Orbi/Plex Remote access not working - Relay only

I’ve been running Plex for quite a while on my Orbi Mesh System (RBR20 + 3 sats). What I didn’t realize until recently that everything remotely accessed was through relay (2mbps cap). It was apparently checked by default. I disabled relay and then remote access didn’t work anymore. So I went down the rabbit hole to fix:

1. Called my ISP to put modem/router in bridge mode
2. Port forwarded 32400 in my Orbi and allowed in Windows firewall settings
3. Disabled and re-enabled uPnP multiple times
4. Disabled firewall completely to test
5. Tested port on Plex server (192.168.1.x)using Powershell and it was indeed open

I’m truly at a loss what to try. I wouldn’t think I’m in a double-NAT but can’t be for sure. Plex PC is hardwired into an Orbi satellite along with my NAS. Here is some additional info that may help:

• Whatsmyip shows IP as 64.17x.xxx.xxx
• Internet Port in Orbi shows
  -IP: 100.74.xxx.xxx
  -DHCP Server: 64.2xx.xxx.xxx
  -and (2) different DNS servers

I wasn’t sure if that may be were my issue lies. I thought in bridge mode, the router’s WAN port would display my public IP. I’m not network savvy so not sure, but I confirmed 3x from the ISP that it was in bridge mode.

I’ve read Plex troubleshooting guides, scoured Reddit and Netgear forums…no luck whatsoever. Been binging for 5 days straight trying to fix this. I’d greatly appreciate any assistance. Thanks everyone.

Your ISP uses CG-NAT, which is incompatible with Plex remote access. It places you in a double-NAT situation.

See if your ISP can assign you a publicly accessible IPv4 address that supports port forwarding. It does not have to be static, but it must be unique to your network. Most ISPs charge extra for this capability.

Thank you so much for your quick reply. That’s kinda what i was thinking too based on what I’ve read. I just called my ISP and they said they could assign me a static IP for $3.99 a month. Does that sound like all i need to do? If so, once I do, is there any additional setup instructions i would need to follow for Plex or my Orbi outside the normal setup?

Also, you said an IP that supports port forwarding. Do they forward the port on their end and i forward same port in Orbi?

The ISP does not configure port forwarding.

Once they assign you the static IP it should show up in the Orbi instead of the 100.74.x.x address.

You can then enable port forwarding in the Orbi using either UPnP or manual port forwarding.

UPnP is automatic. You enable it in the Orbi (it may be enabled by default). Plex Media Server then negotiates with the Orbi to open the port. On the Plex remote access page you do not check the “manually specify public port…” box. The port number will change every time remote access is enabled, PMS is restarted, etc. This is part of the UPnP protocol and is OK.

With manual port forwarding you configure the Orbi to use a fixed port number that never changes. You also configure the same port number in Plex Media Server and check the “manually specify public port” box. Plex always uses the same port number. Manually specified ports are useful with routers that do not support UPnP or have trouble negotiating with Plex to open ports.

Read through the Remote Access and Troubleshooting Remote Access support pages. The Basics of Remote Access Troubleshooting also contains helpful information.

Summary:

Step 1: Get the static IP.

Step 2: Make sure the Orbi sees the static IP.

Step 3: Configure port forwarding in the Orbi, either UPnP or manual.

Step 4: Configure Plex Remote Access.

Reply back with progress, issues, questions, etc.

Thanks for the clarification. I think once i get the static IP, i should be good from there…i hope!

Thanks again for all your help. Im going to call them tomorrow to get the IP. They said it could take up to 48 hours. I’ll post back with progress.

You do not need a static IP. I have run into this hundreds of times on SD-WAN. The solution is if your ISP’s modem/router is not doing your wireless and you have everything behind your own router or firewall, you ask them to put your connection in “Bridge” mode. It shuts off all firewalls and wireless and just makes it a Layer-2 modem. You will get a public IP. I did this on my AT&T connection as well as my Spectrum.

Then, in your router, you do your port-forward. You do not need a static.

ISPs are going to charge extra every month for a static IP. Save your money.

Per OP though

and it wasn’t working for them.

I can confirm it is/was in bridge mode. Even set my Orbi to AP mode to test. Don’t recommend doing that during the day while your wife is working!! Called this morning to get my static IP. They said it should be done by the end of the day. Hopefully, I can report back good news later today or tomorrow

Then I would, again, check the configuration in the router/firewall.

There are some situations where UPnP does not work.

Specifically, on my network it does not work because I use my main network switch as a Layer-3 switch and configured a different subnet as a transit network between switch and my firewall/router.

My firewall/router’s inside IP is 198.18.0.1/29 (which is a private IP address as 198.18.0.0/15 is private)

My switch is 198.18.0.2/29 on that connection to the router. For the VLAN my server is on, my switch is 192.168.250.254.24.

My server is 192.168.250.11/24.

My router/firewall has a static route for 192.168.250.0/24 to 198.18.0.2 (the switch). The switch has a route for 0.0.0.0/0 (default route) to 198.18.0.1 (the firewall/router).

UPnP is just not going to work because Plex changing its default gateway would be an attempt to change my switch, not my firewall/router.

What I had to do was set up a port-forward on my firewall and allow incoming connections on tcp/32400 on my two WAN interfaces (I have two Internet circuits plus a backup cellular 4G LTE USB dongle).

So, if either of my WAN interfaces see traffic destined to their public IP, that port is opened and then the firewall/router then redirects that traffic inside my network to IP address 192.168.250.11 (my Plex Server).

Your server as part of its initialization process sends its registration to Plex and then Plex knows your server is whatever public IP the registration traffic to Plex comes from.

Then, whenever a client you want to use for Plex wants to connect to your server but is outside your network, it sends a query to Plex that basically says, “Hey, how do I get to my server XXXX”. Plex says “It is it is over here at this IP Address x.x.x.x.” The client initiates a connection to that public IP and your router redirects it inside your network.

That is why you need the port-forward. Most times, UPnP will do this automatically for you. But, there are discussions dealing with security practices that state this may not be the most secure way of doing things because a malicious device could try and “hold the door open” for attackers. So, I would not be surprised if an upgrade turned that off by default.

So, if you look at your firewall/router’s configuration, look for Port-Forward, Port-Trigger or something similar. Not knowing what you have, I cannot go any deeper in the how, just the theory.

But, I am 100% sure you do not need a static IP if your firewall/router is configured correctly.

My setup currently only consists of Orbi router and satellites. I have in fact done the port forward using multiple ports and confirmed that the ports are open. However, it still would not work. I also tested without port forwarding using uPnP and did not work.

I would check documentation as well as maybe contact support. My worry is that you are going to go through the trouble and expense of getting a static IP and it still will not work because getting a static IP does nothing to forward that traffic to your Plex server. You are not addressing the root cause.

I am not familiar with Orbi but this was a quick search on the web:

The root cause is that the ISP uses CG-NAT.

CG-NAT places the end user in a double-NAT situation. NAT #1 is the carrier’s network. NAT #2 is the home router (whether supplied by ISP or by customer).

The ISP must provide a unique public IP address to the customer. It cannot be shared with another customer. It must bypass (or tunnel through) the CG-NAT process. While it does not have to be static, it seems most ISPs use static IPs to accomplish this.

Do what you want. But, if it does not work, I reserve the right to tell you I told you so.

Yes. I was behind the CG-NAT also. My ISP doesn’t allow port-forwarding without a static IP. Our OP @srtaylorjr is lucky. I pay $4.47 per month.

Glad to report that the issue is resolved. Most everything remote is direct playing now, depending on the client Thanks again for the help.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.