Welcome to our forums! Please take a few moments to read through our Community Guidelines (also conveniently linked in the header at the top of each page). There, you'll find guidelines on conduct, tips on getting the help you may be searching for, and more!

Remote Access with DD-WRT OpenVPN Client

russkajg1russkajg1 Posts: 14Members ✭✭

Hello. I've had Plex up and running for a couple of years now, with remote access working like a charm. Recently, I bought a Netgear Nighthawk and installed DD-WRT, then configured OpenVPN client using PIA service. All devices connected to the router are now fully VPN'd.

 

Everything is working fine, with the exception of remote access to Plex. I'm a bit of a noob when it comes to command lines in the DD-WRT software, and I can't seem to get this working. Here is a summary of what I've tried so far.

 

- Enabled UPnP in DD-WRT

- Manually mapped remote port in Plex Server, also entered command line as per this post

 

Still doesn't seem to work... Can anyone help me get this fixed up? We are heading to the cottage on the weekend, and kinda need to access my Plex library up there.

 

Thanks.

«13

Comments

  • OttoKernerOttoKerner Posts: 24,446Members, Plex Pass, Plex Ninja Plex Ninja

    I have nothing directly to say about VPN, but Plex now requires a setting in the DNS server anyway. With or without VPN:

    dd-wrt uses dnsmasq for DNS (or at least it can use it, so activate it if you haven't already)

    ensure that you use a recent build of dd-wrt, open up its config, go to:
    Services - Services - DNSMasq - Additional DNSMasq Options
    and put in this into the field (on its own line):

    rebind-domain-ok=/plex.direct/

    https://support.plex.tv/hc/en-us/articles/206225077-How-to-Use-Secure-Server-Connections

    (If you lose DNS after you add this line, your dd-wrt build is too old!)

    Help others too - by reporting back with your results!
    Have you checked the Documentation before posting a question in the forums?
    Use the SEARCH function before starting a new thread!
    No PMs unless requested, please! Do not use 'verbose' logging
  • russkajg1russkajg1 Posts: 14Members ✭✭
    Thanks. I'll give this a shot tonight.
  • russkajg1russkajg1 Posts: 14Members ✭✭

    I've given your recommendation a try. It turned my Remote Access section in PMS from the red X to the green check. I got pretty excited, but from there when I tested it on a device (iPhone app) it would not connect.... 

    Any other ideas?

  • OttoKernerOttoKerner Posts: 24,446Members, Plex Pass, Plex Ninja Plex Ninja

    Nope. Getting Plex to work with a VPN is hit & miss. Just do a search on VPN here in the forums. It is a major task and it only works with a few.

    Help others too - by reporting back with your results!
    Have you checked the Documentation before posting a question in the forums?
    Use the SEARCH function before starting a new thread!
    No PMs unless requested, please! Do not use 'verbose' logging
  • russkajg1russkajg1 Posts: 14Members ✭✭

    This is super fantastic! Thank you JasonMeudt. I'm a bit nOObish with this, but here goes a few questions. I'd like to play around with this tonight.

    So, if I'm correct in understanding, what we've done here is create scripting to bypass the Plex traffic through regular ISP instead of PIA through OpenVPN, while all other traffic goes through OpenVPN.

    Questions

    • How do I ensure OpenVPN tunnel is named "tun11". Likely a setting in my OpenVPN client section in dd-wrt?

    • In your script, what is the IP that I am changing to? For example, "192.168.3.100" is used twice before the bypass commands. Do I change this to the static IP I have assigned to my PMS machine? I'm assuming so, but am not sure.

    • Which of the Port commands in your script need to stay as part of bypassing VPN for Plex use?

    • There appears to be some extra in here. For my purposes, I just want Plex to be available remotely. I will delete the IPChicken and CanYouSeeMe sections (interested in why you have these bypassing?). The LAN section I can see being useful for devices on the network that you don't want going through the VPN.

    • What use is there for bypassing the ISP IP assigned address? (again, curiosity and I'm always looking for useful tips)

    Thanks so much. Very appreciated.

  • JasonMeudtJasonMeudt Posts: 222Members, Plex Pass Plex Pass

    @russkajg1 said:
    This is super fantastic! Thank you JasonMeudt. I'm a bit nOObish with this, but here goes a few questions. I'd like to play around with this tonight.

    So, if I'm correct in understanding, what we've done here is create scripting to bypass the Plex traffic through regular ISP instead of PIA through OpenVPN, while all other traffic goes through OpenVPN.

    Yep... All plex traffic would be routed outside of your VPN...

    Questions

    • How do I ensure OpenVPN tunnel is named "tun11". Likely a setting in my OpenVPN client section in dd-wrt?

    I use Tomato, but I can easily see my Tun adapter in a variety of my logs and settings.

    • In your script, what is the IP that I am changing to? For example, "192.168.3.100" is used twice before the bypass commands. Do I change this to the static IP I have assigned to my PMS machine? I'm assuming so, but am not sure.

