syncthing with two machines behind firewalls


I have a work machine (workMachine) behind a university firewall and a laptop (laptopMachine) which I frequently move around and is often behind a different firewall. I would like to syncthing between these two machines. I can ssh into a university gateway (gatewayMachine) from workMachine and laptopMachine. However, due to the strict nature of the university firewall I cannot ssh from gatewayMachine into workMachine, nor can I rely on being able to ssh into laptopMachine from gatewayMachine. In summary I can make ssh connections consistent only with the arrows here:

laptopMachine -> gatewayMachine <- workMachine

I have tried to setup an ssh tunnel to allow me to syncthing between the two machines as follows.

  1. On workMachine setup a reverse port forward, to forward connections to port 22001 on gatewayMachine to port 22000 on workMachine:

workMachine$ ssh -R 22001:localhost:22000 gatewayMachine

  1. On laptopMachine setup a local port forward, to forward connections to port 22002 on laptopMachine to port 22001 on gatewayMachine:

laptopMachine$ ssh -L 22002:localhost:22001 gatewayMachine

  1. On laptopMachine instruct the syncthing server to discover the workMachine syncthing “remote device” by adding tcp://localhost:22002 to the Addresses field in the Edit Device dialogue of the configuration web server.

This does not seem to be enough to establish a connection. I’d be very grateful for any help or pointers to what I am doing wrong. I can successfully connect to a VNC server running on workMachine from laptopMachine using a similar pair of port forwardings.


Check with netcat if you can actually read/write on the other side and verify that syncthing is running on the right port. Also check if you connect to those ports via openssl when syncthing is running.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Thanks for your suggestion.

I found the source of the problem.

I had set the “Sync Protocol Listen Addresses” field in the Settings menu on workMachine to the value “tcp://localhost:22000”. It seems this only allows connections made from workMachine directly. I found that if I changed the value to “tcp://:22000” I could make connections via the port forward.

1 Like