Only have 'indirect connection' to my plex server on my local network

Hi, I’ve only just installed Plex media server on my UnRaid box. It seems to be working fine. I downloaded the Plex media player embedded app, and I’ve installed that onto an Intel NUC. The client starts up ok and, after going through the account linking step, it’s accessed the media server OK, but only with an ‘indirect connection’. The server and the client are currently in the same room and connected through the same unmanaged switch (!!!???).

Is there some setting on the server app I need to change, or some setting elsewhere that needs to change? I cannot figure this out!

could be because of the default being to use Secure Connections and you have DNS Rebinding Protection in the router blocking the secure connections through the local network using plex.direct url that resolves to the local IP

See my post here http://forums.plex.tv/discussion/comment/1516941/#Comment_1516941 which has links to support articles mentioning DNS Rebinding Protection

Thanks for this. I had a quick look at your other post - it looks likely this might be the issue. However, I’m struggling to understand all of this so I need to move slowly. Also, my router (which was provided by my ISP) doesn’t look like it has the capability to change any DNS settings. I’ve set the connection to ‘not secured’ just to get running, and that’s working in the interim - however, I’d like to get the secure connection working if I can. I might need to think about this one a little more…

Thanks for your help.

@Roscoe6262 said:
Thanks for this. I had a quick look at your other post - it looks likely this might be the issue. However, I’m struggling to understand all of this so I need to move slowly. Also, my router (which was provided by my ISP) doesn’t look like it has the capability to change any DNS settings. I’ve set the connection to ‘not secured’ just to get running, and that’s working in the interim - however, I’d like to get the secure connection working if I can. I might need to think about this one a little more…

Thanks for your help.

well i have been living with it since day 1 as my router does not allow me to configure any whitelist for it

With Plex Media Server remote access configured and working then it ought not be using indirect connection but may use your public ip and public port

You can confirm this is happening by finding out what the plex.direct url and then doing an nslookup on it using default DNS and google dns and see if it fails on the default one

You can fnd the url in the connection info in the xml you get back from this browser request

https://plex.tv/pms/resources.xml?includeHttps=1&X-Plex-Token=xxxxxxxxxxxxx
You would need to find your server security token and include it in the request
See https://support.plex.tv/hc/en-us/articles/204059436-Finding-an-authentication-token-X-Plex-Token

I’m very sorry. I’m trying to understand what you’ve posted in your reply, but I’m really struggling! (I had to do a google search to find out what nslookup actually was!). I followed through as much as I could.

First, I did the nslookup command from my local PC - DNS was currently set to go to my router.
As per the plex instructions for finding an authentication token, I logged into Plex media server, looked at the info for one of my movies, and looked at the xml to get the token. I then plugged the token into your command line above (the one in red) and put that into my browser, and took a copy of the page that came back.

Then, I changed the dns on my pc over to google dns, & rebooted.
I reran nslookup and confirmed DNS was now using google dns.
I logged back into my plex media server, again checked out the token for the same movie (it hadn’t changed), and issued the command line above in red again in my browser. I got another ‘xml’ page back, but it didn’t seem to look any different.

I think I’m missing something. I appreciate so much that you’re taking the time to respond, but the procedure you’ve given is above my head so it’s making it quite difficult. Can I ask you to lay it out for me a little simpler? I’m happy to do this in small steps, as long as you can be patient.

Again, thanks so much for your help so far!

The xml you get back from https://plex.tv/pms/resources.xml?includeHttps=1&X-Plex-Token=xxxxxxxxxxxxxx will have the connection routes to your servers.

This is an example

<Connection protocol="https" address="192.168.1.152" port="32400" uri="https://192-168-1-152.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct:32400" local="1"/>

There would be one line with local="1" and if you have remote access enabled then one with local="0" which has the route using your public IP address

If remote access is not enabled or is not working then Plex Relay gets used and that would get flagged as being Indirect. To see any Plex Relay routes, you would need to change the resources.xml request to be in this form
https://plex.tv/pms/resources.xml?includeHttps=1&includeRelay=1&X-Plex-Token=xxxxxxxxxxxxxxxxx

The indirect plex relay routes would show in the xml with local="0" relay="1"

To establish if you have DNS Rebinding protection block in your router, you take the connection string for local="1"
So in my example it is the following element within the uri string
192-168-1-152.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct

In command line window you then do these tests

nslookup 192-168-1-152.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct

If you do not have DNS Rebinding Protection and no block on DNS lookup for this, then the command will return for this example 192.168.1.152 as the IP Address for the url
If you have DNS Rebinding Protection then it will error and say not found

You can then repeat the test with google dns for your local plex.direct url eg for my example:

nslookup 192-168-1-152.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct  8.8.8.8

And this would normally succeed

Thanks for this. I “think” I’ve been able to follow along with this.

FWIW, the second resources xml request is probably the better of the 2 because it contains both https and relay. In my case I got back four connections.

