So today I was using Syncthing to sync some files with my phone (GrapheneOS) from a Linux computer. I was using Local Discovery and Nat Traversal as the options on both.
I am behind Rethink DNS app on android and I had to disable Always on VPN option on my phone and had to select Exclude from DNS and Firewall option fn the Synching-Fork on Rethink in order for it to work locally. But before I did that I saw some DNS connections Syncthing-Fork was making, to STUN providers such as stun.internetcalls.com.
I believe you can stop these connections by turning off NAT Traversal .
But this got me thinking how private is Syncthing? Are the STUN servers seeing what I am sending? And yes the transfer was happening locally. I saw TCP LAN in the transfer info.
Syncthing-Fork is from F-Droid.
you should disable “global discovery”
as well as nat teaversal and relaying
ps
with netGuard i don’t need to disable ‘always on vpn’ or give syncthing any special permissions
Does netguard support VPN through wireguard config?
yes
https://itsignacioportal.github.io/firewall-and-vpn-without-root-on-android-2025/