How to configure a Relay for both IPV4 *and* IPV6 !!

Support
1

I try to setup an private relay which should listen to both IPV4 and IPV6. I do not manage, I can either define the relay to listen to IPV4 OR to IPV6 not both !!

I tried a lot …

The config file for relays turned out to be “/etc/default/syncthing-relaysrv” (which is not documented eny where !!?)

The structure of the file is "Default settings for syncthing-relaysrv (strelaysrv). $ default NAT=true => false NAT=false

$ Add Options here: RELAYSRV_OPTS=

I did try many options the result is about this $ OK IPV4 RELAYSRV_OPTS=-pools=“” -listen=“192.168.c.d:‘myPortNo’” -token=“‘mySecretToken’”

$ OK IPV4 RELAYSRV_OPTS=-pools=“” -listen=“:‘portno’” -token=“‘mySecretToken’” (does not listen to IPV6)

$ OK IPV6 RELAYSRV_OPTS=-pools=“” -listen=“[a:b:c:d::e]:'myPortNo; " -token=”‘mySecretToken’"

Every thing I tried (many things) to create a listen string for both IPV4 and IPV6 failed (example: -listen=“192.168.c.d:‘myPortNo’,[a:b:c:d::e]:‘myPortNo’”)

Mostly the error message was “too many colons in address”

Does any one know/can explain how to setup a relay which is working for both IPV4 and IPV6 !!??

PS: I had to replace “#” sign at some places above, since that sign ‘destroyed’ the layout of this message

2

What’s the point of an IPv6 relay?

3

The relay server listens on both IPv4 and IPv6 by default. You can uses it in this way by adding it specifically by address on both sides.

It can only register to a pool with either IPv4 or IPv6, not both, because the address the pool server sees needs to match the relay server’s announced address. Our public relay pool only accepts IPv4 relays.

If you are thinking a relay server would be a neat way to bridge between IPv4-only and IPv6-only Syncthing clients then, no, it’s not, in it’s current incarnation.

4

It would be nice if a relay could also bride between IPV4 and IPV6, however that is not my intention.

I intent to use the relay for two purposes:

  • as a proxy between the internet and my internal clients and also between internal clients in separate vlans.
  • the firewall should nat te.g. port 22000 to the relay
  • and for extra security since the relay will also use an secrettoken

and of course many devices do not have IPV4 any more and/or use IPV6 by preference

5

Syncthing Structure Concept
Syncthing Structure Concept822×771 62.7 KB

Above the structure for my local Syncthing.

  • UPNP = NoGo
  • Remote client can be IPV4 or IPV6
  • Remote client can be a a really trusted client knowing port22abc and private relay secret
  • An other client using the default port 22000 routed to my ‘public’ relay

Both relays should not be part of any pool (-pool=“”)

The Relays (= Proxy’s) are virtual machines. It would be nice if one VM can full fill all the relay function’s:

  • private relay IPV4
  • private relay IPV6
  • ‘public’ relay IPV4 (future)
  • ‘public’ relay IPV6 (future)

My primary goal at this moment to set up the private part of this concept. Not sure if I will add the ‘public’ part / ‘public’-relay later. I have no direct use for that and I am not sure if I want to add that functionality from security perspective.

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.