Connection A is ‘local=1’, and the IP address is the one I have allocated to the UnRAID box running the plex media server.
Connection B is ‘local=1’, and has an IP address I don’t recognise.
Connection C is ‘local=0’, and has my public IP address
Connection D is ‘local=0’, and ‘relay=1’ and uses an IP address I don’t recognise

When doing NSLookups for each while using my router as the DNS, the results are as follows…

A) Can’t find address for server WW.WW.WW.WW.plex.direct…no information
B) Can’t find address for server XX.XX.XX.XX.plex.direct…no information
C) Address YY.YY.YY.YY (DNS request timed out)
D) Address ZZ.ZZ.ZZ.ZZ (DNS request timed out)

Then I switched over to the Google DNS and re-ran the NSLookups…

A) Address WW.WW.WW.WW (DNS request timed out)
B) Address XX.XX.XX.XX (DNS request timed out)
C) Address YY.YY.YY.YY (***No internal type for both IPv4 and IPv6 Address (A+AAAA) records available for nslookup)
D) Address ZZ.ZZ.ZZ.ZZ (DNS request timed out)

Obviously I’ve obfuscated the real IP addresses.

I’m not quite sure what to make of the above. Does any of the above give you any further useful information in figuring out what’s going on? Let me know whether there are any further tests I can do.

send me the exact commands and results by private message - as it is showing in your post this says DNS lookup is not working for all - so could be certificate issue. you can also save the xml into txt file and send me that as well

would be good to get a set of Plex Media Server logs after restarting the server - to see if there is any issue with the certificate for secure connections

See https://support.plex.tv/hc/en-us/articles/201643703-Reporting-issues-with-Plex-Media-Server
https://support.plex.tv/hc/en-us/articles/200250417-Plex-Media-Server-Log-Files

Thanks for sending me the results of the tests. I am going to summarize (masking out your public IP info and full routes)

nslookup using your router default DNS

It is rejecting the local network ones - only allowing the public IP addresses. So yes this is DNS Rebinding protection in place in your router.
Your https route on internal network to your local IPs

> nslookup 10-1-1-6.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct
*** Can't find address for server 10-1-1-6.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct: No information

> nslookup 172-17-0-1.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct
*** Can't find address for server 172-17-0-1.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct: No information

Your https route through your public IP

> nslookup 210-24x-xxx-xxx.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct
Server:  210-24x-xxx-xxx.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct
Address:  210.24x.xxx.xxx

Your https route through Plex Relay IP

> nslookup 184-105-148-105.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct
Server:  184-105-148-105.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct
Address:  184.105.148.105

nslookups using Google DNS 8.8.8.8

The address lookups return the right IP addresses ok for local and public

> nslookup 10-1-1-6.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct
Server:  10-1-1-6.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct
Address:  10.1.1.6

> nslookup 172-17-0-1.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct
Server:  172-17-0-1.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct
Address:  172.17.0.1

> nslookup 210-24x-xxx-xxx.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct
Server:  210-24x-xxx-xxx.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct
Address:  210.24x.xxx.xxx

> nslookup 184-105-148-104.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct
Server:  184-105-148-104.ffxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.plex.direct
Address:  184.105.148.104

What this means is that local clients trying to connect securely using https then they will not be able to using the local IP route because of the DNS Rebinding Protection and so will go through the routes that work. That would be your public remote IP url above or if remote access is not working then the indirect Plex Relay route. The default is to force secure connections for all requests. Client apps have an optional setting for allowing fallback to insecure connections.

You could try and see if configuring DNS in the router to use Google DNS overcomes the issue.
Some routers do have configuring whitelists for DNS Rebinding Protection and one can add plex.direct. In my case I just live with the problem and make sure my Remote Access is always working - by adopting a manual port forward and manually specifying the public port rather than the unreliable uPnP automatic configuration

Noticed something strange in the server log and I am not sure what impact it has
When listing network interfaces, the loopback was listed twice - don’t know why that happens here

Sep 25, 2017 20:51:24.313 [0x2b0e073ef6c0] DEBUG - Network interfaces:
Sep 25, 2017 20:51:24.313 [0x2b0e073ef6c0] DEBUG -  * 1 lo (127.0.0.1) (loopback: 1)
Sep 25, 2017 20:51:24.313 [0x2b0e073ef6c0] DEBUG -  * 1 lo (127.0.0.1) (loopback: 1)
Sep 25, 2017 20:51:24.313 [0x2b0e073ef6c0] DEBUG -  * 6 eth0 (10.1.1.6) (loopback: 0)
Sep 25, 2017 20:51:24.313 [0x2b0e073ef6c0] DEBUG -  * 8 docker0 (172.17.0.1) (loopback: 0)
Sep 25, 2017 20:51:24.313 [0x2b0e073ef6c0] DEBUG -  * 9 virbr0 (192.168.122.1) (loopback: 0)

See if you have any non standard settings
what does ifconfig show?

As mentioned before, there is a section on DNS Rebinding Protection here
https://support.plex.tv/hc/en-us/articles/206225077-How-to-Use-Secure-Server-Connections

I did have “enable server support for IPv6” enabled. Would that have something to do with it?

