Plexamp Headless VPN connection problem

Plex Players Streaming Devices
,
1

Server Version#: 4.125.1
Player Version#: 4.10.1 (Pi-Headless)

I’m trying to replace my aging Squeezebox/Logitech media server installation with PLEX. I like PLEX but I have a tricky problem:

Network 1 (@/home) [192.168.105.0/24]
Here the Plex server runs on a Synology NAS and several Plexamps. Everything OK there.

Network 2 (@/office) [192.168.100.0/24]

Both networks are connected with a transparent IPSEC VPN tunnel. I use several headless (PI) players on both sides.

The players in the @/home network also register on the PLEX instance on the Synology and are visible there as playback devices.
http://IpOfServer:32400/clients
lists the clients.

The players in the @/office network also function as playback devices and can access the Plex server’s media collection. They are not displayed as playback devices in the Plex server instance.

The headless players (including Android/Windows) players), on the other hand, display ALL playback devices in both networks. (Equal on whatever side of the VPN they are.

If I install the HTPC Plex (Windows) in the @/office network as a test, it will then be displayed on the NAS instance as a playback device and can be controlled from there.

So it seems it is not fundamentally impossible to register the players in the @/work-Network as clients.

What do I need this for?
I would like to send a few basic commands (pause, play, skip …) to the players via the HTML interface from a home automation system. To do this, however, I need the [Plex Target Client Identifier], which I only receive when the client is registered on the server.

This works wonderfully in the @/home network - just not with the Plexamps in the @/office network.

I would be happy to receive any suggestions on this issue.

2

Try this URL:
https://plex.tv/api/resources?includeIPv6=1&includeHttps=1&X-Plex-Token=[your Plex token]

It lists all devices (clients, servers) currently signed into your Plex account. It returns the data as XML. I believe you can find the client identifier in there (at least it contains a client identifier). There’s other useful information as well, including connection information.

Supplemental: How to find your Plex token.

3

Hello pshenew,
Thanks for the information. I read the status page. A ‘clientIdentifier’ is output in the XML data, which is not identical to the ‘machineIdentifier’ of the local PLEX installation.
The two identifiers are also completely different in length.
I was able to recognize this based on the identifiers of the devices that were registered in the @/home network.

4

That’s really interesting as they do match on my devices, between the /clients endpoint and the resources URL which I provided (for the clients which are common, including both my desktop and headless Plexamp clients). Weird that they wouldn’t for you.

Do the resources URL show all of your Plexamp clients, across both sites? If so, you may want to try using the clientIdentifier to see if you can accomplish what you want using it. It may just work.

Other than that, I’m not sure what to suggest, at least not off the top of my head.

5

I would consider adjusting the network topology a bit.
(draw this out on paper if needed )

  1. The modem/router sits at the top of the pile and is 192.168.0.1 /23
    – Being a /23 gives it immediate visibility into both 192.168.0.x and 192.168.1.x as the same network.
    – 192.168.0.x == home (/24 is default for home clients/devices on the lan)
    – 192.168.1.x == work (/24 is default for work clients/devices not needing home access )

  2. PMS sits on the 192.168.0.x with a /23 netmask
    – it can see both subnets without need of a VPN

  3. Home machines can sit on 192.168.0.x with /24

  4. Work machines (strictly work), can sit on the 192.168.1.x with /24

  5. Work machines which need to get into the 192.168.0.x simply use /23
    (they can see both subnets)

In this configuration, the TCP/IP stack is doing all the work for you natively.

6

Hello ChuckPa, thank you for your thoughts.
Unfortunately I can’t implement it that way. These are two physically separate locations several miles apart. These each have a router/firewall and are connected to a transparent VPN tunnel. This transmits almost everything - just not broadcasts.
Unfortunately, I can’t find any information about how the Player<>Player and Player<>Server communication is constructed and which protocols ar used. This is still unclear to me at the moment.
It’s not even clear to me to what extent the communication between the components via PLEX.TV plays a role in this.

The players all see each other - no matter on which side of the tunnel.
The PLEX server on Synology only sees the players on its own network.
The only exception: the HTPC client. If I install it in the remote network @/ office, it registers quite nicely on the server @/home and can be controlled remotely via http commands. This client does something different than the other players when registering.
Question is: Can I persuade the headless player to behave the same way?
That would solve my problem.

7

I think it might be worth your time to double check the correlation between machineIdentifier (as shown by the /clients endpoint) and clientIdentifier (as provided by the /resources endpoint). In my environment, they are identical. Here’s an example:

# From https://plex.tv/api/resources
<Device name="Living Room" product="Plexamp" productVersion="4.10.1" platform="Linux" platformVersion="6.1.21-v8+" device="Linux" clientIdentifier="d65a9035-ac48-4db5" createdAt="1686708980" lastSeenAt="1717280113" provides="client,player,pubsub-player" owned="1" publicAddress="" publicAddressMatches="1" presence="1">
    <Connection protocol="http" address="10.10.0.235" port="32500" uri="http://10.10.0.235:32500" local="1"/>
</Device>

# From http://local_ip_of_server:32400/clients
<Server name="Living Room" host="10.10.0.235" address="10.10.0.235" port="32500" machineIdentifier="d65a9035-ac48-4db5" version="4.10.1" protocol="plex" product="Plexamp" deviceClass="speaker" protocolVersion="1" protocolCapabilities="timeline,playback,playqueues,playqueues-creation"/>

Note: I've truncated both identifiers to obfuscate their full values for privacy.

This is for a Plexamp headless client. The identifiers are identical between the two acquisition methods. This is the case for every client shown in by the /clients endpoint. I’d be very surprised (and equally confused) if they weren’t the same in your environment as well. Did you try to exercise control over one of your remote headless clients using its client identifier, as returned by /resources?

Aside from that, another possible networking solution might be to implement an overlay network, such as Tailscale (there are others, ZeroTier is another popular option). This would allow you to virtually “flatten” your network so that all the clients and the server would essentially be on the same logical network (and still their native network).

Not sure how far down the rabbit hole you want to go to find a solution to this, but this would be one more option. Also, I’ve never done this myself, so I can’t guarantee success.

8

hmmm… several miles apart?

How about Wireguard?

The server is on the Home network
Each remote device is added as peer (client).

In this configuration, just like I do with a friend’s LAN and with plex HQ lab,

On the ‘peer’ when youe work devices reference the 192.168.105.x address, Wireguard intercepts it and does classic ‘tunnel magic’. Everything else is left alone.

On the ‘home’ server side, Wireguard server sees the IP and pushes it out the appripriate connection tunnel.

Advantage I’ve found with Wireguard is it works great for mobile devices too as it’s not WAN IP sensitive.

9

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.