I am actually studying the availabilities to install Syncthing for my team. I read the doc and installed it in a lab environment and I noticed that Syncthing automatically send data to the relay if the source and the destination are in two different network, even if the network are routed and can be reached.
i.e. : Server= 10.0.0.1/24 ; PC= 10.0.1.1/24
icmp OK from Server to PC
If I disable relaying, data can’t synchronized anymore.
My question is : Could it work without relay ? Because we want to keep a hand on all our infrastructure and on our outgoing traffic.
Yes it is, there is already lots of information on this around, look in the docs or search this forum.
You can run your own relay and discovery server or allow connections (and broadcasts) between the subnets and configure the addresses explicitly (or use local discovery).
If Syncthing is able to establish a direct connection between the two machines (meaning that it is able to find the IP of the other machine (through local discovery using broadcast packets, a discovery server, or hard-coded IP addresses), and it is able to get through firewalls), then it will do so. Otherwise it will fall back to using relays.
My guess is that the local discovery packets aren’t being routed between your subnets, so Syncthing is unable to figure out the address of the other server. You could hard-code the device addresses, or run your own discovery server inside your network.
In normal configuration, Syncthing will always connect to relays, as it cannot know, if other devices need them and will connect through them to it.
To be totally private (to the extreme), disable relay and global/local discovery, set the listening address to something explicit, like tcp://:22000 instead of default and set the addresses of the remote devices to their hostname/ip address and port (like tcp://192.168.01.45:22001) instead of dynamic. And disable usage reporting and auto upgrade (if you really want).
Then the only connections Syncthing will ever make are direct connections to the other syncthing devices.
If you explicitely set hostnames or IPs of remote devices, sync will work without needing a relay (as long as your devices have working routes to each other).
Hi, I’m new to Syncthing and testing it for some weeks. I’m interested in privateness of Syncthing too, and using wireshark I observed some outgoing network traffic right after I launched Syncthing, even though global/local discovery, relaying and auto-upgrade features are all disabled. The destination of the traffic is relays.syncthing.net. My devices are all belonging to the same subnet with fixed addresses and sync actually works without relay here. It seems this behavior is by design but OP wants to make not a single outgoing packet, right?
Sorry, I jumped to the wrong conclusion. After tweaking some options, I figured out this is related to the auto upgrade mechanism, and the behavior is suppressed when I blank releasesURL or set STNOUPGRADE environment variable. What confuses me is that choosing No upgrades at Settings is not enough to achieve that. Anyway I reverted them to the defaults because Syncthing’s auto upgrade works smoothly. Great
(ah I can’t edit my previous post, the dest of that packet was 46.101.130.230 to be precise which I wrongly thought that is relays.syncthing.net)
(ah I can’t edit my previous post, the dest of that packet was 46.101.130.230 to be precise which I wrongly thought that is