When I enter the following I get errors:sudo pfctl -ef /etc/pf.plex.confNo ALTQ support in kernelALTQ related functions disabledpfctl: pf already enabled
The ALTQ stuff is not an error, it's an informational notice from pf that you can ignore. I get the same thing.
"pf already enabled" is OK as well, it's just telling you that it's reloading pf, which is what you want.
Don't forget to go to PMS and reconnect after you reload pf!
simon
What do you mean by you simply put the local port on airVPN to 32400? Do you mean you changed the vpn conf file to use the below
remote "vpn server address" 32400replacing "vpn server address" with your situation.
Are you connected to your VPN through your mac? Or through your router?
simon
* To make pf run automatically when you reboot your mac, see OS X Server: How to enable the adaptive firewall (except change the conf file from pf.conf to pf.plex.conf)
For Mavericks...
1. Run these commands on the server as an admin user to enable the adaptive firewall.
sudo pfctl -f /etc/pf.plex.confsudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serverctl enable service=com.apple.afctlsudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -csudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -f2. Edit /System/Library/LaunchDaemons/com.apple.pfctl.plist so that pfctl(8) is invoked with the -e flag. This will automatically enable the packet filter the next time the server boots. This can be accomplished with these commands:sudo defaults write /System/Library/LaunchDaemons/com.apple.pfctl ProgramArguments '(pfctl, -f, /etc/pf.plex.conf, -e)'sudo chmod 644 /System/Library/LaunchDaemons/com.apple.pfctl.plistsudo plutil -convert xml1 /System/Library/LaunchDaemons/com.apple.pfctl.plist
Really appreciate this guys. I have no idea what the hell I just did, but it worked.
Only part that didn't seem to work was what I've quoted, the last part to get the server to run the file again after every restart. In step 1, the first sudo seemed to work, but the 2nd one said that "command not found." I'm running a normal install of Yosemite 10.10.2, non server if that matters.
Really appreciate this guys. I have no idea what the hell I just did, but it worked.
Only part that didn't seem to work was what I've quoted, the last part to get the server to run the file again after every restart. In step 1, the first sudo seemed to work, but the 2nd one said that "command not found." I'm running a normal install of Yosemite 10.10.2, non server if that matters.
In order to run commands 2-4 (serverctl and afctl) you'll need OS X Server which is a $20 on the App Store. I don't have it either.
You can do command 5-7 (defaults, chmod, plutil) without OS X Server. That might make it startup automatically on reboot. I haven't tried it yet.
Are you connected to your VPN through your mac? Or through your router?
simon
I am connected to VPN via openVPN running in FreeBSD 9.3 Release. I did get this to work for a short time before everything went weird on my system. I started getting really bad ping latency like 3seconds and higher I was also dropping packets like crazy every two to three packets would be missing so I tried reboot the system which did not help at all. I found out my finch freebsd Chroot was down and not working. So I decided to redo the whole system again using NAS4FREE 9.3 release with FInch installed and running FREEBSD 9.3 RELEASE in a chroot.
Now I got everything working again and am having the same issue again with Plex. I am also finding that I cannot start deluge automatically in finch for some reason probably because it is waiting on another service to be avialable before starting. Not sure if I will use the plex pass as it does not seem to really work at all with a VPN.
This solution worked for me! Using PIA with OSX Lion. Woo frickin' Hoo!
However, unable to make port forwarding restart upon reboot as OSX Server only works with 10.10.1 or later. Still - happy with the work-around for the time being.
I have my Plex Server on a QNAP NAS, do you know:
How get the VPN PORT from the NAS with PIA VPN service? I was told that with the tool on a PC I can get too.
If your script can be adapt to a NAS server?
Any help is welcomed
Karl
Thank you so much! Worked like a charm. I'm on a mac running yosemite.
didn't work for me. I tried it and i still get a "connection refused" telnet saying i'm unable to connect to remote host.
I successfully connected to toronto with port 48549.
punched that number into here and verified that it was using en0 and tun0:
# To allow access to Plex Media Server from outside the VPN AirVPN
# local ethernet for testing (en0)
rdr pass on en0 inet proto tcp from any to any port 48549 -> 127.0.0.1 port 32400
# OpenVPN presumably is tun0
rdr pass on tun0 inet proto tcp from any to any port 48549 -> 127.0.0.1 port 32400
Syntax response: sudo pfctl -vnf /etc/pf.anchors/simons.plex.vpn.forward
Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
rdr pass on en0 inet proto tcp from any to any port = 48549 -> 127.0.0.1 port 32400
rdr pass on tun0 inet proto tcp from any to any port = 48549 -> 127.0.0.1 port 32400
created the config file added the:
Tried
didn't work for me. I tried it and i still get a "connection refused" telnet saying i'm unable to connect to remote host.
I successfully connected to toronto with port 48549.punched that number into here and verified that it was using en0 and tun0:
# To allow access to Plex Media Server from outside the VPN AirVPN
# local ethernet for testing (en0)
rdr pass on en0 inet proto tcp from any to any port 48549 -> 127.0.0.1 port 32400
# OpenVPN presumably is tun0
rdr pass on tun0 inet proto tcp from any to any port 48549 -> 127.0.0.1 port 32400Syntax response: sudo pfctl -vnf /etc/pf.anchors/simons.plex.vpn.forward
Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
rdr pass on en0 inet proto tcp from any to any port = 48549 -> 127.0.0.1 port 32400
rdr pass on tun0 inet proto tcp from any to any port = 48549 -> 127.0.0.1 port 32400
created the config file added the:
load anchor "simons-plex" from "/etc/pf.anchors/simons.plex.vpn.forward"After this, I stay can't connect.I can connect just fine w/out the client. I have tried Romania / Switz. / Toronto ports from Private Internet Access.~Art
any thoughts @sbwoodside? ~ thanx
I can also confirm that this works with the VPN from Private Internet Access (PIA) when using (and enabling) a server that supports port forwarding.
