myPlex with a VPN that supports port forwarding

UPDATE: I figured out how to make this work. See the solution below in the #3 post.

UPDATE FEB 8 2015: Plex pass users please vote to have this bug fixed: https://forums.plex.tv/topic/145989-bug-listen-to-manually-specified-port-on-vpn-interface/

Whoa, I totally got this to work. It's a bit complicated, so I'll post more in a while.

Here's how I successfully made MyPlex / PlexPass work with a VPN.

You have: 

• Mac OS X Mavericks/Yosemite
• AirVPN/PIA/whatever ( any VPN that supports port forwarding)
• Any VPN client running on your mac

INSTRUCTIONS

1. Forward the port on the VPN.

• Go to my VPN's web site to add a port forward.
• I'm using AirVPN so I go to airvpn.org/ports/ and click the Add button. Don't fill in any of the fields. Let it assign a random port, and let it forward to the same local port.
• Copy the randomly generated port number for later where you see VPN_PORT (replace VPN_PORT with your random port)

2. Set up port redirection in pf

• Mavericks 10.9 (EDIT: And Yosemite 10.10) uses "pf" which is "The OpenBSD Packet Filter" for this type of thing (older Mac OS might have used ipfw or iptables)
• Use the Terminal app to access the command line.
• Create this port forwarding config file:

• sudo nano /etc/pf.anchors/simons.plex.vpn.forward

• Put this into the file. Replace VPN_PORT with the random port you got before.

# To allow access to Plex Media Server from outside the VPN AirVPN
VPN_PORT = "10196"
rdr pass inet proto tcp from any to any port $VPN_PORT -> 127.0.0.1 port 32400

• Verify that you've got the syntax correct: 
  

• sudo pfctl -vnf /etc/pf.anchors/simons.plex.vpn.forward

• If you see "unknown port VPN_PORT" then you forgot to replace VPN_PORT in the file with your own randomly generated VPN port from step 1.
• Create a pf config file: 

  sudo nano /etc/pf.plex.conf

• Put this info the config file:

• rdr-anchor "simons-plex"
  load anchor "simons-plex" from "/etc/pf.anchors/simons.plex.vpn.forward"

• pf doesn't run by default on Mavericks so start it up: 

  sudo pfctl -ef /etc/pf.plex.conf

3. Set up Plex Server

• Go to Plex Media Server web interface > Settings > Server > Connect
• Make sure you are signed in with your plexpass.
• Check the box "Manually specify port" and enter VPN_PORT. Click the button (Update/Retry/whatever).
• You'll see "Connecting Server..."
• After a few seconds you should see "Server is mapped to port VPN_PORT"

4. Check it works with your Mobile phone or whatever

• First turn off WiFi. (Otherwise your phone might connect on the local network and that's not what we want.)
• Log in
• It should automatically connect now. If not, try Refresh, Sync, and or waiting a minute.
• Once you can see it works you can turn WiFi back on.

Please help make this unnecessary: If you'd like to request that Plex Server be modified so that this isn't needed any more, please vote on this: Bug: listen to Manually Specified Port on VPN interface.

...

The rest of this is just technical info and such, read if you're interested.

Manual debugging

I just want to note that if you're comfortable with the terminal you can use these commands to make debugging the connection a little easier:

• Test if forwarding is working by doing the following from another computer on your local network: 

  telnet IP.ADDR.OF.PLEXMAC VPN_PORT

• You should see (after a few seconds maybe):Trying 192.168.2.42...

  Connected to 192.168.2.42.
  Escape character is '^]'.

• Now test if it's working through your VPN. Go to your VPN port forwarding website and get the Public IP. E.g. on OpenVPN this is called "Mapped to public IP". Now try this:

  telnet PUBLIC.IP.FROM.VPN VPN_PORT

• And you should connect. And that means it's working!

How to make port forwarding restart when you reboot your mac

To make pf run automatically when you reboot your mac, see OS X Server: How to enable the adaptive firewall (except change the conf file from pf.conf to pf.plex.conf)

Your router is NOT involved

Note that this does not involve the router in any way at all. If you are running your VPN on your router, then you need different instructions. If you are running it on your mac, then you don't need to change any router port forwarding at all, because the VPN will completely bypass the router.

