GoodSync Connect Manual

GoodSync Connect allows users to connect two computers directly,
in a peer-to-peer fashion, without using intermediate servers to store files.

This increases speed of file transfer and enhances privacy of your files
by not storing them on 3rd party servers.

Printable Manual is available in PDF

Introduction and Tutorial

Example:
you have two computers named dell-laptop and hp-office and
you want to synchronize folder My Documents on both computers.

This is how you can set up synchronization between these two computers.

We assume that you installed GoodSync on both computers.

GoodSync Account

Both Computers must be enrolled into the same GoodSync Account, for them to sync with each other.

Create GoodSync Account (if you do not have it) ONLINE
or in GoodSync itself: Tools -> GoodSync Account Setup

When you install GoodSync Ver 12, your Device (Computer) is enrolled into GoodSync Account.
It is done at install time, or you can do it later using Tools -> GoodSync Account Setup.

Computer names that you enter in GoodSync Account Setup must be recognizable to you.
So we enter dell-laptop on one computer and hp-work on another computer.

Serving Files

Serving Files option on Second screen of GoodSync Account Setup must be checked on both computers.

Not checking Serving Files from the computer makes sense
only if you do not want other devices to have access to files of this computer.

This setup page also shows which OS (Windows/Mac) user will own the files created by GoodSync server.

Impersonation

We strongly recommend to specify Windows/Mac User Account ID and password.
Then the GoodSync Server will impersonate this Windows/Mac user,
allowing Gs-Server to access SMB shares and OS-encrypted folders,
that requires OS user authentication.

GoodSync Explorer

Use GoodSync Explorer to make sure that you established a connection and can browse files.

* Start GoodSync Explore from icon on desktop on Windows, or from Applications on Mac.
* Go to GoodSync Connect file system,
* Drill down to GoodSync Connect Account which is shown as your Email on this Account.
* GoodSync Explorer shows all computers registered in your Account, that have Serving Files checked.
* You can browse all files on these computers, in all folders.
* You can also perform common file operations such as upload, download, rename, and delete.

GoodSync Jobs and Client-Server

Use GoodSync proper to set up a Sync Job between two computers.

First we decide who is Client and who is Server in this game.

Client -- this is Device (Computer) where the Job runs.
It must be alive and online only to run this Job.
Laptops and Phones are usually clients, as they cannot stay online for long.
In our example dell-laptop will be Client.

Server -- this is Device (Computer) that serves files to a Client.
It does not run any Jobs itself, it just answers file requests from Client.
Server must be alive and online most of the time when Client may want to connect.
Desktops and NASes are usually Servers, as they can run continuously for long time.
Sleep should usually be disabled on Servers, if you want it to be always available.
In our example hp-work will be Server.

* On Computer named dell-laptop in GoodSync app create a Job.
* Left folder of the Job will be local folder '~John Smith\Documents'.
* Right folder of the Job: go to 'GoodSync Connect' -> 'dell-kitchen' -> User folder -> Documents folder.
* Click 'Apply' to confirm the folder selection.
* Click the 'Analyze' button to see the differences between the folders.
* Click the 'Sync' button to confirm the sync actions proposed by GoodSync.

GSTP Protocol

GoodSync uses GSTP file transfer protocol between its Client and Server.

GSTP stands for GoodSync Transfer Protocol.
GSTP URLs have gstp:// or gstps:// prefix.

gstps:// is a version of GSTP encrypted by TLS (implemented by OpenSSL).
gstp:// is a plain-text version of protocol, which now is not used, due to security considerations.

Mediated and Direct Addressing

To address a GoodSync Server you can use:

• Mediated addressing.
  Requires GoodSync Account.
  Uses Mediator and Forwarder to arrange connection from Client to Server.
  Used when Server does not have a static IP address, connects via NAT, WiFi, has security software.
  URL is gstps://computer.userid.goodsync/folder1/folder2
  This is preferred way, most common.
• Direct IP addressing.
  Does not require GoodSync Account.
  Server must have static IP name or address.
  Client to Server connection must be arranged by you, it is always direct.
  URL is gstps://my-gs-server.my-company.com/folder1/folder2 or gstps://11.22.33.44/folder1
  Allowed only in business versions.

