GoodSync Connect Manual
A printable version is available in PDF
- Introduction and Tutorial
- What is GoodSync Connect?
- GoodSync Account Setup
- Serving Files
- Block-level Sync
- GoodSync Explorer
- GoodSync Jobs and Client-Server
- GSTP Protocol
- Mediated and Direct Addressing
- One Time Password and Device IDs
- Web User Interface: Configure GoodSync Server
- Users: Primary (Admin) and Secondary (Limited)
- Connectivity: Direct or via Forwarder
- Ports used
- Direct Server Access and Forwarder (P2P)
- Automatic: Allow UPNP to open ports
- Manual: Assign an external port to GoodSync Server
- Achieving direct connection
- Real-Time Remote Sync
- Server settings file
- User settings file
- More questions
Introduction and Tutorial
What is GoodSync Connect?
GoodSync Connect allows users to connect two devices directly, in a peer-to-peer (P2P) fashion, without using intermediate servers to store files.
That increases the speed of file transfer and enhances the privacy of files by not storing them on 3rd-party servers.
GoodSync Connect is built-in to the GoodSync application and is thus available on all platforms supported by GoodSync.
- GoodSync Connect enables numerous features and benefits:
- Remote Synchronization: It allows users to synchronize files and folders between devices, even when they are located in different physical locations or connected to different networks. This is particularly useful for remote backup and data management.
- Secure Connection: GoodSync Connect establishes a secure and encrypted connection between the devices involved in the synchronization process. This ensures that data transfer remains confidential and protected from unauthorized access.
- Direct Communication: GoodSync Connect establishes a direct connection between the devices without routing data through 3rd-party servers. This results in faster synchronization speeds and greater privacy.
- Remote Access: In addition to synchronization, GoodSync Connect allows users to remotely access files on their devices. That is handy for retrieving important documents or media files when away from home or office.
- Folder Sharing: Users can share specific folders with others via GoodSync Connect, allowing for collaborative work and easy file sharing among team members or family members.
Imagine you possess two computers, named "dell-laptop" and "hp-office," and your goal is to synchronize the Documents folder on both machines.
The subsequent steps outlined in this section will lead you through the fundamental features and concepts of GoodSync Connect, demonstrating how to configure synchronization between these two computers.
It is presumed that you have already installed GoodSync on both of these devices.
GoodSync Account Setup
GoodSync Account is your universal account within the lineup of GoodSync products.
- Your GoodSync Account is used for:
- License and Device Management: Manage GoodSync licenses, register devices, and assign licenses to them.
- Remote Access and Data Management: GoodSync Connect allows you to connect all your devices, synchronize and access data on them from anywhere with an Internet connection.
- Cross-Device Jobs and Options (Account Sync): Back up and sync your GoodSync Jobs, Groups, Options, and Server Accounts across all your GoodSync devices.
- GoodSync Cloud Storage: Our own proprietary cloud storage that offers the fastest, safest, and most affordable way to securely and easily back up and restore data from any of your devices directly from the GoodSync interface.
- Sharing Folders: Share folders located on any device enrolled into your Account with other GoodSync users.
- Getting support and more.
If you haven't got a GoodSync Account yet, create it here.
GoodSync Connect is linked to your GoodSync Account. After you enroll (register) a device in your GoodSync Account, that device (computer) becomes reachable from the GoodSync installations on your other devices.
Thus, both synchronizing computers, "dell-laptop" and "hp-office," must be enrolled on the same GoodSync Account for them to sync with each other.
The device is enrolled into your GoodSync Account when you log in with it during the GoodSync installation or later using the GoodSync Account Setup feature:
On Windows: Use the "Tools" >> "GoodSync Account Setup" menu item.
On Mac: Use the "GoodSync" >> "GoodSync Account Setup" menu item.
On Linux: Use the GSYNC /gs-account-enroll command.
Computer names you enter during the GoodSync Account Setup must be recognizable to you. So we enter "dell-laptop" on one computer and "hp-office" on another computer.
