I am trying to install Syncthing on a Debian 12 remote virtual server.
Syncthing v2.0.10
OpenSSL 3.0.17
After installation, I am getting this error below. What could cause it?
What syncthing version are you running on the other side?
I have not connected the Debian instance to any others yet. Haven’t even accessed GUI menu.
Probably just Internet background noise then.
1 Like
Not sure if this is related or I should create a new thread but –
I’ve tried the Syncthing version from Debian’s official repo, as well as the latest version, and with neither of them can I access GUI.
The browser just says: “This site can’t be reached. XX.XXX.XXX.XX unexpectedly closed the connection.” I’ve tried another browser too. The address I enter is https://XX.XXX.XXX.XX:8384.
Double checked my server’s ip with curl ifconfig.me and ip addr show. The only setting I’ve changed in .local/state/syncthing/config.xml is the ip address and tls=”true”:
UFW has the rules to allow syncthing and syncthing-gui.
I’ve tried several manuals and to no avail. Any ideas as to what could be causing the issue?
Based on the screenshot of the systemctl status output and the error message above, it sounds like your web browser might be too old. OpenSSL 3.x dropped support for a number of ciphers and message digests.
What OS and browser are you using?
It’s Fedora 42 Gnome and Vivaldi. Both the OS and the browser versions are up to date.
When I try to access the same page from my Android browser, I get this:
This page isn’t working
XX.XXX.XXX.XX didn’t send any data.
ERR_EMPTY_RESPONSE
Maybe importantly, when I access the same ip without :8384 postfix, on my phone I see an NGINX welcome screen, whereas on my laptop (have tried this out with two browsers) I see one of the websites hosted by NGINX.
Everything points to syncthing either not listening on the correct address, or a firewall intervening.
Which directory is this, i.e. what’s the full path for this config? What is the home directory of the user user? What does syncthing log on startup?
The config file path is /home/user/.local/state/syncthing/config.xml
What does syncthing log on startup?
How can I check this?
journalctl -u syncthing@user
1 Like
Thanks in advance.
The log includes my attempts with the stock version from a Debian repository and the latest version from the official S.T. repo.
Oct 22 11:26:18 client.provider.net syncthing[1827]: [start] INFO: syncthing v1.19.2-ds1 "Fermium Flea" (go1.19.8 linux-amd64) debian@debian 2>
Oct 22 11:26:18 client.provider.net syncthing[1827]: [AMJBQ] INFO: My ID: XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: Single thread SHA256 performance is 287 MB/s using minio/sha256-simd (283 M>
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: Hashing performance is 237.04 MB/s
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: Starting deadlock detector with 20m0s timeout
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: Overall send rate is unlimited, receive rate is unlimited
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: Ready to synchronize "Default Folder" (default) (sendreceive)
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: Using discovery mechanism: global discovery server https://discovery.syncth>
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: Using discovery mechanism: global discovery server https://discovery-v4.syn>
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: Using discovery mechanism: global discovery server https://discovery-v6.syn>
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: Using discovery mechanism: IPv4 local broadcast discovery on port 21027
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: Using discovery mechanism: IPv6 local multicast discovery on address [ff12:>
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: TCP listener ([::]:22000) starting
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: Relay listener (dynamic+https://relays.syncthing.net/endpoint) starting
Oct 22 11:26:19 client.provider.net syncthing[1827]: 2025/10/22 11:26:19 connection doesn't allow setting of receive buffer size. Not a *net.U>
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: QUIC listener ([::]:22000) starting
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: GUI and API listening on XX.XXX.XXX.XX:8384
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: Access the GUI via the following URL: https://XX.XXX.XXX.XX:8384/
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: My name is "client.provider.net"
Oct 22 11:26:19 client.provider.net syncthing[1827]: [AMJBQ] INFO: Completed initial scan of sendreceive folder "Default Folder" (default)
Oct 22 11:26:27 client.provider.net syncthing[1827]: [AMJBQ] INFO: Joined relay relay://212.PPP.PPP.PPP:22067
Oct 22 11:26:29 client.provider.net syncthing[1827]: [AMJBQ] INFO: Detected 0 NAT services
Oct 22 11:27:16 client.provider.net syncthing[1827]: [AMJBQ] INFO: Wrong credentials supplied during API authorization from XX.XXX.XXX.XX:59422
Oct 22 11:27:33 client.provider.net syncthing[1827]: [AMJBQ] INFO: Wrong credentials supplied during API authorization from XX.XXX.XXX.XX:53962
Oct 22 11:28:42 client.provider.net syncthing[1827]: [AMJBQ] INFO: Wrong credentials supplied during API authorization from XX.XXX.XXX.XX:52186