One Time Password and Device IDs

Each Device (Computer) that contacts Mediator must produce DeviceID, so that each Device may be enrolled into Approved Devices and its activity may be logged and presented to the user.

To approve a New Device that GoodSync Mediator has not seen before,
you now have a new option of sending One Time Password via Email or via Phone SMS.

To set One Time Password (OTP) option, you must login into GoodSync Account here.
Once logged in, you will be able able to see a list of your active computers.
You will also be able to change authentication scheme to OTP.

We recommend to use OTP via SMS option, as the most secure.
Note that SMS charges may apply, charged by your wireless operator for receiving SMS.

Web User Interface: Configure GoodSync Server

GoodSync Server may be configured via its Web User Interface,
which is a web server that GoodSync Server runs on your computer, at http://localhost:11000

It is used primarily on computers where there is no GoodSync GUI: NAS and Linux.
Or on computers that are primarily GSTP File Servers (MidServer and FileServer licenses).

Use GoodSync Account user credentials (UserID and password) to login.

No outside or local net connections are allowed for security reasons,
you can connect only from the same computer where gs-server is.

What you can do in the Web UI:
* Add, Modify, and Delete secondary users (business versions only).
* Change the server options (for advanced users only).
* Turn server components on and off.  

Users: Primary (Admin) and Secondary (Limited)

This applies only to business server licenses: MidServer and FileServer.

When you setup GoodSync Account on this server,
the Account that you setup becomes Primary (Admin) user on your GoodSync Server.

Only the Windows Administrator or Mac SuperUser can install GoodSync Server and create or change the UserID and Password for the main user, for security purposes.

The Primary (Admin) user may create Secondary (Limited) users by using Web User Interface of GS Server.

Secondary (Limited) user typically is limited to accessing only one folder and its subfolders,
which is called the Home Folder of this user.
Any attempt to go above the Home Folder will be rejected by the GS server.
URL of file in Home Folder of Secondary user looks like:
gstp://server.user.goodsync/folder1/folder2
where /folder1/folder2 is path inside User Home folder.

Connectivity: Direct or via Forwarder

Ports Used

GoodSync Server uses these TCP/IP and UDP ports:
- TCP and UDP port 33333: GoodSync client calls GoodSync server on this port to download/upload files.
- TCP port 11000: Browser calls GoodSync server on this local-only port to display GS Server Web UI.
- TCP port 33334: GoodSync server accepts Manage API commands on this port, local only.

Direct Server Access and Forwarder (P2P)

If a GoodSync client can connect to GoodSync server directly (by TCP/IP)
then you will get the maximum possible speed of transfer.

However this may be not possible for a personal computer
that gets to Internet from behind NAT, a firewall and security software.

So when the GoodSync Client cannot connect to a GoodSync Server directly, they try to arrange a meeting via a go-between server that we call Forwarder. The Forwarder should be accessible from both Client and Server. The Forwarder is appointed dynamically by Mediator, based on the visibility of client and server.

This is an automatic process; the user does not have to intervene.  

Automatic: Allow UPNP to open ports

GoodSync Server will use the UPNP service of your router or DSL/cable modem to create a tunnel from the external port of the router to internal TCP port 33333 of computer where gs-server runs.

Which means that it is best to keep UPNP turned ON on your router and then tunnels in router for Gs-Server will be created automatically.

Manual: Assign External Port to GoodSync Server

If GoodSync cannot drill a hole in your router
then you should manually create Forwarding Rule in your Router AND
tell Gs-Server what external port you put it on, using gs-server Web UI.

Example: Gs-Server is on local endpoint 192.168.1.7:33333.
You want to Forward external port 33007 to local endpoint of Gs-Server.

(1) Login to Router Web UI, usually located at http://192.168.1.1
(2) Create Forwarding rule on router: Ext Port 33007 -> 192.168.1.7:33333
(3) Login to Gs-Server Web UI at http://192.168.1.7:11000
(4) Go to Settings, select 'External Port: Manually map external port to Internal port and enter 33007.

Achieving Direct Connection

When GoodSync client cannot connect to the GoodSync server directly,
it does so via Forwarder, which is our own server that forwards TCP/IP connection.

