do you happen to be using WiFI and a walled garden? I was using ubiquti and had guest policy enabled and that led all my Wifi connected devices connecting indirectly.
PS I use pfsense as well and it works well for me.
I also have this under unbound dns resolver custom options
server:
private-domain:
“plex.direct”
I also specified all my local networks in plex network LAN network section, including the subnet assigned to my OpenVPN clients
I had them set to preferred, if I disable them then none of the remote clients work, they just say the server is unavailable.
@mervincm I use Meraki APs but none of the SSIDs have walled garden enabled. Regardless, the server is off-site to me (well everyone for that matter) so everyone connects via the internet to it.
I don’t have L3 routing to it via my IPSEC VPNs because I don’t want the streaming traffic to be compressed and encrypted which causes buffering so no point on adding the networks to the network list, even if I did I’m not sure how that would cause the remote connection to change from available to unavailable on its own… But I could be wrong.
I also have that option set on the resolver and it didn’t make a difference, at the moment the resolver is just disabled to take it out of the equation.
Check your PM.
Is this server at a Datacenter?
I also have to use prefer secure connections, not only secure otherwise I have issues connecting locally.
is your port open to the internet at your external public ip if you check using a tool like https://www.yougetsignal.com/tools/open-ports/
with this it notes that mine ( forced to default 32400)
is open.
ps my meraki ended up in the garbage after my free year ran out 
Nope.
I have a CCNA so I can renew my license by taking a 1 hour training class.
Have you tried another client, say a windows 10 VM on the same host/vswitch/segment as your 2012R2 server VM? might it be 2012R2? we are what 18 mo past end of support?
have you tried another plex server on a new OS, windows or linus, on same host/vswitch/segment?
do you have multiple nics enabled on the 2012R2 server, or kept it simple with 1 vnic?
Maybe someone on the pfsense forum can help you? I got some very good plex advice on there before.
this line here has me confused
There is a another router in this situation, between your VM and the internal PFSense NIC? (I assume this when you say layer 3) If can can you try it on the same subnet that the internal PFSense NIC is on? I don’t know that this should do anything (as long as your LAN segment is set right in plex) but it is hardly the typical situation. maybe you can simplify till it works correctly, then determine what “complication” breaks your access.
Yes, the pfSense instance does core and VPN (client as well as site-site) routing, the way the network is setup there is no local clients on the same subnet as the server itself. This is a 3 location network between a couple friends were we host our home labs and we server as off site backups for each other. Each location has a pfSense doing the core routing but behind it there is a L3 switch doing the interVlan routing, however none of the switches have any ACLs enabled, all the application level rules are on the pfSense instances. Running a client locally wouldn’t amount to anything since the issue only affects remote clients when the remote access goes to red.
After talking with @Achilles I downgraded to version 1.141.5488 and the remote access state is a lot more stable now. Before I could enable it, wait 5 seconds click on another section in settings and remote access would turn red, with this older version it maintains the state.
However, I just checked the server again after downgrading last night and I noticed that it went back offline. So we went from seconds to failure to hours to failure, I guess we’re making progress.
Since the issue does appear to be software related, I’m going to setup a clean VM and see if that changes anything.
So after almost a week of running on the new VM with no network changes (other than changing the inside NAT address since new vm an all) the issue seems to be gone.
I’m going to give it a bit longer and see what else happens.
That’s great to hear. Did you stay with W2K12R2?
No, I moved to 2016
This topic was automatically closed after 90 days. New replies are no longer allowed.
