could I somehow exclude a VPN being used by syncthing for discovering new clients?
If you can specify the networks it should be allowed to use, you can maybe use the new “allowed subnets” setting per device in 0.14.27.
I thought Its maybe more easy to exclude the Network I do not want instead to allow the rest of the Internet.
Should that look like that? 255.0.0.0/8, 254.0.0.0/8 … 22.214.171.124/8, 126.96.36.199/8, … 188.8.131.52/8
It seems to be a bit much to allow 254...* IP-addresses to exclude 10.10..
Yeah, that’s a bit cumbersome. You can aggregate a bit;
184.108.40.206/3, 220.127.116.11/2, 18.104.22.168/1 will cover all of 22.214.171.124-255.255.255.255 for example. But it’s still a quite sucky way to do it. The details around 10.10.10.0/24 or whatever are no fun to do manually.
File a feature request - negative entries are a no brainer here, really.
Is there maybe a way to block these addresses by system rules? Maybe with SystemD, a firewall or something else? in many applications there is a way to setup the interfaces applications could use . Is there a way in syncthing to block it that way?
You can set the sync protocol listen address to an address specific to your LAN adapter, if you have a static IP on it. That won’t prevent Syncthing from connecting out to other addresses though, and depending on routing it may still accept connections to it from the VPN.
You speak aboutthis one? default
Could I also enter two addresses (one W-Lan and on LAN)? I miss a doc page for this Option.
Yes. There is a “Help” link on that field that takes you to the doc entry.
But negative ACL entries are simple, so I filed a pull request on it for you:
This is now in 0.14.28-rc.1 if you want to test it. Set the allowed subnets to
!10.10.0.0/16, 0.0.0.0/0 for the device in question.
Sorry I’m not able to test it.
am I on the wrong version, or is this not working ? [GRRPC] 10:52:32 INFO: syncthing v0.14.28 “Dysprosium Dragonfly” (go1.8.1 windows-amd64)firstname.lastname@example.org 2017-05-06 15:36:12 UTC
[GRRPC] 11:16:10 INFO: Listener for !10.5.1.0/24: unknown address scheme "" [GRRPC] 11:16:10 INFO: Listener for 0.0.0.0/0: unknown address scheme "" [GRRPC] 11:16:10 INFO: Disconnected from relay relay://126.96.36.199:22067 [GRRPC] 11:16:10 INFO: TCP listener ([::]:22000) shutting down
You’ve put the networks in the wrong field
right, this should be entered in the field : Actions/Advanced/Device “YourRemoteDevice”/allowedNetworks
Is this in the newest version yet?
And, I too would like the negative … I need to not use 10.22.0.x
Thanks. I’m almost ready to report on my success with Syncthing.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.