If you receive a relayed tunnel, it can be caused by a failure to negotiate a port for the data connection. Try following the port forwarding instructions at the bottom of this document.
Hamachi uses several ports to achieve connectivity to the mediation servers, and to peers.
- TCP 12975 (initiator port)
- TCP 32976 (session port)
If the above ports cannot be used to achieve a connection, Hamachi will try again using SSL (TCP 443).
Peer connectivity has several methods and ports. By default, Hamachi will broker a peer connection over UDP. UDP uses random ports by specification, so it is not possible to open a single port for peer connections for UDP.
If UDP direct connectivity cannot be established, Hamachi will try to initiate a relayed UDP connection. This is done with the target of:
- UDP 17771 (relay connection port)
If UDP direct and relayed methods fail, it is unlikely that TCP connectivity will work. In some environments, a hardware firewall is used to block traffic on specific ports, but not protocols. As such, Hamachi will try to broker a connection between peers over TCP 443 (non-SSL)
And lastly, Hamachi will try a relayed connection over TCP 443 (non-SSL) before giving the user a message that the peer is unreachable.
TCP peer connections are very unlikely to be successful in cases where UDP connections would not work, because the triggers for them not working are the same (router issues, improperly configured NAT, multiple NAT devices on both ends).
You can set a static UDP listening port and TCP handshake port by configuring it in System > Preferences > Settings > Advanced Settings under Peer Connections. Complete both values if you have multiple Internet connections.
If you are behind a router you must forward the port's UDP/TCP traffic from your router to the machine. Follow the instructions for your router from PortForward.com
. If you have multiple machines behind the same router, you will need to choose different ports for each to avoid conflicts.