The Parsec Relay Server is part of the Parsec for Teams Enterprise license. It's a solution for when you need more control over your network infrastructure and want to ensure P2P connections will be successful. It can be used as a way to route all Parsec traffic through one public IP address and as a solution for managing strict firewall/NAT settings. If you'd prefer to avoid the Parsec Relay Server, look into Parsec's networking requirements.
The Parsec Relay Server is an on-premises high performance relay (HPR) server. It is a lightweight server program that relays many concurrent Parsec sessions through a single IP address / port configuration. It can be used to assist with NAT traversal as either an on-premises relay for large LAN deployments of Parsec, or as a general purpose WAN relay server.
The Relay Server will bind to all interfaces with both [public_port] and [private_port]. The [public_address]:[public_port] will be communicated to peers that need to route through the Relay Server and must be accessible from the WAN. Use UDP ports for the private and public port. [private_port] may be configured for additional security. Using a [private_port] ensures that relay requests can only be originated on the [private_port] specified, and any relay requests attempting to be originated on [public_port] will be dropped. If [public_port] is the same as [private_port], only a single port will be used.
Before installing and configuring the Parsec Relay server (HPR), we highly recommend you review the technical reference section which covers prerequisites, advanced configuration, deployment considerations, and troubleshooting,
Prerequisites
Install
- Copy the download URL for the relay server from the Teams App Rules page. The .tar.gz contains the Relay Server files and the Readme.
- SSH into the Linux machine that you'll use for the relay server and download and extract the tar ball, then copy the `parsechpr` and `parsechpr.service` files to the relevant directories:
ssh <user>@<LAN-IP>
wget <relay download URL>
tar -xf <relay.tar.gz>
cd parsechpr1.0
sudo cp parsechpr /bin sudo cp parsechpr.service /etc/systemd/system
Configure
- Use your text editor of choice to modify `ExecStart` under [Service] in parsechpr.service to point to the Public IP address, public (WAN interface) port and internal (LAN interface) port.
sudo nano /etc/systemd/system/parsechpr.service
-
- Example: `ExecStart=/bin/parsechpr 1.2.3.4 5000 4900`
- Syntax: ExecStart=/bin/parsechpr [Public IP Address] [WAN/public interface port] [LAN/Internal interface port]
- Save: CTRL + X to close, CTRL + Y to confirm modify, Enter to overwrite
- Run the service:
sudo systemctl start parsechpr sudo systemctl enable parsechpr
- Enter the relay's private (LAN) IP and private port in the "High Performance Relay Server Settings" field of the Teams App Rules page, under "Host High Performance Relay Server Address" and/or "Client High Performance Relay Server Address." The majority of deployments involve all hosts being local to the relay server, in which case only the host setting is required. For more information on when to use the client setting, please reference HPR Deployment Considerations and Options.
That's it! Again, we highly recommend reviewing the technical reference section for additional details regarding the Parsec Relay server.
Confirm 'parsechpr' service is running
service parsechpr status
Configure Parsec Hosts to use the Relay Server
Now that the relay server is configured, we'll need to tell the host computers where the relay server is. We recommend configuring this in App Rules. Configure the LAN IP address of the relay server in the Host High Performance Relay Server Address field.
As an alternative to configuring hosts to leverage the relay via the Teams App Rules page, the relay server address may be manually specified in the configuration file via app_stun_address:
app_stun_address = 10.1.2.20@4900 # Use a local address if possible
An '@' character must be used to delimit the IP address and port. Up to 10 address@port
pairs may be configured, separated by commas:
app_stun_address = 10.1.2.20@23050,10.1.2.21@23051,...
NOTE: this is a different format than in the Application Configuration page on the admin panel. Please read this article to know the format to use on the config page.
It is also possible to leverage DNS records to configure HPR candidates for Parsec hosts.
Configure Parsec Clients to use the Relay Server
The majority of use cases will only require the host setting to be applied. If you have clients on your network that need to go through a relay to connect to off-premise hosts, you will need to apply the relay server setting to these clients. We recommend configuring this in App Rules. Configure the LAN IP address of the relay server in the Client High Performance Relay Server Address field.
As an alternative to configuring hosts to leverage the relay via the Teams App Rules page, the relay server address may be manually specified in the configuration file via app_client_stun_address:
app_client_stun_address = 10.1.2.20@4900 # Use a local address if possible
An '@' character must be used to delimit the IP address and port. Up to 10 address@port
pairs may be configured, separated by commas:
app_client_stun_address = 10.1.2.20@23050,10.1.2.21@23051,...
NOTE: this is a different format than in the Application Configuration page on the admin panel. Please read this article to know the format to use on the config page.
It is also possible to leverage DNS records to configure HPR candidates for Parsec clients.
Connection behavior
If more than one relay server is available, Parsec will choose a relay server at random on each connection attempt. If an attempt fails because the relay address could not be reached, Parsec will blacklist that address for 10 minutes and only consider the remaining addresses.
The Relay Server acts as a phony STUN server that exposes itself as the peer's address rather than the true public IP. This will cause Parsec to route all WAN traffic through the Relay Server instead of using its normal NAT traversal routines.
Additional connection scenarios can be found here.