Oct 22 14:12:34 client.provider.net syncthing[1827]: [AMJBQ] INFO: Wrong credentials supplied during API authorization from XX.XXX.XXX.XX:38764
Oct 22 14:12:37 client.provider.net syncthing[1827]: [AMJBQ] INFO: Wrong credentials supplied during API authorization from XX.XXX.XXX.XX:38764
Oct 22 14:25:14 client.provider.net syncthing[1827]: [monitor] INFO: Signal 1 received; restarting
Oct 22 14:25:14 client.provider.net syncthing[1827]: [AMJBQ] INFO: Relay listener (dynamic+https://relays.syncthing.net/endpoint) shutting down
Oct 22 14:25:14 client.provider.net syncthing[1827]: [AMJBQ] INFO: QUIC listener ([::]:22000) shutting down
Oct 22 14:25:14 client.provider.net syncthing[1827]: [AMJBQ] INFO: TCP listener ([::]:22000) shutting down
Oct 22 14:25:14 client.provider.net syncthing[1827]: [AMJBQ] INFO: Exiting
Oct 22 14:25:16 client.provider.net syncthing[3656]: [start] INFO: syncthing v1.19.2-ds1 "Fermium Flea" (go1.19.8 linux-amd64) debian@debian 2>
Oct 22 14:25:16 client.provider.net syncthing[3656]: [AMJBQ] INFO: My ID: XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: Single thread SHA256 performance is 278 MB/s using minio/sha256-simd (262 M>
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: Hashing performance is 233.31 MB/s
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: Starting deadlock detector with 20m0s timeout
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: Ready to synchronize "Default Folder" (default) (sendreceive)
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: Overall send rate is unlimited, receive rate is unlimited
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: Completed initial scan of sendreceive folder "Default Folder" (default)
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: Using discovery mechanism: global discovery server https://discovery.syncth>
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: Using discovery mechanism: global discovery server https://discovery-v4.syn>
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: Using discovery mechanism: global discovery server https://discovery-v6.syn>
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: Using discovery mechanism: IPv4 local broadcast discovery on port 21027
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: Using discovery mechanism: IPv6 local multicast discovery on address [ff12:>
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: TCP listener ([::]:22000) starting
Oct 22 14:25:17 client.provider.net syncthing[3656]: 2025/10/22 14:25:17 connection doesn't allow setting of receive buffer size. Not a *net.U>
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: Relay listener (dynamic+https://relays.syncthing.net/endpoint) starting
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: QUIC listener ([::]:22000) starting
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: GUI and API listening on XX.XXX.XXX.XX:8384
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: Access the GUI via the following URL: https://XX.XXX.XXX.XX:8384/
Oct 22 14:25:17 client.provider.net syncthing[3656]: [AMJBQ] INFO: My name is "client.provider.net"
Oct 22 14:25:27 client.provider.net syncthing[3656]: [AMJBQ] INFO: Detected 0 NAT services
Oct 22 14:25:28 client.provider.net syncthing[3656]: [AMJBQ] INFO: Joined relay relay://83.OO.OOO.OOO:22067
Oct 22 14:27:43 client.provider.net syncthing[3656]: [monitor] INFO: Signal 15 received; exiting
Oct 22 14:27:43 client.provider.net syncthing[3656]: [AMJBQ] INFO: Relay listener (dynamic+https://relays.syncthing.net/endpoint) shutting down
Oct 22 14:27:43 client.provider.net syncthing[3656]: [AMJBQ] INFO: QUIC listener ([::]:22000) shutting down
Oct 22 14:27:43 client.provider.net syncthing[3656]: [AMJBQ] INFO: TCP listener ([::]:22000) shutting down
Oct 22 14:27:43 client.provider.net syncthing[3656]: [AMJBQ] INFO: Exiting
Oct 22 14:27:43 client.provider.net syncthing[4149]: syncthing v2.0.10 "Hafnium Hornet" (go1.25.1 linux-amd64) debian@github.syncthing.net 202>
Oct 22 14:27:43 client.provider.net syncthing[4149]: Generating key and certificate (cn=syncthing log.pkg=syncthing)
Oct 22 14:27:43 client.provider.net syncthing[4149]: Default config saved; edit to taste (with Syncthing stopped) or use the GUI (path=/home/u>
Oct 22 14:27:43 client.provider.net syncthing[4149]: Archiving a copy of old config file format (path=/home/user/.local/state/syncthing/config>
Oct 22 14:27:43 client.provider.net syncthing[4149]: Calculated our device ID (device=YYYY-YYYY-YYYY-YYYY-YYYY-YYYY-YYYY->
Oct 22 14:27:43 client.provider.net syncthing[4149]: Overall rate limit in use (send="is unlimited" recv="is unlimited" log.pkg=connections)
Oct 22 14:27:43 client.provider.net syncthing[4149]: Using discovery mechanism (identity="global discovery server https://discovery-lookup.syn>
Oct 22 14:27:43 client.provider.net syncthing[4149]: Using discovery mechanism (identity="global discovery server https://discovery-announce-v>
Oct 22 14:27:43 client.provider.net syncthing[4149]: Using discovery mechanism (identity="global discovery server https://discovery-announce-v>
Oct 22 14:27:43 client.provider.net syncthing[4149]: Using discovery mechanism (identity="IPv4 local broadcast discovery on port 21027" log.pk>
Oct 22 14:27:43 client.provider.net syncthing[4149]: Using discovery mechanism (identity="IPv6 local multicast discovery on address [ff12::838>