I managed to find the area within the router to change DNS to Google DNS (which I’ve now done). Unfortunately it didn’t solve the issue.
I know you’ve done a lot so far, but could you possibly walk me through setting up the manual port-forwarding procedure you’ve used?

@Roscoe6262 said:
I did have “enable server support for IPv6” enabled. Would that have something to do with it?

It should not - but best to disable it

@Roscoe6262 said:
I managed to find the area within the router to change DNS to Google DNS (which I’ve now done). Unfortunately it didn’t solve the issue.

If the default dns with this change returns Can't find address for the local IP plex.direct url then it means it is still the same - and that is how it is on my router.

@Roscoe6262 said:
I know you’ve done a lot so far, but could you possibly walk me through setting up the manual port-forwarding procedure you’ve used?

Port Forward and Manually Specifying port should offer a more reliable remote access - will not fix the underlying problem but with working remote access, your local secure connections would show as Remote as opposed to Remote and Indirect

web site portfoward.com has info on most routers.

• First make the local IP Address of the server permanent (last time we checked it was 10.1.1.6
  So look at DHCP Settings in the router and DHCP Reservation and see how to add the server as a reserved permanent IP
• Then find the Port Forward section in the router settings. Port Formward and not Port Triggering. And setyp a rule in the Port Forward table. Name it Plex. and forward WAN/Public port 32400 to LAN / Private Port 32400 to forward to 10.1.1.6. Save and Apply the changes. Reboot router and server to confirm that the DHCP Reservation is working and the IP (check by ifconfig or LAN Settings) is still 10.1.1.6
• Open Settings / Server / Remote Access / Click on Show Advanced. Tick Manually Specify Port and enter 32400 in the box and connect . If you need to retry or disable / re-enable remote access, make sure you leave a 30 second gap between each click. If it is not showing green, do not click on buttons but just refresh the browser with F5.

@Roscoe6262 said:
I managed to find the area within the router to change DNS to Google DNS (which I’ve now done). Unfortunately it didn’t solve the issue.

If the default dns with this change returns Can't find address for the local IP plex.direct url then it means it is still the same - and that is how it is on my router.

I followed up with my ISP. Disappointingly, although the functionality is present to change the DNS routing to Google, it’s disabled - they confirmed it.

• First make the local IP Address of the server permanent (last time we checked it was 10.1.1.6
  So look at DHCP Settings in the router and DHCP Reservation and see how to add the server as a reserved permanent IP
• Then find the Port Forward section in the router settings. Port Formward and not Port Triggering.

On the router it is listed as ‘Port Mapping’ - hopefully that’s OK.

Again, thanks so much for your support and guidance. I’m heading out of town for the next 4 days, but I will dive into this properly on my return.

For those who are still having problem connecting… I tried all the above with no result… The only thing that fixed it for me was running Windows 10 HomeGroup troubleshooter. You can access it through settings / troubleshoot / HomeGroup / Run The Troubleshooter. Hope this helps some of you.

@blazingkong said:
For those who are still having problem connecting… I tried all the above with no result… The only thing that fixed it for me was running Windows 10 HomeGroup troubleshooter. You can access it through settings / troubleshoot / HomeGroup / Run The Troubleshooter. Hope this helps some of you.

Thank you so much, this seems to have fixed the problem for me!

I’m experiencing this issue right now. Has anyone found a simple/consistent fix to this?

I have exactly the same issue, nice reply to the potential problem, now, any chance of that again but without any assumption I know what I am doing… that made absolutely no sense to me whatsoever.

Does this mean that if I “Disable” secure connections and on my Fire TV plex app also change the “Allow Insecure connections” to Always then things should work?

The issue I am hitting is that when i try to “Disable” secure connections on my server, the server shows up as offline on my Fire TV.

An issue has recently been found in Plex for Android which has just fixed.

See release note for 7.7.1

• [Mobile] Relay connections would take precedence over local connections.
• [Mobile] App could end up trying to use an out of date Relay connection.

If problems persist with 7.7.1 would need to see fresh logs from the server and the app

I think I am going to need to ask for some help with this, my local server is being viewed as a remote rely, as a result it is bouncing out to their servers and then back to my roku, this has caused a lot of issues for watching shows on my roku, and if it keeps up and I can’t get it fixed I am just going to have to leave plex for a different software package. I really miss how it was working before, it was ideal for me.

so far the only way it works at all, if I have it set to secured connections preferred, if I turn on things like the IPv6 it stops working and so forth, I have to have remote access enabled as well, even though before the update I had this disabled.

It currently runs off the same switch as my roku, and the switch is a true dumby switch, they should not be showing on a subnet, based on the IP address for each device.

could be because of DNS Rebinding Protection on your router - you could try a test with disabling secure connections on the server and trying the app with setting of allow fallback to insecure connections for all

For logs - see
https://support.plex.tv/articles/201643703-reporting-issues-with-plex-media-server/
https://support.plex.tv/articles/200250417-plex-media-server-log-files/
https://support.plex.tv/articles/201377603-roku-logs/