zeuzrelay provides an UDP relay server to connect multiple game clients behind restrictive NATs.

There are three modes of operation:

  1. free mode
  2. client-authorized
  3. server-authorized

1. free mode:

In free mode anyone sending UDP packets to an open port of the relay will be accepted as client until clientsmax is reached. All incoming UDP packets are relayed to all clients on the same port. This is the default mode.


zeuzrelay -portmin=20000 -portmax=29999 -clientsmax=8

This opens 10000 ports beginning at port 20000, on each 8 clients can connect.

2. client-authorized

In client-authorized mode clients will only be accepted if they send a packet prefixed with the clienttoken. The clienttoken is stripped from the UDP packet and the remainder (if any) is being relayed. Clients are allowed to prefix all packets with the clienttoken but only one is needed. The client can verify a working relay and it’s authorization status by sending a pingtoken, this will not be relayed to any other client but returned to the sender. The optimal connection start would be sending: clienttoken+pingtoken+some_message, the relay will answer with some_message if the client is allowed to connect.


zeuzrelay -portsingle=8081 -clienttoken=v8aQhj4n02jvW -pingtoken=_ping_

A single port is opened, clients can connect prefixing their packets with ‘v8aQhj4n02jvW’ and can recieve a ping by prefixing with ‘_ping’

3. server-authorized

In server-authorized mode a third party is authorizing clients by talking to the relay on the same port as a client. The server needs to prefix it’s control message with servertoken followed by one or more command.


The relay will answer with ‘ok’ or ‘err’ if clientsmax is exceeded or a command is unknown. A client can connect here exactly like in client-authorized mode, only it has it’s own token instead of a shared one.


zeuzrelay -portsingle=8081 -servertoken=v8aQhj4n02jvW

A single port is opened, servers can authorize clients by using ‘v8aQhj4n02jvW’ and clients can connect prefixing their packets with a server provided client-token.

command line parameters: