I’m in the process of replacing BitTorrent Sync with Syncthing, and already I find myself liking Syncthing far more. There is one problem in the paradise, however…
I have five devices/nodes (all running the latest version of Syncthing available):
Desktop - Win7 x64 desktop computer, at home
Laptop - Win7 x64 laptop, at work
Netbook - Win8 x86 “hybrid laptop”, network varies
Phone - Jolla running Android Syncthing app, network varies
Server - Unix something, runs Syncthing in a screen session, off-site
However, some of the devices never see each other. See this borderline occult diagram:
Understandably, I’d like to complete the ritu…diagram.
Phone connects to Server from work so corporate firewall shouldn’t be an issue
Laptop node at work cannot connect to node Server, but can establish SSH, SFTP and HTTP connections with the server machine itself
Since each node connects to at least some nodes, I’m starting to think this is a client rather than network issue?
Whether the server a static IP address? Do you try to specify a static address and port 22000 instead of dynamic? On the server side must be made port forwarding if server behind NAT.
I suggest you set STTRACE=discovery env var on the laptop, and see what IP:port you get for that machine, and then check wether that port is actually open. Also, you might be on visitors wifi with the phone which perhaps is less restrictive?
I do not know, but should it matter? Desktop and Phone can already see Server, so it should be working properly.
I’ve checked the IP and port that Syncthing on Desktop reports for Server and set them as Server’s address on Laptop, but it made no difference. I also tried port 22000.
You should connecting to that port using OpenSSL and see if you can establish the connection (
openssl s_client -connect <ip:port>)
If you can, then there is something wrong with discovery, and you should run with the env var as I’ve explained.
I tried both “set STTRACE=discovery” and “set STTRACE=discover” (as it’s typed on the debugging page) but saw nothing additional in the log file. Am I looking in the wrong place?
I’ve no experience with OpenSSL, but I found a Windows-compatible version. Doesn’t seem to work:
connect: Result too large
I couldn’t find anything useful regarding that error. Does this indicate that the target machine is found but connection is not successful, or that it wasn’t even tried?
I noticed now that on mobile broadband (tested on two different providers) Phone and Netbook can only connect to Desktop, nothing else…
How are you starting syncthing?
If you set STTRACE=all then you should get crazy amounts of logs. If you are not, then your are not doing something right.
As for openssl, you can install it on windows and call the same command.
Depends on platform, on Windows I have a .bat file with
start "Syncthing" syncthing.exe -no-console -no-browser
I didn’t actually install OpenSSL, rather just got openssl-1.0.2-x64_86-win64.zip from http://indy.fulgan.com/SSL/ and ran this
openssl s_client -connect <ip:port>
with the IP and port of Server as reported by Syncthing on Desktop.
DEBUG: discover udp4://announce.syncthing.net:22026: Lookup(T5RBMXW-*-*-*-*-*-*-*) result: [85.*.*.*:22000]
This is from Laptop, the device ID and IP are those of Phone (now on mobile broadband). Despite showing the correct IP and port on the log, the two are not connecting now.
The same situation is repeated with other nodes it seems.
And you are saying you can connect to SSH/SFTP whatever on the same 85...* ip, but not 22000?
What does OpenSSL return?
I can, though that’s port 22. I tried port 22000 as well as the 32220 as reported for the Server by Syncthing on Desktop, but the connection is refused.
OpenSSL so far hasn’t worked. It just outputs “Result too large” whenever I try it…
I’m not sure if this is significant, but in the log (on Laptop), the lookup result for all other nodes except Desktop has port 22000, but for Desktop it shows 3899, and it is the only node that is working well now.
If you are sure syncthing is running and listening on that port (lsof or netstat proves that) then it implies to me that you have firewall rules on the machine or server provider which refuse connections over 22000, as the port is definitely closed.
You could also change syncthings protocol port to port 443 or something, to make sure your corporate firewall doesn’t firewall some random non-usual-protocol high ports.
Once OpenSSL starts saying that the connection is not refused, then you will have set the firewall up correctly.
Well, as Laptop behind the corp firewall can connect to Desktop, I donä’t think the firewall rules are the issue here. Desktop can connect to Server and I’m SSH-tunneling the WebGUI of Syncthign on Server; it is very certainly running & syncing files there.
I tried 443 on Laptop but it made no difference regarding nodes other than Desktop. As I have the same issue with nearly all my devices, I don’t think this is a firewall thing. I currently have all of them on different connections (home, work, two mobile broadbands and server), and right now Desktop sees all and others see only Desktop.
All seem to lookup the IP addresses of other nodes correctly, so I’m not sure what goes wrong after that.
Perhaps they are just behind a NAT, and UPnP fails and you are not forwarding ports?
Some likely are. I don’t even know whether the network at the office has UPnP enabled. I most certainly don’t have the power to forward or open ports there.
In the case of the two devices on different mobile broadband connections and not seeing each other, I don’t think there’s anything I can do?
I’m not a networking expert, but I find it curious how BitTorrent Sync “just works” on all the aforementioned devices. That’s the only thing (albeit a rather crucial one) where it seems superior at the moment.
Well if you can get port mappings setup, or UPnP working the it should be fine.
As long as there is one machine which is always accessible by everyone, you should be fine.
BTSync uses relay servers which transport your data, as well as potentially UDP punch-through.