@@ -214,3 +214,35 @@ Other things:
214214 number concurrently running threads Syncthing uses. Setting it to 1 (or
215215 any number lower than your actual number of cores) will reduce the
216216 amount of CPU used by Syncthing at any given moment.
217+
218+ Tuning for LAN-only
219+ -------------------
220+
221+ You are paranoid about security and/or privacy, and want to keep Syncthing's
222+ communication constrained to your local network only.
223+
224+ For restricting sync traffic to only LAN:
225+
226+ - :opt: `relaysEnabled `
227+ Set to false to disable relaying sync traffic through servers other than
228+ your sync partners. When relays are used, those that you connect to can
229+ see your encrypted data, device ID, and public IP address.
230+
231+ - :opt: `natEnabled `
232+ Set to false to disable opening up UPnP and NAT-PMP port mappings and
233+ pinholes, and to disable hole punching. This reduces the ability for sync
234+ partners to connect on the Internet.
235+
236+ For restricting other things to only LAN:
237+
238+ - :opt: `globalAnnounceEnabled `
239+ Set to false to disable use of Global Discovery servers, which know your
240+ device ID and public IP address when being used. The discovery servers are
241+ used by your sync partners to discover your IP address from your device ID.
242+
243+ .. note ::
244+ Note that on Android, local discovery is known to usually not work, so
245+ either global discovery or hardcoding IP addresses is often required.
246+
247+ If it's not obvious, do *not * hardcode non-LAN IP addresses,
248+ if you want to keep LAN-only.
0 commit comments