Oct 22 14:27:43 client.provider.net syncthing[4149]: TCP listener starting (address="[::]:22000" log.pkg=connections)
Oct 22 14:27:43 client.provider.net syncthing[4149]: Relay listener starting (id=dynamic+https://relays.syncthing.net/endpoint log.pkg=connect>
Oct 22 14:27:43 client.provider.net syncthing[4149]: failed to sufficiently increase send buffer size (was: 208 kiB, wanted: 7168 kiB, got: 41>
Oct 22 14:27:43 client.provider.net syncthing[4149]: QUIC listener starting (address="[::]:22000" log.pkg=connections)
Oct 22 14:27:43 client.provider.net syncthing[4149]: Creating new HTTPS certificate (log.pkg=api)
Oct 22 14:27:43 client.provider.net syncthing[4149]: GUI and API listening (address=127.0.0.1:8384 log.pkg=api)
Oct 22 14:27:43 client.provider.net syncthing[4149]: Access the GUI via the following URL: http://127.0.0.1:8384/ (log.pkg=api)
Oct 22 14:27:43 client.provider.net syncthing[4149]: Loaded configuration (name=client.provider.net log.pkg=syncthing)
Oct 22 14:27:44 client.provider.net syncthing[4149]: Measured hashing performance (perf="129.05 MB/s" log.pkg=syncthing)
Oct 22 14:27:52 client.provider.net syncthing[4149]: Joined relay (uri=relay://167.III.III.I:22067 log.pkg=relay/client)
Oct 22 14:27:53 client.provider.net syncthing[4149]: Detected NAT type (uri=quic://0.0.0.0:22000 type="Not behind a NAT" log.pkg=connections)
Oct 22 14:27:53 client.provider.net syncthing[4149]: Resolved external address (uri=quic://0.0.0.0:22000 address=quic://XX.XXX.XXX.XX:22000 vi>
Oct 22 14:28:13 client.provider.net syncthing[4149]: Detected NAT services (count=0 log.pkg=nat)
Oct 23 10:07:53 client.provider.net syncthing[4149]: Failed TLS handshake (address=FFF.FF.FFF.FFF:46760 error="read tcp XX.XXX.XXX.XX:22000->1>
Oct 23 12:46:07 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:40312 error=EOF log.pkg=connections)
Oct 23 12:47:05 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:52100 error="read tcp XX.XXX.XXX.XX:22000->>
Oct 23 12:47:05 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:60690 error="tls: first record does not loo>
Oct 23 12:47:05 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:60692 error="tls: first record does not loo>
Oct 23 12:47:05 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:60704 error="tls: first record does not loo>
Oct 23 12:47:05 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:60712 error="tls: unsupported SSLv2 handsha>
Oct 23 12:47:05 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60728 log.pkg=connections)
Oct 23 12:47:05 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60728 log>
Oct 23 12:47:05 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60730 log.pkg=connections)
Oct 23 12:47:05 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60730 log>
Oct 23 12:47:05 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60746 log.pkg=connections)
Oct 23 12:47:05 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60746 log>
Oct 23 12:47:05 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60758 log.pkg=connections)
Oct 23 12:47:05 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60758 log>
Oct 23 12:47:06 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60766 log.pkg=connections)
Oct 23 12:47:06 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60766 log>
Oct 23 12:47:06 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60774 log.pkg=connections)
Oct 23 12:47:06 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60774 log>
Oct 23 12:47:06 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60776 log.pkg=connections)
Oct 23 12:47:06 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60776 log>
Oct 23 12:47:06 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60778 log.pkg=connections)
Oct 23 12:47:06 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60778 log>
Oct 23 12:47:06 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60788 log.pkg=connections)
Oct 23 12:47:06 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60788 log>
Oct 23 12:47:06 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60802 log.pkg=connections)
Oct 23 12:47:06 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60802 log>
Oct 23 12:47:06 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60808 log.pkg=connections)
Oct 23 12:47:06 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60808 log>
Oct 23 12:47:06 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60812 log.pkg=connections)
Oct 23 12:47:06 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60812 log>
Oct 23 12:47:06 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60822 log.pkg=connections)
Oct 23 12:47:06 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60822 log>
Oct 23 12:47:06 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60830 log.pkg=connections)
Oct 23 12:47:06 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60830 log>
Oct 23 12:47:06 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60842 log.pkg=connections)
Oct 23 12:47:06 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60842 log>
Oct 23 12:47:06 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60844 log.pkg=connections)
Oct 23 12:47:06 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60844 log>
Oct 23 12:47:06 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60858 log.pkg=connections)