Based on the "Serve files to other devices" setting specified during GoodSync Account Setup, GoodSync will act on this computer either as a server or a client:
"Serve files to other devices" unchecked (Client): GoodSync installed on this computer can make outgoing requests only and cannot accept incoming requests.
Not checking the "Serve files to other devices" option from the computer makes sense only if you do not want other devices to have access to files of this computer.
"Serve files to other devices" checked (Server): GoodSync installed on this computer can accept incoming requests. You will be able to access data located on the computer from GoodSync installed on other devices via GoodSync Connect.
Checking this option is recommended for most cases.
GoodSync comes preinstalled with the Runner Service that can run your Jobs unattended, i.e., when you are not logged into your system user account.
The Runner Service requires the user account password for the currently logged-in user. This will ensure that the Runner Service may impersonate that user account and have appropriate access, allowing it to access SMB shares and system-encrypted folders that require OS user authentication. Therefore, we strongly recommend specifying the UserID and Password of your system user account.
You can set up the Impersonation for the user accounts on the GoodSync Server via its Web UI, described below.
The users of GoodSync Personal may also set up impersonation via the "Tools" >> "Runner Service Setup" on Windows or "GoodSync" >> "Runner Service Setup" on Mac.
The users of GoodSync Business editions can check the "Server will impersonate Windows User" option during the GoodSync Account Setup in GoodSync GUI.
When both computers are enrolled into the same GoodSync Account and both have the "Serve files to other devices" option turned on, GoodSync Connect will use the Block-level Sync (Delta Sync) to transfer data between them.
With Block-level transfer, only the parts of a file that differ are transferred.
When GoodSync identifies a file that has been updated or changed, it calculates the exact binary data within that file and sends only the changed information.
By doing so, each file transfer only passes the data required to update the destination file. That increases the speed of synchronization and saves traffic.
Normal file transfer would send the entire file, even if only small parts of the file have changed.
GoodSync Explorer is an add-on component installed with a standard GoodSync application for Windows and Mac computers.
It is a file explorer for all file systems, all devices connected via GoodSync Connect, and all cloud storage accounts.
Use GoodSync Explorer to make sure that you established a connection between computers and can browse files.
- Start GoodSync Explorer by using its Desktop icon on Windows or from the Applications directory on Mac.
- Select the "GoodSync Connect" file system.
- Drill down to the GoodSync Connect Account, which is shown as your Email on this Account.
- GoodSync Explorer shows all computers registered in your Account that have the "Serve files to other devices" option checked.
- You can browse all files on these computers, in all folders.
- You can also perform common file operations such as upload, download, copy, move, rename, and delete.
GoodSync Jobs and Client-Server
Use the GoodSync GUI application to set up a Sync Job between two computers.
First, we decide who is the Client and who is the Server in this scenario.
The Client is the Device (Computer) where the Job runs. It must be alive and online only to run this Job.
Laptops and phones are usually clients, as they cannot stay online for long. In our example, "dell-laptop" will be the Client.
The Server is the Device (Computer) that serves files to a Client. It does not run any Jobs itself and just answers file requests from the Client.
The Server must be alive and online most of the time when the Client may want to connect.
Desktops and NAS devices are usually Servers, as they can run continuously for a long time.
Sleep should usually be disabled on Servers if you want it to be always available.
In our example, the "hp-office" will be the Server.
So, let's set up and run our Sync Job:
- On the Computer named "dell-laptop," in the GoodSync application, create a Job using the "New Job" button in the Toolbar or by selecting "Job" >> "New Job" menu item.
- The Left folder of the Job will be the local folder "~John Smith\Documents." Click the "Please click here to select folder" button in the Toolbar, select "My Computer" (or "My Mac" on Mac) >> "Local" >> User folder >> "Documents."
- The Right folder of the Job will be the remote "Documents" folder on the "hp-office" computer. On the Right side, select "GoodSync Connect" >> GoodSync Account name (email address) >> hp-office >> User folder >> "Documents."
