Server Version#: 1.21.2.3943
Player Version#: 4.51.1
Hello,
I hope you can advise:
I have a home network setup in which I separate various devices by using VLANs.
I have OPNsense in place.
What I currently don’t quite understand is how really Plex works, but I assume when I try something like croneter/plexkodiconnect, it broadcasts in the same network searching for PMS. I assume that it’s the port 5353 UDP, as noted in Plex documentation.
My configuration is like this:
VLAN1: Computers (here I am testing with Kodi under Windows), or also RP4 with Kodi/PKC.
VLAN2: Servers
Plex is on the Ubuntu-Server in VLAN2 inside the Docker container.
So I put all 3 networks (VLAN1, VLAN2 and Docker-Network) inside the Plex network settings, and made forwarding rules for all ports from VLAN1 to the Ubuntu-Server in VLAN2.
Manual server setup in Kodi is working, if I manually enter the server IP.
But, I’d really like to get the automatic discovery working.
Basically, if Kodi in VLAN1 is sending broadcasts and looking for specific open port, and this port is being forwarded directly to the server, it should work.
Any idea what I’m missing?
OK… there is a udp broadcast addon I am currently attempting to set up, that might do the trick with udp forwarding.
I can’t / don’t want to keep servers in the same network/subnet as playback devices / computers. That would defeat the purpose of separating networks.
Not sure what you suggest would accomplish, if I am attempting to divide devices.
I will rather live with no discovery than have to put them all into same network.
Thank you.
Given that connections work if you manually specify the server’s IP address, this may be a DNS rebinding protection-related issue. Each server has its own unique *.plex.direct FQDN comprising its IP address (delimited by dashes instead of periods), its certificate UUID, and the domain “plex.direct.”
When a signed in client starts, it contacts Plex, Inc.‘s servers to get a list of your servers’ FQDNs. It then performs a DNS lookup on them to see what their IP addresses are. DNS rebinding protection can prevent these lookups from resolving to local IP addresses.
If that works, you can try re-enabling it and then allow specific specific hosts (“Alternate Hostnames”).
Note that for this to work, you still need to ensure that TCP 32400 is allowed from your source to destination network; presumably this is already the case since manual connections work properly.
None of the above applies if the client isn’t signed in to your account. In that case, it will fall back to GDM discovery (if enabled). In that case, you’ll likely want to continue down your current troubleshooting path.
The only reason why I am pursuing to make the discovery work is for pure interest. As I said, it’s working, and aside me having to put the IP address manually once I’ve installed Kodi, there isn’t any need, except if I reinstall Kodi.
I had a big issue two days ago as I move the server into it’s own subnet. As I started Plex (web), it said it can’t find the server and that was it. I wasn’t able to do anything. I then started playing with different settings, and finally found out that putting additional networks in the docker, under ACCEPTED_NETWORKS or something like that, and also deleting and/or changing Claim key, at some point I was able to access the server again, and since then again everything peachy. I also made sure all 3 networks are now entered in both entries in Plex. This issue actually pushed me to look deeper into how Plex is working when it comes to networking, but honestly, I still don’t quite understand it.
I tried unchecking the DNS rebinding protection, however that didn’t change anything. After I did that, I attempted to do an automatic server detection, and nothing.
32400 must work, because I currently have everything open internally. LAN and all VLANs have everything open to ->in->Firewall. There is no port forwarding or NATing needed.
If all these networks are inside of your edge device, multiple TCP/IP subnets absolutely no security unless enforced by VLAN tagging in a switch capable of enforcing that tagging. “Security through obscurity” is not real.
Were I to be the intruder, having gotten onto your LAN,
will show me everything beginning with 192.168.x.x.
I could then similarly execute
sudo nmap -v -sn 10.0.0.0/8 | grep -v 'host down'
I now have the topology for two full subnet trees
If you make VLAN groups, and assign those VLAN groups to the different types of devices (ports on the switch), you have full control of what can see & communicate with what.
They’re all on the same IP network but the switch does its job and controls the flow of data to only where you want it.
Of course it’s enforced on the switch(es). One is Aruba 1930, and two smaller 8-port managed switches, Cisco and Unify. Up to the wireless access point. It’s not all set up yet, as it’s now, but I do know what I’m doing. I manage a setup in our company, two servers, 20 virtual machines, most of windows roles spread across servers, dozen switches, couple of VLANs, external access, VPN, bells and whistles. Windows based. However, I am only completely new with OPNsense and Linux. And also new when it comes to Plex and how it works. Some things I just never encountered, that’s all.
When the networks are closed and the setup finished, those commands won’t do much. Right now, of course. I have it open just to first set up everything and then I stop closing step by step. Were it Sophos for instance, on which I’ve worked for years now, it would be a different approach, but with OPNsense, this is easier for me.
I don’t know why I am getting an impression you are holding me for a complete noob?
I’m sorry for having taken you as a noob because it didn’t make much sense given how subnets work by default.
Perhaps this will give you what you need to solve the issue.
Cisco routers usually contain a UDP IP Helper address mode that you can use to cross the subnet.
This type of advanced networking is probably best asked on StackOverflow.
It’s quite far outside the norm of how things are done for the vast majority of Plex users.
I solved the problem. As I was tightening the firewall down, I noticed various multicast packets going around. Initially just though to shut them down, however I looked further into it, remembering I read something about Plex and Multicast. It dials down to this: I merely had to enable IGMP snooping on my switch for the VLANs in question. And voila. Discovery is working fine! Yay!
