Slow transfer speed in LAN; Relay-Server used? Advice needed with configuration

Hello everybody,

i’ve experienced slow transferrates in my LAN. It is even worse when trying to access the devices via the external internet. I think it is because my setup falls back to general relay-servers, but i am not sure how to configure it correctly. Any help?

My current setup is like this:

1. Desktop PC Windows 10. The client. Syncthing 16.1 Stable channel.

2. Desktop PC Fedora Server 34 (accessed via commandline, LAN Web GUI and SSH if necessary), Syncthing 15.1 Fedora Package.

3. And a few others that were not running/important for this test.

Both computer have a SSD harddrive. The windows pc is connected via wifi (ca. 144 MBit/s) to the router, the Fedora Server is connected to the router via cable (100 Mbit/s).

I try to work with this guide: Firewall Setup — Syncthing v1 documentation

Ports have been opened in my 7490 fritzbox router via the function: “selbsständige Portfreigabe”, which roughly translates to “autonomious enabled port”. My firewall on the Fedora Server has been configured according to the firewall guide.

My firewall on my windows pc has not been changed from standard settings. In addition to windows firewall there is Comodo firewall in standard settings as well.

Following picture shows how the connection gets established:

As you can see it detects a port restricted NAT. I am afraid of opening too many Ports to the internet.

This one shows the speed:

The file i was transfering was a 400 megabyte 7zip file. Upload speed was roughly 4 MBit/s

I would expect to have a transferspeed of roughly 100+x MBit/s within my LAN. It was working with pretty fast speeds once before, but that was weeks ago and i don’t remember under which configurations. Back then i was fiddling with other things, so did not focus on that.

I am particularly intrigued why it would try to connect to relay servers even though i am in the LAN, or to say it differently: I don’t know how to properly establish a “direct connection” between the devices. I suppose a direct connection is supposed to be a port forward? The following paragraph in the guide doesn’t give me enough information on how to do that exactly. I also don’t know how to do this if i want to connect to a computer that is not in my local network. Is it only possible if i configure it with the IP-Adress given by my internetprovider? But that one changes every now and then when my router resets…

Port Forwards*

If you have a NAT router which supports UPnP, the easiest way to get a working port forward is to make sure UPnP setting is enabled on both Syncthing and the router – Syncthing will try to handle the rest. If it succeeds you will see a message in the console saying:

Created UPnP port mapping for external port XXXXX on UPnP device YYYYY.

If this is not possible or desirable, you should set up a port forwarding for ports 22000/TCP and 22000/UDP (or whichever port is set in the Sync Protocol Listen Address setting). The external forwarded ports and the internal destination ports have to be the same (e.g. 22000/TCP).

Communication in Syncthing works both ways. Therefore if you set up port forwards for one device, other devices will be able to connect to it even when they are behind a NAT network or firewall.

*In the absence of port forwarding, Relaying may work well enough to get devices connected and synced, but will perform poorly in comparison to a direct connection."

Edit:

i just did another test and somehow the speed seems to work totally fine now.

i am baffled

You are hiding the addresses in the second screenshot, so it’s hard to say if the speed improved because it managed to connect directly.

Effectively, while it’s connected via a relay, there are no guarantees for speed.

As to why it can’t connect directly, there could be many reasons, access point isolation, wifi and wired networks being on different subnets etc.

Worst case, you can always manually set the addresses for remote devices.

oh well, here you go.

You are fast!! Thanks for the immediate response!

Seems like it connected directly at this point, hence the change in speed.

You still have some sort of network segregation between your wifi and your wired network which is probably at play here.

In my Routerconfiguration it says that:

"Used IPv6 Präfixe:

Local-Network: 2003:d5:5f34:c100:: / 64 Guest-Network: 2003:d5:5f34:c101:: / 64 WAN: 2003:d5:5fff:34cd:: / 64

which i would interpret to mean that both of my devices are in the same network? If you look at their ipv6 adress, it is the same 2003:d5:5f34:c100 Further: I don’t use a separate access point like a second router or a guest wifi.

Also, I configured my Fedora Server to acess the GUI via 0.0.0.0:8384, and a https password, from another computer in my LAN, which works for now.

In Windows, make sure that your network is set to “private” and not “public”, because with the latter, the OS will block direct connections. Windows 10 defaults to “public”.

Your IPv6 addresses are globally routable. So the traffic of your devices only keeps in your LAN because they happen to be in the same prefix. While this is perfectly valid and working there is still something of with your network as the devices didn’t connect via a local IPv4/6 address.

I’ve made both progress and no progress.

1. I found inefficient settings in my router. Particularly, i had only allowed my server to open devices on its own, but not my other desktop devices. I corrected that. Now my router allows all my devices to open ports on their own, which decreased the shown dial attempts shown in the syncthing commandline from 3 to 1 attempts until a connection could be reached (either local or relais). UPnP was and still is activated (for now at least).

This caused me to get faster connections more reliably now, but not always.

