Not working behind http proxy or firewall?

I’m trying to sync my office Desktop to my computer at home with Syncthing. Currently I’m using Unison, which syncs via SSH and works well.

At my office, the desktop is behind a http proxy. I’m not sure if they have socks proxy here. Probably not. This is already a problem, right? Syncthing requires socks proxy?

Just to give a full picture, to connect via SSH from home, I have to point the ssh to an intermediate IP, which then redirects the connection to my office within the NAT.

It seems that Unison, Rsync (ssh based connections) are my only choices to sync. Is that correct? Or would it Syncthing work if I ask the IT department to open some ports for me?


It might work if you set up http proxy env vars, as I suspect it’s failing during discovery.

It doesn’t work. If I set

export http_proxy=http://… export https_proxy=…

Syncthing does not dectect proxy. The CLI only shows the “proxy detected” message if I set the

export all_proxy=socks://…

But then I think they don’t have socks here. Trying all_proxy=http://… also didn’t work.

It would not print a message for http proxy, thats handled by the standard library.

Never the less, see if you get errors from the discovery service. Maybe your firewall allows only http traffic (and no other traffic) and syncthing can’t work via a http proxy only without being able to make direct connections.

I guess by ‘I have to point the ssh to an intermediate IP’ you mean that you added some code to your .ssh/config file in order to do so. What actually happens under the hood is that you connect via ssh to a computer (your organization’s gateway) and from there to your work PC.

You could use the same configuration to create a port forwarding or socks proxy to your work computer via ssh, look e.g. here:

Although that would mean:

  1. that you need to have the ssh client running on your home computer and to find a way to restart it automatically (ideally) if connection breaks;
  2. that your organization’s sysadmins may be unhappy once they eventually figure out what you are doing.

I believe your best bet is to do the other way round, i.e. connect from work to home. Assuming you have the usual xDSL connection at home with a public and dynamic address, just use a dynamic domain and port forwarding on your home router and you are good to go.

I don’t know how the IT department redirects my SSH connection from the intermediate IP to my desktop. Sorry.

Here’s the output of the syncthing CLI:

[gerson@girasol ~]$ env | grep proxy
[gerson@girasol ~]$ syncthing --no-browser
[monitor] 17:36:44 INFO: Starting syncthing
[SUWDK] 17:36:44 INFO: syncthing v0.14.18 "Dysprosium Dragonfly" (go1.7.4 linux-amd64) builduser@svetlemodry 2017-01-01 21:43:44 UTC
[SUWDK] 17:36:45 INFO: Single thread hash performance is 218 MB/s using crypto/sha256 (43 MB/s using minio/sha256-simd).
[SUWDK] 17:36:46 INFO: Ready to synchronize "Default Folder" (default) (readwrite)
[SUWDK] 17:36:46 INFO: Using discovery server
[SUWDK] 17:36:46 INFO: Using discovery server
[SUWDK] 17:36:46 INFO: Using discovery server
[SUWDK] 17:36:46 INFO: TCP listener ([::]:22000) starting
[SUWDK] 17:36:46 INFO: Using discovery server
[SUWDK] 17:36:46 INFO: Using discovery server
[SUWDK] 17:36:46 INFO: Using discovery server
[SUWDK] 17:36:46 INFO: Device SUWDKC7-L2GCHV3-C4JVLGW-KE52KOV-A5D6OIH-BV726U7-CYDIGGR-NPZYKAP is "girasol" at [dynamic]
[SUWDK] 17:36:46 INFO: GUI and API listening on
[SUWDK] 17:36:46 INFO: Access the GUI via the following URL:
[SUWDK] 17:36:46 INFO: Completed initial scan (rw) of "Default Folder" (default)
[SUWDK] 17:36:57 INFO: Detected 1 NAT device
[SUWDK] 17:38:19 INFO: Could not connect to relay relay:// - Kansas City, MO, USA: tls: oversized record received with length 20291
[SUWDK] 17:38:29 INFO: Could not connect to relay relay:// dial tcp i/o timeout

Your corporate firewall is simply too much, as it’s interfering with everything.

Theoretically Syncthing could work behind an https proxy that supports connect. Whether our proxy implementation actually does this I have no idea, I’m guessing it doesn’t.

Thanks. I’ll try to talk with the IT guys here. But they are already not happy with us using SSH from home… stupid, right? I’m really limited here. And I work at an University…

My initial question was essentially if http proxy should work, because the documentation mentions socks only. Maybe you could add there a line saying that http_proxy should work as well.

One last question: any tips on what I should ask the IT guys here?

  • check if our http proxy supports connect
  • open some ports on the firewall?

Thanks again for the help. In the worst case scenario, I’ll keep using Unison for now. But congrats on Syncthing. It seems great!

Only discovery uses http as the transport so it’s not helping much, we need a socks proxy or permission to make generic outgoing connections to the internet for syncthing to work.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.