Oct 23 12:47:06 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60858 log>
Oct 23 12:47:07 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:60888 log.pkg=connections)
Oct 23 12:47:07 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:60888 log>
Oct 23 12:47:07 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:60890 error="tls: unsupported SSLv2 handsha>
Oct 23 12:47:17 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:60896 error="read tcp XX.XXX.XXX.XX:22000->>
Oct 23 12:47:27 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54620 error="tls: client offered only unsup>
Oct 23 12:47:27 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54634 error="tls: client offered only unsup>
Oct 23 12:47:27 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54650 error="tls: client offered only unsup>
Oct 23 12:47:27 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54666 error="tls: client offered only unsup>
Oct 23 12:47:27 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54690 error="tls: client offered only unsup>
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54682 error=EOF log.pkg=connections)
Oct 23 12:47:28 client.provider.net syncthing[4149]: Peer at did not negotiate bep/1.0 (address=ZZZ.ZZZ.ZZZ.ZZZ:54696 log.pkg=connections)
Oct 23 12:47:28 client.provider.net syncthing[4149]: Got peer certificate list of incorrect length (length=0 address=ZZZ.ZZZ.ZZZ.ZZZ:54696 log>
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54706 error="tls: client offered only unsup>
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54708 error="read tcp XX.XXX.XXX.XX:22000->>
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54718 error="tls: client offered only unsup>
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54724 error="tls: client offered only unsup>
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54738 error=EOF log.pkg=connections)
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54748 error="tls: client offered only unsup>
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54750 error="tls: client offered only unsup>
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54762 error="tls: no cipher suite supported>
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54766 error="tls: client offered only unsup>
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54772 error=EOF log.pkg=connections)
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54780 error="tls: client offered only unsup>
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54784 error=EOF log.pkg=connections)
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54790 error="tls: client offered only unsup>
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54800 error=EOF log.pkg=connections)
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54816 error=EOF log.pkg=connections)
Oct 23 12:47:28 client.provider.net syncthing[4149]: Failed TLS handshake (address=ZZZ.ZZZ.ZZZ.ZZZ:54832 error=EOF log.pkg=connections)
lines 120-152/152 (END)
When you started out with the old 1.19 release you did apparently configure syncthing to listen on an externally reachable address. However, with the upgrade to 2.0 the config was apparently reset to defaults. Syncthing is only listening on localhost and cannot be reached externally.
Success! I’ve double-checked /home/user/.config/syncthing/ does not exist. Removed the new config too. Removed and reinstalled Syncthing.
Now the GUI shows up at the required ip. Many thanks!
It seems unable to use HTTPS despite the tls="true" setting. Should I manually add a TLS certificate with OpenSSL for this ip?
1 Like
Syncthing does not use OpenSSL. If the GUI loads I would suggest enabling HTTPS through the GUI instead of hand-editing the XML directory (Settings → GUI → Use HTTPS for GUI). Syncthing uses autogenerated self-signed certificates for the HTTPS GUI. If you have a need for custom certificates, you can replace the https-cert.pem, https-key.pem files with your own. Though this is only useful if you have special requirements. You can also put the GUI behind a standard reverse proxy if you want secure access from the internet (this avoids complications such as setting up HTTPS within syncthing).
2 Likes
Weird, Syncthing HTTPS does not work on my devices
despite this option being enabled in GUI by default:
I set up GUI user and password too.
It’s not enabled by default AFAIK, but since you mentioned hand-editing the XML you likely already enabled it.
Note that many modern browsers hide the protocol used by default. The “not secure” warning likely comes from the fact that a self-signed certificate is used, which does not protect against active attackers. You’re still using HTTPS, but not with a valid certificate. If you require one, you need to acquire and install one (e.g. from Let’s Encrypt) by yourself. If you click on the symbol most browsers tell you why the site is considered not secure.
1 Like
I have found that Caddy is a usefully simple reverse-proxy and can automatically retrieve a LetsEncrypt certificate if the site resolves with a public-IP accessible domain. Literally 5 minutes and editing 2-3 lines of Caddy config.
3 Likes
After some testing, I think it would be fine to just stick to the stock version of certificates. Many thanks for your help.