I have seen a few discussions about how to run a Plex server on the same machine where a VPN like PIA , VyprVPN or otherwise is running. The problem being that the Plex server configures it’s remote access and publishes the public IP address of the VPN client and the VPN provider does not allow access to the server through any port.
Apologies if this solution is elsewhere in the forum already.
I personally wanted to find a (relatively) simple solution that did not involve routing tables or running scripts and batch files. I was not averse to doing any port forwarding on my router and this solution does require port forwarding.
NOTE: This solution is for Windows . It should work with a Linux server too but a bit more reading would be required and will probably involve scripting or command line configuration of some sort but then again if you are running a Linux server you are probably used to that anyway.
Firstly, my own setup is as follows :
Windows 10 professional laptop running Plex server and VyprVPN client.The laptop is directly connected to my router via ethernet cable (although there is no reason this solution should not work for a wifeless connection too)
Problem: Plex server remote access was attempting to use the public IP of the Vypr client and thus could not be reached from the outside world.
My solution works using Dynamic DNS.
I signed up for a hostname using the noip.com DDNS service. The free service will require you to reconfirm your hostname each month and they remind you via email to do this or you can spend a few dollars to have your hostname permanently reserved on their service. Free or paid is up to you and both will work just fine.
For the purposes of this discussion lets assume I set up a DDNS hostname of “myplexhost.noip.me”
I then downloaded their dynamic update client and installed it. This client runs on the server and published your public ip to the world and associates it with your hostname.
At this point I will mention that if your physical internet router supports DDNS services then it gets even easier and their are full instructions for setting this up at the noip.com site. My own router does support ddns through noip.com and it works fine but the remainder of this post deals with the windows update client so dont worry if your router does not support it.
It should also be noted that there is a Linux version of the update client available too but that is the bit where you would have to go reading on your own if you run a linux plex server.
To continue: Once the dynamic update client from noip.com is downloaded and installed I configured it to publish my public ip address and associate it with my hostname. The instructions for that bit are simple on the site so I won’t go into it in details.
Here is the first workaround however: The noip dynamic update client was publishing the public ip of my vpn client in the same way as the plex server was BUT if you go into File->Preferences in the DUC client there is an option to bind the client to a specific network adapter. In my case I set it to bind to my ethernet card and chose the option to “Detect my ip using remote methods”… The DUC client was now detecting the public ip of my router rather than of the VPN. which is what is needed. It was then associating the public ip of my router with the hostname “myplexhost.noip.me”
Now, the next step was to get the plex server configured to use this hostname.
In the plex server configuration screen under “Remote access” I set the plex server port manually to 32400.
Then under the “Network” configuration further down the left of the screen there is a section titled "Custom server access URLs.
In this section I entered the string “http://myplexhost.noip.me,https://myplexhost.noip.me” (without the quotes but include the comma between the URLs)
On this same screen I set the “Secure connections” option to “Preferred” (but you can try a different setting than “preferred” here depending on your security requirements)
I then saved this configuration and Plex server now publishes these URLs
The last step is then to port forward port 32400 on you router to port 32400 on the internal ip address of your plex server (e.g. 192.168.1.10 or whatever ip is being assigned by your router to your server) . Setting a static ip for your plex server on your router is also a good idea if you can. In theory you should also be able to use a different port number instead of 32400 as long as the same port number is configured in the plex server configuration and forwarded on your router. You may want to also check that whatever firewall solution is running on your plex server is allowing inbound connections on your chosen port.
When all this is done a plex client on the outside should now be able to connect to your plex server and a web web browser should also be able to connect to http://myplexhost.noip.me:32400 or https://myplexhost.noip.me:32400.
It should be noted that in the plex server config it will still show that remote access is still NOT working but plex clients should still be able to automatically “see” and connect to the server from the outside world via the custom URLs.
Plex clients on either your “home” network or the outise world should now be able to see your plex server with no additional configuration required on the client (handy for friends and family members!)
Hope this helps someone and is not too complicated!
This doesn’t work for me. Plex web can’t connect and the Plex android client falls back to an indirect connection. Once I turn the VPN off it works fine. But it doesn’t work with the VPN running.
Great workaround. I just gave up on remote access myself, since I’d rather keep my VPN on my router for network wide protection. i spent some time looking into it and my setup pretty much renders remote access impossible. But if I revert back to a VPN on one computer I’ll definitely try your setup, thanks.
@jaydee77ca
First up is the question : Are you running your VPN directly on your router or is it a VPN client running on the same machine as plex server?
I probably should have been more clear in my post (and @brokejoke2 rightly points out) that my solution is only for a vpn client running on the same machine as the plex server. If the VPN is running directly on the router then this solution will in all likelihood not work without some sort of manual routing setup on the router.
