WofWca has been investigating why so many snowflake proxies (about half) report the "unknown" NAT type (meaning that the NAT type self-test failed somehow). Here's background on NAT type self-testing; note that "unknown" gets treated as "restricted" which limits what snowflake clients may be served: https://www.bamsoftware.com/papers/snowflake/#connection
The surprising is that almost all of the "unknown" NAT types are IPtProxy proxies; i.e. Orbot. While other other proxy types have a maximum of around 4% "unknown", IPtProxy is at 47% "unknown". https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/40384#note_3077291 > I looked at [broker Prometheus > metrics](https://snowflake-broker.torproject.net/prometheus) > and here are NAT type percentages per proxy type: > > | % of NAT type per category | badge | iptproxy | standalone | webext | > |----------------------------|---------|-----------|-------------|--------| > | restricted | 100,00% | 52,95% | 85,24% | 95,90% | > | unknown | 0,00% | 47,02% | 2,51% | 3,92% | > | unrestricted | 0,00% | 0,03% | 12,25% | 0,18% | > > As we can see, iptproxy (Orbot) has a very high percentage of > "unknown" NAT type. As I said, the Go version of Snowflake, which is > used in iPtProxy, does not start doing poll requests until the NAT > check has been completed (or has failed). This is just a heads up to see if anyone on the Orbot team happens to know a possible cause offhand. _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