- Click the green "Apply" button to confirm folder selection.
- Click the "Analyze" button to see the differences between the folders.
- Click the "Sync" button to confirm the sync actions proposed by GoodSync.
Now the Documents folder on both computers is in sync.
GoodSync uses the GSTP file transfer protocol between its Client and Server.
GSTP stands for GoodSync Transfer Protocol.
GSTP URLs have the gstp:// or gstps:// prefix.
gstp:// is a plain-text version of the protocol, which now is not used, due to security considerations.
gstps:// is a version of GSTP encrypted by TLS (implemented by OpenSSL).
Mediated and Direct Addressing
- To address a GoodSync Server (gs-server) you can use:
Requires a GoodSync Account.
Uses Mediator and Forwarder to arrange connection from a Client to the Server.
Mediated addressing is used when the Server does not have a static IP address, connects via NAT, or Wi-Fi, or has security software.
URL example: gstps://computer.userid.goodsync/folder1/folder2
NOTE: This is the preferred and most common way.
Direct IP addressing
Does not require a GoodSync Account.
The Server must have a static IP name or address.
Client to Server connection must be arranged by you, it is always direct.
URL example: gstps://my-gs-server.my-company.com/folder1/folder2 or gstps://126.96.36.199/folder1
NOTE: Allowed only with GoodSync Business editions.
One Time Password and Device IDs
Each Device (Computer) that contacts the Mediator must produce a DeviceID so that each Device may be enrolled into Approved Devices and its activity may be logged and presented to the user.
To approve a New Device that GoodSync Mediator has not seen before, you have an option of getting a One Time Password via Email, SMS, or from the Authenticator app.
To set the One Time Password (OTP) option, you must log into your GoodSync Account.
Once logged in, you will be able to see a list of your active computers and devices. You will also be able to change the authentication scheme to OTP. OTP settings can be adjusted under "Account" >> "Strong Auth Type."
We recommend using the OTP via SMS or Authenticator option as the most secure. Note that SMS charges may apply, charged by your wireless operator for receiving SMS.
Web User Interface: Configure GoodSync Server
GoodSync Server may be configured via its Web User Interface, which is a web server that GoodSync runs on your computer, at http://localhost:11000
GoodSync GUI users on Windows and Mac can also open the GoodSync Server Web UI via the "Tools" >> "Advanced" >> "Advanced Server Settings" and "GoodSync" >> "Advanced Server Settings" menu items respectively.
The Web UI is used primarily on computers where there is no GoodSync GUI: NAS and Linux. Or on computers that are primarily GSTP File Servers (MidServer licenses).
Use GoodSync Account credentials (UserID and Password) to log in.
No outside or local net connections are allowed for security reasons, so you can connect only from the same computer where the gs-server runs.
- What you can do in the GoodSync Server Web UI:
- Add, Modify, and Delete secondary users.
- Change the Server options (advanced users only).
- Turn the Server components on and off.
- View logs and sessions.
Users: Primary (Admin) and Secondary (Limited)
When you set up a GoodSync Account on this Server, the Account that you set up becomes the Primary (Admin) user on your GoodSync Server.
Only the Windows Administrator or Mac SuperUser can install GoodSync Server and create or change the UserID and Password for the main user, for security purposes.
A Primary (Admin) user may create Secondary (Limited) users by using the Web User Interface of the GoodSync Server.
A Secondary (Limited) user typically is limited to accessing only one folder and its subfolders, which is called the Home Folder of the user.
Any attempt to go above the Home Folder will be rejected by the gs-server.
The URL of a file in the Home Folder of a Secondary user looks like this:
where /folder1/folder2 is the path inside the User Home Folder.
You can manage the users of the GoodSync Server by switching to the "Users" tab in the Web UI.
Connectivity: Direct or via Forwarder
GoodSync Server uses these TCP/IP and UDP ports by default:
- TCP port 33333: A GoodSync client calls the GoodSync Server on this port to download/upload files.
