I don’t know if it uses an HTTP(S) GET request or the like. I’d like to know how, because I have a VPN and I don’t want to send my plex traffic through it. But simply allowing port 32400 to bypass the VPN is not enough, because it accidently registers the VPN IP instead of my ISP one.
Do I need to allow the plex server to communicate out on port 80 and 443 as well?
Thanks.
Just did a packet capture and some tests.
It uses an HTTP request to obtain the external IP address from a “plex.tv” server.
The pcap also has some 443 (HTTPS) traffic to plex.tv and amazonaws.com. So I’m guessing both are required for the remote access feature to work.
With port 80 off the VPN it obtains the correct external address, but is unable to make a direct connection.
With both 80 and 443 off the VPN, it’s able to work.
I’m assuming it makes the initial connection with 80 to get the external IP, but because the remote access connection is brokered by an amazon AWS server, there is an additional test using AWS to try and make a connection.
Cheers!
Have been researching for hours, and have routed about a dozen ips through my gateway to get Plex to communicate only through my router, and not the VPN. It appears you have done this just by routing traffic for port 80 and 443? Is this still relevant? And if so, how could I route traffic destined for specific ports, as opposed to specific ip ranges?
Something may have changed since I last looked.
Here is the plex page on remote access, I’m not sure if you’ve already read it:
https://support.plex.tv/articles/200931138-troubleshooting-remote-access/
I’ve not really had a problem with it since, but I’m also no longer using plex.tv as my main method of connecting to my media server. So I’ve not checked it in a while.
I believe the Router/FW feature you’re looking for is “Port Forwarding” or “NAT” or “Port Triggering” depending on the brand of your router.
If you have a more modern router, you might be able to use UPnP port triggering, which is a zero-config networking technology. Plex server will advertise to your router, which can in turn set up the right routes. I believe this is the recommended setup for most users. Sometimes this is a problem with older routers though. Also because you’re running a VPN you may need to make special considerations.
I have a firewall rule in the port forwarding of my router (opnsense) that says, anything inbound WAN on port 32400 send to plex server internal IP on port 32400. I have another rule that states anything outbound from plex on 32400 will use the WAN as the default gateway. I’ve done this with a (slow) floating rule to block traffic “VPN bound” from the normal WAN, and a (default/bottom) LAN rule to tag any packet that doesn’t match my previous (exception) rules as “VPN bound”. That serves as a “kill switch” when my VPN fails. Anything outbound tagged VPN won’t make it out the WAN if the VPN is down.
I currently have my router acting as a full time VPN client and forwarding plex on the default port outside my VPN. All other traffic is through the VPN. Plex reports it still somehow has the correct non-VPN IP, and I don’t fully understand how, but it is able to connect. If you check on the web GUI under server settings “Remote Access” you can click on show advanced, and have a look at this.
That’s about all I know. I don’t know if any of this helps. If you have something more specific to your setup, I may be able to answer it. This is just the general knowledge dump.
