Error Codes - 6023 and 6024 (Unable To Negotiate A Successful Connection)

This error means Parsec couldn't negotiate a peer-to-peer connection between the two devices, be it because of NAT issues, firewall issues, improper/non-existent port forwarding, or even if your ISP has been blocking the UDP connections. Here's are some potential solutions and troubleshooting steps;

Solutions for people using pfSense or OPNsense

If you're trying to connect, but you use pfSense or OPNsense at home as your gateway/firewall, you might need to set Hybrid NAT rules, with a rule pointing to your local IP (having a static DHCP lease helps here).

Restart the computer and router

Sometimes, simply restarting everything fixes this error. Do this on both the host and client having issues.

Allow Parsec on the firewall

Both the host and client should make sure that Parsec is allowed on the firewall. On Windows:

  • Press Windows key + R, paste control firewall.cpl and press Enter
  • Select "Allow an app or feature...." in the sidebar
  • Click Change settings, search for Parsec and enable the checkboxes, then click OK.

Firewall.png

If you want to be absolutely sure your firewall isn't the culprit, you can also disable it temporarily by selecting "Turn Windows Defender on or off" in the sidebar instead of "Allow an app or feature....", and disabling everything.

Make sure to re-enable once you find out that's not it, though, or your PC will be more vulnerable to security issues.

Ensure it's not a NAT issue

Parsec can make the connection if only one person is behind a "double/symmetric NAT" and the other is able to port-forward or use upnp, but if both sides are, or the other side cannot port-forward, the connection can't be made at all. Check on both the host and the client for this.

How to check if you have it

Do Windows key + R, type cmd /k tracert 1.1.1.1 and press enter. It takes a while to complete. This will show a list of IP addresses on the right.

NAT.png

If any IPs (ignoring the first in the list) are in the list below and the first three numbers from that IP don't match the first IP in the list, you're behind a double NAT. If you just reach a number that isn't in the list however, you're not behind a double NAT.

  • 192.168.0.0 to 192.168.255.255
  • 10.0.0.0 to 10.255.255.255
  • 172.16.0.0 to 172.31.255.255
  • 100.64.0.0 to 100.127.255.255

In the window above, you can see I don't have any issues because the second IP is already not in the list.

How to solve it

If you're connected to a router that is behind a second router, you can fix it by either connecting your device directly to that second router, or you can search online how to change the first router into something called either access point or bridge mode.

If that isn't the case and you only have one router, you're likely behind a carrier-grade NAT, which can't be solved by you as it is a part of your internet provider's (carrier's) infrastructure.

If both people have NAT issues, you can only connect to each other by using a P2P VPN provided at the end of the article.

 

Configure your router

If you have ensured both sides don't have a firewall or NAT issue, you might need to configure your router(s). If you're not allowed access to your router settings or you've confirmed it's a NAT issue, ignore this section and use a P2P VPN instead.

How to port-forward Parsec

Use a P2P VPN

In case all else fails, look into using a P2P VPN solution like ZeroTier.

This is not a guaranteed fix, and you may have issues with it even if it works, but it's the only option left if everything else has failed to resolve the error.