If your setup is similar to mine (VPN client running on the same server as plex and no VPN running on the router) then let me know and I can suggest some troubleshooting steps that may help find your root cause.
The VPN client is running on the Plex server. When the VPN is running Plex clients on the internal network can still connect and work fine. I’m guessing the VPN does something when it runs to prevent traffic from outside the local network from going over the non-VPN interface?
OK @jaydee77ca ,
I will document some troubleshooting that I did when I was getting this solution working. It will be quite simplistic to help other readers at all levels.
With the VPN turned ON on the server open a browser (on the server) and go to www.whatismyipaddress.com
Take note of the ip address it shows. This is the public IP of your VPN and lets refer to it as MyVPNip
With the VPN turned OFF refresh the same page on your browser and the site should show you a different ip address and this should be the public ip address that your ISP is providing to you. Lets refer to this as MyISPip.
Do this step with the VPN ON : Open the noip.com DUC . There should be three “ticks” on the screen showing the DUC is operating properly. Beside the bottom “tick” the ip address shown should be the same as MyISPip. If it is not then you will need to go into File->Preferences and try various combinations of the network adapter to which the client is bound and the various check buttons and check boxes below it. Every time you change one of these preferences, close the preferences window and press the “Refresh Now” button on the DUC client main screen. When the ip address shown is the same as MyISPip then you have found the right combination for your setup. If you had made any changes in order for the DUC to show MyISPip then test your plex client from outside your network again (allowing enough time for the new IP on the NOPIP DNS server to be updated)
If still not working then lets first just check the host that your DUC is updating. On the DUC main screen press the “Edit hosts” button. The hostname you set up on the noip.com web site should be shown and it should have the check box beside it ticked. We will refer to this host name as MyNOIPhost.
If all the above is OK and plex clients on the outside of your network still cant connect we will then test your port forwarding. For the purposes of this test I would ask that you replicate my own setup. Once working you can make changes to your preference and see if the solution still works :
On the plex server remote access configuration screen make sure remote access is enabled (although it will show it is not working if your VPN is switched ON which is OK). Set the port number to 32400 and tick the box beside the port number to make sure the manual port is recognised. Save these changes if any.
Make sure that on your internet router that port 32400 is forwarded to the internal ip address of your plex server. The internal ip address of your server will be different to MyISPip and MyVPNip and will likely be something like 192.168.x.x or 10.x.x.x . You should not be port forwarding to one of your public ip addresses in any case. For belt and braces make sure that both UDP and TCP traffic is forwarded (just trying to think of every setting that could be different!)
Now, from a browser on a machine OUTSIDE your own network try the following addresses : http://MyISPip:32400 and https://MyISPip:32400
If one or both of these addresses results in seeing the plex login screen then port forwarding on 32400 is OK. You may get an invalid certificate warning when using https but ignore that and tell the browser to proceed to the address anyway.
If this is working then you can next try the following addresses : http://MyNOIPhost:32400 and https://MyNOIPhost:32400
If these work then your noip DNS service and port forwarding are both working.
If you still cannot connect from a plex client on the outside network or through app.plex.tv from the outside then recheck the Plex server configuration screen under the “Network” option and make sure that “Secure connections” is set to “Preferred” and that the custom server URL access string is set to http://MyNOIPhost,https://MyNOIPhost
If you make any changes here, don’t forget to save them with the save button at the bottom of the screen and re-test. The “comma” between those two addresses is important in the custom URL string.
These are the DUC preference settings I had to use to get it to bind to the ip address from my ISP rather than the VPN ip.
This results in getting my ISP public ip address (obscured)
The 192.168.1.9 address in the first screenshot is the internal ip assigned to the server by the internet router and is the internal ip to which port 32400 is forwarded on the router.
The 86.x.x.x address in the second screenshot is the public ip from my ISP.
Sorry, I should have mentioned that my dynamic DNS is running on my router, not my server. I tried using my dyndns host name and just the IP address to connect while the VPN is running but neither worked.
Hi @jaydee77ca ,
I can only come to the same conclusion that you have also i.e. that your VPN client is somehow blocking inbound traffic not only through it’s own interface but also through the ISP connection.
Is there any setting on the client that “forces” all internet traffic through their client and , if so, can that option be turned off temporarily for testing?. I know some clients have this option so that the customers can be sure traffic does not “accidentally leak” out of their machines through any path other than the VPN so I guess such an option may also kill inbound traffic.
Who is the VPN provider? It is ok of course if you prefer not to name the provider of the VPN client although it may help if others have the same problem.
