NIP-6: Nym exit policy update – opening ports for WhatsApp, Session and SMTP
| ID | title | created | status | kind | author(s) | champions |
|---|---|---|---|---|---|---|
| NIP-6 | Nym exit policy update – opening ports for WhatsApp, Session and SMTP | 2025-12-11 | proposed | standard | serinko, Nym network technical lead & devrel serinko@nymtech.net , Jaya, Chief of strategy jaya@nymtech.net | Merve , Operator technical mentor merve@nymtech.net Sudo, Head of community simon.toth@nymtech.net |
NIP-6 proposes to update the Nym exit policy to open ports 22021, 3478, 3480 and 3484. This is to allow for traffic from Session messaging app and VoIP on WhatsApp to run through NymVPN, enabling privacy and security for end users while messaging and make voice/video.
Motivation
The Nym exit policy controls which network ports are accessible through exit nodes, protecting both operators and end users while ensuring network reliability. Some modern applications, however, require specific ports to operate correctly:
- Session uses TCP port 22021 to send and receive messages and connect to its node network.
- WhatsApp voice and video calls primarily use UDP port 3478, with additional ports 3480 and 3484 sometimes in use.
- SMTP uses `465 for outgoing emails from an email client, this is an addition to NIP-4
Currently, these ports are blocked by the Nym exit policy, creating limitations for NymVPN users who rely on these services for secure and private communication. Opening them enhances user experience without compromising Nym’s privacy and security standards.
This change will be implemented through operator governance, following the same process as previous exit policy modifications:
Since NIP-1, exit policy decisions are managed via Nym Governator, for transparency and accountability.
Proposal to enable ports for NymVPN users
We propose opening the following ports for Mixnet and WireGuard exit policies:
*:22021(Session)
*:3478 (WhatsApp)
*:3480 (WhatsApp)
*:3484 (WhatsApp)
*:465 (SMTP)
Opening these ports ensures NymVPN users can reliably use Session and WhatsApp while preserving security and privacy.
Voting options
Voting takes place at Nym Governator. Proposed options:
- YES ALL - Agree with all proposed ports
- YES WHATSAPP & SMTP – Agree to open 3478-3484 and 465 ports only
- YES WHATSAPP & SESSION – Agree to open 3478-3484 and 22021 ports only
- YES SESSION & SMTP - Agree to open 22021 and 465 ports only
- NONE - Diagree with the proposal fully
Process
From previous experiences the voting will be opened for 5 days. If the vote meets quorum 20% and the majority approves Nym exit policy changes, a pull request will update the exit policy. The Network tunnel manager (NTM) will be updated to allow operators to configure WireGuard exit policy ports in line with Mixnet policy.
Background
The Nym exit policy protects operators and users by controlling accessible ports. Previously, Network Requesters used a centralized allow list. To decentralize control and enhance privacy, Nym transitioned to a deny list, forming the current Nym exit policy.
Exit nodes in Gateway mode act both as SOCKS5 Network Requesters and as exit nodes for IP traffic from mixnet and VPN clients. Applying a uniform policy ensures reliable, privacy-preserving service for all NymVPN users.