<h1>One-on-One Large File Sharing (Syncthing over VPN)</h1>
<imgsrc="0.png"style="width:250px">
<p></p>
</div>
</div><!-- /row -->
</div><!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<divid="anon3">
<divclass="container">
<divclass="row">
<divclass="col-lg-8 col-lg-offset-2">
<h2><b>Introduction</b></h2>
<p>
While many methods of sending files online exist - methods such as email attachments, FTP, <ahref=https://blog.nowhere.moe/opsec/onionshare/index.htmltarget=_blank>OnionShare</a> and even <ahref=https://blog.nowhere.moe/opsec/p2ptorrents/index.htmltarget=_blank>torrenting</a> - all of these methods have one thing in common. Once a file has been sent, no further changes to that file are tracked. For the use-case where you want to not only send a file or a group of files but also receive any updates to the file(s), that is where Syncthing comes in. Syncthing is a FOSS continous file synchronization program that enables users to securely share files across multiple devices in a decentralized manner. It uses peer-to-peer technology to ensure that data is end-to-end encrypted and transferred directly between enabled devices, eliminating any need for centralized cloud services. Syncthing can be completely self-hosted and is very versatile as sync locations can be a home server, VPS, mobile device or even a friend's computer! In this article, we will explore how Sam can set up Syncthing to privately share large files with Larry and track changes to those files, all while using a VPN to mask their internet activity.
</p>
</div>
</div><!-- /row -->
</div><!-- /container -->
</div><!-- /white -->
<divid="anon2">
<divclass="container">
<divclass="row">
<divclass="col-lg-8 col-lg-offset-2">
<h2><b>Setup</b></h2></br></br>
<p>
We start from the perspective of both Sam and Larry as both will complete these initial steps.
<br>
<imgsrc="sam.png"><imgsrc="larry.png">
</p>
<p>
Sam and Larry are both using Debian and are on separate internet connections geographically distant from one another. It is presumed that both Sam and Larry have already purchased a subscription to a <ahref=https://blog.nowhere.moe/opsec/vpn/index.htmltarget=_blank>VPN</a>. For this example we will use Proton VPN, but other <ahref=https://kycnot.me/?t=service&q=vpntarget=_blank>non-KYC VPNs</a> that accept Monero, such as Mullvad, may also be used. To start, they will sign in to their VPN client, ensure kill switch is enabled in the Settings, connect to their VPN and verify their IP address.
<imgsrc="1.png"class="imgRz">
</p>
<p>
Syncthing works by end-to-end encrypting files and sending them over the internet. To do this, Syncthing uses a <ahref=https://docs.syncthing.net/users/stdiscosrv.htmltarget=_blank>discovery server</a> to find peers and the Syncthing project maintains a global cluster of discovery servers for public use. If establishing a direct connection between devices is not possible, Syncthing will automatically use community-contributed publicly available <ahref=https://docs.syncthing.net/users/strelaysrv.htmltarget=_blank>relay servers</a> to route the file transfer instead. Because Syncthing is end-to-end encrypted, there is no need to trust these servers as they cannot read anything going through. With that being said, because Syncthing is fully open-source, it is possible to self-host both discovery and relay servers, but such configurations are beyond the scope of this article.
<br>
<br>
For self-hosting a working Syncthing instance, the official <ahref=https://github.com/syncthing/syncthing/blob/main/README-Docker.mdtarget=_blank>docker compose</a> instructions are as follows:
<pre>
<codeclass="nim">
---
version: "3"
services:
syncthing:
image: syncthing/syncthing
container_name: syncthing
hostname: my-syncthing
environment:
- PUID=1000
- PGID=1000
volumes:
- /wherever/st-sync:/var/syncthing
ports:
- 8384:8384 # Web UI
- 22000:22000/tcp # TCP file transfers
- 22000:22000/udp # QUIC file transfers
- 21027:21027/udp # Receive local discovery broadcasts
For this article, however, both Sam and Larry will install Syncthing on their computers from their package managers according to the <ahref=https://apt.syncthing.net/target=_blank>official instructions</a> rather than self-hosting an instance:
echo "deb [signed-by=/etc/apt/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list
# Update and install syncthing:
sudo apt-get update
sudo apt-get install syncthing
</code>
</pre>
</p>
<p>
Both Sam and Larry will create a systemd unit to automate the process of starting Syncthing. Sam and Larry will both replace <b>USER</b> with their respective usernames.
<pre>
<codeclass="nim">
# Download the recommended systemd unit from the official Syncthing repository
Syncthing is now running as a daemon, and will sync files in the background. Because of its continuous file synchronization, file transfers will restart automatically should any interruptions in VPN connection or power supply occur.