I have a similar situation that I'm trying to resolve. I have an Asustor NAS server (AS5104T), on which I have successfully configured a TorGuard VPN connection and installed Plex Media Server. When the VPN is disconnected, Plex is accessible outside my network; advanced settings shows the following:
Private nn.nn.nn.nn : 32400 <- Public xx.xx.xx.xx : 16019 <- Internet (nn.nn.nn.nn is the correct private IP; xx.xx.xx.xx is the correct public IP)
However, when I connect the VPN the external accessibility dies. I have asked TorGuard to open port 16019 on the VPN server, which they have done, but this makes no difference. I then happened upon this thread, which seems relevant as it is discussing the same sort of situation, where the VPN connection and Plex are on the same machine.
So, from what I can gather, I need to have the NAS server forward tcp traffic on port 16019 on the VPN network interface (I've established that this is tun255) to port 32400 on localhost (127.0.0.1). However, the NAS uses iptables instead of pf so I'm trying to translate your scripts accordingly, but without success.
What I've run is:
iptables -F FORWARD iptables -A FORWARD -p tcp -i tun255 --sport 16019 -d 127.0.0.1/24 --dport 32400 -j ACCEPT echo "1" > /proc/sys/net/ipv4/ip_forward
I believe this should:
I then manually specify port 16019 in Plex Settings->Server->Remote Access but it still comes back with the following in advanced settings:
Private Unknown IP <- Public vv.vv.vv.vv : 16019 X Internet (vv.vv.vv.vv is the correct VPN server IP)
Please can anyone help me with this? I've never configured port forwarding before so I'm not even sure that the iptables command above is actually correct. Even if it is, I could still be missing other steps...
Thanks!
This is a fantastic solution to make VPNs like PIA work! That said, for those of us that are unfamiliar with the Terminal.. Would anyone be willing to post screens or a video of how to do this method? I've tried myself a couple of times, but I haven't had such luck in getting this to work specifically for PIA. Any help would be appreciated. Thanks! And thanks sbwoodside for this great fix! Can't wait to get this working correctly. Forgive my lack of knowledge..
Thanks for this very helpful workaround. Using PIA (with port forwarding) and Yosemite, I can get this to work reliably, but eventually it stops and I need to run the last command in Terminal again (sudo pfctl -ef /etc/pf.plex.conf). I haven't checked thoroughly but this seems to pop up on a daily or semi-daily basis. Any idea why or how to prevent it? Is there a way, maybe via automator, to run that command every X hours?
Thanks again.
It’s been a while since I checked in here.
@whartung @fauntue @shagaholik @tanseycg @Nemo0079 thanks for the positive feedback.
Thanks to everyone for voting on the bug fix. However, the link seems to be dead now. I can’t find it when I search the forums either. What happened to it?
@clint.street Since you are running your VPN on a separate machine (on FreeBSD), I would suggest for simplicity try running Plex Server on the FreeBSD machine as well. If you do that, the same principles used on Mac OS X should apply on FreeBSD in terms of how to set up port forwarding.
@karlegas I don’t have a NAS so I can’t adapt it myself. I would guess that it can be adapted. The VPN_PORT is always going to be the randomized port you are assigned by PIA or your other VPN provider.
@Artist701 You didn’t say if you ran ‘sudo pfctl -ef /etc/pf.plex.conf’. Otherwise everything looks OK. Can you run ‘ifconfig’ in the Terminal and past the results here?
@ptomblin It’s possible that your iptables is wrong. It’s been a while since I used it. Check out http://serverfault.com/questions/140622/how-can-i-port-forward-with-iptables. If you’re experimenting, check out the “Manual debugging” section of my post for easier ways to determine if it’s working.
@Nemo0079 I don’t have time to make a video, but I’d be happy if someone did. If you’re unfamiliar with the Terminal, I suggest you start with a basic Terminal tutorial — just google it.
@joeyberger That’s really strange. I wonder if there’s something else on your system that’s trying to reset pf?
This method has been working like a charm for me for about 6 months! I use PIA and changing the port every now and then… But a few weeks ago, im not sure why but it just doesnt work anymore! I tried Telnet a refused connection! I have also tried open port tools and they also say its closed. Im not sure what has changed, but Im totally stumped, any ideas? Thanks
@sbwoodside this link?
https://forums.plex.tv/discussion/145989/bug-listen-to-manually-specified-port-on-vpn-interface/
@sandman4sure When I go to that link I get Permission Problem. You don’t have permission to do that. Maybe because I don’t have Plex Pass any more?
Yes, it is in the Plex Pass section under Feature and Bug voting…
hey @sbwoodside, i’m in the same boat as @Artist701 - ran everything according to the instructions with no issues, but still can’t connect remotely. here’s my ifconfig:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>
ether 00:1f:5b:3c:de:f8
nd6 options=1
media: autoselect
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>
ether 00:1f:5b:3c:de:f9
nd6 options=1
media: autoselect
status: inactive
en2: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:1d:4f:ff:6b:47
inet 192.168.0.6 netmask 0xffffff00 broadcast 192.168.0.255
nd6 options=1
media: autoselect
status: active
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:22:41:ff:fe:e8:9b:36
nd6 options=1
media: autoselect
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.170.1.10 → 10.170.1.9 netmask 0xffffffff
