Like janc1 I am using syncthing in a local environment. Thus only “Local Discovery” is activated, but I see the same entries of KCP being started on :22020 and it’s outbound connection to a stun.* domain. The domain changes, it always starts with “stun.” After that the connection is handed over from KCP to TCP.
Allow me to ask, from under my tinfoil hat, how can I persuade Syncthing to * not * start KCP? I would like Syncthing to stay private (in the sense of not announcing its presence to anybody outside this local network). At least until I choose to activate options like NAT traversal, global discovery or relaying. Maybe this could be made as an option in a future version?
I’d be ready to edit the config file or set an option in the advanced config, if that was possible?
Small update: Blocking the ports stun 3478 and ndmp 10000 hands over the connection from KCP to TCP, then the connection fails. Syncthing then picks it up again.
Looks roughly like this:
INFO: Established secure connection to YYYY at [::]:22020-192.168.254.21:22020 (kcp-client) INFO: Established secure connection to YYYY at 192.168.254.34:49529-192.168.254.21:22000 (tcp-client) INFO: Replacing old connection [::]:22020-192.168.254.21:22020/kcp-client with 192.168.254.34:49529-192.168.254.21:22000/tcp-client for YYYY INFO: Connection to YYYY closed: reading length: broken pipe INFO: Connected to already connected device (YYYY)