I followed the “ultimate server tutorial” on the cuttingcords.com website. I have a laptop as my server. It is running Windows 10 and has a static IP. It is connected directly to my modem/router via ethernet cable. I then access plex via my TV, which connects to my network via wifi.
For obvious reasons I want to use a VPN. I use PIA on my laptop. However, when I have it on, I can’t access Plex on my TV. As soon as I disconnect the VPN, then I can access Plex.
Go to Settings > Network >
enable Show Advance settings in the top right
Then under “Local Networks” put your router ip then /24 for example
192.168.0.1/24
Then put that under “List of IP addresses and networks that are allowed without auth” as well. So that it is in both locations. Then Save changes.
This will allow local network regardless of VPN.
If you still can’t connect then you may also want to go to the TV and go to settings and Manual Connections and add the ip address of the server.
You can do it that way, but it is a lot less secure. Any ip address with the same subnet will potentially have access to your Server, even without a password. Not saying it’s wrong, but it is less secure is all.
Ok, let me understand a subnet. It is a LAN with no connection to a WAN without the correct port and with the correct WAN IP or any possible other LAN that my be connected locally.
So if I’m a single LAN user this is not relevant? Yes or No ?
I then can not understand the security issue compared to any other internet connection behind a firewall or double NAT which all IOT’s should be protected.
Please help me understand your statement.
A subnet is used on all networks. It is used to subdivide networks into smaller networks for efficiency. If you are using the same subnet as your wan (For example the default 255.255.255.0) then it is on the same subnetwork as your lan therefore any computer with the same subnet is also on the same subnetwork. So it is vulnerable from outside penetration. By adding your subnet to the fields in Plex you authorize any device on the same subnet access to your plex server without logging in.
Most IOT devices use P2P or Cloud sync (They authorize through a central server ran by a company) for security. That is why you have to scan a code or login to authorize a device. Meaning they talk to authorized devices only no matter the network. Which by adding your subnet you authorize all devices by default that are on the same subnet.
Not if they have the same subnet. Ports are another matter. Once you have access to the network you use the port to communicate. If your subnet is vulnerable like that then access to the network is possible. A simple port scan will take care of the rest. Even if it is blocked outside the local network because it is on the same subnetwork, with the same subnet you may not be able to browse the internet, but there is internet access through the subnet. Most browsers use IP address and DNS for browsing. We use changing ip and subnets to block people from using the web but giving them access to servers outside the local network on WAN.
To be honest it’s not a big deal in this situation because all they could do is watch Plex, but I don’t like people in my stuff without permission.
Yes, but a lot more limited if you aren’t authorizing your entire subnet. So it is massively more secure. Then they have to hack your router/PC and then log in, which like most IOT things is managed by an outside server (Plex). So even if they get network access they can’t log in. Authorizing subnet removes the login for people on the same subnet.
Basically making it harder is what being more secure is. That nothing is invulnerable, but if its hard, most move on to something easier unless it profitable.
Yes choosing a non standard local IP and Subnet is not only more secure but very recommended. It’s that most people don’t know how to do that. If you read the news about printers being hacked 99% of the time they had a subnet same as the Wan.
Some router manufacturers are starting to have the router analyze the Wan IP on install and setup non standard local ip and subnet. But not all of them do it yet.
NAT is different, we are talking about subnets. A NAT remaps one IP address space into another by modifying information in the IP header of packets while they are in transit. So basically your IOT Device would be saying it’s on one IP and actually on another in a double NAT it would do that twice. But NAT isn’t really used much for IOT security anymore since Cloud Verification and P2P Verification nowadays. Ever since the big IOT hacks from another country, bruteforcing with telnet, authorization is now being verified outside the device.
