The Parsec Relay Server is part of the Parsec for Teams Enterprise license. It’s a solution when you need more control over your network infrastructure and wants to ensure connections will always be successful. It can be used as a way to route all Parsec traffic through one public IP address and as a solution for managing strict firewall/NAT settings.
I decided to create the Relay Server using our spare HP z800 centos 7 with a 10G Mellanox NIC.
The idea is to have the whole (firewall + secure relay) to reside in the server itself as our Enterprise Palo alto firewall is not yet ready for any networking activities.
Both the 2 networks (public and private) were patched to NIC. Public IP (Globe lease line) was set to ens5f0 while the public LAN was patched to ens5f1.
Installation of the Parsec relay server is straightforward. Download the tar package on their website and follow the instructions provided.
Step 1. After extracting the tar package. Place the files to appropriate locations.
Step 2. Edit parsechpr.service
ExecStart=/bin/parsechpr (globe public IP) 5000 4900
Step 3. Enable IP_forwarding
To configure Linux IP forwarding on a Linux system in certain scenarios such as the Linux server is acting as a firewall, router, or NAT device, it will need to be capable of forwarding packets that are meant for other destinations (other than itself).
# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1
Step 4. Turn off the Firewall
Not advisable but you have to turn off the Firewall or you need to modify it to allow ports 5000,4900 and other ports needed for the relay server correctly.
sudo systemctl stop firewalld
Step 5. Confirm the status of the parsechpr service
service parsechpr status
Step 6. Set Public IP and port on parsec team global app settings
Every computer with parsec installed and is part of the Team should now use the Performance relay server as a point of connection/stun server. You can verify it on the log and console of each host.