Is there still no way for a Plex client to access a PMS on a subnet that is locally routable without enabling remote access on that PMS and having it go through the WAN interface?
If it is not on the same broadcast domain subnet the discovery will not work by default.
You can either hard configure the internal routable IP on the clients, or I seem to remember somehere on the forums people using something like a rasberry pi to bridge the 2 subnets to pass the discovery broadcasts between the subnets.
Can you not edit the “LAN Networks” in the Web App -> Settings -> Network to reflect the other subnets on your network? The explanation of this setting in the Web App seems to be exactly what you are asking for.
@garypower said:
If it is not on the same broadcast domain subnet the discovery will not work by default.You can either hard configure the internal routable IP on the clients, or I seem to remember somehere on the forums people using something like a rasberry pi to bridge the 2 subnets to pass the discovery broadcasts between the subnets.
Do you happen to know what port Plex clients use for discovery?
The plex server listens on UDP: 32410, 32412, 32413, 32414 for the discovery and uses the plex proprietary GDM (good day mate) protocol.
There is a write up on it here :
It is UDP so you can tcpdump / wireshark and see what is discovered.
@MikeG6.5 said:
Can you not edit the “LAN Networks” in the Web App → Settings → Network to reflect the other subnets on your network? The explanation of this setting in the Web App seems to be exactly what you are asking for.
I haven’t tried that because that’s a server setting. The Plex client knows nothing of that setting when trying to discover the PMS so it should have no impact.
Comma separated list of IP addresses or IP/netmask entries for networks that will be considered to be on the local network when enforcing bandwidth restrictions. If set, all other IP addresses will be considered to be on the external network and and will be subject to external network bandwidth restrictions. If left blank, only the server’s subnet is considered to be on the local network.
This seems to be exactly what you want to do… Might be worth trying, at least…
EDIT: I did just notice that this may just be for bandwidth limits. But it’s still worth checking out, as if it does what you want it may save you some coin.
Edited above, I had the wrong ports from memory - GDM ports are :
UDP: 32410, 32412, 32413, 32414 (for current GDM network discovery)
Source of all ports required :
https://support.plex.tv/hc/en-us/articles/201543147-What-network-ports-do-I-need-to-allow-through-my-firewall-
@MikeG6.5 Adding the networks to the allowed without Auth is valid if that is what you want to do, but to discover the servers local IP in the first place it needs to be hard coded, or discover it using the GDM multicast.
@IamSpartacus said:
Is there still no way for a Plex client to access a PMS on a subnet that is locally routable without enabling remote access on that PMS and having it go through the WAN interface?
Broadcast packets don’t cross subnet boundaries… networking 101 stuff.
When I had two subnets, (192.168.0.x and 192.168.1.x) the simplest solution was to make them effectively flat at the PMS server and set 255.255.254.0 and at the WiFi AP. Problem solved.
To accomplish this request will take a serious overhaul of the networking interface layer internally and, subsequently, the UI to permit more exotic network configuration. The question: What is the OS responsibility and what is the application’s responsibility. Even the ‘simple solution’ of allowing multiple adapters, each on a different subnet, each with their full set of ports, requires work in the networking layer (a lot). This is effectively putting routing services into PMS’s core. The complexity and size of the effort grows.
I’m not saying it can’t or won’t be done. What I am asking is: Aren’t there more important fundamental issues to handled first?
@ChuckPa said:
@IamSpartacus said:
Is there still no way for a Plex client to access a PMS on a subnet that is locally routable without enabling remote access on that PMS and having it go through the WAN interface?Broadcast packets don’t cross subnet boundaries… networking 101 stuff.
When I had two subnets, (192.168.0.x and 192.168.1.x) the simplest solution was to make them effectively flat at the PMS server and set
255.255.254.0and at the WiFi AP. Problem solved.To accomplish this request will take a serious overhaul of the networking interface layer internally and, subsequently, the UI to permit more exotic network configuration. The question: What is the OS responsibility and what is the application’s responsibility. Even the ‘simple solution’ of allowing multiple adapters, each on a different subnet, each with their full set of ports, requires work in the networking layer (a lot). This is effectively putting routing services into PMS’s core. The complexity and size of the effort grows.
I’m not saying it can’t or won’t be done. What I am asking is: Aren’t there more important fundamental issues to handled first?
Yea unfortunately I can’t make a flat network because these two subnets are actually connected over a Site-to-Site VPN. I’d need to find a way to forward the broadcast GDM packets. I got this working with Chromecast so I can now cast from one subnet to a Chromecast on the other over the VPN using AVAHI in pfSense.
EDIT: So in testing this I’m seeing that my Roku’s can not find the PMS (they still try to hit it with a source IP of the WAN IP), but if I login to Plex.tv from a Chrome on a PC, it does find it and I see it reach my PMS over the VPN interface with a source IP of the PC (192.168.2.50). Server IP is 10.10.0.200 FYI.
@ChuckPa said:
What I am asking is: Aren’t there more important fundamental issues to handled first?
Definitely! In fact the great place to start on these “fundamental issues” is the Top 10 Feature Requests.
@garypower said:
@MikeG6.5 Adding the networks to the allowed without Auth is valid if that is what you want to do, but to discover the servers local IP in the first place it needs to be hard coded, or discover it using the GDM multicast.
