I have remote access working fine for a long time now. I have two sites that were connected by an OpenVPN site-to-site tunnel and I transitioned to using IPsec for faster speeds. I’m still troubleshooting it as I have issues with outbound NAT’ting but basically the port forward to this Plex Media Server that goes through the tunnel does not work yet. However, to my surprise, PMS says it is fully accessible outside the network when it shouldn’t! This tool verified that too:
Actually, whatever port I try, it says it is fully accessible from outside. This is not very too concerning for me security wise because I’m a 100% sure that the ports I’m trying are not port forwarded (closed) from the pfsense firewall I use. It’s just a cosmetic bug in the PMS that concerns me. Can you guys check on this?
I know that when I was doing the first time, this remote access check was working perfectly (says it’s not accessible from outside when it really isn’t). But I’m not sure what happened now? I even did packet captures and inbound traffic from that test never reaches the PMS.
Well, you can forget about the VPN. Just think that the port is not forwarded properly but the PMS GUI still shows that it is. Any ideas where to start?
Question, does the Remote Access “test” always being sourced from your plex.tv servers? I bet it is because when I do a packet capture it always has an external source IP. I just had to ask. But still the GUI test is inaccurate at this point and I’m calling a bug here.
Yes. That green/red is basically if Plex.tv can access your server. If that shows green and remote access isn’t working, then something is blocking the incoming from where ever else you are trying.
Right and like I said I’m expecting it to not work and it’s definitely not working when I go to plex.tv from outside. But when I’m inside either network, the Remote Access test says it is working even though it shouldn’t. This was not happening before.
For simplicity’s sake, let’s just say that basic port forwarding is not yet setup. I don’t want to include the vpn stuff in this discussion because that is not the point of the issue. If port forwarding is not configured, then the remote access test in the GUI should say “Not available outside your network”. I checked just now and it looks to be saying it. When I posted this issue, it was saying “Fully accessible outside your network” even though the actual test (using the tool I provided above) says it can’t reach it. The tool was more accurate because, like I said, port forwarding was not yet setup so there’s no way that incoming packets can even reach the PMS in question.
Do you have the remote access setting enabled? If it’s disabled, did you have it enabled previous with port forwarded set correctly. Turning this off does not remove the port forwarding rules from your router so remote access can technically still work now that it’s disabled. Keep in mind that disabling this setting does not actually block incoming traffic it just stops publishing your settings to Plex.tv, but if the old settings haven’t changed, it still works.
If it is still enabled but your port forwarding rules are wrong, do you have the option enabled to “manually specific public port”? If not, then PMS will use UPnP so you don’t need port forwarding rules. If your router has UPnP enabled, this will also automatically just work.
I’m a network engineer by profession, btw. I do packet captures for a living so I know the incoming packets do not reach the PMS. To answer your questions though:
Yes, I do have remote access enabled. I know that turning this off won’t actually block anything. The PMS is always listening at port 32400 and having a port forward (in networking terms, a destination NAT) will still make incoming packets reach the correct interface.
Yes, I do have “manually specific public port” enabled but it’s still using the default 32400. And I have that checked for the exact reason you said, UPnP, as I did not want that enabled. Also, since this PMS we’re talking about is in the other side of the tunnel, UPnP won’t work anyway so that’s not it.
So you don’t have a port forwarding rule? If so, then yeah, remote access should not show as available. Have you checked if it’s actually available or if it’s just a bug in the Web client showing the wrong status?
Well, only on the networking side of things. When it comes to the inner workings of Plex, I’m a noob as you can tell
Yes, I purposely disabled port forwarding for now as I was testing an unrelated issue. I was just curious why it still showed accessible at time of posting this issue.
Yes, I did check if it’s actually available or not by accessing it from an external network, and it was not. The tool I mentioned above is also proof of that. It checks if the port is open or not. But then again, it shows the accurate status now so it could be a bug. I’ll monitor for now and if it ever comes back, I’ll post back. I’m sure it was just a GUI bug.