- TCP port 11000: The browser calls GoodSync Server on this local-only port to display the Web UI.
- TCP port 80 and 443: The GoodSync Server calls mediator.goodsync.com on this port, to coordinate connections.
- UDP ports 33338 and 33339: Used for local discovery (broadcast) of GoodSync Servers by GoodSync Clients.
- TCP port 22222: The GoodSync Server serves its files via WebDAV protocol on this port if enabled.
- TCP port 33334: The GoodSync Server accepts the Manage API commands on this port, local only.
Direct Server Access and Forwarder (P2P)
If a GoodSync client can connect to the GoodSync Server directly (by TCP/IP), you will get the maximum possible transfer speed.
However, this may be not possible for a personal computer that gets to the Internet from behind NAT, a firewall, and security software.
So when the GoodSync Client cannot connect to a GoodSync Server directly, they try to arrange a meeting via a go-between server that we call Forwarder.
The Forwarder should be accessible from both the Client and Server. The Forwarder is appointed dynamically by the Mediator, based on the visibility of the Client and Server.
This is an automatic process; the user does not have to intervene.
Automatic: Allow UPNP to open ports
GoodSync Server will use the UPNP service of your router or DSL/cable modem to create a tunnel from the external port of the router to internal TCP port 33333 of the computer where the gs-server runs.
That means it is best to keep UPNP turned ON on your router, so the tunnels in the router for GoodSync Server will be created automatically.
Manual: Assign an external port to GoodSync Server
If GoodSync cannot drill a hole in your router, you should manually create a Forwarding Rule in your Router and tell GoodSync Server what external port you put it on using the GoodSync Server Web UI.
Example: gs-server is on local endpoint 192.168.1.7:33333.
You want to Forward the external port 33007 to the local endpoint of the gs-server.
- For this:
- Log in to the Router Web UI, usually located at http://192.168.1.1
- Create a Forwarding rule on the router: Ext Port 33007 >> 192.168.1.7:33333
- Log in to gs-server Web UI at http://192.168.1.7:11000
- Switch to the "Settings" tab, select "External Port: Manually map external port to Internal port," and enter 33007.
Achieving direct connection
When the GoodSync client cannot connect to the GoodSync Server directly, it does so via Forwarder, which is our own server that forwards TCP/IP connection.
The transfer speed will decrease if the Forwarder is used. You can get better speed and latency if you achieve a direct connection from the GoodSync Client to the Server.
- Usually, the GoodSync Server is blocked by your Internet router, modem, or firewall:
- GoodSync Server tries to make a tunnel for its port 33333 in your router/modem using UPNP.
- These attempts are not always successful, as your router may not support UPNP.
- If GoodSync cannot make a hole, instruct your router/DSL modem/cable modem to forward an external port of your router to port 33333 of the computer where the GoodSync Server runs.
- If you have more than one computer with a gs-server, use a different external port for each computer.
- Notify each gs-server what is its external port, the one that you assigned, see above.
- GoodSync will report this external port to the Mediator.
- GoodSync client will contact your GoodSync Server on this external port.
- Another point of connection loss may be your ISP:
- Your router/modem does not have a real IP address, as it is connected via NAT. This is called Double NAT and it cannot be fixed, the forwarder will have to be used.
- Your ISP blocks the port that the gs-server has selected. To fix it, use a non-blocked external port and manually forward it to the gs-server.
On both the Client and Server, your security software may be blocking GoodSync.
GoodSync creates exceptions in Windows Firewall on both the Client and Server end.
If such blocking still occurs, create an exception for GoodSync in your security software.
Real-Time Remote Sync
GoodSync can perform real-time file monitoring and syncing via GSTP, even if one of the computers is the remote GoodSync Server. Read this section of the GoodSync Manual for details.
Server settings file
The file settings.tix contains the settings of the GoodSync Server. Most of them are set automatically, and regular users should never change them. Only advanced users who have a deep understanding of TCP/IP and sockets should change these options.
