No, the device ID is based on the instance’s local TLS certificate. Which serves for both encryption and cryptographically assuring the device identity, so no other device can impersonate it and receive data not actually shared to them.
What the discovery server does is simply returning a list of known addresses for a provided device ID. The requesting devices know the ID because they are configured to connect to it and share some folders. When a device publishes its addresses on global discovery, it proves its identity using the same certificate and private key, to fend off DoS attacks by some stranger publishing wrong addresses to discovery.
Ok, i understand it better now, have opened those links in tabs and will read through it but I really needed all those explanations. The documentation is very good the only thing I wish it had some examples under most complicated sections kinda small drawing that shows the devices as well as screen shots of the configurations and we would get this “a-ha” feeling much faster also some different scenarios with and without relay etc… otherwise the doc looks very good in general it covers everything but as mentioned some examples would make doc explanation easier to understand.
Thank you once again so much for your patience and time for explaining all this in depth! it is really appreciated! If I can buy a beer let me know
Yes it could be improved in many places. Written by developers and not always oriented toward inexperienced users. But then again, writing good docs is really hard and time consuming. So maybe better spend that time here on the forum answering actual questions where you don’t need to guess what others could be wanting to know.
Thanks for the offer. You’re welcome, I’m happy to help.
oh just one last thing I forgot to verify yesterday but I had it in my mind, I know I had something to ask but I forgot it and I came. across it just now.
What would be the best term to describe the difference between Relay and Discovery servers in general ? because both of those does the “similar” job if I am not mistaken ? Both can be used over the internet as well as locally only…
Discovery servers help in, well, discovering where a device can be reached.
Relay servers, well, relay the data between devices that are unable to make a direct connection. You need a working discovery server (or configure the address directly) so Syncthing knows which relay a certain remote device can be contacted through.
Another difference is the quantity: There is a large pool of relay servers (with a relaypoolsrv for load balancing) run by volunteers donating their bandwidth. While only a handful of discovery servers are centrally operated by the Syncthing maintainers and configured by default.
ok got that, thanks a lot again! it really helped!
As mentioned earlier the easiest way is to leave all at the default settings but you are not learning that way that is one of the reasons among several reasons why I am experimenting with different combinations as well.
just tried all the combinations I got it all working apart from this message when I try to use own discovery server in the Global Discovery Servers instead of default, again I will probably use default in the future but just curious to get it working.
Discovery server is now started and firewall is opened and I see in the logs that one of my remote PC is trying to connect to it from its WAN ip address and I see this message (related to certificate)
Well obviously your TLS certificate needs to be valid, but isn’t. You could try with Let’s Encrypt. Not sure how I solved that part actually, it’s been some time.
