---
type: task
after:
  - /nats/rpc.md
---

A mechanism should be developed, using NATS, for a host A to double check that
host B can connect to it on a certain `host:port`. This can be used for a couple
use-cases:

- Make sure that VPN public address is connectable prior to being configured.

- Make sure that garage RPC port is connectable prior to being configured.

- Make sure that HTTP(s) ports are connectable prior to being configured
  (future).

The host which is configuring a port to be opened will always be the one to
initiate the process. It will:

- Open a dummy HTTP server on the port in question, with a handler which always
  returns a randomly generated token.

- Publish an RPC request on NATS which indicates which `host:port` it wishes to
  confirm connectability and the token.

- Waits for a response to the NATS request indicating either that the connection
  was successful, or an error indicating why it wasn't. Errors could include:
    - Timeout (probably blocked by firewall)
    - Challenge token not returned (something else is listening at that port)