Like janc1 I am using syncthing in a local environment. Thus only “Local Discovery” is activated, but I see the same entries of KCP being started on :22020 and it’s outbound connection to a stun.* domain. The domain changes, it always starts with “stun.” After that the connection is handed over from KCP to TCP.
Allow me to ask, from under my tinfoil hat, how can I persuade Syncthing to * not * start KCP? I would like Syncthing to stay private (in the sense of not announcing its presence to anybody outside this local network). At least until I choose to activate options like NAT traversal, global discovery or relaying. Maybe this could be made as an option in a future version?
I’d be ready to edit the config file or set an option in the advanced config, if that was possible? Any solution?
Small update: Blocking the ports stun 3478 and ndmp 10000 hands over the connection from KCP to TCP, then the connection fails. Syncthing then picks it up again. Looks roughly like this:
INFO: Established secure connection to YYYY at [::]:22020-192.168.254.21:22020 (kcp-client)
INFO: Established secure connection to YYYY at 192.168.254.34:49529-192.168.254.21:22000 (tcp-client)
INFO: Replacing old connection [::]:22020-192.168.254.21:22020/kcp-client with 192.168.254.34:49529-192.168.254.21:22000/tcp-client for YYYY
INFO: Connection to YYYY closed: reading length: broken pipe
INFO: Connected to already connected device (YYYY)
My distant win10 x64 machine is back again with nonconnecting at all.
rebooted the syncthing and logs stop there with stun detected the kcp stuff externally
thats all it is
it never connects home to its single neighbor peer the linux machine
what the heck is wrong here? :(( syncthing is nonusable for this setup here. where can i mail in sensitive log data i dont wana post the filenames and sharenames here that hint to private and sensitive data.
is there a direct email contact for this? the main developers? thanks for helping. 0.14.40 is really dead for me, it very seldomly conncects
last contact back home to the linux machine of this win10 x64 machine was on november 10th
0.14.40 doesn’t work for me either. 0.14.39 is fine. Wouldn’t it be relatively easy to diff the code between the versions and track down the reason for this?
We know what code has changed, that’s not the problem.
We don’t know why it doesn’t work for some users.
We need to gather as many logs as possible, from both sides of devices to understand what’s happening. Reverting to an older version and not helping us debug will not make the issue go away in future releases.
The project maintainer or original author replied to me as private message that he wouldnt take my log files, as I wont post all my share names and internal messages onto this public board. So i am out i definitely wont post this kind of sentitive information into the public.
I can share this from the linux machine, this is what the screen window shows for the last few days as only logmessages:
[3PKT3] 04:48:46 INFO: kcp://0.0.0.0:22020 resolved external address kcp://84.189.33.5:22020 (via stun.counterpath.net:3478)
[3PKT3] 05:14:50 INFO: Removing NAT port mapping: external TCP address 87.176.82.175:51852, NAT 75802409-bccb-40e7-8e6c-3810D51EDC03 is no longer available.
[3PKT3] 05:14:50 INFO: New NAT port mapping: external TCP address 84.189.33.5:51852 to local address 0.0.0.0:22000.
[3PKT3] 05:14:50 INFO: Removing NAT port mapping: external TCP address 87.176.82.175:13762, NAT 75802409-bccb-40e7-9f6c-3810D51EDC03 is no longer available.
[3PKT3] 05:14:50 INFO: New NAT port mapping: external TCP address 84.189.33.5:13762 to local address 0.0.0.0:22000.
[3PKT3] 13:31:25 INFO: Sent usage report (version 3)
[3PKT3] 04:47:43 INFO: kcp://0.0.0.0:22020 resolved external address kcp://87.176.85.36:22020 (via stun.counterpath.net:3478)
[3PKT3] 04:52:40 INFO: Removing NAT port mapping: external TCP address 84.189.33.5:51852, NAT 75802409-bccb-40e7-8e6c-3810D51EDC03 is no longer available.
[3PKT3] 04:52:40 INFO: New NAT port mapping: external TCP address 87.176.85.36:51852 to local address 0.0.0.0:22000.
[3PKT3] 04:52:40 INFO: Removing NAT port mapping: external TCP address 84.189.33.5:13762, NAT 75802409-bccb-40e7-9f6c-3810D51EDC03 is no longer available.
[3PKT3] 04:52:40 INFO: New NAT port mapping: external TCP address 87.176.85.36:13762 to local address 0.0.0.0:22000.
[3PKT3] 13:31:27 INFO: Sent usage report (version 3)
[3PKT3] 04:46:36 INFO: kcp://0.0.0.0:22020 resolved external address kcp://84.189.33.31:22020 (via stun.counterpath.net:3478)
[3PKT3] 05:00:40 INFO: Removing NAT port mapping: external TCP address 87.176.85.36:13762, NAT 75802409-bccb-40e7-9f6c-3810D51EDC03 is no longer available.
[3PKT3] 05:00:40 INFO: New NAT port mapping: external TCP address 84.189.33.31:13762 to local address 0.0.0.0:22000.
[3PKT3] 05:00:40 INFO: Removing NAT port mapping: external TCP address 87.176.85.36:51852, NAT 75802409-bccb-40e7-8e6c-3810D51EDC03 is no longer available.
[3PKT3] 05:00:40 INFO: New NAT port mapping: external TCP address 84.189.33.31:51852 to local address 0.0.0.0:22000.
