Why is Syncthing establishing connections to foreign hosts?


I’m very interested in Syncthing, because I would like to control my own data as good as possible. So I gave it a try and installed it on some computers. Setup and configuration worked flawless. Congratulations!

Now I’m looking a bit behind, because I would ĺike to know how Syncthing is working. When I was examining the connections, I was a bit confused. This is a netstat example:

tcp 0 0 ESTABLISHED 1160/syncthing

tcp 0 0 XX.165.44.66:22000 ESTABLISHED 1160/syncthing

tcp6 0 0 fe80::fc65:1656:1:50020 fe80::82ee:73ff:f:22000 ESTABLISHED 1160/syncthing

XX.165.44.66 is ok; that’s on of my Syncthing clients. I expected connections to the global discovery server, public relays (http://relays.syncthing.net), or my own Syncthing hosts. But is none of that. Maybe it’s another Syncthing client… But why do Syncthing clients connect each other if they didn’t shared their ids?

Explanations welcome – I guess there should be a reason.

Sisyphos happens to be one of the relays currently online, you can see it in the list at http://relays.syncthing.net/ is a relay, as seen in the relay page. And you can google about the fe80 ipv6 range, I think it’s routed internally within the machine.

This is FAQ, even multiple times this week. We should write it up properly once and point to it forever after.

You guessed fined:

  1. You didn’t set the basic port forward in your gateway for direct connections, so your clients need relays to connect each other. I guess they aren’t on the same lan or their fw prevents local discovery to work.

  2. A relays may be up or down at a moment, and even change it’s IP address if the ISP won’t give the owner a static one.

According to Wikipedia everything starting with fe80 is something internally. If it would be used for communication within my network I would be a bit confused, because my network is IPv4. But as I didn’t removed any IPv6 from my machine, so I would expect such things. I’m fine with that explanation, but I would welcome a deeper description in the FAQ.

Yes. I think the target group of this application are people who like modern technology but who matter about the privacy of their data. A good description about any connections would help. Maybe kind of a table, like purpose of the connection and possible addresses.

Well, when I was running my netcasts was definitely not on the list. Of course I was refreshing the page several times. Maybe it takes some time, before relays which are only periodically on-line occur on the list?

Well, I don’t understand “basic port forward”. Do you mean, the hosts wouldn’t show up if would set up forwarding rules in my routers? Or wouldn’t the external hosts not show up, if all of my Syncthing clients would reside in the same – let’s say a ‘local’ – network?

If the devices cannot connect to each other directly because of firewalls or NAT you need to set up port forwards. Otherwise a relay will be used if one can be contacted.

As far as I understood, a connection to a relay is always established (as long as the feature is enabled, which it is by default), so that later clients who need it could use it.

Am I wrong here?

You’re not wrong, and neither is @kluppy (if by “used” you mean “used to transfer data”)