Hi
I have pf installed on two macs on remote subnets.
the topography is like this

machine 1:
PUBLIC IP->NAT ROUTER (10.8.2.x)->CLIENT

machine 2:
PUBLIC IP->NAT ROUTER (192.168.2.x)->NAT ROUTER(10.8.3.x)->CLIENT

machine 2 is in an office inside a business centre - hence the need for segregated subnets. The office cannot deliver a public IP to the second router.

I cannot get the machines to connect to each other over the internet. I had anticipated that pf would intermediate a peer-to-peer connection that would solve this problem: much the same way that skype/foldershare does (both of which work without a problem).

the machines do connect if i created a bridged connection via OPENVPN from a client to right-hand remote router.

I have relayed connections switched on for both machines. Tunneled connections are set to Direct Connections on both machines.

So my questions are:

1. should PF connect to 'friends' (mirrored drives) automatically over the internet, without the need for manual intervention?
2. sometimes one client can see that the other is online. but refuses to connect. is this normal behaviour? I had anticipated that clients would remain connected if they could see each other.
3. both machines have the ports set to automatic. how can i tell which port PF is actively trying to use? on machine 2 i have evidence that upnp works to configure both routers (as skype/foldershare/vuze work).
4. is there any way to configure a remote machine through a centralised web interface (like foldershare)?
5. when i look at the debug trace, I see connection attempts made by completely random nodes. like someone's VAIOLAPTOP. this concerns me greatly from a security perspective. Why is this occurring and how can I make myself comfortable that these random nodes are not attaching and are not receiving files from me?

... and slightly off topic ...

6. is there a way to configure PF to 'run as a service' on a mac? so the sync will work whoever is logged in?

7. is there a way to configure PF to live in the menu bar or as a widget/etc rather than having it in the Dock?

thanks in advance,
Justin

Dear jpadie
Do the both macs have fixed ips?
If yes perhaps that might help:
http://wiki.powerfolder.com/wiki/Setup_a_network_with_connections_to_only_selected_ clients

With this you can a: exclude all nodes which you do not like including our servers.
b: the subnet problem should be fixed also.

But lets get that step by step:
1. If you cannot make 2 computers connect make sure that port 1337 is open on all sides as well in the router as in the firewall.
For explanation:
PowerFolder always tries to connect in different ways : First the direct connect at port 1337 (can be changed under preferences/advanced which needs to be enabled under preferences/general) is this is blocked it tries to connect by relayed and nat connections and after this by http-tunnel.

2. Are they on each other firendlist? The reason for this might be also that PowerFolder only is able to establish an connection by http tunnel somehow but should be fixed if you open a port on both sides.

3. Please see 1.
4. No sorry not yet since this requires a central instance and would kill the possibility to use the clients in closed environments. There might be some solution soon but currently no.
5. This are nodes from the peer to peer network. To make sure that the clients can find each other without a central instance: Skype is doing this in a much more extreme way but does not tell about this.
They cannot access your data since they do not have an invitation and they are no memebers of your folders(they need to be to get the internal rights to do something at all) also all the encryptions between your clients are encrypted and if you really do not want them to connect exclude them:
http://wiki.powerfolder.com/wiki/VPN_network
or again
http://wiki.powerfolder.com/wiki/Setup_a_network_with_connections_to_only_selected_ clients
6./7.
Sorry not yet but I will ask what is the status for this.

I hope that helps
best regards
Bernhard Rutkowsky

thanks for your reply.

1. both macs are on entirely dynamic IP addresses

i cannot open 1337 on one of the systems. the only ports that I can guarantee being open are 8910-8930 for TCP.

i have tried setting the preferences to an open port. It does not appear to make a difference.

2. both clients are on each other's friend list. I'm afraid i don't understand the rest of your statement.

3. your response to 1 does not answer by question 3. This was "how can I tell which port is being used ..." I mean by this, the actual port being used to intermediate the transfers.

4. I don't see why. Foldershare has no central instance (cloud-style). it's equivalent to a torrent indexer; as is skype and other SIP type applications. but ok, seems a bit limited - particularly since you already managed a central instance of some form to permit NAT traversal and relay connections - but if that's your architecture, so be it!

5. i will check the links you provided. creating a VPN cloud undermines the point of a press-and-leave solution.

6/7: thanks. the product seems great but the interface looks wrong when put side by side with other mac/windows apps.

I look forward to hearing more about debugging and fixing issue 1.

cheers
Justin

1.Please try to disable nat traversal and relayed connections.
2. not so important
3. Ports are changing as long port 1337 is not open and relayed connections are used.
Are you using a proxy server? If yes perhaps you can configure it: preferences/pro setting/http-tunnel.
4. Foldershare is only working if you are online right? and you are doing this configurations where? Non the less this is a missing feature and will be fixed soon but right now its not existing.
5. you also might exclude all connections except the one you want if you have some Internet security software which allows this. But anyway this is not required since the other users simply do not have access to your data as long they are not member of a folder.

6/7: yep and fix is on the way

1. how do i disable NAT traversal? I have disabled relay connections in prefs->network. it does not seem to make a difference. one client can see that the other is online, but no connection is made.
4. correct. foldershare has no cloud element (yet).

How do you access the web on both locations? Do you use a HTTP Proxy?
If yes, please setup the HTTP proxy under Preferences/Pro Settings/HTTP Tunnel.

NAT Traversal is only available on Windows systems and therefor always disabled on Mac systems.

7) Version 3.1.2 let PowerFolder remain in the mac status bar (upper right corner). Please make you have Java 6.0 installed on your system.

Hi Christian
strangely i replied to your questions a while ago (days) but the post does not seem to have stuck.

Anyway: there are no proxies involved from any of the three locations.

I have installed java 6 and now get the menu bar icon - thanks. It has not improved stability of powerfolder though: i still have full system freezes at least three times a day at each location.

the key problem for me, at present, is the lack of connection. all three locations are fully plugged into the internet and functional. PF is open at each location. Two locations have full Upnp ability and one has the necessary ports open to the internet. But I still cannot maintain (any) connection. This means that I cannot currently rely on PF to keep my three computers in sync without creating a series of peered VPN's: which is _way_ over the top when compared to foldershare.

If you could help resolve this i would be most grateful.

Justin