Nym Gateway Probe

Nym Node operators running Gateway functionality are already familiar with the monitoring tool Harbourmaster.nymtech.net (opens in a new tab). Under the hood of Nym Harbourmaster runs iterations of nym-gateway-probe doing various checks and displaying the results on the interface. Operators don't have to rely on the probe ran by Nym and wait for the data to refresh. With nym-gateway-probe everyone can check any Gateway's networking status from their own computer at any time. In one command the client queries data from:

Preparation

We recommend to have installed all the prerequisites needed to build nym-node from source including latest Rust Toolchain (opens in a new tab), and make sure to have Go (opens in a new tab) installed. Go is necessary as the probe uses the rust2go FFI library to use netstack when making requests.

Installation

nym-gateway-probe source code is in nym-vpn-client (opens in a new tab) repository. The client needs to be build from source.

  1. Clone the repository:
git clone https://github.com/nymtech/nym-vpn-client.git
  1. Build nym-gateway-probe:
cd nym-vpn-client/nym-vpn-core
 
cargo build --release -p nym-gateway-probe

Running the Client

To list all commands and options run the binary with --help command:

./target/release/nym-gateway-probe -h                                              
  • Output:
Usage: nym-gateway-probe [OPTIONS] --mnemonic <MNEMONIC>
 
Options:
  -c, --config-env-file <CONFIG_ENV_FILE>
          Path pointing to an env file describing the network
  -g, --entry-gateway <ENTRY_GATEWAY>
          The specific gateway specified by ID
  -n, --node <NODE>
          Identity of the node to test
      --min-gateway-mixnet-performance <MIN_GATEWAY_MIXNET_PERFORMANCE>
          
      --min-gateway-vpn-performance <MIN_GATEWAY_VPN_PERFORMANCE>
          
      --only-wireguard
          
  -i, --ignore-egress-epoch-role
          Disable logging during probe
      --no-log
          
  -a, --amnezia-args <AMNEZIA_ARGS>
          Arguments to be appended to the wireguard config enabling amnezia-wg configuration
      --netstack-download-timeout-sec <NETSTACK_DOWNLOAD_TIMEOUT_SEC>
          [default: 180]
      --netstack-v4-dns <NETSTACK_V4_DNS>
          [default: 1.1.1.1]
      --netstack-v6-dns <NETSTACK_V6_DNS>
          [default: 2606:4700:4700::1111]
      --netstack-num-ping <NETSTACK_NUM_PING>
          [default: 5]
      --netstack-send-timeout-sec <NETSTACK_SEND_TIMEOUT_SEC>
          [default: 3]
      --netstack-recv-timeout-sec <NETSTACK_RECV_TIMEOUT_SEC>
          [default: 3]
      --netstack-ping-hosts-v4 <NETSTACK_PING_HOSTS_V4>
          [default: nymtech.net]
      --netstack-ping-ips-v4 <NETSTACK_PING_IPS_V4>
          [default: 1.1.1.1]
      --netstack-ping-hosts-v6 <NETSTACK_PING_HOSTS_V6>
          [default: ipv6.google.com]
      --netstack-ping-ips-v6 <NETSTACK_PING_IPS_V6>
          [default: 2001:4860:4860::8888 2606:4700:4700::1111 2620:fe::fe]
      --mnemonic <MNEMONIC>
          
  -h, --help
          Print help
  -V, --version
          Print version

To run the client, simply add -n flag followed by the ID key of the node you wish to test, as well as the mnemonic of a funded Nyx account; this is required to test the ticketbook generation.

./target/release/nym-gateway-probe -n <GATEWAY_IDENTITY_KEY> --mnemonic <MNEMONIC> 

For any nym-node --mode exit-gateway the aim is to have this outcome:

{
  "gateway": "<GATEWAY_IDENTITY_KEY>",
  "outcome": {
    "as_entry": {
      "can_connect": true,
      "can_route": true
    },
    "as_exit": {
      "can_connect": true,
      "can_route_ip_v4": true,
      "can_route_ip_external_v4": true,
      "can_route_ip_v6": true,
      "can_route_ip_external_v6": true
    },
    "wg": {
      "can_register": true,
      "can_handshake": true,
      "can_resolve_dns": true,
      "ping_hosts_performance": 1.0,
      "ping_ips_performance": 1.0
    }
  }
}

If your Gateway is blacklisted, the probe will not work.

If you don't provide a -n flag it will pick a random node to test.