Here is how it works:
The server (PMS) will talk to plex.tv and tell it its local (non-public) and the public IP and domainame (*.plex.direct) [when using encrypted connection].
The client (your PS4) logs in to plex.tv with your user credentials and gets told all the information which PMS uploaded beforehand.
It now tries to contact your server using these IP adresses. It begins with the local IP. If the server answers on the local IP, all is well.
If it cannot reach the server that way, it tries the next step: the public IP.
Normally, your router should recognize that a client on your local network is trying to speak to another device on the same local network and would therefore “reflect” this traffic so it doesn’t leave your home network.
Make sure that your Freenas server plugin doesn’t do NAT so server and client are not in different local networks.
If you enforce encrypted connections on the server, things get even more complicated. There are some things your router must do and some it must not do for this to work in a local network environment.
https://support.plex.tv/hc/en-us/articles/206225077-How-to-Use-Secure-Server-Connections
Your first test should be to try and switch off encryption and see if something changes.