Another question to the above @jaydee77ca : Are you using a vpn app or program to provide the VPN connection or have you set it up manually using the in-built Windows VPN setup options?
Thanks for taking the time to point the option to enter an URL out, fortunately I already had my router set up with DDNS, ports forwarded etc. as I used DDNS to acess my Plex dash from anywhere. All I had to do was enter the URLs and so far it seems to be working with PIA VPN client installed on my Plex host. Nice solution as I was having trouble getting the Xflak scripts to work.
Love this easy to follow tutorial but I’m having an issue here. No matter the settings I either get a red X, or I get my VPN IP. I’d love to chat and troubleshoot this.
Put your VPN client on a DD-WRT router and use policy based routing to exclude your Plex server from the VPN.
In my case I want my Plex server to be connected to the VPN I have DD-WRT router with VPN client connected to AIRVPN server with remote ports forwarded. I use policy based routing to leave other hosts on the network connect outside the VPN. The only unusual part was I had to use DNATing to open ports for VPN traffic.
Works great and I can switch between VPN and normal on any device on my network by only changing its IP address.
Hi @Sakuryu ,
Did you try the 5 troubleshooting steps I posted earlier in this thread?
In particular try this test (test 4.) :
" 4. If all the above is OK and plex clients on the outside of your network still cant connect we will then test your port forwarding. For the purposes of this test I would ask that you replicate my own setup. Once working you can make changes to your preference and see if the solution still works :
On the plex server remote access configuration screen make sure remote access is enabled (although it will show it is not working if your VPN is switched ON which is OK). Set the port number to 32400 and tick the box beside the port number to make sure the manual port is recognised. Save these changes if any.
Make sure that on your internet router that port 32400 is forwarded to the internal ip address of your plex server. The internal ip address of your server will be different to MyISPip and MyVPNip and will likely be something like 192.168.x.x or 10.x.x.x . You should not be port forwarding to one of your public ip addresses in any case. For belt and braces make sure that both UDP and TCP traffic is forwarded (just trying to think of every setting that could be different!)
Now, from a browser on a machine OUTSIDE your own network try the following addresses : http://MyISPip:32400 and https://MyISPip:32400
If one or both of these addresses results in seeing the plex login screen then port forwarding on 32400 is OK. You may get an invalid certificate warning when using https but ignore that and tell the browser to proceed to the address anyway.
If this is working then you can next try the following addresses : http://MyNOIPhost:32400 and https://MyNOIPhost:32400
If these work then your noip DNS service and port forwarding are both working."
I think it may be that your port forwarding is not set up correctly. Try all 5 troubleshooting steps too.
You do not need to be worried about the “Red X” . This whole solution was designed to get remote access via a normal Plex client from outside your home network even when the Red X is showing.
I have also discovered since my original post that the Red X does NOT show if the Plex server software is started BEFORE the VPN client is turned on. I discovered this by accident one day when the VPN client failed to start at boot time.
To test this (on Windows) you can exit the Plex server software by right clicking the Plex icon in the taskbar and clicking “Exit”. Stop the VPN client. Restart the Plex server from the start menu and then restart the VPN client.
If you do that strictly in order then the Plex server should pick up the ISP IP and the red X should be gone. If not, and you see the ISP IP but still have the Red X then this does really point to a port forwarding issue on your router.
Outstanding Post and very simple implementation to get it to work! Bravo!
I looked at many articles on the web in an attempt to get this implementation to work but had no success until I found your post.
My setup: I have a Windows 10 workstation behind a COX Arris modem that I couldn’t get to enter bridged mode. So, I set my router/wifi combo to WAP only and used the Arris modem to forward all ports required to my Windows 10 box.
I purchased ExpressVPN service initially because I have Deluge Bittorrent running and must have anonymity. But, I also had Plex running on the same Windows 10 workstation. I was able to get Bittorrent to work fine but not Plex.
I had a No-IP account already, so used that in the location mentioned by your post and presto, it worked! I’m glad that you mentioned that the ! would still be present on the Connection Setting page, otherwise I would still be troubleshooting. I connected to plex.tv and verified that I could connect with my client, actually more reliably than before.
Thanks for the help! This beats having to change VPN providers and trying a bunch of other troubleshooting methods to get it to work.
Great Chris. Glad it worked for you.
You are indeed right to point out to anyone following this thread that it is important to recognise that the Plex server settings console will still show that remote access is NOT working even though it WILL work by following the setup described.
Regards,
Sean
I really wish there was a VPN setting in the Plex server app
This seems like a pretty useful feature for people like me that don’t have the technical knowledge but still want the protection of a VPN service.
although it may help if others have the same problem.