Server Version#: 1.32.5.7349-8f4248874
Player Version#: Plex for Sonos 3.0.0
I have PMS running on a Linux box using the Sonos app on my phone to stream music to the Sonos speakers. I also have VPN configured on my router. This setup did work fine … until now.
I don’t know what changed, but now I have to disable VPN on my router to continue streaming music from PMS to the Sonos speakers. This is not an option.
Some more symptoms:
Logging in via app.plex.tv I see the PMS and Sonos listed properly under Authorized Devices
Logging in via app.plex.tv the PMS is listed as unavailable and cannot be configured
Logging in directly to the web interface of the PMS I can configure the settings of it
Under Remote Access I can hit Enable Remote Access which seems to succeed displaying Fully accessible outside your network but after 2 seconds changing to Not available outside your network. This was always like that, no change here really.
If I Enable Remote Access than on the Sonos app error message Unable to browse music is displayed.
If I Disable Remote Access than on the Sonos app error message No Plex Media Server available. Please make sure your Plex Media Server is accessible is displayed.
It seems that Enable Remote Access is somehow required; why? All my devices are on the same LAN and I only want to stream my music when I’m connected to the LAN.
But the main question is, why would VPN on the router needs to be disabled so that I can stream my music from the local PMS to the local Sonos speakers which are connected to the same LAN?
Am I missing something? What changed? Why did this work fine in the past but now not anymore; is Sonos to blame or Plex?
Any input please from Plex? What relevant change is causing this after upgrading to version 1.32.5.7349?
Also, probably unrelated as this is happened even before the upgrade of the PMS, when logging into the PMS from any client, warning
Security Alert
Another device is attempting to sign in using your Plex account. You should only continue if you know this device and intend to grant it access.
showing a wrong IP address is displayed. This seems wrong as well but I haven’t found a way to get rid if the warning.
Anything the Plex guys could do on their end to reset this? Any pointers are very much appreciated.
I looked at the log of IP addresses which your account has been using.
While everything is Metro area, some are Fairfax County and other show as downtown in the district.
Servers and devices have been Removed, Recovered, Added, and Deleted.
Remove / delete are what you can do in the GUI
Recovered happens when you restart the server after Removing it (the same ID numbers)
Added servers and devices are new to plex.tv
What’s happening is Plex.tv is seeing access bouncing all over the place and raising the “Hey, this makes no sense. You got a security / password problem?” flag to you
PMS is expecting them to be the same. The VPN throws it off.
Requests do go out but Plex.tv has no WAN IP which it knows to reply to (the one from your modem/router) . Authentication fails.
When the VPN is on the PMS server itself, the common technique is to create static routes to Plex.tv which bypass the VPN.
You’ll see two techniques used:
A FQDN as the published server access URL for playback. (plex.tv uses this)
What is the role of plex.tv in my setup apart from registration of the devices? My PMS, the Sonos app on my phone, and the Sonos speakers are all connected to the very same LAN. Was there a change recently?
Logging in directly to the web interface of the PMS I can configure the settings of it
Under Remote Access I can hit Enable Remote Access which seems to succeed displaying Fully accessible outside your network but after 2 seconds changing to Not available outside your network. This was always like that, no change here really.
If I Enable Remote Access than on the Sonos app error message Unable to browse music is displayed.
If I Disable Remote Access than on the Sonos app error message No Plex Media Server available. Please make sure your Plex Media Server is accessible is displayed.
this one bothers me the most:
If I Disable Remote Access than on the Sonos app error message No Plex Media Server available. Please make sure your Plex Media Server is accessible is displayed.
Let me ask the obvious basic networking:
Are server and Sonos speakers on the same LAN subnet ?
– For discovery to work without Remote Access, they must be on the same subnet.
If they are / should be, Are the Sonos wireless ?
– If wireless, is the AP in “Wireless Isolation” mode?
(AP isolation is the same thing as a firewall except in the AP itself)
Regarding Remote Access always failing, that will take a little more investigating but not too hard. Also, if the Linux firewall is enabled, have Plex’s ports been opened?
You would need the ability to manually enter the server IP in the player / client for multiple subnets to work. I know AppleTV and Nvidia support this. I don’t know about Sonos.
Adding the additional ports gets me Fully accessible outside your network but does not help with the original problem
Sonos allows to add external service plugins in the app, Plex is just one of many which I believe is provided by Plex itself; and it does not allow to specify a specific PMS IP address.
The issue here was the chain postrouting. After removing that rule this worked, including after rebooting.
Now I have consistently Remote Access > Fully accessible outside your network on the PMS, but when I go to plex.tv my PMS is still listed as not accessible.
The same is true on the Sonos app, I’m still getting No Plex Media Server available. Please make sure your Plex Media Server is accessible.
If you have multiple subnets for grouping – OK but there are adjustments needed.
If you have multiple subnets for security – Give up now. Anyone/anything which gets on your LAN only needs to nmap and discover everything.
I can’t remember how many times folks have built complex networks thinking it’ll make life easier when it’s been the exact opposite.
Example:
Bulk of home network on 10.X.y.0 subnets
PMS on an isolated 192.168.x.x subnet
In this case, EVERYTHING is remote from the server (based in IP addresses) even though it’s all on the local LAN.
Here’s a thought and suggestion to consider:
On the PMS host, Increase the subnet width and make it wide enough to include the sonos speakers on those other subnets as part of its subnet mask.
– By IP rules, this makes the Sonos speakers LOCAL.
I can now see that your Gentoo host has published itself at an IP address.
Go to LTE/Cellular mode and try connecting to your server.
– this will allow you to confirm the port forwarding from modem/router → server is indeed working.
Now I’m going to be a pain and ask “Why are the sonos speakers on a different subnet?”
I really ask myself if you’re , without realizing, overthinking this.
Plex is designed for the home, single subnet, operation.
The more folks try to force it into weird / fancy configurations, the more it fails.
Heck, I’m an ‘old fart’ (the dinosaurs and I were on a first-name basis ), so you know my networking is simple. I have a single 192.168.0.x subnet. I don’t have any security cameras. there is NO WAY I need more than 253 device IP addresses.
Believe me, I tried to keep everything on the same subnet, precisely for simplicity. But this has it’s drawbacks too. I’m hosting Plex, and other servers, in a container. This is by design and generally works quite well, including with the PMS, until recently.
Where is that? I cannot find it.
It’s the other way around. Everything is on the same subnet except the container hosting the web servers, including PMS.
Thanks for digging aound; I do have ports 32412-32414 already in the list of nftables forwarding ports on the host; currently I have all ports from netstat -tunlp | grep Plex listed in nftables for chain prerouting.
I guess the following information from you is critical.
I think if I only could register the PMS with the host IP instead of the container IP things should work.
This morning, without any changes, I suddenly got error You do not have access to this server.
So I executed ./claimpms.sh again. This time around, when the script asks me for the IP Address of PMS server, I entered the host IP address which then failed with
******** ERROR ********
We failed to get the Plex Media Server ID
Please check server is up and running, as well as the IP address entered
The same script succeeds when I provide the container IP. But I would rather have the PMS registered with its host IP address as then nftables running on the host will take care of the port forwarding to the container.
), so you know my networking is simple. I have a single 192.168.0.x subnet. I don’t have any security cameras. there is NO WAY I need more than 253 device IP addresses.