Indirect connection at some remote networks

Plex Media Server Remote Access
1

Server Version#: 1.21.1.3830
Player Version#: Web or App, latest (does not seem to matter)

Following situation:
PMS running great for over a year now including remote access, very frequent streaming without any problems. Accessible locally and on other networks. After giving access to the library to a friend he has warnings about “indirect connection”, therefore quality limited to transcoding 720 (2 mbps). Although when using 4G the issue disappears (same device). After asking him to check via a port-checker if he can access port 32400 on my server it’s negative (connection not possible), after switching to 4G it’s positive (connection possible). Port 32400 TCP and UDP all forwarded and checked using CanYouSeeMe. His provider is “Wingo” which provides the same router I have. It does not have any settings related to ports or port blocking except port forwarding.

Using different ports didn’t change this behaviour, what would you recommend?
What could the issue be?

2

At that point I recommend speaking to your ISP.

1 Like
3

Actually, if the problems only arise in some remote networks, it usually is a DNS issue.
Try setting the router (or more precisely: the DNS resolver, but in small and home networks these are usually the same) to use a different DNS server. Both Google’s (8.8.8.8) and Cloudflare’s (1.1.1.1) should work alright.

If the router cannot be configured, try setting the DNS server at the actual client device.

1 Like
4

DNS was already configured to 1.1.1.1 on device and 8.8.8.8 on the router, so should not be a problem. Additionally it can connect to the webserver with dynamic DNS on the same machine without any problems.

5

Are you using Pi-hole or similar DNS filters? If so, they may need a whitelist of domains, which are not the subject of filtering. plex.direct in this case.

Then you could define a “custom server access URL”, which uses your custom domain name. You’ll probably need a fitting cryptographic certificate, though.

1 Like
6

No, they do not use DNS filters or DNS ad blockers.

7

Try the custom server access URL nonetheless.

1 Like
8

Yes just tried, did not work, but had other interesting findings:

When connecting to https://myhostname.com:32400 one can see the Plex Interface. This works locally and over the internet. So my friend tried this out and was not able to connect to it, the Browser could not load the page, https://myhostname.com which is the webpage on the other hand did load. If he tried https://myhostname.com:32400 over 4G Plex loaded.

9

This implies that you added /web to the server access URL, which is not correct.
“Accessing the server” is not equal to “loading the web app”.
When accessing https://myhostname.com:32400, you should get an XML document in return.

10

I have not added /web to the server access URL. The server access URL is as follows:
https://myhostname.com:32400

If I visit this website I do not see an XML document. What happens is I get forwarded to http://myhostname.com:32400/web/index.html. Is this behaviour correct?

11

Did you supply a custom security certificate? If you did not, you cannot use https as your custom access URL.

1 Like
12

I didn’t, just tried with a certificate, did not seem to change anything.
Therefore changed the access URL to http://myhostname.com:32400. Same problem, is this correct with “http://…”?

13

It is correct with http if you don’t have a cert.
Allow it some time for the change to trickle down to the clients. This can take a while.

Your server and/or client settings still could throw a spanner in the works.
Don’t set “Secure connections” to “Required” on the server side.

Some client types provide similar preferences, which can be used to allow unsecure connections, either generally or only in the local network.

14

OK, I’ll wait then a bit and report back.
I did set “Secure connections” to “Preferred”.

15

I recommend you to let it sit over night. Restart the clients after that and perform a user switch (if you have a Plex Home with several users). This will force the client to contact plex.tv and refresh its info on available servers and their URLs.

1 Like
16

Ok, I’ll try again tomorrow.
Now that the custom security certificate is set up, which value should I use best for ‘server access URL’?

Option 1 (no SSL): http://myhostname.com:32400
Option 2 (SSL): https://myhostname.com:32400
Option 3 (no SSL & SSL): http://myhostname.com:32400, https://myhostname.com:32400

17

I’d tend to 2) but I will ask if it makes sense to define both variants.

Did you supply not only the pkcs#12 file, but also the passphrase (which is necessary to use it), as well as the domain name for which the certificate is valid?

18

Yes I provided all three. Just for clarification and other people who might want to know how to do this later, I’ll list how I’ve done it anonymously (by using my existing ‘.pem’-keys created by letsencrypt):

  1. Utilising following command:
    openssl pkcs12 -export -out certificate.p12 -inkey privkey.pem -in cert.pem -certfile chain.pem
    Then it asks me twice for an export password for which I’ll use MyExportPassword.
    Out goes a certificate.p12 file.

  2. I will move this file to a path /somepath/certificate.p12 which is accessible by Plex.

  3. Setting following settings in Plex>Settings>Network>Show Advanced:
    Custom certificate location: /somepath/certificate.p12
    Custom certificate encryption key: MyExportPassword
    Custom certificate domain: myhostname.com

Is this correct? Is there any way to check that it works?

19

Neither the protocol, nor the port number are components of the certificate domain.

20

So ok, it’s just myhostname.com