This is actually a bug in Plex [devs!]

I love plex. That said, I think that, the Manually specify port feature could listen on the specified port on all interfaces which would make this unnecessary. I.e. including on the VPN interface instead of just on ethernet. uTorrent and others do it. If you'd like to request that it be fixed, please vote on this: Bug: listen to Manually Specified Port on VPN interface

Update Dec 21, 2014: Thanks to shpankey for fixing the typos in my first version. This version is fixed now.

Getting an error when trying to run the config.

Mini-Me:~ MiniMe$ sudo pfctl -vnf /etc/pf.plex.conf

pfctl: Use of -f option, could result in flushing of rules

present in the main ruleset added by the system at startup.

See /etc/pf.conf for further details.

/etc/pf.plex.conf:2: syntax error

Mini-Me:~ MiniMe$ 

Same problem here. Looks like it's this line...

rdr pass on tun0 inet proto tcp from any to any port VPN_PORT -> 127.0.0.1 port 32400

No idea how to fix it though! 

Same

Just going to update your directions, you had a mistake on it (forgot "simons" in one area)...

1. Forward the port on the VPN.

• Go to my VPN's web site to add a port forward.
• I'm using AirVPN so I go to airvpn.org/ports/ and click the Add button. Don't fill in any of the fields. Let it assign a random port, and let it forward to the same local port.
• If using Astrill, go to the "VPN Services" tab, switch the "Port Forward" to ON. It will show you the generated port number.
• Copy the randomly generated port number for later where you see VPN_PORT (replace VPN_PORT with your random port)

2. Set up port redirection in pf

• Mavericks uses "pf" which is "The OpenBSD Packet Filter" for this type of thing (older Mac OS might have used ipfw or iptables)
• Use the Terminal to access the command line.
• Using your favourite editor create the file /etc/pf.anchors/simons.plex.vpn.forward
• E.g. 

  sudo emacs /etc/pf.anchors/simons.plex.vpn.forward

• Put this into the file. Replace VPN_PORT with the random port you got before.

• # To allow access to Plex Media Server from outside the VPN AirVPN
  # local ethernet for testing (en0)
  rdr pass on en0 inet proto tcp from any to any port VPN_PORT -> 127.0.0.1 port 32400
  # OpenVPN presumably is tun0
  rdr pass on tun0 inet proto tcp from any to any port VPN_PORT -> 127.0.0.1 port 32400
  

• Verify that you've got the syntax correct: 

  sudo pfctl -vnf /etc/pf.anchors/simons.plex.vpn.forward

• Create a pf config file: 

  sudo emacs /etc/pf.plex.conf

• Put this info the config file:

• rdr-anchor "simons-plex"
  load anchor "simons-plex" from "/etc/pf.anchors/simons.plex.vpn.forward"

• pf doesn't run by default on Mavericks so start it up: 

  sudo pfctl -ef /etc/pf.plex.conf

• Now you can test if this is working by doing the following from another computer on your local network:

   telnet IP.ADDR.OF.PLEXMAC VPN_PORT

• You should see (after a few seconds mabe):

  Trying 192.168.2.42...
  Connected to 192.168.2.42.
  Escape character is '^]'.
  

• Now test if it's working through your VPN. Go to your VPN port forwarding website and get the Public IP. E.g. on OpenVPN this is called "Mapped to public IP". Now try this:

  telnet PUBLIC.IP.FROM.VPN VPN_PORT

• And you should connect. And that means it's working! *

3. Set up Plex Server

• Go to Plex Media Server web interface > Settings > Server > Connect
• Make sure you are signed in with your plexpass.
• Check the box "Manually specify port" and enter VPN_PORT. Click Update.
• After a few seconds you should see "Server is mapped to port VPN_PORT"

4. Set up your Mobile phone or whatever

• First turn off WiFi. (Otherwise your phone might connect on the local network and that's not what we want.)
• Log in
• It should automatically connect now. If not, try Refresh, Sync, and or waiting a minute.
• Once you can see it works you can turn WiFi back on.

That's all. Not so complicated after all...

* To make pf run automatically when you reboot your mac, see OS X Server: How to enable the adaptive firewall (except change the conf file from pf.conf to pf.plex.conf)

For Mavericks...

