Discovery through corporate firewall

Hello, I’m using Syncthing behind a corporate firewall, which blocks everything but outgoing connections to standard web and email ports.

So, no worries, I can set up relaying with relay servers listening on port 443 or 993.

However, the discovery server can’t be reached. So the default ‘dynamic’ setting does not work, relays need to be added manually.

This isn’t a problem for me since I can copy-paste the list from https://relays.syncthing.net .

However, I would like my colleagues to be able to connect automatically since they do not have knowledge to add relays.

Do you know a way to address this? I don’t understand the problem very well because the machine-readable page https://relays.syncthing.net/endpoint is reachable on port 443.

What error does it show under Discovery details? That might help finding a cause / solution.

1 Like

Note that discovery uses https on port 443, so its even more “standard web” than relaying. If relays work, discovery should as well.

Some corporate firewalls are paranoid enough to block anything associated with the term “syncthing” though. Cause it’s evil and bad and peer to peer infringement stuff, ya know.

2 Likes

Got it, we’re the cool kids now.

1 Like

Hello, thank you for your answers. I will check Discovery details for errors when I’m back next week.

Hi everyone, I just tested Syncthing discovery back behind the firewall. Not only does it work, but all arbitrary restrictions on ports just vanished. I’m now able to ssh into servers on whatever custom port they have for that. Syncthing connects to peers on port 22000.

I don’t know if this will last long, but at least we’ve learned something : when a firewall sucks, fix the firewall.

Anyways, thanks for your help.