I host an OpenVPN server at home that I connect in to. I use a tunnel versus a tap, meaning it runs at layer 3 and thus does not forward broadcasts. As a result, I seem to be able to only get Syncthing to connect to my computers at home if I manually specify their addresses in Edit Device > Advanced > Addresses. I have a couple questions:
I assume Syncthing uses broadcasts, and that’s why it won’t automatically connect to any of my computers over OpenVPN, is this correct?
Assuming the above is correct, does that mean the only recourse I have is manually specifying the DNS name or address of each workstation and if so, is there a way to have the introducer automatically populate those versus having to manually configure each computer that will connect over OpenVPN?
Please see screenshot below of the current workaround I’m using:
If Syncthing’s global discovery is enabled, and your OpenVPN server is configured to bridge the tunnel interface to your home’s private LAN, then your roaming device and home devices shouldn’t have any issues finding one another.
I’d like to stay away from Syncthing reaching out to the internet for anything, which would include global discovery servers. My OpenVPN server is configured as a tunnel that operates at layer 3, meaning it’s not bridged and won’t forward broadcast traffic as a result. The reason for this is due to OpenVPN recommending this configuration due to the lower overhead, reduced traffic from broadcasts, and iOS not allowing TAP adapters, which are required to create a bridged connection at layer 2.
It sounds like my first assumption was correct, Syncthing uses broadcasts which my tunnel won’t forward, meaning I’ll need to continue utilizing my current workaround…so that raises the second question:
Is there a way for the introducer to send that information to all the clients, or is that a manual configuration step for each Syncthing computer?
To clarify, I’m looking for the introducer to propagate the information in Edit Device > Advanced > Addresses to other connected devices.
Additional thought: Would standing up my own global discovery server resolve this?
Reading the documentation on introducers, I would expect a device’s address(es) would also be sent with the introduction. Doesn’t it do that? Or do your devices not have a stable address?
Another solution than running a private global discovery service would be to run a service that forwards the discovery broadcasts between the different layer 2 networks. I don’t know the details about Syncthing’s broadcasting protocol, but that might be easier to set up.
Yes, local discovery requires forwarding broadcast traffic between your two subnets.
In addition to hard coded addresses, there are multiple ways to slice and dice this…
You’d have to install Syncthing on your OpenVPN Server and make it the introducer, or hard code the introducer’s private IP address on your iOS device.
The introducer passes along each device’s ID, its address info and folder IDs. However, the wrinkle is that it’s a one-shot deal, so if your home LAN devices don’t have static IP addresses (or fixed DHCP leases), Syncthing on your iOS device connected via OpenVPN won’t pick up future changes after the initial introduction.
Sure, it’s a viable option and a better fit compared to using the introducer feature which is really intended to streamline adding devices and shared folders to a peer.
Another option that you can investigate that may solve your problems is another company called tailscale.
They have a free tier which works perfectly in this environment. It is essentially a peer-to-peer encrypted private tcpip tunnel.
Once configured each of your devices running syncthing would have its own unique private encrypted IP address that you could use to establish communication without Broadcasting if that is something you wish to avoid.
Tailscale as as I mentioned the free tier that I use. You can connect up to I believe 100 devices in a single user account.
I have it running on Linux Windows and Android.
Yout openvpn solution is not working as you anticipated it would.
I just upgraded my router at home and in addition to an openvpn VPN server it runs wire guard VPN server and that’s even better if you can get your hands on it. The performance is much better than openvpn. I have it configured in the router to allow remote connections to communicate fully with everybody on the network.
In my mind there is an improvement opportunity whereas someone could configure on a machine what it’s “public address” is and that address could be communicated to connected machines and introducers to possibly reduce the load on the discovery servers, but currently there is no facility for this.
Of course this transfer of information implies the two devices are able to communicate to exchange it. So for an initial connection (unless introduced with the info) the discovery server would still be required.
Anyway this isn’t how it works today anyhow. Now you must put the server address in each client machine. (Server and client used loosely here since ST doesn’t make a distinction)
Interesting…if that’s true, this would probably be the solution I would go with, since I would then only need to configure the address to be the hostname on the relevant “servers”. Are these address settings set here:
So I would just remove “default” and put something like “tcp://hyper-v, default”? If this then populates via introducer, this would be my solution and what I’m ultimately looking for.
I’ll spin up a VM to try it out and report back, just in case anyone else is curious.
I was not referring to listen addresses. I was referring to the addresses you configure in Edit Device > Advanced > Addresses. Those are the ones you said you wanted it to propagate.
That’s what I’m currently utilizing now, but the introducer doesn’t seem to propagate those…unless what someone said earlier in this thread was true, where it is only propagated upon first adding a new Syncthing client but is never updated after that. Even if that were the case, I can’t find how to configure that on the introducer itself, only other clients that connect to the introducer by going to Edit Device > Advanced > Addresses.
I’m actually okay with this, however I can’t find where to set the address on the introducer, unless I’m blind and missing it in Actions > Advanced.
No problem, that just means I’ll either have to continue manually inputting the hostname on new mobile clients or experiment with setting up a self-hosted discovery server.
Ah, I think we’re talking past each other unfortunately…there is no Edit Device option since I’d be trying set the address on the introducer itself.
In either case, it sounds like I’ve hit a road block and my only options are to see if a local global discovery server will work (which I guess would be relatively the same amount of manual input since I’d need to specify my own discovery server, unless that propagates from the introducer) or just continue manually configuring the addresses on the remote clients that will use the VPN tunnel.
Thanks everyone for the responses, I really appreciate it!
If I’m reading this correctly, when I add a new client it would connect to the introducer, or I guess any currently active clients/nodes and then cache the IP addresses, hostnames, etc. Then when I take the device offsite and connect through my VPN tunnel, it would try from it’s list of cached entries until it finds a success?
