Nym Gateway Probe
Nym Node operators running Gateway functionality are already familiar with the monitoring tool Harbourmaster.nymtech.net (opens in a new tab). Under the hood of Nym Harbourmaster runs iterations of nym-gateway-probe doing various checks and displaying the results on the interface. Operators don't have to rely on the probe ran by Nym and wait for the data to refresh. With nym-gateway-probe everyone can check any Gateway's networking status from their own computer at any time. In one command the client queries data from:
Preparation
We recommend to have installed all the prerequisites needed to build nym-node from source including latest Rust Toolchain (opens in a new tab), and make sure to have Go (opens in a new tab) installed. Go is necessary as the probe uses the rust2go FFI library to use netstack when making requests.
Installation
nym-gateway-probe source code is in nym monorepo (opens in a new tab). The probe needs to be built from source.
- Clone the repository:
git clone https://github.com/nymtech/nym.git- Build
nym-gateway-probe:
cargo build --release -p nym-gateway-probeRunning the Client
To list all commands and options run the binary with --help command:
./target/release/nym-gateway-probe -h- Output:
Usage: nym-gateway-probe [OPTIONS] [COMMAND]
Commands:
run-local Run the probe locally
help Print this message or the help of the given subcommand(s)
Options:
-c, --config-env-file <CONFIG_ENV_FILE>
Path pointing to an env file describing the network
-g, --entry-gateway <ENTRY_GATEWAY>
The specific gateway specified by ID
-n, --node <NODE>
Identity of the node to test
--min-gateway-mixnet-performance <MIN_GATEWAY_MIXNET_PERFORMANCE>
--only-wireguard
--ignore-egress-epoch-role
Disable logging during probe
--no-log
-a, --amnezia-args <AMNEZIA_ARGS>
Arguments to be appended to the wireguard config enabling amnezia-wg configuration
--netstack-download-timeout-sec <NETSTACK_DOWNLOAD_TIMEOUT_SEC>
[default: 180]
--metadata-timeout-sec <METADATA_TIMEOUT_SEC>
[default: 30]
--netstack-v4-dns <NETSTACK_V4_DNS>
[default: 1.1.1.1]
--netstack-v6-dns <NETSTACK_V6_DNS>
[default: 2606:4700:4700::1111]
--netstack-num-ping <NETSTACK_NUM_PING>
[default: 5]
--netstack-send-timeout-sec <NETSTACK_SEND_TIMEOUT_SEC>
[default: 3]
--netstack-recv-timeout-sec <NETSTACK_RECV_TIMEOUT_SEC>
[default: 3]
--netstack-ping-hosts-v4 <NETSTACK_PING_HOSTS_V4>
[default: nym.com]
--netstack-ping-ips-v4 <NETSTACK_PING_IPS_V4>
[default: 1.1.1.1]
--netstack-ping-hosts-v6 <NETSTACK_PING_HOSTS_V6>
[default: cloudflare.com]
--netstack-ping-ips-v6 <NETSTACK_PING_IPS_V6>
[default: 2001:4860:4860::8888 2606:4700:4700::1111 2620:fe::fe]
--ticket-materials <TICKET_MATERIALS>
--ticket-materials-revision <TICKET_MATERIALS_REVISION>
[default: 1]
-h, --help
Print help
-V, --version
Print versionTo run the client, simply add -g flag followed by the ID key of the node you wish to test, as well as the mnemonic of a funded Nyx account; this is required to test the ticketbook generation. Note that this accout needs to have NYM tokens; you cannot use an account with a NymVPN subscription. Make sure to have at least a few NYM tokens in there.
./target/release/nym-gateway-probe run-local -g <GATEWAY_IDENTITY_KEY> --mnemonic <MNEMONIC>For any nym-node --mode exit-gateway the aim is to have this outcome:
{
"gateway": "<GATEWAY_IDENTITY_KEY>",
"outcome": {
"as_entry": {
"can_connect": true,
"can_route": true
},
"as_exit": {
"can_connect": true,
"can_route_ip_v4": true,
"can_route_ip_external_v4": true,
"can_route_ip_v6": true,
"can_route_ip_external_v6": true
},
"wg": {
"can_register": true,
"can_handshake": true,
"can_resolve_dns": true,
"ping_hosts_performance": 1.0,
"ping_ips_performance": 1.0
}
}
}If your Gateway is blacklisted, the probe will not work.
If you don't provide a -g flag it will pick a random node to test.