I disabled all the useRelays settings since my infrastructure is a private network and I dont understand why such a feature could be enabled by default since it could pass sensible informations to who knows where through the web
I really dont understand what discoveries are for…I read the doc, but it stays vague , I also found a few errors
The error lookup discovery-v4-1.syncthing.net on 192.168.1.2:53: no such host means, that your DNS server on 192.168.1.2 cannot lookup host discovery-v4-1.syncthing.net.
You configured your device (the actual OS, not syncthing) to use 192.168.1.2 as DNS server. If that host doesn’t run a DNS server, you have to change the setting.
Relays are enabled by default so novice users can use syncthing without having to do anything (like port forward in the router or enabling standard compliant UPnP on the router).
Syncthing has two types of discovery: global and local.
Local discovery uses broadcast/multicast packets to notify other syncthing devices in the same LAN of its existence.
Global discovery uses servers, run by the syncthing core team, to make an entry in the “global phone book” for syncthing, so that other devices outside your LAN can request the ip and port for device ABCDE-… to be able to connect to it.
Without discovery, you have to enter the ip or host name and port for each device in the remote device addresses field.
Yes, it is. Why are you even in advanced options. Those options are all standard options which can be set in the normal settings, where they have much human friendlier names.
I don’t see why, syncthing is designed to work across networks and if you are touching the internet it is unlikely you will not travel across third party hardware.
why ? I dont care when it’s getting debian packages
but here these are productions files we’re talking about
applications in web folders, and so on
copyrighted materials
code repositories
I clearly dont want anything related to these to transit the web
You data is encrypted end-to-end. Relays cannot read your data. There is no security risk.
Almost all users user Syncthing to transfer data over the internet. Syncthing caters to this: global discovery and relays allow this to happen, and are enabled by default. If you have special requirements where you cannot allow any data to pass through the wider internet, that’s fair enough, and Syncthing allows this. But don’t expect that to be the default.
so… encrypted or not, I am in charge of the architecture, I work a lot to make sure things transit the way I have been requested to, this is not a game
not even talking in term of perfs , what is the point of trying a relay, broadcasting sensible stuffs when all the machines are on the same local private super secured network
Noone ever said it was . If you’re in charge of the architecture, I would have expected you to carry out due diligence and understand how software works before deploying it to your organisation. Please don’t have a go at us because of this.
Syncthing doesn’t know that all of your devices are accessible within the local network unless you tell it. It needs to talk to a relay so that it can accept connections from other configured devices over the internet.
Again, it is not. It would be insane if the default configuration did not work for the majority of users. Not understanding something is not a reason to call it stupid.
That is not the norm…
Please don’t think I am belittling or ignoring the requirement for some data to stay within very strict parameters but…
If it is supposed to be a locked down network you probably should have read the docks and tried a the system out with non development files first.
I understands your saying, but you dont seem to realize the amount of work, doc reading, different packages, softwares, databases, I had to put into place, so yeah I missed that a package that was supposed to synchronize a couple of machines was going to broadcast it to the whole universe before doing so
I dont mean to be rude , but this conversation is done for me
For future, if you want to have a balanced, constructive conversation, it’s a good idea not to open with phrases like “this is surrealistic to have such an option as a default” and “jee, I got to go do this on all boxes, there should be some kind of disclaimer, come on”.
I understand that you’re frustrated, but this shouldn’t translate into blaming other people.
FYI, There is a good chance your nodes have not transferred data through the relays. They will maintain connections to the relays so they can be reached through them but will use direct connections to other nodes wherever possible.