Syncthing over Tor/Whonix/Tails

Hello everyone! Recently as an attempt to improve my privacy and anonymity online I have been using Tails and Whonix a lot along with a degoogled phone that has all of it’s traffic routed over Tor with Orbot.

I just have one slight issue, I have a KeePassXC file that I want to keep synced between my phone, Whonix VM, and Tails instance with Syncthing however it doesn’t seem to work at all. I don’t see a lot of info on this issue, I’ve looked everywhere to try and get some help. There is one mention of Tor in the syncthing docs that mentions using Syncthing with the Tor socks proxy but that doesn’t seem to work.

From my understanding, devices should be able to discover each other with a relay server correct? My thinking was if my phones entire connection is routed through Tor, syncthing would just work normally and connect to a discover/relay server except over the Tor connection, then my Whonix/Tails instances would also do the same thing and they could find each other that way? I’ve had syncthing running about an hour now and no device can find the other just says “Disconnected in webGUI”.

If I could do this over LAN I would, but my phone is the only device capable of doing so. I could split tunnel in the Orbot app and give Syncthing access to the LAN, however with Tails/Whonix being built to route everything over Tor with no way to reach out to LAN devices I’m stuck.

Am I doing something wrong here with my setup? Can any one of you give me any troubleshooting tips? I was thinking maybe public relays just don’t play nice with tor or are too “busy”? Do I just need to run my own private Syncthing relay? I’d assume that would also improve file transfer speeds since only my devices are using it.

I’ve been at this for days now and am going insane. Any help at all would be appreciated.

Upddate: I left the computer and phone on at home while I went out for a bit and when I came back after a few hours the Whonix VM finally connected to the phone. I made it so that the phone’s Syncthing app was split tunneled and routed over clearnet rather than Tor. I don’t know if this is what fixed the issue, I’m planning to try again soon with the phone routed over Tor.

Will this always take hours to connect moving forward? Do I just need to run my own relay? Like I said before I’m not sure if this would improve discovery and file transfer speeds. I only worry because, especially with Tails, these OSes I’m using are not meant to be run for extended periods of time. Tails is like incognito mode on steroids, everything is forgotten upon shutdown and nothing is saved to the disk. It is not a daily driver and I only have it on for roughly 1-2hours a day. As for Whonix, well, I’d rather not have a VM running all the time taking up system resources while I’m using my host machine.

I am having one other issue, doubt this is the proper forum to ask this question but on my Tails instance the WebGUI for syncthing will not load. Tails uses the Tor browser and the Unsafe browser. The Unsafe browser is supposed to be the one that allows Tails to bypass Tor and browse the clearweb but that doesn’t seem to apply to localhost. Maybe it’s some weird issue with Tails not allowing Syncthing to bind to localhost and allowing access to the unsafe browser to connect to localhost. I’ve messed around with IPtables, no luck there. I truly do not know what the issue is. If any of you do please let me know. Otherwise I will probably take to the Tails community and ask around there.

Hi,

It looks as though you are interested in creating a private Syncthing environment?

There is a company called tailscale that offers a free version of their peer to peer VPN software. It will let you create a private tcp/ip Network for each of your servers so they can communicate directly to each other without going over any public services including Tor.

Everything will be private, and it I think will be a lot less complicated and have far less overhead giving you much better overall transfer performance.

I have played with Tor a bit and it is not the best environment for stability of your Syncthing servers.

I have been using the free tailscale for about a year now and it’s very stable and free and it will give you access to any of your servers from anywhere on the internet.

I first learned about it when I installed my Trunas Scale NAS server, which also comes with Syncthing.

Check it out and see if it meets your needs.