Many public WiFi (and some ISPs) use FortiNet as their firewall. They classified SyncThing as a P2P application (which is fair), and blocked all access to it (which isn’t fiar IMO). They blocked all relays, discovery, and access to syncthing.net (documentation, forums, etc).
They do not block ports! So if you have a static IP on one of your nodes, you can still use syncthing. I edited the device properties and set the address to the static IP (instead of “dynamic”), and syncthing is usable.
I’m not sure if SyncThing devs can do anything to combat this. One possibility is to have clients try previously known IPs of the remote devices in the event that discovery servers aren’t reachable.
I haven’t yet seen an ISP blocking Syncthing infrastructure – if mine did, I would certainly complain and consider changing providers. As for public wifi, blocking P2P makes a lot of sense in the general case. I would expect that most wouldn’t be interested in how Syncthing isn’t like other P2P apps.
This sounds like a use case for a VPN service. Proton’s free tier could be a good choice. NordVPN’s Meshnet is free (you don’t need to be a NordVPN subscriber) and was super easy for me to set up – my Syncthing Devices work very well this way.
With that said, follow the rules of the network you’re using, especially if it belongs to your employer.
EDITED to correct a grammar error that was bothering me.
Meshnet from Nord is an option that you can use to give yourself a private peer-to-peer tcpip Network. I have used it and it works well. There is another company that has a free product that works equally well and you can compare the two and see which one works better for you.
Its called tailscale. It basically functions the same way as meshnet giving you a free peer-to-peer private tcpip Network for your servers.
Yes, they’re not interested in the nuances about Syncthing. They outsourced the firewall to FortiNet, and don’t even know the workings of it as far as I can tell.
Unfortunately I was SOL. I have openvpn setup listening on Port 443, and FortiNet does deep packet inspection and blocks it
Thanks, I’ll try this out. Also maybe I can change the ports of my OpenVPN server and see if there is a standard VPN port that FortiNet leaves open.
