NAT to NAT communication

Frustrating situation: syncthing <–> NAT <–> Internet <–> 2x NAT <–> syncthing (NATs with stateful firewall)

Is it possible to implement pwnat code OR n2n features?

Thank you

Wow this is a bit of black magic, thanks, for the link.

Yeah, we might have a UDP version of the protocol eventually (there is a ticket on github), then having the discovery server acting as a relay for the punch through.

I tried freenet6 anonymous tunnel (gogoc in default config) with dynamic address on both nodes. It doesn’t work. How can i add specific network interface (eth/tun/tap etc) to syncthing for listening on this interface and for dynamic IPv6 address global discovery ?

There is a listenaddress query argument for discovery server url, and ip address for the tap.

Though you might have to change udp4 to udp6

I might has perhaps misunderstood you regarding dynamic discovery. We broadcast a message to the discovery server every 30 or so minutes, which updates the address to your current public address.

Thank you for reply. My wrong, my english is bad. I need in syncthing a way to change/add interface name to bind to, because gogoc changing ipv6 address every day (= i cant use editbox for adress:port). Syncthing announce only primary interface and not tunnel interface. I’m behind three NATs with SPI, one my, two of my provider :frowning:

Syncthing doesn’t announce an IP address at all. It just sends a packet saying which port it’s listening on, and global discovery server uses the IP of the connection on which the announcement packet arrived.

We don’t have support for binding to an interface, we only support binding to an address, for both global discovery announcements and protocol connection.

The best solutions I can think of (all are linux’ish sadly):

  1. Bind to and set up routing on your machine to route global discovery server packets through the right interface via iptables.
  2. If you are running Linux, setup a network namespace, and run syncthing in that namespace with only that interface available.
  3. Run inside a docker container only with that interface exposed.