Hmm… @ChuckPa knows much more about pfSense than I ever will. Perhaps he can provide some additional insight. But your laptop not being able to resolve those FQDNs while off VPN is definitely problematic.
1 Like
I’m just stuck. It connects to vpn it direct, if vpn disconnects it’s indirect
go ahead, i’m stuck
it just went quiet
Can you post your server logs (click the orange text to find how to configure and collect them) with Debug enabled; please ensure Verbose is not enabled. It might be useful to see what Plex sees as its available network interfaces.
Please stop and restart PMS and wait about 2 minutes before collecting the logs.
wouldn’t that show public ip?
It could, yes. If you’re more comfortable with it, you could DM them to me.
I was waiting for you to give me the OK.
In this configuration:
- PfSense is the root / in charge of Everything
– It maintains my FQDN certificate through its ACME package
– It maintains my WAN IP with CloudFlare DNS
– It is the default gateway for all subnets on the LAN
– It is the only/default gateway for all DMZ on the LAN
– It manages all VPNs (some point-to-point and some site-to-site)
– Pfsense creates and manages the needed subnets (virtual adapters).
The actual hardware:
-
Modem/router from the ISP → PASSTHROUGH mode (your Virgin router will do the same
– The WAN port of Pfsense gets your real WAN IP -
There are two switches (both VLAN-capable) to handle switching;
– one 48 port for the big equipment (10G)
– one 10 port for the 1GbE equipement uplink to 10G) -
The WiFi AP provides two subnets
– one on the main LAN
– one on a Guest LAN ( locked down with VLAN tagging to isolate it )
I have more to provide if I were to give a full up config
Here is a glimps at my PfSense dashboard
You can see the WAN, LAN, WiFi (Guest) and DMZ
in addition to all the other operational elements.
Rules for NAT (inbound) are on the other pages.
ACME, DNS, etc , are all here at the click of a button.
I only use a fraction of what it can do.
With PfSense, you don’t need a PiHole to complicate it.
You only need to put PfSense in charge
I have 9 servers on this LAN.
I can create more within seconds.
I can isolate anything in its own DMZ by simply creating a new virtual adapter , vlan, and adding it to the switch
1 Like
pihole has my DNS CNAME records so that’s what I use, passthrough mode do u mean modem mode?? if so I cannot do that as my pfsense doesn’t have a wifi card to broadcast wifi it only has LAN card inside
You can move those upstream to PfSense.
It will be your DNS master for the entire LAN and WAN (if you push your DYNDNS to someone like CloudFlare as I do
pm’d u
check your PM
I’ve only used pihole as I could use it for local DNS CNAME records. Plus I’m very amateur on pfsense so I rely on how to guides etc
I was amateur 2 years ago 
It feels daunting to start — I know this very well ! lol
the point-click nature of PfSense with it’s incredible sophistication won’t let you make bad mistakes (unless you want to open the firewall to the world lol)
1 Like
I just wish I new what was causing the problem. My pfsense its sole purpose is to section off my Media servers from my isp routers plus add the vpn layer to certain machines
Thanks, I got them. Unfortunately Debug logging wasn’t enabled so the information I was hoping to see isn’t in there.
Don’t worry about it at this point. ChuckPa will request logs from you if needed.
ok thankss
Can someone please help still
Let’s go ahead and grab those logs after all. Please see these two articles:
Debug Logging
Server Logs
The first describes how to ensure debug logs are enabled; the second describes how to collect the logs.
Once again, please restart your Plex server, wait two minutes, and then gather the logs. Feel free to DM them to me.
What I specifically want to see in the logs is what PMS is detecting as its primary network interface and what other interfaces/IPs it detects.
In this thread can you please describe your network in as much detail as possible? What we know about the network:
- You have an ISP router into which your Internet service terminates.
- Behind the ISP router is a pfSense firewall/router (what is this running on?).
- pfSense is in a DMZ on the ISP router, presumably passing inbound Internet traffic to pfSense.
- You have an OpenVPN client connection configured to connect to a SurfShark VPN server.
- All traffic, except that from your Plex server routes outbound via the VPN connection (as configured in a policy route in your firewall rules).
- Conversely, all traffic from your Plex server routes outbound via the bare WAN interface.
- You have a outbound NAT rule configured to translate the source address to the IP of the VPN interface on egress traffic from all clients using the VPN route.
- You have a pi-hole DNS server configured to handle DNS lookups.
- You stated you have no VLANs configured (so, a flat network).
- Your LAN network is numbered (presumably) as 192.168.0.x/24.
- Somehow Plex thinks its on a host with attached to a 10.84.x.x network (this is what I hope the logs help to clarify).
- Your pfSense LAN interfaces are bridged (an assumption based on your rule names).
Anything I’ve missed or gotten incorrect? Can you fill in any gaps?
1 Like
So it goes like this:
- ISP router is connected via a ethernet powerline plug then in a different room it exits into pfsense
- pfsense LAN network runs on “10.84.x.x” so any IP it grabs when a PC is connected to it will pick the 10.84.x.x ip.
- pfsense currently runs with Surfshark over wireguard vpn, the NAT and firewall rules have been configured so that the two plex servers bypass the VPN
- ISP has pfsense ip in the DMZ, so that any port forwarding I do with plex it sees it on the net
