How to exclude syncting for using VPN

(Mannshoch) #1

could I somehow exclude a VPN being used by syncthing for discovering new clients?

How to disable connecting over a specific network interface? (like hamachi or another VPN)
(Jakob Borg) #2

If you can specify the networks it should be allowed to use, you can maybe use the new “allowed subnets” setting per device in 0.14.27.

(Mannshoch) #3

I thought Its maybe more easy to exclude the Network I do not want instead to allow the rest of the Internet.

Should that look like that?, …,, …

It seems to be a bit much to allow 254...* IP-addresses to exclude 10.10..

(Jakob Borg) #4

Yeah, that’s a bit cumbersome. You can aggregate a bit;,, will cover all of for example. But it’s still a quite sucky way to do it. The details around or whatever are no fun to do manually.

File a feature request - negative entries are a no brainer here, really.

(Mannshoch) #5

Is there maybe a way to block these addresses by system rules? Maybe with SystemD, a firewall or something else? in many applications there is a way to setup the interfaces applications could use . Is there a way in syncthing to block it that way?

(Jakob Borg) #6

You can set the sync protocol listen address to an address specific to your LAN adapter, if you have a static IP on it. That won’t prevent Syncthing from connecting out to other addresses though, and depending on routing it may still accept connections to it from the VPN.

(Mannshoch) #7

You speak aboutthis one? default

Could I also enter two addresses (one W-Lan and on LAN)? I miss a doc page for this Option.

(Jakob Borg) #8

Yes. There is a “Help” link on that field that takes you to the doc entry.

But negative ACL entries are simple, so I filed a pull request on it for you:

(Mannshoch) #9

Thanks !

(Jakob Borg) #10

This is now in 0.14.28-rc.1 if you want to test it. Set the allowed subnets to !, for the device in question.

(Mannshoch) #11

Great :slight_smile: :+1:

Sorry I’m not able to test it.

(Tom Staels) #12

am I on the wrong version, or is this not working ? [GRRPC] 10:52:32 INFO: syncthing v0.14.28 “Dysprosium Dragonfly” (go1.8.1 windows-amd64) 2017-05-06 15:36:12 UTC

[GRRPC] 11:16:10 INFO: Listener for ! unknown address scheme ""
[GRRPC] 11:16:10 INFO: Listener for unknown address scheme ""
[GRRPC] 11:16:10 INFO: Disconnected from relay relay://
[GRRPC] 11:16:10 INFO: TCP listener ([::]:22000) shutting down

(Audrius Butkevicius) #13

You’ve put the networks in the wrong field

(Tom Staels) #14

right, this should be entered in the field : Actions/Advanced/Device “YourRemoteDevice”/allowedNetworks

(John Statler) #15

Is this in the newest version yet?

And, I too would like the negative … I need to not use 10.22.0.x

Thanks. I’m almost ready to report on my success with Syncthing.

(Jakob Borg) #16


(system) #17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.