I have set up Syncthing, to share files between my Windows 10 machine and Kubuntu machine. Kubuntu runs on a VM on top of Windows 10, but they can be considered as completely separate machines with different IP addresses. I have setup Syncthing using this guide (Syncthing part). But I don’t have https or any GUI Authentication User added. So, basically a vanilla/default setup of Syncthing. My use case is simple: sync files between Windows and Kubuntu, over a local network. My question is,
How do I keep all the network interactions to be restricted within my local network? Or better, just allow data transfers between 2 ip addresses only(that of PC and that of Kubuntu). Can you suggest a good way to do this?
Also, does my current setup of Syncthing have encryption enabled? (it’s all default settings, and no https and no gui-authentication users added) Also, will it make sense or add security for me to enable https (or gui-auth-users), for my specific use case?
All data is always encrypted in transfer, if that’s what you mean. HTTPS and GUI authentication make sense if you want to access the GUI remotely (e.g. from another computer on the same network).
I don’t like disabling global discovery for this purpose. Both of the suggested changes aren’t really about restricting Syncthing to the local network, they just have effects towards that end. However e.g. global discovery also can help in creating local connections, thus that might fail without it. Using allowedNetworks on devices while leaving global discovery on (or use firewall rules for syncthing) seems like the better way to achieve this to me: allowedNetworks — Syncthing documentation
