I understand. For now, just go ahead and run it as described above: On your laptop with the above commands, first with VPN disabled, then with it enabled.
Since the behavior you described (working with VPN enabled, indirect without) we want to see the DNS lookup results in both of those cases. Using both your configured DNS servers and forcing CloudFlare (1.1.1.1, which is known to work) Hopefully that makes sense.
can you run nslookup on windows?
Yes, I just tested it to be sure. I was in PowerShell, but it should work on a normal command prompt as well.
You need to specify the FQDN to lookup. For example:
nslookup 10-0-0-25.xxxxxxxxxxxxxxxxxx.plex.direct
and...
nslookup 10-0-0-25.xxxxxxxxxxxxxxxxxx.plex.direct 1.1.1.1
Those FQDNs come from the link I provided earlier:
https://plex.tv/api/resources?includeIPv6=1&includeHttps=1&X-Plex-Token=<your_plex_token>
[Edit]
So, if your connection string for local=â1â looks like this:
<Connection protocol="https" address="10.10.0.101" port="32400" uri="https://10-10-0-101.xxxxxxxxxxxxxxxx.plex.direct:32400" local="1"/>
The FQDN would be this:
10-10-0-101.xxxxxxxxxxxxxxxx.plex.direct
And the nslookups would be:
nslookup 10-10-0-101.xxxxxxxxxxxxxxxx.plex.direct
nslookup 10-10-0-101.xxxxxxxxxxxxxxxx.plex.direct 1.1.1.1
Delete that image, it contains sensitive information.
That long string of numbers and digits is your certificate UUID and is unique to you your server.
apologies
Actually it is unique to your user accocunt. The various servers (IF there is more than one) only vary in the part before it, which is simply their IP.
No worries, I just didnât want you to leak anything personal. likely wouldnât be terribly useful to anyone.
That certificate UUID is different for each of my servers.
did u get anythin from that pic tho, or do u need me to edit it and send again
Can you re-run the commands, post the image, but redact that long string of numbers/letters? And make sure youâre running the command for the local=â1â connectionâs FQDN. You should be running it a total of four times:
You donât need to redact the IP addresses from the results as long as it is the private IP addresses.
I redacted it because it showed my public ip
Dâoh! Thatâs my fault. Itâs because I told you to use the local=â0â connection and I should have said use the local=â1â connection. My apologies; Iâll correct the relevant posts above.
Please run as described in my last post, with the local=â1â connection.
Sorry for the confusion.
Thank you!
There is a DNS resolution problem when the VPN is not connected. It appears that the lookup requests are not even making it to the DNS server (neither the default one nor 1.1.1.1) or that the replies arenât making it back.
Do you have any rules in pfSense which might explain this? Itâs not immediately obvious to me your laptop is unable to reach either DNS server when the VPN is disconnected.
all my rules are posted above ^^
What is the laptopâs private IP address when not connected to the VPN? Is it on the same network as the pi-hole (192.168.x.x) or the 10.84.x.x network?
And that 10.84.x.x network looks a bit out of place, given that you mentioned that youâve not configured VLANsâŠ
laptop is on 192.168.x.x
While I was out taking care of things, I had an opportunity to compare this configuration with my configuration.
Would it be OK to share my thoughts on this?
Asking because if my configuration can serve as foundation, it would allow you to augment to add all the other requirements which the current configuration is struggling & failing to provide.