The default location of the settings.tix file is:
On Windows: C:/ProgramData/GoodSync/server
On Mac: /Library/Application Support/GoodSync/server
On Linux/NAS: /etc/goodsync/server
List of available settings:
LogFolder = "C:/ProgramData/GoodSync/server"
Folder to which server log files are written.
LogPrefix = "gserver"
Prefix used in names of log files. The format of the log file name is Prefix-YYMMDD.log
AccessLogFolder = ""
Folder to which server access log files are written.
AccessLogPrefix = ""
Prefix used in names of access log files. The format of the log file name is Prefix-YYMMDD.log
LogLevel = 2 (default is 2-Actions)
The level of log details, goes from 1 to 5.
ConsoleLevel = 0
The level of log details that go to the UNIX console, from 1 to 5.
Level 0 means no logging into the console. Applies only to Linux.
RetainLogDays = 10 (default is 10 days)
Logs that are older than these many days are deleted, once per day.
CheckNewVersion = Yes|No
If set to Yes, the Server will check for the new version periodically. Ensure the Server can reach https://www.goodsync.com.
InstallNewVersion = Yes|No
If both settings are Yes, the gs-server installs the new GoodSync version when it becomes available. Applies only to Windows and macOS.
MaxConnections = 512
Max number of simultaneous TCP/IP connections this Server would accept.
ReportFreeSpaceBelowPct = 10
Report low disk space by Email to the SMTP server if free disk space on the Server falls below this many percent.
PreventSleep = No
If Yes, the gs-server does not let this computer go to Sleep so that it can always accept connections. Applies only to Windows and macOS.
RequestAuthentication = Yes
Request Authentication (Basic or Digest) on all transactions, user credentials are stored in the users.tix file.
OfferBasic = No
Offer Basic Authentication. Keep it set to No, as Basic Auth is not secure enough.
OfferDigest = Yes
Offer Digest Authentication. Keep it set to Yes, as Digest Auth is what we use most of the time.
Plain-Allow = Yes
Allow a client to connect in a plain-text mode (insecure).
SSL-Allow = Yes
Allow a client to go to TLS/SSL encrypted mode. Keep it always set to Yes, as plain-text communication is insecure.
SSLCertificatePath = "C:/ProgramData/GoodSync/server/gs-server.crt"
Path of file that contains this Server TLS/SSL certificate public key.
SSLPrivateKeyPath = "C:/ProgramData/GoodSync/server/gs-server.key"
Path of file that contains this Server TLS/SSL certificate private key.
SSLCertChainPath = "C:/ProgramData/GoodSync/server/gs-server.key"
Path of file that contains this Server TLS/SSL chain of certificate from Cert Root authority to our certificate.
SSL-AllowedCiphers = ""
List of allowed TLS/SSL ciphers, empty means all are allowed. Modern ciphers list would be something like this:
GstpFileServer = Yes
Run GSTP File Server. Usually, it must be Yes.
DirectOnly = No
Accept only direct TCP/IP connections, and not connections delivered via Forwarder. Makes sense when using only the Direct IP addressing of this Server in a GSTP Client.
GstpUdpPort = 1333
UDP Port on which this gs-server receives commands from Mediator to Pickup connection, when this Server is not connectable directly.
GstpFilePort = 33333
TCP Port on which this gs-server listens for File Server connections.
GstpFileDynamicPort = No
If GstpFilePort is taken already, select a random port to listen on for File Server connections, and deposit this port back into settings.tix.
GstpFilePort_2 = 0
Another port on which File Server listens for connections if not 0.
ListenOnlyIpAddr = ""
Listen only on the specified IP address. If empty, listen on all available IP addresses.
GstpFileLocalOnly = No
If Yes, allow File Server connections only from the localhost (127.0.0.1) IP address.
GlobalDiscovery = Yes
If Yes, register with Mediator, so that connections to this File Server can be arranged via Forwarder.
