Setup instructions for the plugin.


Download the latest version of the plugin from SpigotMC:
ProtocolLib (not required if running Paper servers)
Latest build (1637 or newer)
5.0.0 (or newer)
1.8 - 1.19
Latest build (1637 or newer)
4.8.0 (or older)
1.8 - 1.18
Install SafeNET on all your servers (proxy - BungeeCord, backend - Spigot/Paper...).
Ensure the plugin's installed on all servers, you are vulnerable to attacks otherwise!
If you are not running Paper servers, also install ProtocolLib on all your backend servers.
You can also view the same, but shortened setup instructions at our Discord server (nonstop 24/7 🤖 support) by submitting a ticket.

IP forwarding

For the plugin to function properly, please enable ip_forward at BungeeCord, if not already done so.


You need to generate a new passphrase (password; secret) which you will use for your network.
Open the console on the proxy server (if you have more proxies, do that only on one of them) and type /sn generate which will generate a passphrase of the default length - 1000 (you can specify a custom length to override it).
Passphrase guidelines:
  • Passphrases shorter than 50 characters are considered weak. If using such passphrase, the plugin will display a warning each time the server starts.
  • Never share it with anyone else.
  • Regenerate it once in a while, just in case.
  • Use the built-in generator only - avoid any internet communication.
After that's done, you should get a message informing you that the passphrase has been successfully generated. You can find the generated phrase in the config.yml (on the server where the command was used) under passphrase.
Copy the passphrase into all other SafeNET's configuration files under passphrase - on other proxy servers and on all the backend servers.
Reload the plugin on all servers with /sn reload. GeyserMC (including Floodgate) is supported and does require any additional configuration.
Unless configured properly, the plugin won't let anybody to join.