Plex showing indirect connection on local network and no manual access to PMS

Thank you @pl_5309 for your message.

I have posted same issue here with log files in an attempt to get a response from the Plex support team. I attached same log files here.

Plex Media Server Logs_2020-01-22_21-30-25.zip (2.0 MB)

Thank you, I can see that the Router is blocking the Plex Relay and performing DNS-Rebinding protection. If you are using the Disney Circle feature there are exceptions that would need to be entered. Regarding your Public IP vs LAN ip these are normal and expected.

So on your list.

1. DNS-Rebinding
2. Are you using http://192.x.x.x:32400/web?
3. DNS-Rebinding
4. Router stops blocking the NAT redirection since all addresses are local.
   Edit for readability.
   You can work around most of the issues by putting the server ip(192) in the client configuration and not worry about where plex.direct resolves to. If you want remote access, port forwarding will work better than UPNP. Something to try from Page 61 of the Manual is to change the NAT filtering to less secured.

Thank you @pl_5309.

Yes.

Can you be more specific please? How can I achieve this? The client configuration is on router side or Plex side?

Thanks

For Plex Media Player, switch to TV mode and then go into settings.

Under main change:
Allow Fallback to Insecure Connections to On same network as server
Under Manual Servers, enter local ip address of server.

https://support.plex.tv/articles/115000473213-settings-plex-media-player/

Took a second look at your logs and now see that things were working (Jan 15th) and then stopped(Jan 18th), did you make a network change or update your FreeNAS? The interface went from igb0 to epair0b.

So, I did this and same thing happened; after restarting the PMS, the connection remained direct for short period of time and then it went back to indirect.

Also, what in the logs is indication of direct or indirect connection?

Thanks

I also tried this; I changed the NAT Filtering to Open in my router settings. This one did not work as well.

I should of made this bold:

Took a second look at your logs and now see that things were working (Jan 15th) and then stopped(Jan 18th), did you make a network change or update your FreeNAS? The interface went from igb0 to epair0b.

Something changed on the freenas and Plex can’t figure out what the default adapter is which is causing you the headache. Normally you would set “Preferred network interface” under Settings>Network but it doesn’t appear to be accepting a value in the 1.18 versions. One of the Mods said it will appear with/after 1.18.6.

The only thing that I changed was trying another network interface in FreeNAS jail which resulted in no internet connection in the jail so I put back things the way they were. But the reason that I did that, was to solve the indirect problem of Plex at first place. So, that cannot be the case that the change on the FreeNAS cause Plex to behave like this.

I have the same issue. For no reason, my previously always connected server now suddenly cannot be found, or the connection is suddenly insecure (according to Plex). I get prompted to allow insecure connections and to reconnect. I do both and it still cannot find my server (which is a hard drive connected to the computer). Logged out and then back in yesterday and it fixed the issue. Today, not working. I’m not super tech-saavy.

The latest Beta 1.18.6.2368 restores the ability to choose the default network adapter please give that a try.

I don’t know if this is the same thing, I updated to the latest update this morning. I updated after I started getting the issues I listed. I just got home from work and tried to reload Plex and it’s still telling me it’s not a secure connection and asking me to allow an insecure connection. I allow it and then it says it’s unavailable. It’s an internal hard drive on my computer.

After trying to follow instructions that tell me to select options that aren’t available, I was able to get Plex to recognize the server and it asked me to claim the server. I clicked to claim, then after a short while of waiting the claim server button grayed out and is no longer working. Now my server shows up again and there’s a grayed out globe and when I click on the server, it tells me “no soup for you! you do not have access to this server.” I’m getting insanely frustrated.

So, I think the issue was somewhere in my Plex configuration inside “plexdata-plexpass” directory, not sure what.
I don’t think it has anything to do with double NAT or DNS-Rebinding.

Here is what I did,
I created a new jail on my FreeNAS and setup a new PMS from scratch on the new jail. Everything worked fine and I did not have any indirect connection. So, I decided to copy my PMS configuration from the problematic server to this newly created one. I copied the whole “plexdata-plexpass” directory based on this guide.. The problem reappear on the new server.

p.s.,
If anyone from Plex is reading this post, I am highly disappointed with Plex support and I am actively looking for an alternative.

Greetings.

Hopping on this post as @Kourosh.mk seems to have made an effort and I am facing both issues, too.