If No, do not register with Mediator, allow only direct connections.
GstpMapExtPortViaUpnp = Yes
If Yes, use UPNP to map external ports to internal ports.
If No, manually map the GSTP port from the outside router to this Server. Specify the outside port in GstpExtPort.
GstpExtPort = 0
Report this port to Mediator as the external port of this File Server, if not 0 and GstpMapExtPortViaUpnp = No.
GstpManageServer = Yes
If Yes, this Server will accept the Manage API commands from localhost, used to change the server configuration from the client.
WebUiServer = Yes
If Yes, run the Web User Interface server, which allows configuration of this Server from a web browser.
WebUiPort = 11000
Port on which Web UI server listens.
WebUiLocalOnly = Yes
If Yes, the Web UI server accepts connections only from localhost (127.0.0.1).
If No, the Web UI server accepts connections from any IP address.
DavServer = No
If Yes, serve files via WebDAV protocol. Not recommended, use the GSTP File Server instead.
DavPort = 22222
Port on which WebDAV file server listens.
DavLocalOnly = Yes
If Yes, the WebDAV file server accepts connections only from localhost (127.0.0.1).
SibSMB = Yes
If Yes, use Sib-SMB when serving SMB files from this Server (smb:// prefix).
If No, use Windows SMB when serving SMB files.
SMBConfPath = ""
Full path to the SMB configuration file (smb.conf).
SMBSharePrefix = ""
Path to the SMB share root.
LicPlatform = ""
Set the Server capability (according to the license you purchased).
User settings file
The file users.tix contains the list of GoodSync Server users with their credentials.
The default location of the users.tix file is:
On Windows: C:/ProgramData/GoodSync/server
On Mac: /Library/Application Support/GoodSync/server
On Linux/NAS: /etc/goodsync/server
Format of the file:
<AccountList> nAccounts = 2 <Account> Name = Value </Account> <Account> Name = Value </Account>
Per-user settings are enclosed in the <Account></Account> sections.
For each user, you can have these settings:
UserID = "my-user-id"
GoodSync UserID of the Server User, generated from email, unique.
EMail = "email@example.com"
Email address of the Server User.
PasswordProt = "AQA..."
The password of the GoodSync user, encrypted by local OS per-machine encryption, cannot be copied to other computers. Applies only to Windows and macOS.
ComputerId = "gs-server-id"
GoodSync ComputerId of this gs-server. So this Server can be accessed via GoodSync as gstps://computerid.userid.goodsync.
UserFullName = "John Smith"
The full name of the GoodSync user, may be empty.
HomeFolder = "/home/user"
Home Folder of the GoodSync user. If empty, then the entire Server is accessible. If not empty, the user cannot go higher than the Home Folder.
HomeMapping = <AccountHomeMap> Pairs = ( ... ) </AccountHomeMap>
Folder mapping for this GoodSync Server. Empty means no mapping, folders are presented as is.
SysUserID = "Server\\John Smith"
System UserID, used for Impersonation.
SysUserFullName = ""
System user Full Name.
SysUserPwdProt = ""
System User Password, encrypted by local OS per-machine encryption, cannot be copied to other computers. Applies only to Windows.
IsAdmin = Yes|No
Specifies if this User is an Administrator of this Server.
If No, then the Admin Web UI commands and the Manage API are not available to this User.
ReadOnly = No
If Yes, this user can only read files and folders on the GoodSync Server, but not write/create them.
Impersonate = Yes|No
If Yes, gs-server impersonates a System OS user using the SysUserID and SysUserPwd, upon successful connection.
ProtectSystem = Yes
If Yes, this user cannot write any OS system files, such as files in the "C:\Windows" folder on Windows.
RegisterWithMediator = Yes
If Yes, register this GoodSync user with GoodSync Mediator, using UserId and Password credentials.
If No, do not register with Mediator. Makes sense for Direct IP addressing of this Server.
DiskQuota = -1
If more than 0, set Disk Usage Quota for this user, in Bytes.