Can Syncthing be totally private ?

Hi everyone

I am actually studying the availabilities to install Syncthing for my team. I read the doc and installed it in a lab environment and I noticed that Syncthing automatically send data to the relay if the source and the destination are in two different network, even if the network are routed and can be reached.

i.e. : Server= ; PC= icmp OK from Server to PC

If I disable relaying, data can’t synchronized anymore.

My question is : Could it work without relay ? Because we want to keep a hand on all our infrastructure and on our outgoing traffic.

Thank you

Yes it is, there is already lots of information on this around, look in the docs or search this forum. You can run your own relay and discovery server or allow connections (and broadcasts) between the subnets and configure the addresses explicitly (or use local discovery).

If Syncthing is able to establish a direct connection between the two machines (meaning that it is able to find the IP of the other machine (through local discovery using broadcast packets, a discovery server, or hard-coded IP addresses), and it is able to get through firewalls), then it will do so. Otherwise it will fall back to using relays.

My guess is that the local discovery packets aren’t being routed between your subnets, so Syncthing is unable to figure out the address of the other server. You could hard-code the device addresses, or run your own discovery server inside your network.

1 Like

In normal configuration, Syncthing will always connect to relays, as it cannot know, if other devices need them and will connect through them to it.

To be totally private (to the extreme), disable relay and global/local discovery, set the listening address to something explicit, like tcp://:22000 instead of default and set the addresses of the remote devices to their hostname/ip address and port (like tcp:// instead of dynamic. And disable usage reporting and auto upgrade (if you really want).

Then the only connections Syncthing will ever make are direct connections to the other syncthing devices.


Actions -> Settings -> untick “Enable Relaying”

If you explicitely set hostnames or IPs of remote devices, sync will work without needing a relay (as long as your devices have working routes to each other).

1 Like

Currently I combine my setups with wireguard tunnels. It then uses just local addresses without the need of any (global) disovery, relay foo.


Thanks all of you for your answers, I will try all you said :slight_smile:

It works perfectly :ok_hand: :heart:

thanks for the tip about wireguard. that is wicked cool!

1 Like

On all devices the “Listen Addresses” to “tcp://:22000” and at the remote devices:

device 1: device 2: tcp://device1IP:22002 …

device 2: device 1: tcp://device2IP:22001


Because they could not see each other. :confused:

If the listen address is port 22000, the address on the other side should also have port 22000.

1 Like

Hi, I’m new to Syncthing and testing it for some weeks. I’m interested in privateness of Syncthing too, and using wireshark I observed some outgoing network traffic right after I launched Syncthing, even though global/local discovery, relaying and auto-upgrade features are all disabled. The destination of the traffic is My devices are all belonging to the same subnet with fixed addresses and sync actually works without relay here. It seems this behavior is by design but OP wants to make not a single outgoing packet, right?

There should be no packets going to if you disable relaying, by design.

Sorry, I jumped to the wrong conclusion. After tweaking some options, I figured out this is related to the auto upgrade mechanism, and the behavior is suppressed when I blank releasesURL or set STNOUPGRADE environment variable. What confuses me is that choosing No upgrades at Settings is not enough to achieve that. Anyway I reverted them to the defaults because Syncthing’s auto upgrade works smoothly. Great :+1: (ah I can’t edit my previous post, the dest of that packet was to be precise which I wrongly thought that is

No upgrades in the settings means no automatic upgrades, it still checks if there is a upgrade to show a button in the GUI.

That makes sense. Thanks for your explanation :heart:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.