If you have not already, we suggest setting your Plex username to something else rather than email which is displayed on your posts in forum. You can change the username at https://app.plex.tv/desktop#!/account
Welcome to our forums! Please take a few moments to read through our Community Guidelines (also conveniently linked in the header at the top of each page). There, you'll find guidelines on conduct, tips on getting the help you may be searching for, and more!

VPN Bypass

ThronicThronic Posts: 65Members, Plex Pass Plex Pass
For Windows mainly, and a Mono variant for GNU/Linux.
https://thronic.com/Software/VPN-Bypass/

Made it originally for routing my own Plex Media Server through local VPN. Linux version tested OK on Debian and Ubuntu variants, users reporting success on other distributions as well. On the Windows side it's mostly tested on 2012 R2, but also 7, 8.1 and 10.

Pretty stable by now, and free to use.
«1

Comments

  • andyravandyrav Posts: 24Members, Plex Pass Plex Pass
    thirdbird wrote on March 22 2015, 4:23 PM: »

    Figured it might be helpful to share this. Not really sure where, so I just threw it here under third party stuff.

    I recently installed OpenVPN on the same server as I have Plex Media Server (hereafter called PMS) which also made PMS connect to Plex.tv through the VPN endpoint without the possibility for port forwarding, making plex.tv and users not able to reach back to my server. I created a small program that forces connections to given domains to be made through a specific gateway (e.g. the default NIC gateway).

    How it works

    It installs a service (on your command) that every 10 seconds resolve e.g. my.plexapp.com and places the IP in the Windows hosts file. It then sets up a persistent routing rule that points do that specific IP to the given gateway. This cycles every 10 seconds so that new and fresh IP addresses can be rotated. I also use this program for any other domain connection during browsing or from other programs. Only tested it for a few days on my live server, but seems to work pretty well. I'll post the full link below. Maybe it can help other Plex'ers out as well as just myself.

    PMS would have to be restarted after setting it up. As well as any other existing connection you want to point in a new direction.

    http://thronic.com/products/VPN%20Bypass/

    be great if you could do this for linux or synology

  • ThronicThronic Posts: 65Members, Plex Pass Plex Pass
    edited March 2015

    Good point. I can't do anything for synology directly, but if I get the time I'll whip together a Linux CLI program that can run in the background and do exactly the same as the windows service (etc/hosts and route interval updates). With domain and gateway settings in a simple /etc/vpnbypass.config file or something so both gui users and slim core installations can use it as easy as possible.

  • CaNaRd-CaNaRd- Posts: 3Members ✭✭
    edited September 2015

    Manual solution to bypass vpn on the f**king dns resolve on plex.tv :

    dig -A plex.tv to obtain the ip list of the domain name :

    dig A plex.tv

    ; <<>> DiG 9.9.5-4-Debian <<>> A plex.tv
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50411
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;plex.tv. IN A

    ;; ANSWER SECTION:
    plex.tv. 19 IN A 50.18.126.213
    plex.tv. 19 IN A 184.169.144.232
    plex.tv. 19 IN A 184.72.35.224
    plex.tv. 19 IN A 184.169.150.53
    plex.tv. 19 IN A 184.72.57.72
    plex.tv. 19 IN A 50.18.53.38

    => next spet write a specific route in your if_pre_up.d

    ip route add 184.72.57.0/24 via 192.168.1.1 dev eth2
    ip route add 184.169.144.0/24 via 192.168.1.1 dev eth2
    ip route add 184.169.150.0/24 via 192.168.1.1 dev eth2
    ip route add 50.18.126.0/24 via 192.168.1.1 dev eth2
    ip route add 54.241.0.0/24 via 192.168.1.1 dev eth2
    ip route add 54.176.0.0/24 via 192.168.1.1 dev eth2
    ip route add 50.18.35.0/24 via 192.168.1.1 dev eth2
    ip route add 184.72.35.0/24 via 192.168.1.1 dev eth2

    Control with trace route that plex.tv now go not in vpn :

    traceroute -n -m 1 plex.tv
    traceroute to plex.tv (184.169.144.232), 1 hops max, 60 byte packets
    1 192.168.1.1 0.427 ms 0.485 ms 0.519 ms

    => Done, the remote access in admin section now show your public ip and no more the vpn...