1. DNS rebinding - I see this a lot on the forums and in troubleshooting guides but… how do you actually troubleshoot this? nslookup/DIG? from inside? outside?
   On an AVM Fritz Box there is an actual field where you can add “plex.tv” and exempt it from DNS rebind protection. On the Zyxel router I have here I fail to find this setting.
   Or do you have to add “plex.direct” there? Does it have to resolve to the media server’s IP, then? I could just set up a static DNS entry, no? (TV is not mobile…)

2. using the https://[SERVER IP]:32400/web link the connection is indeed “local”. so that’s fine.

3. creating a NAT rule/port forwarding to the server actually makes it work as “remote” - which works but I can’t play 4K content like this. This is now a luxury problem But an important one, nevertheless - I want this to work on the TV, too. (Android TV) - so I can’t easily set static DNS entries.

• Both these settings are gone in version 1.8.0.1159-67c4a549
  (plex player windows 10)
• On the (android) TV client (version: 7.30.2.16712) the setting is gone, too.
• On my mobile phone (same version) I can go Settings > Advanced > Manual Connections and enter the server IP. Is there a way to force the TV out of TV mode to get there? (I only get a “remote control optimized” settings menu on the TV…) - is this because of missing touchscreen? By design? I mean… it makes sense… typing an IP with the remote is almost as annoying as a password (bless the devs for plex.tv/link )

I really want to add information to this article:
It shows how to manually connect using a browser but I need a fix using a TV/embedded client
And ideally an explanation what DNS actually wants > what needs to be resolved to what?

thanks

Andreas

Plex creates a Dynamic Cert linked to your public IP, reference Secure Connections and Troubleshooting.

You want to add plex.direct to the rebind protection. Review the ‘Plex Media Server.log’ and look for identity, this should be a combination of your public ip + cert + plex.direct:{externalport}/identity . If you copy and paste that into a browser it should return an XML string if your port is open, DNS is resolved and NAT (Hairpin) reflection is working. Doing it from outside will check it the port is open and DNS is resolved.

Locally you can use a second machine and ssh -vvvp 32400 plexserver , if the connection is refused then you know the port is blocked by the server.

DIG: On the server check the DNS by using the identity string from the log to see if the server’s DNS is returning an answer.

I couldn’t find a Windows Client 1.8.0, be sure you are not using the app from the Windows Store as that one is deprecated and not supported.

aw.. I meant plex player for Windows - from the website

Capture862×580 35.8 KB

I can connect to the port. also from the internet. that is not the problem.
the problem is that my server thinks my devices are “remote” and enforces restrictions.

I have added the local subnet to the server (tested with and without the network there) - did not change.
when I go https://[PLEXSERVER]:32400/web it is seen as “nearby” and I can direct play.

but only then. and only via the browser.
on Android / mobile I can enter the server IP manually but on the TV this option is not available (anymore)

SSH connection works!

~/.ssh $ ssh -vvvp 32400 xxxxxxx@192.168.42.203
OpenSSH_7.9p1 Raspbian-10+deb10u2, OpenSSL 1.1.1d  10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.42.203 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.42.203 [192.168.42.203] port 32400.
debug1: Connection established.
debug1: identity file /home/andreas/.ssh/id_rsa type -1
debug1: identity file /home/andreas/.ssh/id_rsa-cert type -1
debug1: identity file /home/andreas/.ssh/id_dsa type -1
debug1: identity file /home/andreas/.ssh/id_dsa-cert type -1
debug1: identity file /home/andreas/.ssh/id_ecdsa type -1
debug1: identity file /home/andreas/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/andreas/.ssh/id_ed25519 type -1
debug1: identity file /home/andreas/.ssh/id_ed25519-cert type -1
debug1: identity file /home/andreas/.ssh/id_xmss type -1
debug1: identity file /home/andreas/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u2
debug1: ssh_exchange_identification: HTTP/1.1 400 Bad Request
debug1: ssh_exchange_identification: X-Plex-Protocol: 1.0
debug1: ssh_exchange_identification: Content-Length: 89
debug1: ssh_exchange_identification: Content-Type: text/html
debug1: ssh_exchange_identification: Connection: close
debug1: ssh_exchange_identification: Cache-Control: no-cache
debug1: ssh_exchange_identification: Date: Tue, 14 Apr 2020 13:15:07 GMT
debug1: ssh_exchange_identification:

The port is open and plex is accessible from the internet
all I need to know is .. how to add plex.direct to the dns rebinding whitelist? I did that in the past on a AVM Fritz box router… but that Zyxel thing I have now.. doesn’t have that option.

