranges for telegram?

tommyv1987 avatar Feb 02 '23 07:02 tommyv1987

The problem still persists

2023-02-01T21:14:47.484Z WARN nym_network_requester::allowed_hosts::filter > Error parsing domain: "2001:67c:4e8:f002:0:0:0:a"

sven-hash avatar Feb 02 '23 08:02 sven-hash

@octol would you mind having a look to see if this is just a "warning for information" or if it fails to send the request that should go the telegram API. It may also be that the ipv6 range is not the allowed list for telegram (see https://core.telegram.org/resources/cidr.txt)

mmsinclair avatar Jul 10 '23 11:07 mmsinclair