I have a fixed public IP running plex at xxx.xxx.xxx.133.
My router forwards port TCP 32400 to the LAN IP address running the server.
Problem is, in remote access, Plex shows public IP address as xxx.xxx.xxx.130 and not xxx.xxx.xxx.133 and it says the server is ‘Not available outside your network’.
I have tried entering xxx.xxx.xxx.133 into Custom Server Access URL’s but it still doesn’t give me a green tick on remote access and it still shows as using xxx.xxx.xxx.130 as the public IP.
I can log in to Plex at http://xxx.xxx.xxx.133:32400 and am able to access and play content (at full resolution), but the Plex app on iphone and Shield TV will only connect indirectly and playback at low-resolution.
How do I get Plex to use my actual public IP address?
Thanks!
Server Version#: 1.19.5.3112
Mod-Edit: anonymized public IP addresses within the post
What does canyouseeme.org show as “Your IP” when browsing to it from your server? Can you describe your network topology, WAN and LAN, in more detail?
The public IP address Plex displays in the remote access settings is the one from which their servers see your traffic originate. If your server is multi-homed, you can change the interface priority in Windows to prefer one over another:
This may be necessary to ensure outbound traffic egresses your preferred interface.
But it says that port 32400 is currently closed. (as we know this port needs to be open for the application to work).
The internet setup is a fibre network managed by a central network administrator supplying fibre to different individual office units. Each office as an access point rather than a traditional router so I am unable to tinker with settings myself directly.
I spoke to the admin and he setup a static IP for me and opened port 32400.
He told me my IP was xxx.xxx.xxx.133.
When I go to xxx.xxx.xxx.xxx:32400 then the interface for Plex is there so that’s why I thought it weird that Plex was detecting pub IP as .130.
But as TeknoJunky suggested - their gateway (router) is probably .130 which makes sense…
It’s become clear that this seems to be less of a Plex issue and more of a general ISP issue I imagine… and the solution lies with figuring it out with the network admin at the ISP rather than tweaking any Plex settings I guess…
My networking knowledge is pretty limited but I have asked them to see whether it is possible to open/forward port 32400 on xxx.xxx.xxx.130 to xxx.xxx.xxx.133 or some other solution that connects the two.
I feel a bit closer with your insights so thank you!
Thanks for the explanation, that clarifies things. Your network admin may be able to configure a source NAT on their router so that your traffic shows your IP address as the source; however, your path of least resistance may be to try using a custom server access URL.
When you tried using a custom server access URL previously, what exactly did you specify as the URL? If it was just the IP address that may have been the problem. It should be (if using insecure connections): http://x.x.x.133:32400
You could try testing with that. Though for permanent use I’d recommend registering a domain and obtaining an SSL cert for it to enable secure connections.
That doesn’t quite make sense - it shouldn’t be necessary.
You need to accomplish a few things:
#1 Your Plex Server needs to be able to communicate with the Plex mothership. That’s easy - as long as it can make an outbound Internet connection, this is accomplished. (It’s currently using xxx.xxx.xxx.130, because that’s how your shared business Internet works.)
#2 Your Plex Server needs to be reachable from the Internet. That’s almost always accomplished by “opening” or “forwarding” a port. You’ve done that as well. (Currently with xxx.xxx.xxx.133:32400.)
#3 The Plex Mothership needs to know how to reach your Plex Server from the Internet. This works automatically for most home users - it can see the IP address you connect from in #1, and makes the assumption that #2 is the same IP address. You’re just a bit special, and this assumption isn’t true.
The “source NAT” @pshanew mentions would be a great solution. If your ISP can set you up to use xxx.xxx.xxx.133 for ALL of your outbound traffic, not just the port that’s currently forwarded inbound to Plex. That would solve your problem because then #1 and #2 would use the same IP address, and the Plex Mothership could find you.
That’s going to be SUPER DEPENDENT on how cool/capable/competent/willing/allowed/supported your ISP network provider folks make it. They might immediately understand, or “source NAT” might confuse them.
The other solution to #3 is a Custom Server Access URL. That’s needed when #1 and #2 aren’t the same IP address (or if you just want it to look cool). It tells the Plex Mothership how to reach your Plex Server if #1 and #2 aren’t the same.
I believe that using a Custom Server Access URL basically requires an SSL certificate, which also effectively requires a domain name. (Edit: Per @Mr_Inf’s testing, this wasn’t true.)
Mod-Edit: anonymized public IP addresses within the post
Thank you so much for your thorough explanations. I am learning some interesting new things and getting my head around the whole setup.
Luckily the internet guys who look after the units seem very helpful and they would for sure look to assist with beer/nice phone call
I think they are pleased I’m trying to figure out the reason for things not working instead of shouting at them and demanding things work (as is probably a common approach in IT industry I’m sure!)
A couple of interesting developments - and some legitimate success to report. Which from where I’m sitting looks like a solution - but I would be interested to hear your thoughts…
So previous attempt at using a Custom URL was WITHOUT the port number. This resulted in an indirect connection (relaying through Plex server), and as such a low bitrate stream. So I tried what was suggested and added http://xxx.xxx.xxx.133:32400 (with the port) and I can now see the server from my Plex clients AND stream content at Maximum Quality. Nice!
I also set secure connections to Required on the server and ‘Allow Insecure Connections’ to NEVER on the remote Plex client. And it still works.
The strange thing is - Remote Access settings on the server still says ‘Not available outside your network’. I can live with that but it is curious… (actually I recall reading somewhere here that Plex can’t apply it’s location knowledge specified in Custom URL here so I guess the lack of green tick is basically just cosmetic now in practicality?)