    Yes... This is my static IP intranet address...

    • Which of the Port commands in your script need to stay as part of bypassing VPN for Plex use?

    • There appears to be some extra in here. For my purposes, I just want Plex to be available remotely. I will delete the IPChicken and CanYouSeeMe sections (interested in why you have these bypassing?). The LAN section I can see being useful for devices on the network that you don't want going through the VPN.

    I use ipchicken to verify the actual IP of my system (non-VPN...) and I use CanYouSeeMe for port checks

    • What use is there for bypassing the ISP IP assigned address? (again, curiosity and I'm always looking for useful tips)

    Truthfully, if it comes in via the ISP assigned address, I want it to bypass my VPN...

    Thanks so much. Very appreciated.

    • Intel Core i7 4790 @ 3.6 Mhz (Plex Server)
    • Netgear R7000 (Tomato by Toastman firmware)
    • 2x Google Chromecast V2 (Media Player)
    • 3x Roku (Media Player)
    • 20 TB of Storage Space
  • Bartlomiej BaraniecBartlomiej Baraniec Posts: 1,789Members, Plex Pass Plex Pass

    I don't remember what it was exactly but I remember that OpenVPN server sometimes doesn't provide default getaway. There was some command in openvpn config file "push default-getaway ...." but I don't remember the syntax. When you connect to your vpn server check your ip/mask, dg, dns settings.

  • russkajg1russkajg1 Posts: 14Members ✭✭

    Jason, huge props. This worked, from what I can initially tell.

    One last thing I'm wondering. In the Firewall command section of dd-wrt where I input your commands, I'm interested in knowing if my commands above it are removed, altered or impacted anyway by your commands. I input these about a month ago to implement a kill switch on the PIA OpenVPN, and in my Firewall code they are located directly above your code.

    iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
    iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
    iptables -I FORWARD -i br0 -o vlan2 -j DROP
    iptables -I INPUT -i tun1 -j REJECT
    iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

    Thanks

  • JasonMeudtJasonMeudt Posts: 222Members, Plex Pass Plex Pass

    @russkajg1 said:
    Jason, huge props. This worked, from what I can initially tell.

    One last thing I'm wondering. In the Firewall command section of dd-wrt where I input your commands, I'm interested in knowing if my commands above it are removed, altered or impacted anyway by your commands. I input these about a month ago to implement a kill switch on the PIA OpenVPN, and in my Firewall code they are located directly above your code.

    iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
    iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
    iptables -I FORWARD -i br0 -o vlan2 -j DROP
    iptables -I INPUT -i tun1 -j REJECT
    iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

    Thanks

    While I am in no way a firewall scripter, it looks like they would be fine. My script merely copies and uses a table for use with an interface. Your commands are interface driven, so they should be ok and not impact anything.

    Like I said, I am not a firewall scripter, so take what I said above with a little mystery...

    • Intel Core i7 4790 @ 3.6 Mhz (Plex Server)
    • Netgear R7000 (Tomato by Toastman firmware)
    • 2x Google Chromecast V2 (Media Player)
    • 3x Roku (Media Player)
    • 20 TB of Storage Space
  • jtarinjtarin Posts: 71Members, Plex Pass Plex Pass
    edited October 2015

    Thanks a ton for all your effort on this, JasonMeudt....saved my bacon.

  • jfox00jfox00 Posts: 3Members

    JasonMeudt - your post has been extremely helpful. Plex is up and running! I'm actually interested in your other rules.

    I have a wireless camera that resides on 192.168.1.111, port 11 on my LAN. I want to setup a port forwarding rule that allows me to come in via my ISP's WAN IP Address (say 64.56.334.12) on a specific port (say 11, to keep it consistent) and gain access to the wireless camera. I've searched, tried different combinations of your rules, but I simply can't seem to get this to work. Any suggestions would be very welcomed.

    Thank you!

  • JasonMeudtJasonMeudt Posts: 222Members, Plex Pass Plex Pass

    @jfox00 said:
    JasonMeudt - your post has been extremely helpful. Plex is up and running! I'm actually interested in your other rules.

    I have a wireless camera that resides on 192.168.1.111, port 11 on my LAN. I want to setup a port forwarding rule that allows me to come in via my ISP's WAN IP Address (say 64.56.334.12) on a specific port (say 11, to keep it consistent) and gain access to the wireless camera. I've searched, tried different combinations of your rules, but I simply can't seem to get this to work. Any suggestions would be very welcomed.

    Thank you!

    Hmmm... If your internal ip is 192.168.3.100, then:

    iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport 11 -j MARK --set-mark 1
    iptables -t mangle -A PREROUTING -i br0 -s 192.168.3.100 -p tcp -m multiport --sport 11 -j MARK --set-mark 1

    Having said that, have you also forwarded your port in the actual gui for your router? Once both aspects are forwarded, then you should be ok...

