I already have my keepassxc and syncthing setup on my phone and computers and it’s great, I’d like to go a step further and have my password database sync when I’m not on my home network. From my understanding I can use relays set up by other users and they are encrypted, but if I do not trust syncing personal (encrypted) data to someone else’s server how easy is it to set up a relay that only I use? I won’t be using Bitwarden because in theory if I can pull this off I can also use syncthing to sync other files as well. Is setting up a personal relay a lot of work or a potential security risk for my home network?
Is setting up a personal relay a lot of work or a potential security risk for my home network?
Where are you planning to host the relay?
Either way, here’s how to setup a relay and here how to configure clients to use your relay.
At my house, I’m already using a dynamic dns for some game servers because of a dynamic ip.
If you can create a port forward in your router and run stuff at your house what’s the point of a relay then? Just expose the ports that Syncthing uses and configure your client to connect to it using your dynamic DNS. No public or private relays are required.
- Port forward the following in your router to the local Syncthing host, any client will be able to connect to it directly:
- Port 22000/TCP: TCP based sync protocol traffic
- Port 22000/UDP: QUIC based sync protocol traffic
- Go into the client and edit the home device. Set it to connect using the dynamic DNS directly:
For extra security you may change the Syncthing port, or run the entire thing over a Wireguard VPN like I also do.
Note that even without the VPN all traffic is TLS protected.
So you do not trust the syncthing encryption when it goes through someones server but when it goes through someones (your ISP and the ISP of the end device) router/server?
I am not really understanding the thread model here.