So - do I you still suggest that I need to register a domain name and get an SSL certificate? If the reason for domain and SSL is that I can enable secure connections to Plex - don’t I already seem to have that active if secure connections are currently set to Required in the server and it is streaming?
Or is there another benefit of having an https URL that makes my server safer, more secure, etc?
Thanks guys - really appreciate your expertise here.
Mod-Edit: anonymized public IP addresses within the post
But if my clients connect happilly, and I don’t require access to media through a web browser, and I can still configure the server options through Plex mac desktop app - is this really a problem do you think?
Mod-Edit: anonymized public IP addresses within the post
The remote access settings status page has been known to report inaccessible even when remote access was fully accessible. I think that’s been improved in more recent releases, but it can still happen.
Just to verify remote sessions are not still being relayed, what do you see on the Dashboard while streaming remotely? It will show either Local, Remote, or Indirect, depending on how the connection was established. In this case, you want to see Remote. Indirect means it’s being relayed.
Out curiosity, what is the result of accessing your server via https://app.plex.tv from a remote client? Does it connect to your server securely?
It seems like that wouldn’t make sense, since you configured http:// above. But …
I think what’s going on is that Plex is super helpful and wants to make it all work for you.
My surprise is that an IP address worked in the Custom URL - I figured Plex wouldn’t accept that.
But … I think everything aligned.
The web server built into PMS is a magical mystical thing. It can listen to both HTTP and HTTPS on the same port, and automatically respond appropriately.
Plex has really cool magical “works with IP addresses” SSL certificate infrastructure built in.
Because Plex’s magic SSL certificate infrastructure got a certificate for you. I’m impressed.
You might update the Custom URL to https:// for consistency. I dunno. It’s working. Who cares. Don’t break it.
(Edit: Oh! I wonder if updating the Custom URL would fix the remote access status page.)
You can use that. You can also just use http://app.plex.tv/ - I’m pretty sure that will work too, at this point. If it works there, I think it will work in every app.
Congrats.
Mod-Edit: anonymized public IP addresses within the post
I was actually curious about this. I wasn’t sure if Plex would generate the DNS record for a custom URL specified as an IP. I’m quite impressed they do as well.
@Mr_Inf
You likely don’t need to bother with my suggestions above since @Volts has tested secure access to those URLs, but it still might be nice to confirm.
Turns out that’s part of the magic. The DNS servers for plex.direct are 100% dynamic and parse the IP address out of the hostname you query.
any-ip-add-ress.[yourhash].plex.direct resolves, in dns, to any.ip.add.ress.
And the SSL certificates are for *.[yourhash].plex.direct, so they validate. And the IP address got encoded into a single “hostname” with the dashes between octets, so the wildcard SSL is valid.
It’s a filthy hack, and I say that with utter respect.
It’s so clever that it works with internal AND external IP addresses.
internal-ip-add-ress.[yourhash].plex.direct works exactly the same way.
Yep. The only surprising bit for me was that worked for custom server access URLs using IPs as well. I thought the magic was only performed for the detected LAN and WAN IP addresses.
This can also useful in the context of IPv6 connections. I’d seen this a while back but didn’t really fully appreciate the utility of it:
I think it actually didn’t do anything because of the Custom URL.
I was worried that it wouldn’t make a cert for the custom URL. I think, instead, it didn’t need to.
The same cert would be on his server for the .130 address, and it’s using the same cert internally, and on 127.0.0.1.
Because they’re self-referencing, you don’t need to know what IP address they’ll be applied to. It didn’t make a new one for him. It’s just “his” cert. Regardless of IP address. Genius.
Oh! I hadn’t quite circled all the way around myself. That means he HAS a real custom URL, it’s just that big ugly thing.
Now I want to hear if using THAT fixes the remote access status page.
Again, thank you so much. You got it working! You’re both absolute legends and I love how you have discovered some cool stuff that Plex does… even if some is dirty hack Magic it sure is! Great to know so much goes on under the hood that just ‘works’ and makes me repsect the whole thing to a whole new level now!
To respond to your queries:
On the dashboard while streaming remotely it says ‘Remote’ - so good news!
Also the result of accessing my server via https://app.plex.tv from a remote client is that when I stream it also says ‘Remote’.
However updating the Custom URL did not fix the remote access status page which still declared it was inaccessible outside the network no matter what I put in there. I can 100% live with that though!
http://app.plex.tv as the Custom URL did NOT work and I couldn’t access the server from the remote clients.
Out of interest… what was the long URL with all the numbers you found and how was that generated? Is that the auto magic Plex SSL certificate it generated? I think I was trying to mess with something like this the other day with IPvfoo and entering it into Custom URL but couldn’t figure it out
Love it guys, can’t thank you enough for this. Very interesting and very pleased it all works too
Mod-Edit: anonymized public IP addresses within the post
Your public IP address, delimited using hyphens instead of periods;
Your certificate UUID, this is unique to your account;
“plex.direct”, which is the Plex domain for client access;
The external port used for remote access;
And the page on the server to be accessed: “/web/index.html”
The certificate UUID is normally private. However, since you posted your server’s IP address/port, browsing to it allows someone to view the site’s certificate. By using the information there, it’s possible to reconstruct the remote access URL by combining the information above.
@Volts may be able to provide some additional insight as to how they went about it.
Having said that, I’m going to go back through my posts in this thread and redact mentions of your IP addresses. It’s unlikely anyone in these forums would get up to any shenanigans, but they’re searchable from other engines.
