Error Codes - 6023 and 6024 (Unable To Negotiate A Successful Connection)

Parsec makes a peer-to-peer connection between two computers. For that to work, we need to find a way to connect the two computers. When one of those two computers is blocked by a double/symmetric NAT, we can make the connection anyway. When both computers are blocked, you will receive this error. This error can also be caused by firewall issues, improper/non-existent port forwarding, or even if your ISP has been blocking the UDP connections.

Below is a list of things that can be checked/attempted to fix this issue, from easiest to hardest. If there's a specific friend who can't connect/host while everyone else is fine, have them try these fixes first.

Solutions for rented cloud PCs

Paperspace users: We are now dynamically assigning IP addresses to the machine to overcome this issue, which can take a few minutes to set up. Give it a couple minutes and try again. If the error persists, let us know.

I've been having issues only recently

If something changed with your internet connection (internet plan, computer firewall, anti-virus, router settings, etc.), that could be the reason. Also, try rebooting your router and Parsec.

If you changed from AWS to a Paperspace machine, see the section below.

This internet connection has never allowed me to connect to my cloud machine

Attempt all the fixes given in this page. If nothing helps and you're using Paperspace, you may need to switch to AWS.

Nothing here helped

Let us know by creating a support ticket here.

Solutions for people using pfSense or OPNsense

If you're trying to connect, but you use pfSense or OPNsense at home as your gateway/firewall, you might need to set Hybrid NAT rules, with a rule pointing to your local IP (having a static DHCP lease helps here).

Restart the PC and router

Sometimes, simply restarting everything actually fixes this error. Do this on both the host and the client having issues connecting.

Check that you allowed Parsec on your firewall

On Windows 10, press the Windows key, type "allow an app" and press enter. Alternatively, open the control panel, go to Windows Defender Firewall and open in the sidebar "Allow an app or feature..".

Click Change settings, search for Parsec and enable the checkboxes, then click OK.

Firewall.png

Get rid of double NATs

Do Windows key + R, type cmd /k tracert 1.1.1.1 and press enter. It takes a while to complete.

NAT.png

Here's a list of private IPs (X can be whatever number):

  • 192.168.X.X
  • 10.X.X.X
  • from 172.16.X.X to 172.31.X.X

Starting from the second IP in your cmd window: If you see a private IP, and that IP isn't identic to the first IP in your window except for its last number (e.g. 192.168.0.1 vs 192.168.0.236), you're in a double NAT. Check for it until you reach a public IP.

Nat-Expl.png

If you're in a double NAT, this is likely caused by plugging a router into a second router, which you could fix by connecting yourself to the first directly. If that's not the case, you could be behind a carrier-grade NAT, which is an issue dependent on your ISP.

If you're not in a double NAT, then you're fine and you can proceed to the next section.

 

Router fixes

The following fixes require you to access your router settings. If you are not allowed access to it, check the section at the end of the page on "Nothing above fixed it".

How to get into the router settings / get needed info

Do Windows key + R, type cmd /k ipconfig /all and press enter.

ipconfig.png

Here you can see the IPv4 Address and Physical Address which will be used in further sections.

To access your router settings:

  • Enter your Default Gateway IP (in my case, 192.168.0.1) in your web browser
  • Enter the user and password. You should google for the default login info for your specific router model

    routerlogin.png

Below are the things to try out.

Check if UPnP is ON

Search through the router's menus for UPnP (Universal Plug and Play). Make sure it's turned ON.

There might also be a list there; if you see Parsec on it, it means it's likely working properly. In that case, you'll likely only need to check if you have a static DHCP lease below, as UPnP should do the port forwarding job for you.

Set up static DHCP lease

Search through the router's menus for DHCP. When you find it, look for something similar to Address Reservation, IP Binding or Static Lease.

When you find it, you might see fields with names similar to the ones below (to make a new one, you might need to click Add or something similar). The names and general organization of the section varies a bit from router to router.

  • IP Address or Reserved/Ipv4/Assigned Address: Set to your IPv4 Address (from how to get needed info section above; in my case it's 192.168.0.100) or if you're knowledgeable you can set it to something that suits you
  • MAC Address or Physical Address: Set to your Physical Address (from how to get needed info section above; in my case it's 70-85-C2-04-E1-5F)
  • Name: Put whatever you want or leave it blank. It's not an issue if your router doesn't have this one.

After that, save. If you get an error saying that one already exists, then a static lease was already set up for you, which is fine too. Otherwise, reboot your router.

Set up port fowarding

Do this only if you're sure UPnP isn't working (maybe the issue is on your friend's side? tell them to go through this whole article). If you plan to follow through this, ensure you have a static DHCP lease beforehand.

Search through the router's menus for Port Range Forwarding, Port Fowarding, Virtual Servers, or something similar.

When you find it, you might see fields with names similar to the ones below (to make a new one, you might need to click Add, or something similar). The names and general organization of the section varies a lot from router to router, so don't be weirded out if some of these below are not in your router; it's not an issue.

  • IP Address, Local IP or Internal IP: Set to your IPv4 Address (from how to get section above; in my case it's 192.168.0.100)
  • External IP: Leave it blank or unaltered
  • Protocol: Set to UDP or All / Both
  • Name: Put whatever you want or leave it blank
  • External Port, Service Port or Start/End Port: If you're the host, set it from 8000 to 8020. If you're the client, set it from 9000 to 9002
    • If you can't set a range of numbers (or aren't sure), make multiple rules for each number (see situation B below). As the host, you don't need to set all the way to 8020 in this case, each person that joins will use 3 ports (e.g. if you have 4 friends, do it up to 8011)
  • Internal Port or Internal Start/End Port: Set it to the same port as above

Here's an example of how it might look like for the host (for the client, it's 9000 to 9002 instead):

setports.png

When you're done, go to Parsec at Settings > Network, set everything like below and hit Save.

parsecports.png

 

Nothing above fixed it

Tell your friend to try everything shown here too.

If your friend also tried and it wasn't solved, or you and your friend are unable to do the necessary fixes, either one of you might need to use a P2P VPN solution like ZeroTier.