forcing Syncthing to exclusively use a isolated (wired) LAN?

conne835 · January 27, 2022, 11:51am

Hi all,

I’ve been struggling with the following problem for days:

2 Win10 PCs (one of them is intended to collect all data)
1 RasPi4

are connected together (using unmanaged ethernet switch) in a wired, isolated LAN with all static IPs, no DHCP, no DNS, absolutely no connection to the internet.

Win10’s network configuration is a nightmare in itself! It looks like MS can’t imagine that a PC is connected to a LAN, which does not lead to the Internet and where this PC only knows a static IP and the appropriate subnet mask. But this is perhaps only part of the story.

With great effort I am now so far that the network connections of the Win10 PCs are considered private and just for this category “Private Networks” the firewall is switched off.

Under these conditions I can now communicate between the computers (e.g. RDP VNC and Teamviewer in LAN mode to the Win10 PCs, VNC and SSH to the RasPi).

However, Syncthing usually sees the other devices as “disconnected”. It tries hard to find relay servers and a way to the other devices, which is of course mostly impossible due to lack of internet connection. Only the “direct way” is possible of course!

Only once I managed that both ways (Win10-1 to Win10-2 and Win10-1 to RasPi) were active (green) at the same time and also data was synchronized successfully. What conditions existed at that time, I can hardly remember.

I always thought connecting between devices on the same LAN would be the easiest thing to do, but that doesn’t seem to be the case. My experience with Syncthing across different, distant networks, on the other hand, has been extremely positive so far.

So my question: what do I need to consider in such an environment and can I somehow “tell” Syncthing which routes to the remote target system make sense to try and which not?

Does anyone know a well understandable source of information on the correct configuration of Win10 in a LAN without internet connection with static addresses and without gateway and DNS?

Any helpful information or your own experience report on this topic will be highly appreciated.

Thanks in advance, Thomas

PS: Is Syncthing also able to synchronize between local directories? It would be desirable to additionally store a copy on a USB memory on the PC which merges all data. Otherwise you would have to use e.g. https://rclone.org/.

tomasz86 · January 27, 2022, 12:42pm

Have you tried simply hard-coding the IP addresses in Syncthing (e.g. tcp://192.168.0.1:22000) instead of the default dynamic?

Syncing between local directories isn’t supported, unless you run two separate instances of Syncthing on the same machine, which has its drawbacks.

conne835 · January 27, 2022, 12:53pm

Hi tomasz86,

thanks for your answer!

In fact, I only specified this Device ID (the long string that uniquely identifies each device and is also displayed as a QR code) on “+Add Remote Device”.

How / where should I specify the direct IP? By the way, Syncthing also got the IP out on its own, as one saw in the log.

Best, Thomas

tomasz86 · January 27, 2022, 12:59pm

If it’s detected the IP and can’t connect nevertheless, then I’d say something’s likely still up with the firewall or something.

Anyhow, you can try hardcoding the IPs as explained below.

conne835 · January 27, 2022, 1:16pm

Thanks for the hint! I will try it out as soon as I have access to the systems again. Unfortunately, the equipment is located a few hundred kilometers away from me.

Thomas

Nummer378 · January 27, 2022, 4:55pm

Well, having prior experience with this, I know that Windows hates operating in a network without gateway. Setting static IPs should be fine, but if you leave the gateway blank Windows will consider the network to be “unidentified”.

The issue is that Windows uses the gateway’s MAC address to assign a network a “profile”. Without gateway the network has no profile/a default profile. This can cause some mostly firewall related issues, as some AV/firewall vendors (as well as the Windows Firewall to a certain extend) like to assign specific settings to the profile - that doesn’t work when the network has no real profile.

The is no good solution for this, but there is a workaround: Choose a computer in the local network that is reachable by others (preferably a Linux/non-Windows machine, as those don’t have these problems) and set that as a fake gateway for the others. The machine can simply drop packets intended for remote destinations, but its presence will cause Windows to resolve the MAC and thus assign a network profile. The network will then show “no internet” in Windows machines.

This workaround is also used by VPNs such as ZeroTier. The issue has been present since at least Windows XP SP2 (when the current firewall system was introduced).

If you can completly turn off all firewall related things, the above shouldn’t matter that much to you - the kernels actual routing and network stack can handle networks without a gateway without too much trouble.

Have you verified that these settings persist over a reboot? It’s extremly difficult to apply settings for an unidentified network (that has no “real” profile, just a fake default one).

This was probably due to local discovery. Local discovery uses multicast/broadcast packets to identify other Syncthing nodes in the same network. In theory this should work nicely and reliable. Local discovery may have issues, if a firewall is interfering though (or the network was configured incorrectly, e.g different netmask).

conne835 · January 27, 2022, 5:29pm

Hi Max,

thank you for the valuable information about the behavior of Windows! Indeed, the effect occurred that on one PC the settings were wrong again the next day (i.e. after reboot): e.g. private network set back to public.

I had also wondered why the “new” “Win10-style” network connection dialog wouldn’t close if the gateway and DNS were left blank. That’s why I even entered the RasPi there as a fake. However, “further down” in another dialog that looks like WinXP you can delete these settings again, which I probably did.

calmh · January 28, 2022, 7:22am

I think Syncthing should work out of the box if you get the environment / wirewall profiles etc. sorted. If you google it you’ll find a bunch of switches you can toggle to make Syncthing not send any packets to the internet – but none of those are required for you since you’re not connected to the internet. You might still want to turn off global discovery, auto upgrades, and maybe other things to avoid notices in the GUI that it’s not working, but it shouldn’t affect functionality one way or the other.

OCRenkist · February 9, 2022, 2:56am

Does Syncthing support wildcards in these IP address? In order to accomodate DHCP, the ability to write tcp://192.168.0.*:22000 is needed.

martinleben · February 9, 2022, 8:11am

The “Adresses” field expects “dynamic” or one or more addresses to connect to. What you supplied is a range. You can’t connect to a range.