1. Run these commands on the server as an admin user to enable the adaptive firewall.

Just want to update, after adding your missing "simons" back in there, this is working fantastically! So thank you soooo much for this! You have no idea how long I've been messing around with static routes, vm's and various methods to no avail. Not only does your method work and work great, it's by far and away the easiest to do.

Thank you thank you thank you *infiniti*

Question though, does this still route through the VPN, and hence slow down? I mean, it works great right now, but I'm wondering if the speed is now limited by what my VPN provides or does this not go through the VPN at all? Ie: does my VPN speed factor into the equation at all?

Note, it had another missed typo (I've since edited and fixed in my corrected post above). So if it didn't work for you before, try it again and it will for sure now. So it's all good now. I just want to add, after a reboot, I've found I've had to go into the server and hit "Retry" on the port mapping (i.e.: just redo Section 3). It only takes a second to do, but if for some reason you have to reboot, you might keep that in mind if it doesn't automatically work for you right away.

I got this to work simply by putting the local port on AirVPN to 32400. Whatever port number AirVPN then gave me, I put into my Plex settings. Just by doing that, it works with the VPN.

For it to work without the VPN, I updated my router settings and set an external port to the one AirVPN gave me and the internal to 32400.

Now it works whether I am connected to my VPN or not. Pretty cool.

Thanks shpankey for promoting my solution :-)

Now it appears that the Plex team have actually corrected the original problem that created the need for tall this. So as starvinmarvin14 says, I don't think it's needed any more.

As I said in my OP, other apps like uTorrent supported port forwarding with a random port already, and Plex had the UI which seemed to show it would do it. So my guess is there was a bug and it's fixed now.

Im a PIA (private internet access) for VPN which has long had issues with plex just wanted to say this worked a treat for me,

connect to one of the servers that allows port forwarding, in my case Romania

and use the above guide with the port number given to you by the PIA App, (hover over client and it will display port)

then connect plex server to the same port....

my router has been untouched

So Many thanks for this solution works a charm

obviously if your vpn service disconnects you may find the port number changes on reconnect at which point you will need to do the steps above again...and again

thanks

Thanks shpankey for promoting my solution :-)

Now it appears that the Plex team have actually corrected the original problem that created the need for tall this. So as starvinmarvin14 says, I don't think it's needed any more.

As I said in my OP, other apps like uTorrent supported port forwarding with a random port already, and Plex had the UI which seemed to show it would do it. So my guess is there was a bug and it's fixed now.

 Do you know which version they fixed this in? I am using NAS4Free OS and it is really hard to find the latest version on this website? 

 Do you know which version they fixed this in? I am using NAS4Free OS and it is really hard to find the latest version on this website? 

Never mind I see the latest Version 0.9.11.7.803-87d0708 I was looking under NAS however it is not a bought NAS it is a built NAS from a computer and is part of FreeBSD 9.1 so I needed to look under their computer link.

I need to update my version and see if that solves the problem with OpenVPN issues.

Thanks,

Clint

clint, this is an issue that was corrected in Plex, not in OpenVPN.

Here's a simple test to see if your VPN port forwarding is working.

Run a different app that can work as a server. For example, a web server running on port 80 or 8080. In my case, I have uTorrent listening on a port.

Forward a port on your VPN to that server.

telnet YOUR_IP YOUR_PORT and see if you connected. You will see Connected to YOUR_IP.

Escape character is '^]'.

Updated instructions, verified work in Yosemite.

Version&nbsp;<span>0.9.11.7</span>

and it is also showing  Something went wrong. Please install the update manually.

I have installed manually and from scratch no previous installation of plex.

Thanks in advance

I got this to work simply by putting the local port on AirVPN to 32400. Whatever port number AirVPN then gave me, I put into my Plex settings. Just by doing that, it works with the VPN.

For it to work without the VPN, I updated my router settings and set an external port to the one AirVPN gave me and the internal to 32400.

Now it works whether I am connected to my VPN or not. Pretty cool.

What do you mean by you simply put the local port on airVPN to 32400? Do you mean you changed the vpn conf file to use the below

remote "vpn server address" 32400 

replacing "vpn server address" with your situation.