can I hack this in the TV somehow? there must be a way.. and a TV is not mobile (at least I hope it is not…)

customer service of Zyxel says “it’s an ISP device, in that case no support”
ISP support says “we don’t support this, try the user forums”

test via app.plex.tv: remote

image973×478 190 KB

image995×434 180 KB

the string results in this:

image1000×179 12.6 KB

(that’s good, I guess?)

and the server can resolve this as my public IP
(censored that stuff a bit)

~$ dig 94-157-XXX-XXX.dde50a[XXXXXXYYYYXXXXXXX]dfbd.plex.direct

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 94-157-XXX-XXX.dde50a[XXXXXXYYYYXXXXXXX]dfbd.plex.direct
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17698
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;94-157-XXX-XXX.dde50a[XXXXXXXXXYYYYYYYYXXXXXXXXXX]dfbd.plex.direct. IN        A

;; ANSWER SECTION:
**94-157-XXX-XXX.dde50a[XXXXXXXXXYYYYYYYYXXXXXXXXXX]dfbd.plex.direct. 592249 IN A **94.157.XXX.XXX

;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Apr 14 13:55:28 UTC 2020
;; MSG SIZE  rcvd: 104

thanks for any hints. is this rebind protection in action?
can I assume it wants to resolve this string as “local IP” but the modem refuses that? how does it do that? can’t I just create this static DNS entry in the TV?

testing from my laptop
I created an entry in the hosts file of my DNS server and of my local machine
pointing this record to my local server’s IP

H:\>nslookup 94-157-XXX-XXX.dde50a[XXXXXXXXXXXX]dfbd.plex.direct
Server:  pi-hole
Address:  192.168.42.xxx

Name:    94-157-XXX-XXX.dde50a[XXXXXXXXXXXXx]dfbd.plex.direct
Address:  192.168.42.203

but it still shows as “Remote”
now I removed the limitations for bandwidth/transcoding and I can direct play to “Remote” but I would like to not do that. I like my friends but this is a free service and I have limited upstream so I would like to keep that limit for “remote” in place.

image993×358 109 KB

thanks for any pointers.
anything I can force that DNS record to resolve?

Andreas

The only way I can think of is to disable DHCP on the Zyxel and have the Pi-Hole do DNS/DHCP for you local network.

I tried that… didn’t work, either

• running DHCP from pi-hole doesn’t fix
• disabling pi-hole entirely and using the zyxel/ISP router for all doesn’t help
• manually setting the hosts file to force the following to resolve to the LAN address of plex didn’t help, either.
  – plex.tv
  – app.plex.tv
  – plex.direct
  – [very long string from certificate].plex.direct
• not using SSL/encryption doesn not work, either.

still - it works for the browser-based player (using IP:32400/web) but not for the “plex player” (the app, if you want)

enabling debugging in the app reveals:

    "version": "4.31.4",
    "primaryServerUrl": "https://94-157-XXX-XXX.ddexxxxxxxxxxxxxxxxxxxxxxxxxfbd.plex.direct:32400/",
    "primaryServerAuthToken": true,
    "username": "Axxxxxxxxxxxxxxxl",
    "cloudUrl": [

• pasting that “primary server url” string into the browser doesn’t work either. It changes the link to:

https://app.plex.tv/auth/#!?clientID=pklxxxxxxxxxxxxxxxxxxxxxxxxxx&context[device][product]=Plex Web&context[device][version]=4.22.3&context[device][platform]=Firefox&context[device][platformVersion]=75.0&context[device][device]=Windows&context[device][model]=bundled&context[device][screenResolution]=1370x965%2C2560x1440&context[device][layout]=desktop&context[device][protocol]=https&forwardUrl=https%3A%2F%2F94-157-XXX-XXX.ddexxxxxxxxxxxxxxxxxxxbd.plex.direct%3A32400%2Fweb%2Findex.html%23%3FpinID%3D129xxxxxxxxx3&code=tcvwxxxxxxxxxxxxxxx5rp

• adding plex.tv to the static hosts file makes plex unreachable

one day I"ll have to set up a proper pfsense or something and get rid of this ISP crap.
Or get an AVM Fritz, that one actually has a window where you can whitelist plex.direct and all works fine.

I still don’t completely understand the “why” so I can neither fix my TV nor connect my laptop with plex player directly to the TV as neither are working as “local” or “nearby” - which sucks

I am bummed out that the link

https://192.168.42.203:32400/web/index.html

just works and there is no way I can just manually enter that IP in plex anywhere…

would you know what I have to do to get this done? add/edit/amend some config file?

Andreas

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.