so, I have all these wonderful QR codes and identification strings. alas, the device sits behind my firewall at home on a dynamics DNS. wouldn’t it be nice if there was a companion executable that would allow me to
Syncthing itself does not create anything that I would call a tunnel. For your specific use case, I’m using NordVPN’s Meshnet for connectivity and NoMachine for remote control — both are free. I’ve carefully configured and tested that the local machine firewall prevents NoMachine access without the Meshnet connection. This also allows me to avoid using relays entirely without permitting inbound Syncthing connections through my firewalls.