No longer connected directly, only via relay

I had two syncthing nodes (using SyncTrayzor) connected directly. Let’s call the first “Node A” which is on a static IP, with the port 22000 forwarded. And node B which has the remote-device-“Node A” added, and in the “Edit device (Node A)” dialog under Advanced, the address and port is that of the Node A public IP and the forwarded port. This all worked OK for a long time.

Since a few weeks ago, they can’t connect directly, so I had to change the address back to “dynamic” and it’s now using a relay server. If i set it back to tcp:// (my ip), I get the “i/o timeout” message, but sometimes for a few seconds this one pops up as well: received unexpected handshake message of type *tls.clientHelloMsg when waiting for *tls.serverHelloMsg But after a few minutes it establishes the connection, but via a relay.

I don’t remember changing the firewall in the windows, or anything on the router. How could I tinker with this to find the cause & solution?

What happens if you disable the Windows Firewall (temporarily)? Does it make any difference? Also, please check if your network in Windows is set to “private” or “public”. It needs to be set to “private” if you want to be able to connect to the device directly.

Thanks! The connection on Node A was set to “Public network”, changed to “Private” and it’s working great.

Just curious, if i were to change it back to Public, is there a firewall rule that I could add, so that syncthing could still listen to connections?

You could do it manually, but the simplest method would be to remove all existing rules related to Syncthing, and then run Syncthing (or SyncTrayzor) again. Windows Firewall will show a pop up asking you to allow the application to access the network, where you can select both “private” and “public” access.

Please keep in mind that allowing “public” access is unsafe in principle, e.g. someone could try to open your Syncthing Web GUI on a public WiFi, etc. As long as you have it password protected, everything should be safe though, but still.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.