NIP-11: Nym Exit Policy Update - Opening Ports for Gemini and Enabling Partial Telegram Support

Node Operators
,
1
ID title created status kind author(s) champions
NIP-11 Nym Exit Policy Update – Opening Port for Gemini and Enabling Partial Telegram Support 04-05-2026 proposed standard Serinko, Nym network technical lead & devrel serinko@nymtech.net, Jaya, Chief of strategy jaya@nymtech.net Merve, Operator technical mentor merve@nymtech.net,
Sudo, Head of community simon.toth@nymtech.net

NIP-11 proposes updating the Nym exit policy to open specific ports, enabling NymVPN users to access Gemini services and improving compatibility with Telegram real-time communication, while maintaining privacy and network security.

Motivation

The Nym exit policy defines which ports are accessible on exit nodes to ensure privacy, security, and reliable service.

Gemini Protocol

Gemini is a lightweight, text-oriented internet protocol designed as a privacy-friendly alternative to the web. It operates over TCP port 1965 and provides a low-bandwidth, text-oriented browsing experience aligned with the design goals of the Nym mixnet. There is growing interest in privacy-friendly alternatives to the traditional web.

Telegram Real-Time Communication

Users increasingly rely on real-time communication tools such as Telegram for voice and video calls. However, such applications often use dynamic and non-standard port ranges, limiting compatibility with the current static exit policy. This proposal opens the specific UDP ports required for Telegram calls while leaving core messaging (which works over TCP 443) unaffected.

This update will follow operator governance, consistent with previous exit policy changes (example).

Since NIP-1, exit policy decisions are managed via Nym Governator to ensure transparency and accountability.

Proposal to Enable Ports for NymVPN Users

We propose to open these ports for both Mixnet and QireGuard:

*:1965 
*:1400
*:596–599

Note: Telegram core messaging (text, files) continues to work over TCP 443 and requires no changes. This proposal enables only real-time communication features.

Voting options

Voting takes place at Nym Governator. Proposed options:

  • YES: Approve opening the above ports.
  • NO: Reject the proposal entirely.

Submit any concerns with supporting documentation for review before finalizing.

Process

If the vote meets quorum and a majority approves:

  1. A pull request will update Nym exit policy (for SOCKS5 Network Requesters).

  2. The Network Tunnel Manager (NTM) will be updated to allow operators to configure the egress ports on their node servers.

Background

The Nym exit policy protects operators and users by controlling accessible ports.

Previously, Network Requesters used a centralized allow list. To decentralize control and enhance privacy, Nym transitioned to a deny list, forming the current exit policy.

Exit nodes in Gateway mode act both as:

  • SOCKS5 Network Requesters
  • Exit nodes for IP traffic from mixnet and VPN clients

Applying a uniform policy ensures reliable, privacy-preserving service for all NymVPN users.

Proposal for a new NIP - Opening port 1965 for Geminispace