Hi,
for those who have an Active VPN on their Synology NAS and a plex server that struggle with remote access
I made this script based on that topic ( NAS Synology VPN Bypass Plex )
#!/bin/bash
set -euo pipefail
# Ensures dig availability even at boot time (non-interactive task)
export PATH="/var/packages/DNSServer/target/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH"
### --- PARAMETERS TO BE ADJUSTED--- ###
DOMAIN="plex.tv"
GATEWAY="192.168.1.1" # <- your gateway
IFACE="ovs_eth1" # <- your interface
STATE_FILE="/var/lib/plex-routes.state"
LOG_FILE="/volume1/scripts/plex_routes/plex-routes.log"
LOG_TAG="plex-routes"
IPV4_RE='^([0-9]{1,3}\.){3}[0-9]{1,3}$'
### ----------------------------- ###
# --- Compact logging + single rotation (1 MB) ---
log_init() {
mkdir -p "$(dirname "$STATE_FILE")"
mkdir -p "$(dirname "$LOG_FILE")"
# very simple rotation: truncate beyond 1 MB
if [[ -f "$LOG_FILE" ]] && [[ $(stat -c%s "$LOG_FILE" 2>/dev/null || echo 0) -gt 1048576 ]]; then
: > "$LOG_FILE"
fi
}
log() {
local ts
ts="$(date '+%Y-%m-%d %H:%M:%S')"
echo "[$ts][$LOG_TAG] $*" >> "$LOG_FILE"
logger -t "$LOG_TAG" "$*"
}
require_root(){ [[ $EUID -eq 0 ]] || { echo "Run as root (sudo)."; exit 1; } }
assert_tools(){
command -v dig >/dev/null 2>&1 || { echo "dig required."; exit 1; }
command -v ip >/dev/null 2>&1 || { echo "'ip' required."; exit 1; }
}
get_ips(){
# Unique, clean IPv4 addresses
dig +short A "$DOMAIN" \
| grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' \
| awk -F. '$1<256&&$2<256&&$3<256&&$4<256' \
| sort -u
}
add_route(){
local ip="$1"
[[ "$ip" =~ $IPV4_RE ]] || return 0
ip route replace "${ip}/32" via "$GATEWAY" dev "$IFACE"
log "ADD ${ip}/32 via $GATEWAY dev $IFACE"
}
del_route(){
local ip="$1"
[[ "$ip" =~ $IPV4_RE ]] || return 0
local dest="${ip}/32"
if ip route show "$dest" | grep -q "$GATEWAY"; then
ip route del "$dest" via "$GATEWAY" dev "$IFACE" 2>/dev/null || true
log "DEL ${dest} (obsolete)"
fi
}
main(){
require_root
assert_tools
log_init
touch "$STATE_FILE"
# 1) Current IPs from DNS
mapfile -t CURRENT_IPS < <(get_ips)
if [[ ${#CURRENT_IPS[@]} -eq 0 ]]; then
log "SKIP: No IPv4 returned for ${DOMAIN}"
exit 0
fi
# 2) Previous IPs (cleaned)
if [[ -s "$STATE_FILE" ]]; then
mapfile -t OLD_IPS < <(grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' "$STATE_FILE" | sort -u)
else
OLD_IPS=()
fi
# 3) Addition/update
for ip in "${CURRENT_IPS[@]}"; do
add_route "$ip"
done
# 4) Removal of obsolete items
for old in "${OLD_IPS[@]:-}"; do
local still=false
for ip in "${CURRENT_IPS[@]}"; do
[[ "$ip" == "$old" ]] && still=true && break
done
[[ "$still" == false ]] && del_route "$old"
done
# 5) Saving the state (clean)
printf "%s\n" "${CURRENT_IPS[@]}" > "$STATE_FILE"
log "OK ${DOMAIN}: ${#CURRENT_IPS[@]} IP(s) actives -> ${CURRENT_IPS[*]}"
}
main "$@"
- script explanation
it’s quite simple,
the script perform a “dig A plext.tv” command
then take those IPs
and will create a static route on the NAS.
So your plex server will always provides flows through that route using the interface that you want
it will also clean previous outdated IPs
→ you will be able to bypass the VPN connection, especially if it’s your default gateway (my case)
precision: by default, dig is not installed
the simplest way I find, was to install the DSM packet “DNS server”
- edit script
just modify the variables
- gateway IP
- your dedicated interface : ovs_ethx → ovs_eth1/2/3/etc
- you can also create a log file that will keep a track of that
- file location
I didn’t want to modify technical files through ssh
so, the script can be stored on a volume folder
/volume1/scripts/plex_routes/plex-static-routes.sh
/volume1/scripts/plex_routes/plex-routes.log
- rights
just made the script file executable with
sudo chown root:root /volume1/scripts/plex_routes/plex-static-routes.sh
sudo chmod 755 /volume1/scripts/plex_routes/plex-static-routes.sh
- task scheduling
just create 2 task on the settings
- 1 at boot
- task : Plex Routes - Startup
- user : root
- event : boot
- task settings :
/bin/sh -c ‘sleep 120; /volume1/scripts/plex_routes/plex-static-routes.sh’
(sleep 120 is for giving time to you VPN connection to be effective, you can lower/increase it if needed )
- 1 recurring every X hours/days
- task : Plex Routes - Update
- user : root
- task settings :
/bin/sh -c ‘/volume1/scripts/plex_routes/plex-static-routes.sh’
- verification
ssh command
traceroute -n -m 1 plex.tv
you should have this response, if the IP corresponds to the IP exposed through “dig A plex.tv” → 
traceroute to plex.tv (xx.xx.xx.xx), 1 hops max, 60 byte packets 1 192.168.1.1 0.539 ms 0.470 ms 0.457 ms
or
ip route show
you should have this response, if the IP corresponds to the IP exposed through “dig A plex.tv” →
52.209.82.108 via 192.168.1.1 dev ovs_eth4 52.213.108.76 via 192.168.1.1 dev ovs_eth4
on the first reboot, you will have to go to plex server settings / remote access
then re-enable it through your own rules of port forwarding.
then it will be transparent for you NAS & plex server
it works like a charm on my DS1821+ running DSM 7.2.2-72806 Update 4
[EN]plex-static-routes.sh.zip (1.8 KB)
