Why kcp/NAT is operating even it has been disabled in settings?

Support
1

I have disabled the following options in Syncthing/SyncTrayzor settings:

  • Enable NAT traversal
  • Global Discovery
  • Enable Relaying

and left only Local Discovery enabled. Yet Syncthing Console reports:

[XXXX] 10:24:39 INFO: kcp://0.0.0.0:22020 detected NAT type: Port restricted NAT
[XXXX] 10:24:39 INFO: kcp://0.0.0.0:22020 resolved external address kcp://101.100.164.47:22020 (via stun.sipgate.net:10000)

Why is the external discovery still happening even I have disabled it in settings? I am too paranoid to leave any file sync happening over Internet. I use sync over SSH tunnel for that purpose. How can I really disable the external port discovery.

2 Likes
2

This is nothing todo with any of the settings you disabled. Search for existing threads on the forum on this.

3

The bit unintuitive trick is to go to Advanced Settings and set:

Stun Keepalive Seconds = 0
4

Agreed, see https://github.com/syncthing/syncthing/issues/4518 and resolved external address?? (new in .v0.14.40).

5

I’m paranoid too and I use these settings. I really didn’t like the implementation of KCP without being able to fully disable it too. I use fixed IP addresses too. For the future, now that I understand and can config syncthing pretty good, I plan to use my first internet connected device at work to my home server.

    <listenAddress>tcp4://0.0.0.0:22000</listenAddress>
    <globalAnnounceServer>nnnn</globalAnnounceServer>
    <globalAnnounceEnabled>false</globalAnnounceEnabled>
    <localAnnounceEnabled>false</localAnnounceEnabled>
    <relaysEnabled>false</relaysEnabled>
    <natEnabled>false</natEnabled>
    <stunServer>nnnn</stunServer>
    <stunKeepaliveSeconds>0</stunKeepaliveSeconds>
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.