Sycnthing doesn't work at my work network

Hello, I’ve got a computer at home (a Raspberry Pi, which works as a 100% online device), an Android device and a second computer at work. The problem is, ST doesn’t synchronize file at work. I suspect it is blocked in some way by IT (intentionally or not).

Is it any way to make it working (without writing applications to the IT department)?

Below I am posting the fragment of the log:

[KDLVY] 2024/09/27 14:27:35 INFO: Established secure connection to KPZDDEK at 192.168.97.139:53631-45.119.155.29:443/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256/WAN-P50-2VSHJ4VK9087OE6TTU9N22VEL0
[KDLVY] 2024/09/27 14:27:35 INFO: Device KPZDDEK client is "syncthing v1.17.0" named "malinka" at 192.168.97.139:53631-45.119.155.29:443/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256/WAN-P50-2VSHJ4VK9087OE6TTU9N22VEL0
[KDLVY] 2024/09/27 14:27:41 INFO: Lost primary connection to KPZDDEK at 192.168.97.139:53631-45.119.155.29:443/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256/WAN-P50-2VSHJ4VK9087OE6TTU9N22VEL0: reading message: read tcp 192.168.97.139:53631->45.119.155.29:443: wsarecv: Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta. (0 remain)
[KDLVY] 2024/09/27 14:27:41 INFO: Connection to KPZDDEK at 192.168.97.139:53631-45.119.155.29:443/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256/WAN-P50-2VSHJ4VK9087OE6TTU9N22VEL0 closed: reading message: read tcp 192.168.97.139:53631->45.119.155.29:443: wsarecv: Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.
[KDLVY] 2024/09/27 14:27:41 INFO: Puller (folder "eMka" (gcv7b-nwhww), item "ZGP-2024-09-26__19-08.mp3"): syncing: no connected device has the required version of this file
[KDLVY] 2024/09/27 14:27:41 INFO: Puller (folder "eMka" (gcv7b-nwhww), item "PDWI-2024-09-26__21-00.mp3"): syncing: no connected device has the required version of this file
[KDLVY] 2024/09/27 14:27:41 INFO: "eMka" (gcv7b-nwhww): Failed to sync 2 items
[KDLVY] 2024/09/27 14:27:41 INFO: Folder "eMka" (gcv7b-nwhww) isn't making sync progress - retrying in 16m5s.
[KDLVY] 2024/09/27 14:37:25 INFO: Established secure connection to KPZDDEK at 192.168.97.139:53722-45.119.155.29:443/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256/WAN-P50-2VSHK7B8QTHTOAD4KEKE5KSC92
[KDLVY] 2024/09/27 14:37:25 INFO: Device KPZDDEK client is "syncthing v1.17.0" named "malinka" at 192.168.97.139:53722-45.119.155.29:443/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256/WAN-P50-2VSHK7B8QTHTOAD4KEKE5KSC92
[KDLVY] 2024/09/27 14:37:27 INFO: Lost primary connection to KPZDDEK at 192.168.97.139:53722-45.119.155.29:443/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256/WAN-P50-2VSHK7B8QTHTOAD4KEKE5KSC92: reading message: read tcp 192.168.97.139:53722->45.119.155.29:443: wsarecv: Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta. (0 remain)
[KDLVY] 2024/09/27 14:37:27 INFO: Connection to KPZDDEK at 192.168.97.139:53722-45.119.155.29:443/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256/WAN-P50-2VSHK7B8QTHTOAD4KEKE5KSC92 closed: reading message: read tcp 192.168.97.139:53722->45.119.155.29:443: wsarecv: Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.
[KDLVY] 2024/09/27 14:37:27 INFO: Puller (folder "eMka" (gcv7b-nwhww), item "PDWI-2024-09-26__21-00.mp3"): syncing: no connected device has the required version of this file
[KDLVY] 2024/09/27 14:37:27 INFO: Puller (folder "eMka" (gcv7b-nwhww), item "ZGP-2024-09-26__19-08.mp3"): syncing: no connected device has the required version of this file
[KDLVY] 2024/09/27 14:37:27 INFO: "eMka" (gcv7b-nwhww): Failed to sync 2 items
[KDLVY] 2024/09/27 14:37:27 INFO: Folder "eMka" (gcv7b-nwhww) isn't making sync progress - retrying in 16m1s.
[KDLVY] 2024/09/27 14:48:36 INFO: Established secure connection to KPZDDEK at 192.168.97.139:53853-45.119.155.29:443/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256/WAN-P50-2VSHLECSHC70GJR4N35UQELAUQ
[KDLVY] 2024/09/27 14:48:36 INFO: Device KPZDDEK client is "syncthing v1.17.0" named "malinka" at 192.168.97.139:53853-45.119.155.29:443/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256/WAN-P50-2VSHLECSHC70GJR4N35UQELAUQ
[KDLVY] 2024/09/27 14:48:38 INFO: Lost primary connection to KPZDDEK at 192.168.97.139:53853-45.119.155.29:443/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256/WAN-P50-2VSHLECSHC70GJR4N35UQELAUQ: reading message: read tcp 192.168.97.139:53853->45.119.155.29:443: wsarecv: Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta. (0 remain)
[KDLVY] 2024/09/27 14:48:38 INFO: Connection to KPZDDEK at 192.168.97.139:53853-45.119.155.29:443/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256/WAN-P50-2VSHLECSHC70GJR4N35UQELAUQ closed: reading message: read tcp 192.168.97.139:53853->45.119.155.29:443: wsarecv: Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.
[KDLVY] 2024/09/27 14:48:38 INFO: Puller (folder "eMka" (gcv7b-nwhww), item "ZGP-2024-09-26__19-08.mp3"): syncing: no connected device has the required version of this file
[KDLVY] 2024/09/27 14:48:38 INFO: Puller (folder "eMka" (gcv7b-nwhww), item "PDWI-2024-09-26__21-00.mp3"): syncing: no connected device has the required version of this file
[KDLVY] 2024/09/27 14:48:38 INFO: "eMka" (gcv7b-nwhww): Failed to sync 2 items
[KDLVY] 2024/09/27 14:48:38 INFO: Folder "eMka" (gcv7b-nwhww) isn't making sync progress - retrying in 16m1s.