    • Intel Core i7 4790 @ 3.6 Mhz (Plex Server)
    • Netgear R7000 (Tomato by Toastman firmware)
    • 2x Google Chromecast V2 (Media Player)
    • 3x Roku (Media Player)
    • 20 TB of Storage Space
  • jfox00jfox00 Posts: 3Members

    Wow, thank you for the reply! So I still have to do the port forwarding in the GUI? I was under the impression that once I started using the firewall portion of the router I needed to do the port forwarding in there (not in the GUI). The rule you outlined above will basically tell the router not to VPN data that is coming in via the ISP IP address on port 11? I'll give this a try and let you know how it goes. Thanks again for the quick reply. You seem to know your stuff...

  • RabidMonkeyOnCrackRabidMonkeyOnCrack Posts: 1Members, Plex Pass Plex Pass

    I was using this script and it stopped working for me recently. I'm thinking Plex changed the IP ranges they use. Any help with making this work again? Thanks

  • JasonMeudtJasonMeudt Posts: 222Members, Plex Pass Plex Pass
    edited March 2016

    # Bypass Plex/Amazon AWS IP DESTINATION
    iptables -t mangle -A PREROUTING -i br0 -d 184.169.128.0/17 -j MARK --set-mark 1
    iptables -t mangle -A PREROUTING -i br0 -d 50.18.0.0/16 -j MARK --set-mark 1
    iptables -t mangle -A PREROUTING -i br0 -d 54.241.0.0/16 -j MARK --set-mark 1
    iptables -t mangle -A PREROUTING -i br0 -d 184.72.0.0/18 -j MARK --set-mark 1
    iptables -t mangle -A PREROUTING -i br0 -d 52.0.0.0/8 -j MARK --set-mark 1
    iptables -t mangle -A PREROUTING -i br0 -d 54.0.0.0/8 -j MARK --set-mark 1

    • Intel Core i7 4790 @ 3.6 Mhz (Plex Server)
    • Netgear R7000 (Tomato by Toastman firmware)
    • 2x Google Chromecast V2 (Media Player)
    • 3x Roku (Media Player)
    • 20 TB of Storage Space
  • kdecoster1kdecoster1 Posts: 25Members, Plex Pass Plex Pass

    Jason,

    Worked perfect for me, although a made a few modifications by eliminating some stuff.

    First: Updated to the newest DD-WRT (Kong Mod) (netgear R7000)

    Entered this into Services - Services - DNSMasq - Additional DNSMasq Options
    rebind-domain-ok=/plex.direct/

    Added this code into Firewall Commands
    sleep 30
    for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
    echo 0 > $i
    done
    ip route flush table 100
    ip route del default table 100
    ip rule del fwmark 1 table 100
    ip route flush cache
    iptables -t mangle -F PREROUTING
    ip route show table main | grep -Ev ^default | grep -Ev tun11 \
    | while read ROUTE ; do
    ip route add table 100 $ROUTE
    done
    ip route add default table 100 via $(nvram get wan_gateway)
    ip rule add fwmark 1 table 100
    ip route flush cache
    iptables -t mangle -A OUTPUT -p tcp -m multiport --sport 8080 -j MARK --set-mark 1
    iptables -t mangle -A PREROUTING -i br0 -s 192.168.3.100 -p tcp -m multiport --sport 32400 -j MARK --set-mark 1
    iptables -t mangle -A PREROUTING -i br0 -d 184.169.128.0/17 -j MARK --set-mark 1
    iptables -t mangle -A PREROUTING -i br0 -d 50.18.0.0/16 -j MARK --set-mark 1
    iptables -t mangle -A PREROUTING -i br0 -d 54.241.0.0/16 -j MARK --set-mark 1
    iptables -t mangle -A PREROUTING -i br0 -d 184.72.0.0/18 -j MARK --set-mark 1
    iptables -t mangle -A PREROUTING -i br0 -d 52.0.0.0/8 -j MARK --set-mark 1
    iptables -t mangle -A PREROUTING -i br0 -d 54.0.0.0/8 -j MARK --set-mark 1

    Note: I changed my local ip address, so I changed 192.168.128.3.100 to my server address that I use.

    I use a Dell Poweredge Server for Plex, 3 Roku, Xbox One, many Iphones & Ipads. Everything seems to be working great.

    Thanks Jason!

  • kdecoster1kdecoster1 Posts: 25Members, Plex Pass Plex Pass

    Jason,

    I do have one problem.....checked my VPN on www.ipleak.net and my ip is showing up :-(

  • kdecoster1kdecoster1 Posts: 25Members, Plex Pass Plex Pass

    Added the bypass, working now :-)

  • JasonMeudtJasonMeudt Posts: 222Members, Plex Pass Plex Pass

    @kdecoster1 said:
    Added the bypass, working now :-)

    Good to hear!

    • Intel Core i7 4790 @ 3.6 Mhz (Plex Server)
    • Netgear R7000 (Tomato by Toastman firmware)
    • 2x Google Chromecast V2 (Media Player)
    • 3x Roku (Media Player)
    • 20 TB of Storage Space
«13
Sign In or Register to comment.