    Version 0.9.12.11 of the server and the config Custom server access URLs do nothing at all...

    When will be simple textbox to set up public IP that plex.tv no more record a **** dnsresolve ??

  • ThronicThronic Posts: 65Members, Plex Pass Plex Pass

    dig -A plex.tv to obtain the ip list of the domain name :

    ;; ANSWER SECTION:
    plex.tv. 19 IN A 50.18.126.213
    plex.tv. 19 IN A 184.169.144.232
    plex.tv. 19 IN A 184.72.35.224
    plex.tv. 19 IN A 184.169.150.53
    plex.tv. 19 IN A 184.72.57.72
    plex.tv. 19 IN A 50.18.53.38

    Not that simple since it plex.tv uses DNS load balancing. E.g. when I do the same now a new range shows up:

    ;; ANSWER SECTION:
    plex.tv. 49 IN A 184.72.35.224
    plex.tv. 49 IN A 184.169.150.53
    plex.tv. 49 IN A 184.169.144.232
    plex.tv. 49 IN A 184.72.57.72
    plex.tv. 49 IN A 184.72.61.129
    plex.tv. 49 IN A 50.18.53.38

    So you can't reliably have a static set-once-and-forget route setup.

  • Spiral1Spiral1 Posts: 20Members, Plex Pass Plex Pass
    edited October 2015

    @Thronic said:
    So you can't reliably have a static set-once-and-forget route setup.

    I'm a bit of a novice in this area, but I finally just figured out how to get some routing in place with a script in the if-up.d directory:

    #!/bin/sh
    if [ "$IFACE" = "eth0" ]; then
      route add -net 50.18.0.0/16 gw 192.168.2.1 dev eth0
      route add -net 184.169.128.0/17 gw 192.168.2.1 dev eth0
      route add -net 184.72.0.0/18 gw 192.168.2.1 dev eth0
      route add -net 54.241.0.0/16 gw 192.168.2.1 dev eth0
    fi
    

    (partially pulled from https://www.reddit.com/r/PleX/comments/369jt1/guide_plex_vpn_on_ubuntu/ )

    Checking the "Remote Access" tab after this change, it looked for a moment like it was working, but then it realized that it wasn't. Would there still just be too many ranges to possibly cover them all?

    At this point it's really looking like a VM with the VPN running (keeping Plex out of that space) is the simplest solution but I was trying to avoid that...

  • ThronicThronic Posts: 65Members, Plex Pass Plex Pass

    I haven't had the time to make something for Linux yet, but I haven't forgotten about it. I'll revisit this thread soon when I have a background service ready. I'll try to focus on it in the next few days. It's not a big job, I just don't have a lot of extra time.

  • ThronicThronic Posts: 65Members, Plex Pass Plex Pass

    I've posted a working solution for Linux. Tested OK on Ubuntu 15.04 and 14.04.3. May need to relog in Plex Media Server before it works. And I'm not sure about UPnP but forwarding works for sure.

  • Spiral1Spiral1 Posts: 20Members, Plex Pass Plex Pass

    Thanks Thronic. First tests looks good. Remote access tab within web settings shows everything is clear, and I can play media on my phone after disconnecting from my local wifi. Routing table looks a lot cleaner than what I was trying to do, though of course what I was doing didn't work anyway.

    Perfect timing as I was planning on figuring out LXC to split things up tonight, but now I don't have to! Might play around with it to learn some things anyway though.

    I bet a lot of people could use this, maybe you should drop it in a higher traffic subforum (at least I would imagine this one is less frequented)

    Now I just have to figure out how to make my ISP give me more than 1/10th of the upload speed I'm paying for so I can actually enjoy my plex content at high quality outside my home network :\

  • ThronicThronic Posts: 65Members, Plex Pass Plex Pass

    Cool, sounds great. And thanks as well.

    Can't help you with the ISP problem :) Had the same problem myself about a year ago before they expanded to optic fiber in my area. Could finally go 50/50 Mbit/s in my house up from 10/1 dsl. Makes Plex streaming a whole other experience for sure.

