After upgrading from v1.17.0 to v1.18.0-rc.1, my company’s IT department is now saying that syncthing needs to be uninstalled because they are detecting TOR traffic from it.
In both versions, the following connections settings were (and are still) used:
Sync Protocol Listen Addresses: default
[X] Enable NAT traversal
[X] Global Discovery
Global Discovery Servers: default
Outgoing Rate Limit: 0
[X] Local Discovery
[ ] Enable Relaying
Is there something else that must be done in order to prevent any TOR traffic from syncthing? I’d like to be assured that with the right setting it will never use TOR traffic.
It seems like the issue must be that the IPs being contacted by Syncthing are also being used for TOR nodes/relays. So, it’s kind of a ‘guilt by association’ problem.
I guess there isn’t an easy way to ensure that all connections go to “non-TOR” IPs? Or maybe to constrain all traffic to a limited set of networks?
It connects to all the configured devices, plus syncthing project servers, which do not also act as TOR nodes. If you disable relaying (or configure one manually, which is “clean”), you should be good. Better, though likely not practical solution: Tell your it department to drop that “security” policy or whitelist syncthing relays: https://relays.syncthing.net/
Can your department clarify which IP addresses are “offending”? As you said you already had relaying off previously, it’s currently unclear what the problem is, as there are no TOR related nodes hosted by syncthing.
Is there a way to have an “IP whitelist” for ST (or if not, for this to be considered as a new feature)? Something which will restrict any outgoing connections so that only the listed IPs can be contacted.
That may make sense when one has control over the firewall, but on a company machine where the firewall is locked down (and which is one of the few environments one might want to be able to restrict the connections), this feature would be important.
Using synchthing 1.21 on Ubuntu 22.04.
My firewall is alerting me that a process on ubuntu is contacting the following Tor Exit nodes 185.14.97.176, 51.75.64.23, 185.243.218.27 on port 22076