I’m trying to setup a new node (all nodes on v1.22.1) and I get “unexpected device id, expected {ITGKY…} got {XYZ}” using no discovery and direct tcp4://{IP}:{not the web ui port} from another node (as the initiator).
On the new node, receiver, I see the following in the logs:
I know it’s hitting the correct device because I see the errors in its logs. And if I shut it down, or put in a different IP or Port, the error changes to, “io timeout”
That indicates it’s not speaking to what it should be speaking to. If you see that at the same time as an error on the other side (you’re not posting the logs that show any device ID errors), then I guess you may have a MITMing proxy of some kind.
I do have a FortiGate firewall and with outbound SSL inspection which could be mangling the data, but oddly, it’s not interfering with an identical setup to a VM hosted at Azure.
That fixed it! Disabled traffic inspection in firewall via policy, clicked “resume” in Syncthing (initiator node) and the existing node almost immediately appeared on the new node with a “New Device” prompt…
I’m wondering how Azure might be working. Does the Syncthing protocol even support data movement without TLS? If so, how can I confirm if data is encryted (in transit)?