How to connect a peer with an external IP address

Hi guys

Private network using swarm key, two Windows nodes: node 0, node 1, each node has a different IP (different providers). I can’t connect node 1… Can you tell me how to configure it correctly to connect them? Here is my config

I would appreciate your help.

You need to set each other’s address in the bootstrap list, or they have no way of knowing where to connect. Also, make sure you have port mapping set (in your router) if they are behind NAT, because hole punching won’t work for this.

1 Like

Is it possible to do this without setting up a router?

If the nodes are behind NAT, you need to set port mapping for them to be reachable (on the public IPFS network, they can also use hole punching). Port mapping is configured on the NAT router, which requires access to it, unless it has UPnP enabled, which the IPFS node can use to set port mapping itself.

You see, through the program Desktop I can connect a second computer to which I distributed mobile Internet without setting up the port. But why doesn’t it work through the kubo console?

On the public IPFS network, they use relay nodes (which are reachable) and hole punching. It’s less efficient than using port mapping, but it works. Unfortunately, relay nodes don’t work when using swarm keys, so at least one of your two nodes has to be reachable for them to establish a connection. This isn’t an IPFS issue, it’s just the way the internet works.


Hey ylempereur, how about libp2p-relay-daemon.exe? Can’t this apply to a private network?

Unless it’s been changed since the last time we tried it (and, to be fair, it’s been a year or two), no, that’s the thing that won’t work with a swarm key. And even if it did work, you’d still have to set up port mapping for it (somewhere, something has to be made reachable). So, if you can do that, why not just do it for one of your nodes?

An option that would work far better for you is to use the public IPFS network (with all its advantages), but encrypt your files before putting them on the network (and decrypt them after retrieval).

Anyway, your simplest solution is still to just set up port mapping on one of your routers. It’s pretty simple to do, if you have admin access to it.

An option that would work far better for you is to use the public IPFS network (with all its advantages), but encrypt your files before putting them on the network (and decrypt them after retrieval).

Aren’t files automatically encrypted when a file is added?

P.S. I just started studying IPFS…

Nope, the connections are encrypted (using TLS), but the files remain as they are (which is why I assumed you wanted to use a swarm key, which adds another layer of encryption to the thing and keeps others out).

So, you get more or less the same result by encrypting your files yourself and putting them up on the public network (which already has relay nodes in place, and many other advantages). That way, you can just use your two nodes without port mapping.

Please describe the steps to upload an encrypted file to a public IPFS network

I’m a little confused. Because in the blocks folder I only see encrypted files

I don’t think they are encrypted at rest, but even if they were, it doesn’t change the important fact that, if you know the CID of a file on the public IPFS network, you can retrieve it using an IPFS node or gateway, and the file is in clear text (no password or key needed).

There’s nothing magical or complicated to encrypting your files prior to putting them up on the IPFS network.

  1. encrypt the file locally using your favorite software for that purpose (or a custom built one), and your chosen password/key
  2. ifs pin add the encrypted file to your node

The encrypted file can then be retrieved by another node on the network using its CID, and then decrypted using the same software and password/key used to encrypt it.

How about encrypting a file with 7z using a password?

Yup, that should be fine.

1 Like

To use the public IPFS network with the best speed for file replication and retrieval, needs use the following scheme:

  1. Kubo to launch additional (own) nodes to search for a file faster on the IPFS network.
  2. IPFS Cluster for replication of files on own nodes.

The speed at which you find/retrieve files on the IPFS network isn’t tied to how many nodes are searching for it in parallel (it doesn’t help to have more than one), it is tied to how good a job the publishing node is doing at reproviding (that’s a whole subject of discussion in itself) and how many nodes are publishing the files (you can use pinning services to have more nodes do that, or run more nodes yourself, or, as you stated, use IPFS Cluster). The more nodes have the files, the faster a node can find them and retrieve them.

I understand, but there are many other nodes on the public network, and not all of them will store my file, so to find my file faster, I should connect my nodes (the more, the better) ?

I think you are misunderstanding how this works. A node doesn’t search for a file by looking in every node on the network until it finds it.

The publishing node “reprovides” the CID of the file to the DHT (the DHT contains records for CIDs and the peer IDs of nodes that have it).

A node looking for a file looks up that record in the DHT and gets a list of nodes that have the file, then connects to them and downloads the files from the first one that responds.

If you have multiple nodes looking for the same file, they are doing that exact same thing, and getting the exact same result. It doesn’t help to have more than one do it.

However, how well a publishing node reprovides its record to the DHT matters (bad reproviding is the top cause for not finding files quickly, or at all), and how many nodes are listed in that record (how many nodes have the file). Whether those nodes are up or not matters as well, if all the nodes listed are down, the file cannot be retrieved.

So, keeping your node with the files in it up 24/7 is paramount, and making sure they are doing a good job at reproviding is just as important.

1 Like

Ohh yeah, you are right, I really thought wrong. And now I think I understand everything correctly.

How often does the publishing node need to appear on the network for the file to be available on the ipfs network?