As it happened the 2nd time… during the start of the Snowflake proxy - I’m on commit c5d68034 - it correctly shows “NAT unrestricted”.
After 24hrs ( nat-retest-interval), for whatever reasons, the NAT type changes to restricted.
2024/11/24 09:23:05 Checking our NAT type, contacting NAT check probe server at "https://snowflake-broker.torproject.net:8443/probe"...
2024/11/24 09:23:05 Probetest: Created Offer
2024/11/24 09:23:05 Probetest: Set local description
2024/11/24 09:23:05 Probetest offer:
...
2024/11/24 09:23:10 Waiting for a test WebRTC connection with NAT check probe server to establish...
2024/11/24 09:23:10 NAT check: WebRTC: OnConnectionStateChange: connecting
2024/11/24 09:23:30 Test WebRTC connection with NAT check probe server timed out. This means our NAT is restricted.
2024/11/24 09:23:30 NAT Type measurement: unrestricted -> restricted
2024/11/24 09:23:30 NAT check: WebRTC: OnConnectionStateChange: closed
I also found that on a machine reboot the proxy never started properly because I guess the machine was not really ready with the networking part.
I put a 3 minute delay in the cron job for the reboot and that fixed it. Of course, as you know, I was not unrestricted yet and would not have noticed this.
I can see the logic of why it has this behaviour. Anything which is connected (clients or those 2 STUN servers) now cannot because the IP is different. Any left over rules in the router for connection tracking is mixed up and it falls to restricted. Same as if it the router rebooted. There is nothing to tell the proxy to retest the NAT type. It’s the best I can explain it.
I assume it only does that NAT testing when you start the proxy. Maybe it should also do it when it’s public IP changes.
I see this option in the startup command:
-nat-retest-interval duration
the time interval in second before NAT type is retested, 0s disables retest. Valid time units are “s”, “m”, “h”. (default 24h0m0s)
Are you talking about Snowflake clients? I don’t think this could explain it because failed client connections do not affect the NAT type value in standalone Snowflake.
But, as the author says, the test gets performed, and it shows “restricted”.
Yes, by default it re-tests the NAT type every 24 hours.
For debugging it could help to reduce this interval.
No, I meant that the router gets mixed up. The probe test does occur and the author states a nightly IP change. It’s unclear. Does it occur every night? Did the router re-boot? Did the probe test occur in that sweet spot between when the IP is changing and the network stabilized with the new IP.
Maybe unrestricted to restrict should trigger a wait for some time and do it again. I doubt unrestricted to restrict should be a natural thing.
I wondered if losing internet connectivity could do it.
I did my own experiment since I knew when my re test was due. I disconnected the cable. All clients dropped. Waited about 3 minutes then reconnected. It kept on going as if nothing happened. At the proper time I saw the probe test occur but did not see a NAT Type measurement:
Not exactly sure what this is saying either.
In tomorrow’s test I will reconnect the cable after the probe test occurs.
Agreed with that. Above I wrote: “Maybe unrestricted to restrict should trigger a wait for some time and do it again. I doubt unrestricted to restrict should be a natural thing.”