rolisz's site

Backing up 3: Syncthing

Main screen of Syncthing

The main screen of the Syncthing GUI

A while ago, I mentioned how I back up my valuable data to my NAS. In the mean time, I added one more thing to it: a UPS1 so even if the power goes out, it still says up and more im­por­tant­ly, it can shut down safely. This is important because if the power cuts out while hard drives are spinning, the head can damage the disk and you lose the data. The UPC can tell the NAS when it's on low power, so the NAS enters standby safely.

But I said that there is another component to backups, which is also very important: offsite backups, which are in a ge­o­graph­i­cal­ly separated location. It turns out it's harder to do then I expected, so it took quite some time for me to get this working and I'm still not 100% happy with it.

My offsite backup is at my parents place. I bought a 4TB external hard drive that they keep plugged into their desktop. At first, I wanted to try a solution such as borg, Duplicati or Duplicity. Then I ran into two problems: first, my parents run Windows, so running an SSH or rsync server is not as easy as on Linux (it's doable, but it's not as easy). And the second problem is that the computer is behind a router, so I can't access it directly. In theory, port forwarding on the router should solve this issue. A whole afternoon spent trying to figure this out in a reliable way disagrees with the theory. So for a while this project was shelved.

Then this year I stumbled upon another way: Syncthing. It's not exactly a backup tool, but rather a tool to syn­chro­nize files between multiple computers. However, it runs natively on Windows (and on my Synology NAS) and it performs NAT traversal by itself, so it just works ™️.

VeraCrypt

The main screen of the VeraCrypt

The downside is that it doesn't encrypt the data. While I trust my parents, I want the data to be encrypted at rest, to prevent issues in the case of a malware infection. So I chose to encrypt the hard drive with VeraCrypt. However, this means that I have to enter the decryption password every time I start the offline backups.

Adding folders in Syncthing

Adding folders in Syncthing

The UI for Syncthing is a website. On Windows, there is a wrapper ap­pli­ca­tion, but on my NAS I control it through the website.

The basic unit of shares in Syncthing are folders, which are syn­chro­nized between computers. When you add a new folder to share, the other computer must accept it, before any bytes are sent over.

Receiving folders in Syncthing

Accepting folders on the remote machine

Once a folder is added, Syncthing will then start sending data. If it's able to do NAT traversal, it will establish a direct connection between the two computers. Otherwise, it will use a relay to send the data. In my limited experience, it always managed to connect directly. Any changes made will then be syn­chro­nized. It's also possible to enable some versioning (but I didn't).

When you have lots of data to sync, it's possible to jump start the process by copying the files directly. In my case, I brought the hard drive home, copied the files over to it, and then once it was back at my parents, I set up syn­chro­niza­tion. This was a bit wonky, initially it complained about some files, but then it seemed to solve these issues.

This solution is better than nothing, but I will keep looking for a better one, one which doesn't require me to manually input a password when starting the backups. If you know anything that works better on Windows, leave a comment below.


  1. Un­in­ter­rupt­ible Power Supply (a battery basically)