[3PKT3] 08:57:58 INFO: kcp://0.0.0.0:22020 detected NAT type: Restricted NAT
[3PKT3] 09:01:30 INFO: kcp://0.0.0.0:22020 detected NAT type: Full cone NAT
[3PKT3] 13:31:28 INFO: Sent usage report (version 3)
the windows machine shows after a little few minutes after a restart:
The windows machine gotton restarted this afternoon or so. Nothing happened. The linux machine restarted the screen right now, and these two nodes of the pack (others are involved too but all last connected on the 10th of november 2017) are connecting right now after the linux machine has restarted (syncthing process) as well
there is something wrong with the connection loop speaking in a laymans way.
These two machines I can grab hold of, are connecting right now after both sides have restarted. How is this gonna help now? Wouldnt we need “logs” from when no connection is possible?
Normal logs from right after the restart of the linux syncthing process at the end of the log it writes:
[3PKT3] 22:32:27 INFO: Established secure connection to IOEPMYD-LL5ZH6Z-ORZL7KH-FJ4Q7KB-B2N7WTK-FELNT7A-Y5JQI3F-6HXIRAB at [::]:22020-88.130.49.164:38094 (kcp-server) (TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)
[3PKT3] 22:32:27 INFO: Device IOEPMYD-LL5ZH6Z-ORZL7KH-FJ4Q7KB-B2N7WTK-FELNT7A-Y5JQI3F-6HXIRAB client is "syncthing v0.14.40" named "SMULAP01"
[3PKT3] 22:32:36 INFO: New NAT port mapping: external TCP address 84.189.33.31:13762 to local address 0.0.0.0:22000.
[3PKT3] 22:32:36 INFO: New NAT port mapping: external TCP address 84.189.33.31:51852 to local address 0.0.0.0:22000.
[3PKT3] 22:32:36 INFO: Detected 3 NAT devices
[3PKT3] 22:32:38 INFO: Joined relay relay://37.120.167.213:22067
2017-11-13 22:32:56
$ [3PKT3] 22:33:01 INFO: Established secure connection to IOEPMYD-LL5ZH6Z-ORZL7KH-FJ4Q7KB-B2N7WTK-FELNT7A-Y5JQI3F-6HXIRAB at 192.168.188.38:22000-88.130.49.164:38117 (tcp-server) (TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)
[3PKT3] 22:33:01 INFO: Replacing old connection [::]:22020-88.130.49.164:38094/kcp-server with 192.168.188.38:22000-88.130.49.164:38117/tcp-server for IOEPMYD-LL5ZH6Z-ORZL7KH-FJ4Q7KB-B2N7WTK-FELNT7A-Y5JQI3F-6HXIRAB
[3PKT3] 22:33:01 INFO: Connection to IOEPMYD-LL5ZH6Z-ORZL7KH-FJ4Q7KB-B2N7WTK-FELNT7A-Y5JQI3F-6HXIRAB closed: reading length: broken pipe
[3PKT3] 22:33:01 INFO: Device IOEPMYD-LL5ZH6Z-ORZL7KH-FJ4Q7KB-B2N7WTK-FELNT7A-Y5JQI3F-6HXIRAB client is "syncthing v0.14.40" named "SMULAP01"
smulap01 is the win10 x64 machine that i can admin right now remotely.
I’ve noticed that Syncthing v0.14.40 works on my 64bit windows machine, but not my 32bit one. The 64bit machine connects to my android device and syncs fine, the 32bit machine doesn’t connect to anything. Restarting Syncthing on the 32bit machine causes it to hang, but I can exit Syncthing by closing it’s window.
Looks like it’s only seeing “global” addresses (public v4, v6) where the v4 times out and the v6 is denied (maybe box doesn’t have working v6?). If they are on the same LAN I’d start by troubleshooting why local discovery doesn’t work. Firewalls dropping the packets? Local discovery disabled? Wireless AP blocking broadcasts? If they are not on the same lan, the timeout on v4 and permission denied on v6 are the root cause.
They are not on the same lan. Thats when I speak about “external” nodes and so on. Two separate lans, and I cant control if they have fully working ipv6 global addresses or not.
I have now manually set from default listening entry to tcp4://… for the linux machine and restarated both linux and win10 syncthing
now they connect again. before they would not connect not even after both processes on both ends had been restarted
i strongly suspect that those discovery servers and the bulk data that is being transfered, registered or looked up on or with the help of discovery servers is severly affected by the addition or prefering of this new kcp method or similar to this.
i am only rather a layman and didnt look at your source code but this is what i suspect after looking at all this trouble.
machines dont have trouble when being on the same lan, i have several other machines every now and then every few days that are showing up physically in the lan of the linux machine (main headquarter place so to speak).
some machines are external most of the times, like this win 10 machine for example.
some other win10 machine (surface, lap…) or some mac are sometimes present in the lan and sometimes external.
thats all i can say. the connection logic is flawed with this current release.
the Debian is the “server”. I first changed the “default” to
"tcp://0.0.0.0:22000" i own a public IP, but with this setup, there is no connection possible. (firewall port forwarding was tested)
I did now setup a RelayServer, and changed the to the default value on all machines. But did configure my own relay on the windows und android.
Now it works fine.
So after reading the thread, it looks like there is Problem with the , the tcp:// is obivous not enough to get a connection working.
if some tells me how to get some good logs/debug level i will provide them.
