Private relay server with client authentication


#1

I’m looking into setting up a private relay server so that data doesn’t have to travel through third party relays even in tricky network situations.

After reading through the docs, the README and the man page I know that I can pass -pools="" to strelaysrv to make it not announce itself.

Is there a way though to make the relay refuse clients? Despite not being announced, once the address is known (which can happen in various ways) it can be used as an attack vector against a system. Did I understand this correctly or actually there’s a way to restrict client access by pre-shared keys or private/public key auth?


(Audrius Butkevicius) #2

No there is no way todo what you are talking about. Iptables or some pass through proxy/pull request to the original code might work if you have the time.


#3

That’s a pity, I will probably solve it by having a proper Syncthing node there instead that my other nodes. It would be great if they could use that node as a relay without having to sync every folder on it, but as far as I see that’s not a feature either. :disappointed:

Thank you for your answer, Audrius.


(Ben Creasy) #4

Note: posted this to Github https://github.com/syncthing/syncthing/issues/3987 to post a small $15 bounty for it.