First an introduction:
I recently set up OpenMediaVault and I have syncthing running in a container. I set up a folder to sync between my desktop (windows) and OMV and it worked very well, very fast. I added my laptop (linux) to this sync chain with OMV and it was very slow! I found that it was using a relay. I followed the docs to add a firewall rule on my laptop and then it did the sync directly and quickly. Everything worked great. I was a bit confused because the docs say only one machine needs to have the port open. OMV seems to be wide open by default so my understanding is that the laptop shouldn’t need a firewall rule. (Suggestion: adding this firewall rule should be part of the installation!) Everything is on a local network.
Now for the phone (android 14). It’s also connected to my OMV server via a relay and transferring is very slow. From what I can tell there is no firewall to configure on the android. If it matters, I set up my android as untrusted and the folder appears to be set as receive-only on the android side. I set it up as untrusted thinking my phone would frequently be outside of my network and I did not want to transfer data unencrypted but I was not expecting it to make it a receive-only folder on my android. I need additional information about how to ensure privacy but that is possible another topic. Discovery allowed my devices to easily find one another before I tinkered with any firewall rules.
How do I get my android to direct connect to OMV and transfer files quickly?
“Untrusted” is used when you don’t particularly trust a device. (You trust it enough to keep the files, but you don’t trust it enough w.r.t. someone trying to read your files.)
I suggest you remove the folder in Syncthing on both ends. Then add again, but this time with send-receive type.
Local discovery is broken by Android limitations. To get direct connection you have to make sure that your OMV has proper config w.r.t. firewall and port forwarding.
Thanks for the prompt reply! You answered my question about privacy.
I removed the folder on both sides, then re-shared it from my server. In the web gui on my phone, it shows the server offering to share the folder and I fill in the local path, but the “save” button is unresponsive.
I dropped back to the native android interface and typed in the folder code manually and it’s connected, but it’s still using the relay.
I confirmed with the OMV community: by default, OMV’s firewall is wide open and I haven’t tinkered with it. So I’m uncertain of what to do to get better transfer speeds on android.
Edit: I’m not sure what happened but now I have a bunch of excess files in the shared folder. The phone is now uploading these folders to my whole cluster.
Re OMV firewall: I have no clue. I don’t own one of those. Someone else might be able to help.
Oh, you did not remove the directory in the filesystem on the Android before accepting the re-share request. Those are the directories used for storing the encrypted files which was synched to the Android when it was untrusted
No problem. Just delete all those directories on the Android and the deletions will be synched as well.
Having an installation package modify the firewall rules is pretty unusual and generally not good security practice because most users won’t be aware that it’s been done.
Although everything is physically on a local network, the logical network can be quite different, especially when containers are involved.
Although OMV doesn’t set any firewall rules out-of-the-box, if you used the default options, your container with Syncthing will be behind a virtual router in a private subnet, i.e. the container is behind a virtual firewall separate from OMV’s network configuration.
The simplest option is to configure the Syncthing container for host networking so that it uses an IP address on the same local network that your OMV server and Windows desktop (both likely on wired network connections) are on:
Odds are that your Android phone is using a wireless connection and that the wired and wireless network don’t share the same subnet. Verify that your Wi-Fi router doesn’t isolate the wireless network from the wired network.
If your Android phone can successfully ping your Syncthing server, Syncthing will likely find a direct path (perhaps with a bit of help).
Although OMV doesn’t set any firewall rules out-of-the-box, if you used the default options, your container with Syncthing will be behind a virtual router in a private subnet, i.e. the container is behind a virtual firewall separate from OMV’s network configuration.
My laptop is using wireless, just like my phone. It’s running MX Linux. With a firewall rule it worked just fine. My desktop (windows) had no problems syncing with my OMV machine. My desktop (wired) can ping my android just fine.
The OMV container includes rules for ports 22000 and 21027.
Apparently there is no simple ping tool in android. I would have to download an app and those are such a minefield. I would rather not. Incoming pings work though.
Good, your desktop being able to ping your Android phone means there’s no network isolation in effect, so one less barrier to jump over.
I’ve never used MX Linux, so don’t know what the default network setup is like, but I’m a bit surprised as most desktop/laptop Linux distros don’t enable a firewall by default for convenience to new users.
That’s great, but if those rules are simply forwarding ports so that it looks like OMV is the one listening, without host networking enabled, Syncthing inside the container will still be on a different private subnet – from Syncthing’s perspective, your Android phone is on a different network.
Android bundles a command-line ping, so all you need is a simple terminal app. There are a lot of good ones, but having a SSH client is also useful, so my favorite for years has been ConnectBot (https://en.wikipedia.org/wiki/ConnectBot), available via Google Play and F-Droid.
When adding a new connection, choose “local” for the protocol type to create a non-network terminal for a local console. Then like on Windows and Linux, you can do something like ping 192.168.1.2.
I ended up doing a 3-way sync. I linked my desktop to my phone and the sync went through super fast. Still not sure what happened and why my server<->phone was the only link that wasn’t working but something else happened and now my server is offline and will stay that way for a few days. But now I have a different problem… (new topic)