Transfer speed will decrease if forwarder is used.
You can get better speed and latency if you achieve direct connection from GoodSync Client to Server.

Usually the GS Server is blocked by your Internet router, modem, or firewall:
- GoodSync Server tries to make a tunnel for its port 33333 in your router/modem using UPNP.
- These attempts are not always successful, as your router may not support UPNP.
- If GoodSync cannot make a hole, instruct your router / DSL modem / cable modem
to forward an external port of your router to port 33333 of the computer where GS Server runs.
- If you have more than one computer with GS server, use a different external port for each computer.
- Notify each GS server what is its external port, the one that you assigned, see above.
- GoodSync will report this external port to the Mediator.
- GoodSync client will contact your GoodSync server on this external port.

Another point of connection loss may be your ISP:
- Your router / modem does not have a real IP address, as it is connected via NAT.
This is called Double NAT and it cannot be fixed, the forwarder will have to be used.
- Your ISP blocks the port that the GS server has selected.
To fix it, use a non-blocked external port and manually forward it to the GS server.

On both on the client and server side your security software may be blocking GoodSync.
- GoodSync creates exceptions in Windows Firewall on both the client and server end.
- If such blocking still occurs, create an exception for GoodSync in your security software.

Real Time Remote Sync

GoodSync can perform real-time file monitoring and syncing via GSTP, even if one of the computers is the remote GS server. Read this for for details.

Server settings file

File settings.tix (stored in C:/ProgramData/GoodSync/server or in equivalent folder on other OSes) contains settings of Gs-Server.

Most of them are set automatically and regular users should never change them.

Only advanced users who have deep understanding of TCP/IP and sockets should change these options.

LogFolder = "C:/ProgramData/GoodSync/server"
Folder to which server log files are written.

LogPrefix = "gserver"
Prefix used in names of log files. Format of log file name is Prefix-YYMMDD.log

LogLevel = 3
Level of log details, goes from 1 to 5.

LogLevel = 0
Level of log details that goes to UNIX console, from 1 to 5. Level 0 means no logging to console. Applies only to Linux.

RetainLogDays = 7
Logs that are older than these many days, are deleted, once per day.

CheckNewVersion = Yes/No

InstallNewVersion = Yes/No
If both settings are yes then gs-server installs new GoodSync version when it becomes available. Applies only to Windows and MacOS.

MaxConnections = 512
Max number of simultaneous TCP/IP connections this server would accept.

ReportFreeSpaceBelowPct = 10
Report low disk space by Email to SMTP server, if free disk space on server falls below this many percent.

PreventSleep = No
If Yes then gs-server does not let this computer to go to Sleep, so that it can always accept connections. Applies only to Windows and MacOS.

RequestAuthentication = Yes
Request Authentication (Basic or Digest) on all transactions, user credentials are stored in users.tix file.

OfferBasic = No
Offer Basic Authentication. Keep it set to No, as Basic Auth is not secure enough.

OfferDigest = Yes
Offer Digest Authentication. Keep it set to Yes, as Digest Auth is what we use most of the time.

SSL-Allow = Yes
Allow client to go to TLS/SSL encrypted mode. Keep it always Yes, as plain-text communication is insecure.

SSLCertificatePath = "C:/ProgramData/GoodSync/server/gs-server.crt"
Path of file that contains this Server TLS/SSL certificate public key.

SSLPrivateKeyPath = "C:/ProgramData/GoodSync/server/gs-server.key"
Path of file that contains this Server TLS/SSL certificate private key.

SSLCertChainPath = "C:/ProgramData/GoodSync/server/gs-server.key"
Path of file that contains this Server TLS/SSL chain of certificate from Cert Root authority to our certificate.

SSL-AllowedCiphers = ""
List of allowed TLS/SSL ciphers, empty means all are allowed. Modern ciphers list would be smth like "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA:AES128-SHA"

GstpFileServer = Yes
Run GSTP file server. Usually must be Yes.

DirectOnly = No
Accept only direct TCP/IP connections, and not connections delivered via Forwarder. Makes sense when using only Direct IP addressing of this Server in GSTP client.

GstpUdpPort = 1333
UDP Port on which this Gs-Server receives commands from Mediator to Pickup connection, when this Server is not connectable directly.