  • Buddstud2006Buddstud2006 Posts: 5Members, Plex Pass Plex Pass

    @Thronic said:
    I've posted a working solution for Linux. Tested OK on Ubuntu 15.04 and 14.04.3. May need to relog in Plex Media Server before it works. And I'm not sure about UPnP but forwarding works for sure.

    Hi Thronic,

    Running Ubuntu 15.04 here. Where did you post your solution for Linux? I am very interested!

    Thank you!

  • ThronicThronic Posts: 65Members, Plex Pass Plex Pass

    @Buddstud2006 said:
    Hi Thronic,

    Running Ubuntu 15.04 here. Where did you post your solution for Linux? I am very interested!

    Thank you!

    Hey Buddstud2006
    It's posted on top, but here you go http://thronic.com/products/VPN Bypass/

  • Spiral1Spiral1 Posts: 20Members, Plex Pass Plex Pass

    It seems there might be an issue with the VPN one. I've very sparingly used plex remotely lately, so I just started to notice, but two days in a row now checking plex.tv from work, my server is listed unavailable.

    Remoting in and stopping/starting your VPNBypassLinuxService seems to set it right. The route table changed:

    Before stop/start
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    default 10.190.1.5 0.0.0.0 UG 0 0 0 tun0
    10.190.1.1 10.190.1.5 255.255.255.255 UGH 0 0 0 tun0
    10.190.1.5 * 255.255.255.255 UH 0 0 0 tun0
    plexapp.com 192.168.2.1 255.255.255.255 UGH 0 0 0 eth0
    179.43.174.2 192.168.2.1 255.255.255.255 UGH 0 0 0 eth0
    plex.tv 192.168.2.1 255.255.255.255 UGH 0 0 0 eth0
    my.plexapp.com 192.168.2.1 255.255.255.255 UGH 0 0 0 eth0
    192.168.2.0 * 255.255.255.0 U 1 0 0 eth0
    pubsub.plex.tv 192.168.2.1 255.255.255.255 UGH 0 0 0 eth0

    After
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    default 10.190.1.5 0.0.0.0 UG 0 0 0 tun0
    10.190.1.1 10.190.1.5 255.255.255.255 UGH 0 0 0 tun0
    10.190.1.5 * 255.255.255.255 UH 0 0 0 tun0
    plex.tv 192.168.2.1 255.255.255.255 UGH 0 0 0 eth0
    plexapp.com 192.168.2.1 255.255.255.255 UGH 0 0 0 eth0
    179.43.174.2 192.168.2.1 255.255.255.255 UGH 0 0 0 eth0
    my.plexapp.com 192.168.2.1 255.255.255.255 UGH 0 0 0 eth0
    192.168.2.0 * 255.255.255.0 U 1 0 0 eth0
    pubsub.plex.tv 192.168.2.1 255.255.255.255 UGH 0 0 0 eth0
    pubsub.plex.bz 192.168.2.1 255.255.255.255 UGH 0 0 0 eth0

    Is it possible it isn't updating as expected?

  • ThronicThronic Posts: 65Members, Plex Pass Plex Pass

    Thanks for reporting. Maybe you could PM or mail me directly the content of /var/log/VPNBypassForLinux.log

    I've only tested it shortly when making it. I'll set up a VM to run it for a couple of days and see if I can recreate the problem and take a closer look at it asap.

  • Spiral1Spiral1 Posts: 20Members, Plex Pass Plex Pass

    New version up and running now. I'll update in a little while whether or not I encounter anything unexpected. Thanks again for your work on this.

  • SHOCKWAVESHOCKWAVE Posts: 372Members, Plex Pass Plex Pass

    THIS IS BRILLIANT!!

    Exactly what I needed. Thankyou for this fantastic software @Thronic !

  • jtarinjtarin Posts: 71Members, Plex Pass Plex Pass

    PIA supplies several endpoints with permanent IP's which along with port forwarding provide an elegant solution.

  • CaNaRd-CaNaRd- Posts: 3Members ✭✭
    edited January 2016

    No HMI needed to do the job..

    we dont mind about a graphical interface to manage route.

