leepfrog

Make relay and tracker available via HTTPS

Recommended Posts

Hey guys,

thanks for your great work. This thread is related to the following: http://forum.bittorrent.com/topic/16706-corporate-proxy/

Apart from adding proxy support it is also viable that tracker and relay servers are available via HTTPS ports (and also via proxy).

Consider the following scenario:

You want to keep in sync stuff at home and at work. At work the firewall will only allow outgoing traffic on certain ports (3000 [which is used by tracker and relay]) is not one of them.

Even if I configure my systems at home to use listening ports that are open I am NOT able to use tracker and/or relay but I am limited to direct connections.

So it would make sense to let the sync client talk to at least the relay via HTTPS (which could be tunneled and proxies) so it can discover direct connections without manually entering them.

Share this post


Link to post
Share on other sites

I know this is an old thread, however I've searched the forums and was not able to find an answer..

caveat: I am not a networking person do don't really understand who the synching works despite reading https://help.resilio.com/hc/en-us/articles/204754759-What-ports-and-protocols-are-used-by-Sync-   multiple times.

 

I am also behind a corporate firewall for enterprise organisation.

1. I can sync via my mobile internet to my home network okay

2. From the corporate office, it says 'no trackers available'
- been using  Dropbox okay for many years and read in this forum/ another post dropbox uses HTTP so its fine..
- the Help article above, seems to state that Resilio is already using HTTP so it should work? So what in the sync.conf file should I be updating?

a) corporate network - gives no trackers (how would I go about inputting any configuration for HTTPS for this?) - or am I completely wrong about this?
b) corporate network - it would be almost impossible for the corporate office to add a new custom rule for myself - especially using an 'unauthorised' software which potentially save 'corporate' documents into my 'personal' cloud drive.. so not too sure what I can do here - if any?

I'm not too sure how to go about troubleshooting this step by step, so any instructions for a lay person would be most welcomed.

Share this post


Link to post
Share on other sites

@threebythree There's no point in HTTPS for tracker and relay. The data there bears no private info. You can attempt to use known hosts to penetrate your corporate NAT / firewall, though your another peer likely will need explicit port forwarding. 

Share this post


Link to post
Share on other sites

Thanks @RomanZ - so to dumb this down..

1. If the corporate firewall does not allow UDP transfer (not via HTTP/ HTTPS) - then I am out of luck what so ever.

2. If it happens by chance that they do support UDP through some ports - THEN - My home network - I'd need do port forwarding on my router to my peers (or NAS in this instance)

2. AND From my corporate office MBP - I'd need to update the 'conf' - to add in that peer which was NAT-ed?

Share this post


Link to post
Share on other sites

1. No. If corporate firewall blocks UDP, Sync still has chances to connect over TCP. But in TCP case you'll 100% need to manually port forward at home.

2. Same here. If tracker server is not available from your office location, you'll need to explicitly forward ports for UDP at home.

3. It depends on how you use Sync. If you use Sync's UI, you can simply specify your home public address and port forwarded in folder properties (see Known Hosts). If you specify all your folders via configuration file - then you'll need to put predefined hosts in config file, too.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now