Lots of people use a VPN to connect their PMS to the internet. Most VPNs support port forwarding, but they will not allow you to forward 32400 but only one single user of that VPN can have that unique port. So instead, you get a randomly assigned port. Then you need to manually specify port in PMS.
Platform:
I have verified this on Mac OS X Mavericks and Yosemite.
How to reproduce:
Go to Plex Media Server web interface > Settings > Server > Connect and enter a manually specified port. Use a VPN.
Observed incorrect behaviour:
VPNs always create their own network interface, so if you run ifconfig you'll see for example the VPN is using tun0 or maybe p2p0, but NOT en0. Plex only listens on en0 network interface.
Just trying to understand why you would want to do this?
When people talk about using a “VPN” to access their own servers they are NOT talking about using HMA, PIA or other public VPNs. They are talking about running their own VPN service (software or on their home router). If you run your own VPN this isn’t a problem as you control the ports.
The only reason, I can think of to use a public VPN service is if you are also using the PMS server to d/l torrents or other similar downloads and are trying to hide this fact from your ISP. This is not ideal setup and will mess up/screw with PMS. Servers of all kinds will not work very well in this type of environment but it’s not the fault of Plex but in the OP’s setup.
So could you guys clarify what you are trying to accomplish?
Just trying to understand why you would want to do this?
When people talk about using a "VPN" to access their own servers they are NOT talking about using HMA, PIA or other public VPNs. They are talking about running their own VPN service (software or on their home router). If you run your own VPN this isn't a problem as you control the ports.
The only reason, I can think of to use a public VPN service is if you are also using the PMS server to d/l torrents or other similar downloads and are trying to hide this fact from your ISP.
This is not ideal setup and will mess up/screw with PMS. Servers of all kinds will not work very well in this type of environment but it's not the fault of Plex but in the OP's setup.
So could you guys clarify what you are trying to accomplish?
Cayars-
Yes, that is one, of many, reasons to use a VPN...
While I realize by your 'tone' you realize there are other options and uses for a VPN, the implication is that 'whatever' it is used for is (implied...) nefarious.
The most important thing you need to know about a VPN: It secures your computer's internet connection to guarantee that all of the data you're sending and receiving is encrypted and secured from prying eyes.
I myself use a VPN on my router to ensure that EVERYTHING is encrypted, whatever the data is being sent/received for. My ISP only sees an encrypted stream going/coming from my VPN provider for all of my non-Plex data and stays out of my 'life'.
Now the reason for this (and other posts...) is that Plex does not let you specify the network adapter to bind to. It may be possible, but it is not easy nor recommended. Couple that with the fact that port forwarding a specific port (32400 for example...) is nigh impossible for most people in a VPN (as a client). This is why most people forward their Plex network activity 'outside' of the VPN, but they do lose the /encryption/anonymity of their VPN secured network.
In my case, I run my VPN client not on my end server, but rather on my router (Netgear R7000 with Tomato...) so that everything in my household gets encrypted. I route Plex IP's (via Amazon...) outside of my VPN:
Now this literally defeats the entire purpose of my VPN client for Plex useage, but since I cannot port forward through my provider (via my router...), and Plex will not bind to a specific adapter for end server useage, it is a known 'issue'. One that should be fixed, but still an 'issue.'
But that is not the point of the “public” VPNs and doesn’t help us for the “security” issues currently in Plex.
When you use these public VPNs like HMA, PIA, StrongVPN, etc from your server then the only part that is encrypted is from your server to say PIA’s servers. The rest of the connection is wide open.
So lets say you are trying to use PIA for this purpose of “encryption” and you take your laptop to a cafe. From the cafe you connect to their internet. Now you fire up plex which gets the “external” IP from PIA (and does port forwarding) to your local server. So your connection goes from the Cafe to PIA and then from PIA to your server. Only “half” the connection is encrypted and it’s the WRONG side that’s encrypted. You want the encryption on the CAFE side since you are using a public WIFI that could be “hacked”.
From a security standpoint you don’t want/need the PIA running on your local server but instead want to connect to the CAFE WIFI, fire up PIA VPN on the laptop and once connected then use Plex. This way the CORRECT HALF side of the connection is encrypted.
Better yet is to setup your own VPN that you host. Then anywhere ourside your network you connect to the internet, start your VPN to your own network and connect to Plex. In this case the full path is encrypted and no tokens could be gotten.
Everything I’ve said above thus far is purely from the standpoint of keeping the “remote” client in the protected side of the VPN so no token exploits can be done. This isn’t to protect activities you are doing on your local network or on your plex server. If I were to have activities running on my network that I wanted to hide specifically from my ISP (pretty much all HMA, PIC, StrongVPN, etc are good for) then I would not do it from my router but instead would run them on a dedicated machine on in a VPN and only run those services though these “half VPNs” for anonymity. I would not have my Plex server involved in this if not needed as it would take a speed hit running through the public VPNs.
But that is not the point of the "public" VPNs and doesn't help us for the "security" issues currently in Plex.
That is the point of these public VPN's. The security issues stem from Plex' inability to listen to specific/assigned network adapters.