</p>
<p>
Sam and Larry will navigate to <b>localhost:8384</b> in their browsers to open the Syncthing web GUI. Sam and Larry are greeted with an option to allow anonymous reporting, which they can accept or deny.
<imgsrc="2.png"class="imgRz">
</p>
<p>
Sam and Larry may choose to password protect their Syncthing web GUI, but in this article we'll just click OK.
<imgsrc="3.png"class="imgRz">
</p>
<p>
We will switch to Larry's perspective.
<br>
<imgsrc="larry.png">
</p>
<p>
Larry clicks on Actions -> Show ID to get the ID of his device.
<imgsrc="4.png"class="imgRz">
</p>
<p>
Larry now starts a <ahref=https://blog.nowhere.moe/opsec/anonsimplex/index.htmltarget=_blank>SimpleX</a> chat with Sam using disappearing messages and sends his Syncthing Device ID.
<imgsrc="5.png"class="imgRz">
</p>
<p>
We will switch to Sam's perspective.
<br>
<imgsrc="sam.png">
</p>
<p>
Syncthing adds a Default Folder at <b>/home/sam/Sync</b> which will be used to share files. This can of course be changed if desired. Sam clicks to Add Remote Device and adds Larry's Device ID. Sam adds a Device Name as well.
<imgsrc="6.png"class="imgRz">
</p>
<p>
Sam has 10GB of "Linux ISOs" he wants to share with Larry. Sam will start by moving the desired files to <b>/home/sam/Sync</b>.
<pre>
<codeclass="nim">
sam@debian:~$ mv *.iso /home/sam/Sync && ls -lh /home/sam/Sync
total 11G
-rw-r--r-- 1 sam sam 2.9G Oct 27 12:56 linux-1.iso
-rw-r--r-- 1 sam sam 2.9G Oct 30 09:18 linux-2.iso
-rw-r--r-- 1 sam sam 2.9G Oct 30 09:18 linux-3.iso
-rw-r--r-- 1 sam sam 1.5G Oct 26 17:06 linux-4-broken.iso
</code>
</pre>
</p>
<p>
From there, Syncthing will automatically detect the files and scan them.
<imgsrc="7.png"class="imgRz">
</p>
<p>
Once scanning is complete, Sam is ready to share the files with Larry. On the Default Folder, Sam clicks Edit -> Sharing -> larry-computer and Save.
<imgsrc="8.png"class="imgRz">
</p>
<p>
We will switch to Larry's perspective.
<br>
<imgsrc="larry.png">
</p>
<p>
Larry receives a notification that Sam wants to connect and share something with him. Larry accepts the connection and shared Default Folder.
<imgsrc="9.png"class="imgRz">
</p>
<p>
Notice how the IP address that is shown to Larry is that of a Syncthing relay server like mentioned previously. If a direct connection had been established, Sam's VPN IP address would have been shown instead.
<imgsrc="10.png"class="imgRz">
</p>
<p>
The file transfer starts.
<br>
<imgsrc="11.png"class="imgRz">
</p>
<p>
Once finished, Larry has a complete copy of all of the files in <b>/home/larry/Sync</b>. Larry notices that Sam sent a Linux ISO that is broken. Larry fixes this broken Linux ISO and also adds a Linux ISO of his own to the shared folder.
<br>
<imgsrc="12.png"class="imgRz">
</p>
<p>
Back to Sam's perspective.
<br>
<imgsrc="sam.png">
</p>
<p>
Because the file transfer is bi-directional by default, the changes that Larry made are synced back to Sam!
<pre>
<codeclass="nim">
sam@debian:~$ ls -lh /home/sam/Sync
total 12G
-rw-r--r-- 1 sam sam 1.5G Oct 30 10:47 larry-favorite.iso
-rw-r--r-- 1 sam sam 2.9G Oct 27 12:56 linux-1.iso
-rw-r--r-- 1 sam sam 2.9G Oct 30 09:18 linux-2.iso
-rw-r--r-- 1 sam sam 2.9G Oct 30 09:18 linux-3.iso
-rw-r--r-- 1 sam sam 1.5G Oct 26 17:06 linux-4-fixed.iso
</code>
</pre>
</p>
</div>
</div><!-- /row -->
</div><!-- /container -->
</div><!-- /white -->
<!-- +++++ Second Post +++++ -->
<divid="anon1">
<divclass="container">
<divclass="row">
<divclass="col-lg-8 col-lg-offset-2">
<h2><b>Conclusion</b></h2></br></br>
<p>
Sam was able to privately share 10GB of files and automatically receive changes to those files all while keeping his internet activity hidden. Notice how Larry was able to overwrite a file that Sam originally shared. There may be cases where this is undesirable and this option can be changed under Default Folder -> Edit -> Advanced and selecting either Send Only or Receive Only.
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <ahref="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><imgsrc="\CC0.png">