That’s a different setting than what I suggested in my first reply here. The one I suggested is the setting 2 higher in the list, if you have advanced settings turned on.
@MikeG6.5 said:
@ChuckPa said:
What I am asking is: Aren’t there more important fundamental issues to handled first?Definitely! In fact the great place to start on these “fundamental issues” is the Top 10 Feature Requests.
I didn’t mean for the title of this thread to sound like I was hoping Plex had been working on this issue because I realize it’s not a hugely widespread feature request. I was more looking for network savvy users who may have found a backend configuration that would make this work. The title is a little misleading so my bad on that.
@IamSpartacus if you are using something like OpenVPN, then you’ll want to look into a TAP interface instead of a TUN. This will allow your VPN client to be a part of the same broadcast domain. One way to do this is is to have the PMS run the OpenVPN client with a TAP interface connecting to the other side. The PMS will them be able to obtain a local IP address from the other side and it will heard/respond to broadcast traffic.
@ljunkie said:
@IamSpartacus if you are using something like OpenVPN, then you’ll want to look into a TAP interface instead of a TUN. This will allow your VPN client to be a part of the same broadcast domain. One way to do this is is to have the PMS run the OpenVPN client with a TAP interface connecting to the other side. The PMS will them be able to obtain a local IP address from the other side and it will heard/respond to broadcast traffic.
Hmmm interesting. My two OpenVPN instances are running on pfSense boxes in each location so I can not have my PMS run OpenVPN.
However the site-to-site VPN I have currently setup between the two pfSense boxes is indeed in TUN mode so I can play around with changing it to TAP. I’m just going to have to see what else that setup entails as I doubt it will as simple as switching both instances over to TAP to bring the VPN connection back up.
I’m still confused why a PC in Site 2 is able to able to find my PMS in Site 1 using Plex Web over the VPN interface though. The only difference I see is the DNS settings on the PC (set statically) are different than what the Roku’s are getting via DHCP.
Hmmm interesting. My two OpenVPN instances are running on pfSense boxes in each location so I can not have my PMS run OpenVPN.
I actually have a similar setup, that won’t stop you from running openvpn as a client on the PMS. In my case, I have a site to site. The site to site allow me to route 10.0.0.0/24 (home) with 10.10.10.0 (colo). However on the PMS (10.10.10.100) I have an openVPN client running TAP to connected to my HOMEs wan IP. This provides a local 10.0.0.0/24 (10.0.0.100) address on the PMS, that basically acts as if the PMS is connected to my local network at home. The PMS is reachable via 10.10.10.100 and 10.0.0.100.
I’m still confused why a PC in Site 2 is able to able to find my PMS in Site 1 using Plex Web over the VPN interface though. The only difference I see is the DNS settings on the PC (set statically) are different than what the Roku’s are getting via DHCP.
Yeah. That is confusing too. You shouldn’t need to enable remote access, but you will need to sign into the server and Roku. This will provide the ability for the Roku to discover the local IP of the PMS server through plex.tv, and connect (over the vpn). I’d be happy to look at your Roku logs during the startup process to see if we can isolate why the Roku cannot connect to the server.
@ljunkie said:
Hmmm interesting. My two OpenVPN instances are running on pfSense boxes in each location so I can not have my PMS run OpenVPN.
I actually have a similar setup, that won’t stop you from running openvpn as a client on the PMS. In my case, I have a site to site. The site to site allow me to route 10.0.0.0/24 (home) with 10.10.10.0 (colo). However on the PMS (10.10.10.100) I have an openVPN client running TAP to connected to my HOMEs wan IP. This provides a local 10.0.0.0/24 (10.0.0.100) address on the PMS, that basically acts as if the PMS is connected to my local network at home. The PMS is reachable via 10.10.10.100 and 10.0.0.100.
I’m still confused why a PC in Site 2 is able to able to find my PMS in Site 1 using Plex Web over the VPN interface though. The only difference I see is the DNS settings on the PC (set statically) are different than what the Roku’s are getting via DHCP.
Yeah. That is confusing too. You shouldn’t need to enable remote access, but you will need to sign into the server and Roku. This will provide the ability for the Roku to discover the local IP of the PMS server through plex.tv, and connect (over the vpn). I’d be happy to look at your Roku logs during the startup process to see if we can isolate why the Roku cannot connect to the server.
My setup is a little bit the reverse of yours. Mine looks as follows:
My Home (Site 1)
pfSense VPN Server Interface - 10.24.0.1
PMS - 10.10.0.200 (signed in with my Plex account)
My Parents Home (Site 2)
pfSense VPN Client Interface - 10.24.0.2)
Client Roku - 192.168.2.80 (signed in with parents Plex account)
As you can see, Site 1 acts as the VPN server. Could I create a server on Site 2’s router in order to create a TAP interface on my PMS, sure but that sounds like a bit of an over complication.
Now, why I can access my PMS over the VPN interface without any additional config from a PC on 192.168.2.x doesn’t make much sense. The only difference is it has statically assigned DNS to 10.10.1.20 (a WS2012 AD Controller at my house). I could test giving those same DNS settings to the Roku but I’m still pessimistic that’s the solution.
I did just see though that you can manually configure 2 PMS IP’s in the Roku Plex app so if that works, that’s probably my solution right there.