GstpFilePort = 33333
TCP Port on which this Gs-Server listens for File Server connections.

GstpFileDynamicPort = No
If GstpFilePort is taken already then select random port to listen on for file server connections, and deposit this port back into settings.tix.

GstpFilePort_2 = 0
Another port on which File Server listens for connections, if not 0.

ListenOnlyIpAddr = ""
Listen only on specified IP address. If empty, listen on all available IP addresses.

GstpFileLocalOnly = No
Yes: allow File Server connections only from localhost (127.0.0.1) IP address.

GlobalDiscovery = Yes
Yes: Register with Mediator, so that connections to this File Server can be arranged via Forwarder. No: Do not register with Mediator, allow only direct connections.

GstpMapExtPortViaUpnp = Yes
Yes: Use UPNP to map external ports to internal ports. No: Manually map GSTP port from outside router to this server. Specify outside port in GstpExtPort.

GstpExtPort = 0
Report this port to Mediator as external port of this File Server, if not 0 and GstpMapExtPortViaUpnp = No.

GstpManageServer = Yes
Yes: this server accept Manage commands from localhost, used to change server config from the client.

WebUiServer = Yes
Yes: Run Web User Interface server, which allows config of this Server from HTML browser.

WebUiPort = 11000
Port on which Web UI server listens.

WebUiLocalOnly = Yes
Yes: Web UI server accepts connections only from localhost (127.0.0.1). No: Web UI server accepts connections from any IP address.

DavServer = No
Yes: Server files via WebDAV protocol. Not recommended, use GSTP file server instead.

DavPort = 22222
Port on which WebDAV file server listens.

DavLocalOnly = Yes
Yes: WebDAV file server accepts connections only from localhost (127.0.0.1).

SibSMB = Yes
Yes: Use Sib-SMB when serving SMB files from this server (smb:/ prefix). No: Use Windows SMB when serving SMB files.

User settings file

File users.tix (stored in C:/ProgramData/GoodSync/server or in equivalent folder on other OSes) contains list of Gs-Server users with their credentials.

Format of the file:

<AccountList>
nAccounts = 2
<Account>
per-user settings: 
Name = Value
</Account>
<Account>
per-user settings: 
Name = Value
</Account>

UserID = "my-user-id"
GoodSync UserID of Server User, generated from email, unique.

EMail = "my@user.id"
Email of GoodSync User.

PasswordProt = "AQA..."
Password of GoodSync user, encrypted by local OS per-machine encryption, cannot be copied to other computers. Applies only to Windows and MacOS.

PasswordClear = ""
Password of GoodSync user, clear text version. You can use it on Linux.

ComputerId = "gs-server-id"
GoodSync ComputerId of this server. So this server can be accessed via GoodSync as gstps://computerid.userid.goodsync.

UserFullName = "John Smith"
Full name of GoodSync User, may be empty.

HomeFolder = "/home/user"
Home Folder of GoodSync user. If empty, then entire server is accessible. If not empty, user cannot go higher than Home Folder.

HomeMapping = Pairs = ( ... )
Folder mapping for this Server. Empty means no mapping, folders are presented 'as is'.

SysUserID = "Server\\John Smith"
OS UserID, used for Impersonation.

SysUserPwdProt = ""
OS User Password, encrypted by local OS per-machine encryption, cannot be copied to other computers. Applies only to Windows.

Impersonate = Yes/No
If Yes then Gs-Server impersonates System OS user using SysUserID and SysUserPwd, upon successfule connection.

IsAdmin = Yes/No
Is this User an Administrator of this Server. If not, then Admin WebUI commands and Manage API are not available to this User.

ReadOnly = No
If Yes then this user can only read files and folders on this server, but not write/crate them.

ProtectSystem = Yes
If Yes then this user cannot write any OS system files, such as C:/Windows folder on Windows.

RegisterWithMediator = Yes
If Yes then register this GoodSync user with GoodSync Mediator, using UserId and Password credentials. If No, then do not register with Mediator, makes sense for Direct IP addressing of this server.

DiskQuota = -1
If more tan 0 then Disk Usage Quota for this user, in Bytes.

More Questions

GoodSync Connect features and benefits are described here.

Read this for more FAQ items.