    -- create e text file that contain dns of plex you want to bypass
    more plex_domains.txt :

    plex.tv
    plexapp.com
    

    -- use this script to add custom route in cron job or wherever:

    ! require redis-cli

    more static_route_updater.sh :

    #!/bin/bash

    DNFILE=/root/plex_domains.txt
    GATEWAY=192.168.1.1
    
    # Add relevent Plex IP and store them in Redis
    for plexip in $(dig -f $DNFILE +noall +answer +short | sort -n)
    do
            echo "ip route add $plexip/32 via $GATEWAY"
            redis-cli SADD plexip.new $plexip
    done
    
    
    # Make a diff between old IP and new ones
    # And delete old routes
    for oldip in $(redis-cli SDIFF plexip.old plexip.new)
    do
            echo "ip route del $oldip/32 via $GATEWAY"
    done
    
    # Copy new IP to old one for next comparision
    redis-cli RENAME plexip.new plexip.old
    

    Like @Thronic said :

    Use this to force the plex Traffic to not use VPN :

    /etc/init.d/if-pre-up.d

    #modprobe xt_MARK
    modprobe xt_mark
    modprobe xt_dscp
    
    
    iptables -A OUTPUT -t mangle -p tcp -s 192.168.1.10,192.168.1.11 --sport 32400 -j MARK  --set-mark 1
    iptables -A OUTPUT -t mangle -p udp -s 192.168.1.10,192.168.1.11 --sport 1900 -j MARK  --set-mark 1
    iptables -A OUTPUT -t mangle -p tcp -s 192.168.1.10,192.168.1.11 --sport 32469 -j MARK  --set-mark 1
    #Plex dialog plex.tv:
    iptables -t mangle -A OUTPUT -s 192.168.1.10,192.168.1.11 -p udp -m multiport --sport 17827,32400,32443,32410,32412,32413,32414,32469,51589 -j MARK --set-mark 1
    
    ip rule add fwmark 1 table ssh.out
    ip route add default via 192.168.1.1 dev eth2 table ssh.out
    ip route add default via 192.168.1.1 dev eth0 table ssh.out
    ip route add 192.168.1.0/24 dev eth0 table ssh.out
    

    Finaly :

    more /etc/iproute2/rt_tables

    #
    # reserved values
    #
    255     local
    254     main
    253     default
    0       unspec
    #
    # local
    #
    201 ssh.out
    
  • ThronicThronic Posts: 65Members, Plex Pass Plex Pass

    @SHOCKWAVE
    Nice! glad you could use it.

    @CaNaRd-
    I don't know what IHM stands for :) You can resolve domains that way and route them out, just cycle it often enough, I'd recommend at most every minute. The reason I also use the hosts file is to enforce routing to the same IPs if a change has happened inbetween, it guarantees (at least tries to) consistency. You'll also need a virtual routing table for handling incoming traffic on the non-VPN device, or else that traffic will by default go out the wrong way and loose its connection when responded to, unless the VPN endpoint has forwarding. Which @jtarin points out would work as well, albeit slower depending on the location quality of the endpoint.

  • SHOCKWAVESHOCKWAVE Posts: 372Members, Plex Pass Plex Pass

    @Thronic I think it is fantastic and does the job well.

    However I have encountered a bug where the IP address numbers do not update automatically as I found out when I was caught out using plex over mobile. I had to manually stop and start server to input new entries.

    Is there any way this process could be automatic?

    thanks!!

  • ThronicThronic Posts: 65Members, Plex Pass Plex Pass
    edited January 2016

    @SHOCKWAVE Automation of domain resolving is its main point, so that should definitely be working. However this only goes for the domains already added in the configuration between service start/stops. Any newly added domains does indeed require a stop/start. If this is what you mean, then it's working as intended. I can note it down for future improvements for when I have the time to do more code and testing.

    If you think it did not update an already added domain correctly, then there is an error somewhere. If you experience further problems you're welcome to send me the output of "VPBN" in a private message or on thronic at gmail together with a detailed explanation of exactly what happened to make it easier for me to troubleshoot. If it doesn't happen consistently, I'm inclined to think it may have been a networking glitch or delay, combined with bad timing when trying to connect. There's not much I can do about that.

    Thx for feedback.

«1
Sign In or Register to comment.