Cannot set correctly IPv6 in LAN Networks

Server Version#: 1.27.2.5929

My ISP provides me IPv6 with /56 prefix delegation, say for example:

d568:40fd:487:1665::/56

Each of my devices have the IPv4 and IPv6 assigned by a Unifi UDM SE router with DHCPv4/6. Since I need to access IPv6 only websites, I cannot disable IPv6 on my network.

If I insert into LAN Networks 192.168.0.0/16,d568:40fd:487:1665::/56 and play a video into browser or Apple TV, it will play as Remote, not as Local. Into logs, I see the following error:

Error parsing allowedNetworks 'd568:40fd:487:1665::56': Invalid argument

It also does not makes sense to me that you have enabled by default the Server support for IPv6 option, if you cannot use IPv6 into LAN Networks? Thank you for your help.

Not supported.

Here’s a feature request with a link to a long discussion on the topic.

Thanks @FordGuy61, can you please let me know what the option Server support for IPv6 does, if IPv6 is not supported?

To make people angry

It enables PMS to listen and register on IPv6 addresses. That does work.

What isn’t supported is putting IPv6 addresses into the LAN Networks field.

Sadly, putting anything into LAN Networks, including IPv4 entries, makes IPv6 work worse.

If LAN Networks is empty, Plex automatically considers “connected” addresses to be local, including connected IPv6 addresses.

If LAN Networks is not empty, Plex only considers the contents to be local.

But because LAN Networks doesn’t support IPv6 entries, that means Plex won’t consider connected IPv6 addresses to be local.

Most people don’t need anything in LAN Networks anyway. Do you?

I did not know, thank you for the information.

With nothing defined in LAN Networks, when I play a video on my web browser, it shows as Remote into Plex Dashboard while using an IPv6 address. Since each device has both addresses assigned by router, I would expect Plex to use the IPv4 address.

That’s interesting for two reasons. Outside of Plex, many systems prefer IPv6.

But I think Plex will use IPv4 addresses first, when possible.

I also think they should be considered local.

Let me look at how my system behaves - I’ll respond later.

Thank you for looking into this, I’m sure others will find the info useful also. While you look into this, I’ll disable temporarily IPv6 and report back if web player shows a local IPv4 in Dashboard.

So I did more troubleshooting, I created a network where only IPv4s are allowed and moved the Apple TV into it. I’ve set the Internet Streaming to 4Mbps 720p and started playing a 1080p video. To my surprise my ISP public IPv4 was displayed as Remote into Dashboard!

Then I realized I have remote access disabled and using a custom server access URL https://plex.domain.com which points to my ISP public IP and gets redirected with a port forwarding to the local Plex server.

Next, I added the ISP public IP and local network into LAN Networks but even if the video was playing as Local, it was still transcoding. Obviously, I cannot add the ISP public IP into List of IP addresses and networks that are allowed without auth, everyone would be able to access the Plex server, if they know the URL.

That being said, this exercise was a nice discovery. Because I use a custom server URL, I will never be able to have private IPs in use. I will revert back to previous setup with dual IPv4s and IPv6s, leave LAN Networks empty and the set the Internet Streaming to Maximum into Apple TV client.

If anyone has a better solution, I’m interested. Using a local http://plex.lan custom URL will not work, since it needs to be public and reachable by Plex servers. I only allow port 443 to be accessible to the world, behind a Cloudflare proxy cache (to protect my ISP public IPv4 and IPv6). With current setup, I can access anywhere in the world my Plex library.

Screen Shot 2022-08-05 at 1.48.49 AM832×601 104 KB

That won’t happen if the IP is a routable (i.e. public) IP.

Not true.
I have put my public IP into the “custom URL” field. Still I am able to stream directly from the server when using a client in the local network.

My assumption is that your local DNS resolver is applying “DNS rebinding protection”. This prevents secure connections from working in the local network. The solution is to add the domain plex.direct to the list of exceptions from that protection.

I use two Pi-Hole combined with unbound running on two raspberry pi, for my network DNS.

Screen Shot 2022-08-08 at 5.23.26 AM632×791 26.6 KB

image694×720 89.2 KB

Not familiar with plex.direct domain, is this an actual resolvable domain name.

Every Plex server is assigned a subdomain on that: https://support.plex.tv/articles/206225077-how-to-use-secure-server-connections/

At the bottom of that article you can find some examples how to add the domain to popular DNS resolvers.

I added the configuration:

echo 'private-domain: plex.direct' > /etc/unbound/unbound.conf.d/plex.conf

I cannot tell you whether that is wrong or right, as I’m not using this software myself.

The information is correct, I posted it in case someone else has the same issue. Thank you, I did not know about this setting.

Edit: Enabling private-domain: plex.direct in Unbound invalidates the Custom server access URL setting and my server libraries are not available anymore in either app.plex.tv or my Apple TV app. I use a real https://plex.domain.com domain with valid certificates.

Unfortunatey I am out of ideas. If I had to guess, it is somehow connected to your highly customized routing and the involvement of several filters and proxies.

The addition of the private-domain: plex.direct directive has only an effect on the local network.
It should have no effect whatsoever on your custom server access URL. (Unless you have a very funky routing.)

I have a standard Cloudflare setup with traffic forwarded to a local server, nothing funky about it. If I disable IPv6, I see my remote IPv4, instead of a local IP. Which in my books is not right. I use a Custom server access URL because I do not want port 32400 exposed to the world.

Also, in app.plex.tv my server displays as secure.

@Daisuke

If I may add here?

I use Cloudflare as well with custom server access URL.
My edge device (Firewall/router) is Pfsense (which also uses unbound).

Pfsense’s DNS resolver is where I configure plex.direct for the LAN side to avoid the DNS rebinding problems.

Custom server access URL, thanks to Cloudflare DNS, comes in on the published (non-32400) port.

Standard port-forwarding rule in Pfsense maps and forwards to 32400 on the LAN side.

My ISP is IPv6 and IPv4. Pfsense converts all that to my IPv4 LAN addressing with no issues.

An added benefit of PfSense which I use - I apply a Source-IP restriction rule to inbound connections.

Only those IP addresses / DDNS FQDNs which I add to that list are allowed to connect

Thanks for sharing, I have the same setup, except the Unifi UDM SE and port forwarding is done to a Raspberry Pi with Nginx Proxy managing various sites, one of them being the connection to Plex:

upstream plex {
    server         uranus.lan:32400;
}

server {
    listen         80;
    listen         [::]:80;
    server_name    plex.lan;
    index          index.html;
    root           /usr/share/nginx/html;
    include        /etc/nginx/conf.d/proxy.inc;

    location / {
        proxy_pass http://plex;
    }
}

server {
    listen         443 ssl http2;
    listen         [::]:443 ssl http2;
    server_name    plex.domain.com;
    index          index.html;
    root           /usr/share/nginx/html;
    include        /etc/nginx/conf.d/*.inc;

    location / {
        proxy_pass http://plex;
    }
}

Even when I access plex.lan, I get this log entry:

Request came in with unrecognized domain / IP 'plex.lan' in header Host; treating as non-local

The proxy.inc file:

proxy_buffering  off;
proxy_redirect   off;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.