Server Version#: 1.28.1.6104
Player Version#: app.plex.tv (but others too)
Hello. I cannot securely connect my plex clients to my plex server. I’ve seen that this is a somewhat regular problem but I’ve tried a lot of things that were mentioned and can’t seem to solve that. Here is a plan of my home network. To be clear, I don’t want to setup remote access. I only want secure connections throughout my local network
ISP Modem (WiFi deactivated)
|
TP-Link Archer AX-50 router (does my Wifi) — WiFi peripherals
|
Basic 8-port switch (cannot be managed) — ethernet peripherals, among them the PC with plex server
What I tried so far, without success
• UPNP is activated on the modem and on the Archer
• The Archer router is the only thing connected to the ISP modem. It has a fixed IP (192.168.1.11).
• The PCs with server and client have fixed IP in the same sub network (10.33.21.xx).
• I tried to deactivate the Archer firewall
• I tried to connect my clients via ethernet, both on the switch, on the router, and on the modem directly. Via WiFi too. Same message all the time.
• I tried several different clients (Windows, Linux, Mac, Android : all say the same thing)• I tried different servers : Windows & Linux.
• I forwarded port 32400 to my Archer router from the modem, and from the Archer to my plex server. No success. • I setup my router in bridge mode, having only one NAT (knowing double NAT might be a problem) by the Archer, no success.
PS : Plex clients do not tell specific error messages besides “cannot connect securely”. Everything works well if I allow unsecure connections. But for the sake of understanding things I’d rather make this work securely.
I don’t know if this is relevant but when I try to go from Firefox to my server : https://10.33.21.20:32400 I have the following error message about certificates.
Les sites web justifient leur identité par des certificats. Firefox ne fait pas confiance à ce site, car il utilise un certificat qui n’est pas valide pour 10.33.21.20:32400. Le certificat n’est valide que pour *.e63c73bfcd204a2fbf2b93dde053c524.plex.direct.
Code d’erreur : SSL_ERROR_BAD_CERT_DOMAIN
Sorry it’s in French, basically it says : Firefox doesn’t trust this site because the cert is invalid for …, it is only valid for…
Secure connections failing in the local network of the server is not a matter of UPnP or port forwarding.
It has to do with a security feature which is employed by many “DNS resolvers”. (Your router has also such a DNS resolver in it.)
The feature is called “DNS rebinding protection” and prohibits the assignment of a domain name to a device in the local network (namely your Plex server). But that is exactly what is necessary for secure connections.
The only solution is to either
live without secure connections
use a different router without DNS rebinding protection
use a router which allows customization of this protection feature. Setting the domain plex.direct onto the list of domains for which this protection is disabled.
Thank you. It seems that there is no way to customize this in the TP Link Archer AX-50 so I’ll go for unsecure connections. It’s all on a private secured network so I don’t mind, I just wanted to make this work out of frustration…
If anybody managed to make this work with a TP Link Archer AX-50 or close, let me know !
If you employ a second DNS server on your network (a Pi-hole, or a pfsense appliance for instance) you can delegate all DNS tasks away from your router. And the Pi-hole uses an open source DNS resolver which certainly does support the necessary configuration option.
Thanks. I was also thinking about flashing my router with OpenWRT (which provides whitelist for DNS rebinding protection) but my model is not OpenWRT compatible. Too bad ! Well I’ll go for unsecure connections, since it’s all local it doesn’t really matter. I spend way too much time on this but I learnt a lot of things, thank you.
