Following the docu I have a few untrusted devices that receive encrypted folders and a few trusted full-sync devices up and running. Works really well. The untrusted raspberry pi at family member’s houses are always on and I can get stuff synced nicely. But I wanted to use my own relay exclusively and here is where things go weird. Following along with the documentation I simply set up a relay and a discovery server on a VPS. This VPS is not acting as a syncthing node. Just relay and discovery. I have the URL for discovery on port 8443 and I have the relay:// URI for the relay service.
i.e.:
https://my.vps.tld:8443/?id=1111111-2222222-3333333-XXXXXX-YYYYYY
relay://my.vps/tld:22067/?id=3333333-4444444-5555555-ZZZZZZZ
Now on all my clients I set these settings:
Actions → Settings → Connections
Have all of these checked:
- Enable NAT traversal
- Local Discovery
- Global Discovery
- Enable Relaying
In “Global Discovery Servers” I put my disco URL, example https://my.vps.tld:8443/?id=1111111-2222222-3333333-XXXXXX-YYYYYY
Up on top Under “Sync Protocol Listen Addresses” it has “default” and I append a white space, a comma and then put the relay server URI, i.e. default, relay://my.vps/tld:22067/?id=3333333-4444444-5555555-ZZZZZZZ
This seems to work because I can see in the log that the relay was joined. On the relay server if I run it with debug it also talks of sending and receiving data for clients.
If I turn off “Global Discovery”, clients on different networks cannot see each other anymore so Discovery seems to work, too.
The issue is that I notice that in the client logs they sometimes also connect to random third party relays.
My guestion is this: Is there any combination of settings that will let them discover each other via a private discovery server ONLY and use ONLY the private relay ?
Or do I need to turn off “Global Discovery” altogether and add the private relay’s URI as an address for each remote device where it defaults to dynamic, do I need to put dynamic, relay://my.vps/tld:22067/?id=3333333-4444444-5555555-ZZZZZZZ