Keep in mind that I’m suggesting technical solutions; I do not know your employer’s policies nor can I give you any sort of legal advice. Don’t do anything that can get yourself in trouble.

One option would be to use a mesh VPN; I use NordVPN and Tailscale seems quite popular here. Getting Syncthing working over Nord’s Meshnet was incredibly easy for me.

Another option would be to turn on Global Discovery and also Enable Relaying (both for your device at home and your device at work). If those are on now, that’s an indicator that your employer’s IT department is blocking the traffic deliberately.

Unauthorized VPNs are against pretty much any sane IT department’s policies.

Make sure the nodes outside the company network are reachable. Port forwarded or otherwise. Probably the only way you’re gonna make a connection is if the work machine is calling out to the other machines.

If IT is blocking there’s probably a reason.

1 Like

Always work with your corporate IT and not against them.

2 Likes

When they ask you for “a list of IP addresses to white-list”, that’s when you know there is no more progress in sight.

Thank you for your reply!

VPN is what I’ve already tried, just to check if the problem may be caused by some blocking imposed by the IT department (nota bene, I used NordVPN :wink: ). And over the VPN Syncthing works.

About Global Discovery and Relaying - as far as I know - I have both options enabled.

1 Like

I have no influence on port forwarding performed by the IT department. But I’ll try to ask them anyway. Thank you!

100% agree!

Sorry, I don’t get it?..

Just my usual rant about corporate IT departments often locking down stuff blindly and not considering network usage patterns that are beyond searching Google, browsing some web sites, and their own internal applications. Especially the thought that IP addresses can be used as criteria to separate good from bad behavior, is still very common but IMHO very outdated.

1 Like

Yeah… I write to them. If everything goes well, I’ll now more details shortly. Thanks!