So, it seems that if I set up the client specifically to go to tcp://1.2.3.4:22000 (not the real IP, obviously) it doesn’t connect correctly. It SOMEtimes will, but most of the time it tells me the server actively refused the connection, and the server side mentions an i/o timeout, or handshake problem, etc.
But if I set it as dynamic, it pops right in.
I’ve port forwarded 22000 to the Syncthing server. All the other port forwards in the appliance are working correctly, and traffic is smooth. (Point-to-point VPN stuff, for example is working fine, and it can be persnickety.)
Is there anything else I need to do? Settings in Syncthing? Forward some UDP port for communication?
I ask because in future if I wind up with more than one server, for different departments/satellite offices/etc. I’d like to set them at 20000, 20001, 20002… etc as well as cut out a middleman discovery server and just have the clients talk directly to the server.
Looks like an issue in your network setup/configuration. As a starting point, check which endpoints are connected by syncthing when using ‘dynamic’ and see how that compares to what you would expect.
Syncthing prefers to talk TCP, but recent versions can optionally also use UDP (IETF QUIC protocol). If TCP works there should be no need for any UDP stuff (except it’s also used for local discovery - do you need that?).
Yeah, I’d like to skip all the discovery servers and have the client machines connect directly to our organization. That way if (heaven forbid) anything happens to you guys, temporarily OR permanently, OUR services continue running.
I have something similar. Direct connections are set but the throughput is slow, yet add “tcp://xxx.xxx.xxx.xxx:22000, dynamic” on the sending end and performance is much better.
Looking down the list of connections, there isn’t a single one using 22000, yet the firewall and ports are all set to allow.
I put it down to multiple connections trying to come into the single port and something then blocks it, but on different ports, the data is handled without any issues. FWIW, I tried setting different ports but had the same result when multiple connections are set to the one port.
Forwarding the same port to multiple devices doesn’t make much sense, or I am misunderstanding you. You can setup port forwarding, test it using netcat to verify it works, if that works, then syncthing will work. The fact it doesn’t implies bad configuration/firewalls.
I’d suspected the firewall myself, but that doesn’t seem to be the case. I’ve disabled the Xubuntu firewall entirely, and the gateway appliance seems to be in order.
I could TRY it with DMZ pointed to the syncthing machine just as a test. But I hate to open the floodgates like that, even temporarily.