When i turn on my Linux Mint Desktop PC, which is connected via Gigabit Ethernet (cable) it connects to the router directly via 192.168.178.xx adress, sometimes via ipv6 adress. Sample Size = 5 attemts (3 yesterday, 2 today). The Linux Mint also connected to my Windows PC directly pretty reliably. 100% success.

My Fedora Server seems to connect directly to my Windows 10 pc, but it is hit or miss. I had cases where it connected via relay first, but when i check the GUI 5 minutes later or so, it suddenly is connected directly. This mostly happened when my Linux Mint was running also. Yesterday evening though it wouldn’t give me any other thing than a relay connection. 10 Attempts, to no avail (one time i even completely turned off both my windows 10 firewalls → no change). Today, without having changed any settings (windows firewalls are on), it managed a direct connection 4 times in a row, not a single relay connection today.

My three current hypotheses for the Fedora Server randomness:

• The Fedora Server is connected via a 100MBit/s connection, whereas my Linux Mint is connected via 1 Gigabit connection and my Windows 10 Desktop PC is connected via Wi-fi 300Mbit/s. → 100MBit/s cable + 300 Mbit/s wifi = too slow for stun/quick in Syncthing 1.16.1, whereas 1 Gigabit cable + 300 Mbit/s = pretty reliable? - i have read the forum post that mentions the new super fast quickness of quick in syncthing version 1.17.0.rc3, but here i am still on 1.16.1.

• Some firewall stuff on fedora server side.

• Could it be that other devices in the network “prime” the Fedora Server connection? I have noticed that sometimes the syncthing devices get assigned ipv6, at other times ipv4 adresses in syncthing, even though i have assigned them static 192.168.178.xx adresses in my router. NAT + ipv6 interaction?

The following graphs show my latest “weirdly working” direct connection between Windows 10 and Fedora Server connection:

And thank you all for your replies so far. Especially the tip with the segregation between wi-fi and lan helped, because i went over my router settings again.

I’d recommend to uninstall any thirdparty security stuff and check if Windows network is configured as Private.

Also make sure to check the firewall of your Fedora server. This is usually configured via firewalld:

To lists the current config:

firewall-cmd --list-all

Allow syncthing traffic:

sudo firewall-cmd --zone=public --add-service=syncthing --permanent
sudo firewall-cmd --reload

Also, why is this an issue?

Sure, initially it connects using a relay, but it switched the connection afterwards, and all is fine.

I guess you can setup static DHCP mappings and configure specific addresses for specific machines just to be sure.

Yes this connection worked, but “yesterday evening though it wouldn’t give me any other thing than a relay connection. 10 Attempts, to no avail (one time i even completely turned off both my windows 10 firewalls → no change).”

I configured firewalld on fedora already. I used your commands to check just to make sure and it said “enabled already: Syncthing”.

I could try uninstalling comodo for a test just to make sure. Yes. But i am rather pessimistic it would change anything. During that one attempt when i deactivated comodo and my windows firewall my NAT changed to a “full cone nat”, according the syncthing commandline protocoll and it still would not connect directly, but rather via a relay.

I just want to get rid of the randomness. Sometimes it works, sometimes it does not.

My ultimate aim is for my devices to be reachable with syncthing from the internet, while still having my devices directly connected via syncthing behind the router. All this in a secure way. I don’t want to expose my network to the whole world getting hacked easily.

Of course, I am not that far yet. I have not started with a demain name server or a custom relay server or something related and i don’t have enough knowledge in that regard yet. For now i am content to fix the internal lan behind the router, to get at least that one working reliably.

Good news. The problem of randomness has been solved.

I found an option in the GUI that disables connecting to relay-servers. The german translation for it is ok, if you know what it is, but could need a small “?” button there that gives a proper explanation or that links to here (Relaying — Syncthing v1 documentation). Anyway, I ticked that for all my devices apart from the server, which is at one point supposed to be able to be reached from external devices, and it works like a charm! No relay servers got established, but now there was a new problem: Some of the devices didn’t get a connection at all, so i restarted all the syncthing instances on all the devices and in the same instance i updated my windows pc to the latest release candidate 1.17.rc3. Unfortunately i didn’t check if it was working without it. Anyway, i haven’t had a problem since then. Now all the devices connect to each other AND to the server via local ipv4, local ipv6 adresses or via quick (i saw that one once). It even works when my windows firewalls are on.

Niiiiice

Thanks for the help everybody.

Likely final post. I found an additional firewall setting in the Fedora Server cockpit programm. On Fedora Server 33, it was NOT enough to configure firewalld with the following settings:

Allow syncthing traffic:

sudo firewall-cmd --zone=public --add-service=syncthing --permanent
sudo firewall-cmd --reload

It only stopped giving me timeouts and errors while trying to connect to the server (it DID connect though, after some time!), when i entered firewall-rules for syncthing in the cockpit firewall:

I checked my speed after that and it went up to 60 Mbit/s when sending a file. That’s fair enough for the time being. I also ordered a new usb 3.0 hub that will allow me to have access to gigabit ethernet. That should do the trick.

I think this post can be closed.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.