syncthing with two machines behind firewalls



I have a work machine (workMachine) behind a university firewall and a laptop (laptopMachine) which I frequently move around and is often behind a different firewall. I would like to syncthing between these two machines. I can ssh into a university gateway (gatewayMachine) from workMachine and laptopMachine. However, due to the strict nature of the university firewall I cannot ssh from gatewayMachine into workMachine, nor can I rely on being able to ssh into laptopMachine from gatewayMachine. In summary I can make ssh connections consistent only with the arrows here:

laptopMachine -> gatewayMachine <- workMachine

I have tried to setup an ssh tunnel to allow me to syncthing between the two machines as follows.

  1. On workMachine setup a reverse port forward, to forward connections to port 22001 on gatewayMachine to port 22000 on workMachine:

workMachine$ ssh -R 22001:localhost:22000 gatewayMachine

  1. On laptopMachine setup a local port forward, to forward connections to port 22002 on laptopMachine to port 22001 on gatewayMachine:

laptopMachine$ ssh -L 22002:localhost:22001 gatewayMachine

  1. On laptopMachine instruct the syncthing server to discover the workMachine syncthing “remote device” by adding tcp://localhost:22002 to the Addresses field in the Edit Device dialogue of the configuration web server.

This does not seem to be enough to establish a connection. I’d be very grateful for any help or pointers to what I am doing wrong. I can successfully connect to a VNC server running on workMachine from laptopMachine using a similar pair of port forwardings.


(Audrius Butkevicius) #2

Check with netcat if you can actually read/write on the other side and verify that syncthing is running on the right port. Also check if you connect to those ports via openssl when syncthing is running.

(system) #3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

(Audrius Butkevicius) #4


Thanks for your suggestion.

I found the source of the problem.

I had set the “Sync Protocol Listen Addresses” field in the Settings menu on workMachine to the value “tcp://localhost:22000”. It seems this only allows connections made from workMachine directly. I found that if I changed the value to “tcp://:22000” I could make connections via the port forward.