myPlex with a VPN that supports port forwarding

General Discussions
3

Here's how I successfully made MyPlex / PlexPass work with a VPN.

You have: 

  • Mac OS X Mavericks/Yosemite
  • AirVPN/PIA/whatever ( any VPN that supports port forwarding)
  • Any VPN client running on your mac

INSTRUCTIONS

1. Forward the port on the VPN.

  • Go to my VPN's web site to add a port forward.
  • I'm using AirVPN so I go to airvpn.org/ports/ and click the Add button. Don't fill in any of the fields. Let it assign a random port, and let it forward to the same local port.
  • Copy the randomly generated port number for later where you see VPN_PORT (replace VPN_PORT with your random port)

2. Set up port redirection in pf

  • Mavericks 10.9 (EDIT: And Yosemite 10.10) uses "pf" which is "The OpenBSD Packet Filter" for this type of thing (older Mac OS might have used ipfw or iptables)
  • Use the Terminal app to access the command line.
  • Create this port forwarding config file:
  • sudo nano /etc/pf.anchors/simons.plex.vpn.forward
  • Put this into the file. Replace VPN_PORT with the random port you got before.
# To allow access to Plex Media Server from outside the VPN AirVPN
VPN_PORT = "10196"
rdr pass inet proto tcp from any to any port $VPN_PORT -> 127.0.0.1 port 32400
  • Verify that you've got the syntax correct: 
  • sudo pfctl -vnf /etc/pf.anchors/simons.plex.vpn.forward
  • If you see "unknown port VPN_PORT" then you forgot to replace VPN_PORT in the file with your own randomly generated VPN port from step 1.
  • Create a pf config file:  
    sudo nano /etc/pf.plex.conf
  • Put this info the config file:
  • rdr-anchor "simons-plex"
load anchor "simons-plex" from "/etc/pf.anchors/simons.plex.vpn.forward"
  • pf doesn't run by default on Mavericks so start it up:  
    sudo pfctl -ef /etc/pf.plex.conf

3. Set up Plex Server

  • Go to Plex Media Server web interface > Settings > Server > Connect
  • Make sure you are signed in with your plexpass.
  • Check the box "Manually specify port" and enter VPN_PORT. Click the button (Update/Retry/whatever).
  • You'll see "Connecting Server..."
  • After a few seconds you should see "Server is mapped to port VPN_PORT"

4. Check it works with your Mobile phone or whatever

  • First turn off WiFi. (Otherwise your phone might connect on the local network and that's not what we want.)
  • Log in
  • It should automatically connect now. If not, try Refresh, Sync, and or waiting a minute.
  • Once you can see it works you can turn WiFi back on.

Please help make this unnecessary: If you'd like to request that Plex Server be modified so that this isn't needed any more, please vote on this: Bug: listen to Manually Specified Port on VPN interface.

...

The rest of this is just technical info and such, read if you're interested.

Manual debugging

I just want to note that if you're comfortable with the terminal you can use these commands to make debugging the connection a little easier:

  • Test if forwarding is working by doing the following from another computer on your local network:  
    telnet IP.ADDR.OF.PLEXMAC VPN_PORT
  • You should see (after a few seconds maybe):Trying 192.168.2.42... 
    Connected to 192.168.2.42.
Escape character is '^]'.
  • Now test if it's working through your VPN. Go to your VPN port forwarding website and get the Public IP. E.g. on OpenVPN this is called "Mapped to public IP". Now try this: 
    telnet PUBLIC.IP.FROM.VPN VPN_PORT
  • And you should connect. And that means it's working!

How to make port forwarding restart when you reboot your mac

To make pf run automatically when you reboot your mac, see OS X Server: How to enable the adaptive firewall (except change the conf file from pf.conf to pf.plex.conf)

Your router is NOT involved

Note that this does not involve the router in any way at all. If you are running your VPN on your router, then you need different instructions. If you are running it on your mac, then you don't need to change any router port forwarding at all, because the VPN will completely bypass the router.

 

This is actually a bug in Plex [devs!]

I love plex. That said, I think that, the Manually specify port feature could listen on the specified port on all interfaces which would make this unnecessary. I.e. including on the VPN interface instead of just on ethernet. uTorrent and others do it. If you'd like to request that it be fixed, please vote on this: Bug: listen to Manually Specified Port on VPN interface

Update Dec 21, 2014: Thanks to shpankey for fixing the typos in my first version. This version is fixed now.