Relay Server

zeuzrelay provides an UDP relay server to connect multiple game clients behind restrictive NATs. It is part of the Omnibus package.

There are three modes of operation

  1. free mode
  2. client-authorized
  3. server-authorized

1. free mode

In free mode anyone sending UDP packets to an open port of the relay will be accepted as client until clientsmax is reached. All incoming UDP packets are relayed to all clients on the same port. This is the default mode.


zeuzrelay -portmin=20000 -portmax=29999 -clientsmax=8

This opens 10.000 ports beginning at port 20000. On each port 8 clients can connect.

2. client-authorized

In client-authorized mode clients will only be accepted, if they send a packet prefixed with the clienttoken. The clienttoken is stripped from the UDP packet and the remainder (if any) is being relayed. Clients are allowed to prefix all packets with the clienttoken but only one is needed. The client can verify a working relay and its authorization status by sending a pingtoken, this will not be relayed to any other client but returned to the sender.

The optimal connection start would be sending: clienttoken+pingtoken+some_message, the relay will answer with some_message, if the client is allowed to connect.


zeuzrelay -portsingle=8081 -clienttoken=v8aQhj4n02jvW -pingtoken=_ping_

A single port is opened, clients can connect prefixing their packets with v8aQhj4n02jvW and can receive a ping by prefixing with _ping

3. server-authorized

In server-authorized mode a third party is authorizing clients by talking to the relay on the same port as a client. The server needs to prefix its control message with servertoken followed by one or more command.


Command Description
x resets the port
a followed by a zero terminated sequence denominating a client-token, adding a new client
r followed by a zero terminated sequence denominating a client-token, removing a client

The relay will answer with ok or err if clientsmax is exceeded or a command is unknown. A client can connect here exactly like in client-authorized mode, only it has its own token instead of a shared one.


zeuzrelay -portsingle=8081 -servertoken=v8aQhj4n02jvW

A single port is opened, servers can authorize clients by using v8aQhj4n02jvW and clients can connect prefixing their packets with a server provided client-token.

Addressing mode

Clients prefix their packet with a single byte address as client index to send to, 0 is broadcast. The relay prefixes every packet with the source address. (except ping-pong)

Channeling mode

Each port is subdivided in arbitrary channels, after sending a clienttoken a channeltoken of 8 bytes must follow. Using a random channeltoken per game allows allocation-less usage of the relay.

Command line parameters

Parameter Description
portmin low port number of port range to open (default: 20000)
portmax high port number of port range to open (default: 60000)
portsingle open just a single port
porttimeout timeout to drop all clients from one port (default: 120)
clientsmax maximum allowed clients per port (default: 32)
servertoken control token for server-controlled mode
clienttoken control token for client-controlled mode
pingtoken packet will not be relayed, but returned to sender
addressing prefix packets with index address
channeling ports into channels