Securing a Dedicated  Palworld Server For My Family with zrok

Securing a Dedicated Palworld Server For My Family with zrok

I like playing survival games, and my adult sons and I have been looking for a game we could play together. This weekend, we discovered Palworld, a new MMO available as an early release on Steam.

We wanted to play on a dedicated server. I recently purchased a gaming laptop, so I set up a dedicated server on the gaming PC I was no longer using. I won't get into setting up the dedicated server - I learned all about it by watching this YouTube video. You can also checkout the developer's docs on setting one up here

One of my sons lives at home and can access the game over our LAN. The other son has his own house, so I had to open a port over the internet for him to play with us. Ugh.

Enter zrok.

Securing Palworld

The company I work for, NetFoundry, created zrok, but I hadn't had a chance to use it in the wild yet. I read an article by Clint Dovholuk explaining how to use zrok to secure a Minecraft server - you can read that article here. I followed the steps as a zrok "newbie" to do the same for Palworld.

The instructions below are for setting up zrok and Palworld on a PC. zrok can be run in Windows/Mac/Linux, but Palworld is a PC game.

Install zrok

  1. Download zrok from and unzip the executable. I copied the executable file "zrok.exe" to my home directory.

  2. Open a Windows Powershell on the machine where you plan to run the server and navigate to where you installed zrok.

  3. At this point, you can follow the zrok Getting Started Guide:

~/zrok invite

Follow the rest of the guide to the point of enabling your zrok network:

~/zrok enable <your enable token>
  1. Repeat the process on all the computers needing secure game access. It's important to note that you need unique email addresses for each person.

Configure the Server Machine

In this tutorial we will be implementing a "reserved share" for our bridge.

You can use a reserved share to persist your share token across multiple runs of the zrok share bridge. When you use a reserved share, the share token will not be deleted between multiple runs of zrok share. -

  1. From a Powershell on the machine running the dedicated server:
zrok reserve private \
  --backend-mode udpTunnel \
  --unique-name mypalworldserver

By default, the game runs on port 8211. We set the --backend-mode to udpTunnel because the game communicates using UDP, not TCP. --unique-name makes it easier to reference the connection. The Getting Started Guide explains what it means to create a private connection and the meaning of "reserve."

  1. Next, we share the connection.
zrok share reserved mypalworldserver

Important: do not close the resulting terminal window!

That's it for the server machine.

Configure the Client Machine

In my case, the client machine was my son's gaming laptop.

  1. In the PowerShell you previously enabled, enter:
zrok access private mypalworldwerver --bind

This command tells your laptop to access the server connection at, which happens to be the default for Palworld.

Important: do not close the resulting terminal windows!

That leaves us with this: start the game, select Join Multiplayer, enter, and connect! You are now playing over a secure network connection that no one can hijack.


In this tutorial, I tried to demonstrate how you can create a secure connection between a Palworld server and your gaming laptop, and you didn't need to forward any ports through to your home network!. To do this,

  1. We installed and enabled zrok on the server and the client.

  2. We created and shared a secure connection from the server that the game would recognize.

  3. We accessed the connection from the client, in this case, the gaming laptop.

  4. We pointed the game to a port on the local machine (not the server)

Of course, I only did this for the laptop playing the game over the internet - laptops playing over my in-house LAN were fine.

I hope you found this tutorial helpful and see how you might use zrok to secure other games that provide dedicated servers. If you have any questions, feel free to leave comments below.

If you find this useful please consider giving the zrok (and openziti, the software zrok uses to provide secure connectivity) a star on github. I know the developers would appreciate it.