So lets say you are trying to use PIA for this purpose of "encryption" and you take your laptop to a cafe. From the cafe you connect to their internet. Now you fire up plex which gets the "external" IP from PIA (and does port forwarding) to your local server. So your connection goes from the Cafe to PIA and then from PIA to your server. Only "half" the connection is encrypted and it's the WRONG side that's encrypted. You want the encryption on the CAFE side since you are using a public WIFI that could be "hacked".
...
Better yet is to setup your own VPN that you host. Then anywhere ourside your network you connect to the internet, start your VPN to your own network and connect to Plex. In this case the full path is encrypted and no tokens could be gotten.
Two different scenarios, but I agree. My server is connected to my VPN. If I were to take any other system (laptop) to another location, it would need to be connected to a VPN to gain the security required. In your first scenario, you are co-mingling systems and unless I am missing something, IF you connect your laptop to a VPN at the cafe, then the cafe to VPN connection IS encrypted.
In the situation as I described earlier, where I route my Plex connection(s) outside of my VPN, then my return connection would be in the clear FROM my Plex server yet encrypted on the that same return leg FROM my VPN to my laptop.
What we are, hopefully, trying to accomplish is allowing the Plex server to listen to specific/multiple network adapters (tun0) which would then allow encrypted connections FROM/TO my Plex server to a VPN.
Everything I've said above thus far is purely from the standpoint of keeping the "remote" client in the protected side of the VPN so no token exploits can be done. This isn't to protect activities you are doing on your local network or on your plex server. If I were to have activities running on my network that I wanted to hide specifically from my ISP (pretty much all HMA, PIC, StrongVPN, etc are good for) then I would not do it from my router but instead would run them on a dedicated machine on in a VPN and only run those services though these "half VPNs" for anonymity.
Which is exactly what I do... I run Tomato on my router which then becomes a dedicated VPN client or what you refer to as a 'Half VPN'. Just for reference, here is what the Tomato Firmware does... http://tomato.groov.pl/?page_id=19. The limiting factor in running this way is the speed hit that your encryption requires, which is limited by the processor in your router; hence my running on an R7000.
I would not have my Plex server involved in this if not needed as it would take a speed hit running through the public VPNs.
Which is also why I have not 'complained' too much over this entire process. The only thing my ISP sees is that I run Plex, based on my routing around the VPN for plex traffic. Now... Should we get to the point that I can route through a VPN and my router (more my provider's fault) then I would be a happy camper!
We agree on the point of the public VPNs but I guess we disagree on which side they need to run on. What I’m saying is that from a security standpoint the important part to encrypt is on the client side where they could be using untrusted or public WIFI hotspots that are easy to hack.
Granted from a PURE security standpoint the whole connection could be encrypted but in reality you probably don’t need to worry much about your ISP or the major backbones hijacking Plex tokens in order to gain access to your Plex server. It’s the low-lifes that hack public WIFIs that are the biggest problem for us Plex Ops at the moment.
I have my router setup so that it can be used as a VPN Server when needed. This way I can have a pure encrypted tunnel from my cell or notebook all the way back to my router. Doing it this way requires no additional steps from inside of Plex.
I like Cayars don't quite undertand this request, so I don't know if I want to like it or not.
I have a VPN at home that I set up to run on a Raspberry Pi model B.
I have openVPN set up on my laptop, Android, and Iphones, and my Ipad.
My Plex set up currently is set to not allow remote connections, and I don't have port 32400 forwarded outside of my lan.
I have no problem using Plex when I connect to my VPN remotely.
I connect to my VPN and then Plex works no problem and has for a 2/3rds of a year now.
Edit: I might of mantually listed the LAN address of my server in the various plex apps, but if I did that, that was the only thing I had to do to make Plex over a VPN work.
If the issue is Plex over a VPN that isn't part of your LAN, well that's just the nature of how VPNs are suposed to work. That VPN that's outside of your LAN really wasn't intended to extend your LAN.
What is it exactly you are asking Plex to do that it doesn't do already?
I am with you on this.
Manually Specified Ports over VPNs work just fine for me. I've been doing to for close to a year now with no problems. (Well problem being VPNs reduce bandwidth throughput somewhat, mine being on a Raspberry Pi Model B is likely even more limited.)
But I suspect the problem these other users are experiencing is because they are trying to use a VPN server they don't own (I operate my own OpenVPN server) and that is on a different LAN from there Plex Server.
If your VPN is on the same LAN as your Plex Server and you have your VPN configured correctly you will be able to use the same local address like you would do when inside your LAN to find your Plex Server when you are outside of your LAN but connected to your VPN.
What is it exactly you are asking Plex to do that it doesn't do already?
Yes, I'm using something like PIA (AirVPN in this case) for privacy. I am fully willing to admit that I adopted it originally because I do download torrents from the same machine. I often wish to access my plex library from other machines, not necessarily ones I own myself, which are not on the VPN.
This is not ideal setup and will mess up/screw with PMS. Servers of all kinds will not work very well in this type of environment but it's not the fault of Plex but in the OP's setup.
Not at all true, as I was able to provide a workaround by doing the port forwarding myself. Have you tried that out yet? In addition, uTorrent on the same machine does support listening on all interfaces.
I'm not sure if you're questioning the use case or the technical feasibility. If you've setup complex VPNs then you must see how listening only on en0 is what causes this problem from a technical point of view.
