Server Version#: 1.29.2.6364
Player Version#: Web & iOS
I have Plex installed on a QNAP NAS. The NAS has two network adapters:
Adapter1: Connected to a router providing 10.0.0.x private addressing
Adapter2: Connected to ZeroTier providing 172.28.x.x private addressing
There is no incoming connections allowed on 10.0.0.x connection, therefore external connections must always come via the 172.28.x.x connection.
This works just fine using a web browser. I can open up Chrome or Safari on any device (laptop or iPad) and connect to the QNAP’s 172.28.x.x address port 32400 and see/run Plex via browser without issues. This is how it looks in Dashboard:
However, trying to connect through the Plex App tells me the server is offline. When I go into Advanced and add the server’s 172.28.x.x IP manually, the app appears to connect but seems to be going indirectly:
All of the documentation and comments from Plex employees seem to indicate that if a device can connect to the IP then it should work fine in the app, but clearly it does not.
My theory is that PlexServer is falsely reporting its IP as 10.0.0.x to my Plex account, so that other devices attempting to connect to that named server try 10.0.0.x and are unable to route to it. Manually connecting to 172.28.x.x works temporarily, but this connection is forgotten as soon as the device or application restarts. Apparently manual connections are not saved, perhaps because it’s only looking at the server’s name not the IP.
The solution I’m looking for is a setting to force a specific IP address in the PlexServer configuration, so that it always identifies itself by its 172.28.x.x. IP and so any devices attempting to that named server will use the 172.28.x.x IP instead of either the 10.0.0.x or external IP (neither of which can be configured to accept incoming connections).
Thank you in advance, I’ve already searched similar topics and all of them seemed to have the reverse problem, where web connections failed but app connections worked. My problem is the exact opposite.
I’ve not done it recently to test, but it’s possible that you can instead specify eth1 in PMS.
Change the Any in Settings → Network → Show Advanced → eth1
Yes, this was the first thing I tried. It seems to have no decernible effect that I can find.
I already have this set to eth1 (172 range) and yet the server continues to refer to itself by the 10 range (for example, in remote access Plex believes it’s private IP is still 10.0.0.x).
Unfortunately, as of QTS 5.0 it seems that virtual adapters no longer show up at all in the Networking control panel, even though it’s obviously installed as device eth1.
I’m just pissed that I give Plex iOS a specific address WHICH WORKS and Plex just throws it away and grabs some other address which DOESNT WORK and saves that as the default instead. Why even have an Advanced option to create a manual connection if the client won’t remember it?
There might be something I missed Let’s catch the eye of ChuckPA and see what’s the best outlook. He has hours from 10am - 2pm EST if you’re online then.
The solution I’m looking for is a setting to force a specific IP address in the PlexServer configuration, so that it always identifies itself by its 172.28.x.x.
Which adapter is in charge ? - It will be eth0 (10.x.x.x) unless you change the default route table in QTS because:
eth0 is checked before eth1
both can get to the outside world (have a valid gateway)
eth0 wins because:
– found first when scanning the enumerated adapters.
– has a valid gateway
Adapter1: Connected to a router providing 10.0.0.x private addressing
Adapter2: Connected to ZeroTier providing 172.28.x.x private addressing
Per the RFC-1918 specification, 172.28.x.x is Private Network space.
(172.16.x.x → 172.31.x.x inclusive). There is no reason yet to give it precedence over 10.x.x.x
Settings - Server - Network - Show Advanced
– Custom server access URLs
This is where you tell PMS which custom address to publish for the clients to use.
I can’t change the default adapter or route table because the QNAP server uses eth0 (which is the physical adapter) to provide local services to local devices (filesharing, time machine, survelliance, etc). None of these services are externally accessible by design, mainly because QNAP cannot be trusted to not screw up security (cough Deadbolt ransomware cough)…
Plex Server is the one single service that I do want externally accessible, which is why I created eth1 (which is a virtual adapter) to allow incoming connections and intended to have Plex only use that.
Yes, because it’s ZeroTier, which creates its own private VLAN that can only be joined by explicitly authorized devices. I don’t need to worry about port security coming from external IPs if it’s not publically routable. All of my devices (laptops, tablets, etc) are on this VLAN and can all communicate with each other as if they were local clients.
THIS what exactly what I was looking for, thank you. I knew the problem was some kind of Plex-side directory reporting the wrong IP to clients. Without your hint, I just didn’t think of what else could go in the URL box, but just now adding the actual IP caused the iOS client to refresh and suddenly see the server as being online.
However, it still sees it as an indirect connection, and I don’t fully understand the limitations of direct vs indirect (are there playback time limits? etc)
Thank you for at least getting it this far. I really wish Plex would embrace ZeroTier natively since device security is superior to port forwarding/uPnP nonsense.
If that’s your contention, then what is the purpose of the “Preferred network interface” setting?
I have 172.28.x.x set as preferred. According to the decription of this setting, that is the network interface that local clients “will use to connect”. That is the “right” IP, is it not?
Shouldn’t Plex clients should have at least as much connectivity as an ordinary web browser? I can bookmark the Plex IP in Safari and get there every single time as a “direct” local client. The fact that I can’t do that in Plex client (because it disregards the preferred interface, or connects via “indirect”) is pretty disappointing.
This is the address which your Plex server advertises as its local connection address. However, it isn’t advertised as a bare IP address; rather, it is advertised as a *.plex.direct URL. When a client starts and attempts to connect to your local server, it queries DNS for the IP address associated with this URL. If it is unable to resolve the local address for some reason, it falls back to the remote address, which is likely why you’re seeing the indirection connection for clients. It would also explain why you’re able to connect locally when accessing the server’s local IP address directly in a browser.
All of this points to the likely problem of DNS rebinding protection being the issue. You can search for that on the Internet if you want a more detailed explanation, but it is a security measure provided by some DNS servers which prevents DNS requests from being resolved to private (RFC 1918) IP addresses.
Your router should provide a means of bypassing/disabling DNS rebinding protection. Most allow it on a domain basis. In that case, you’d need to disable it for the *.plex.direct domain. There’s some limited information regarding this issue in the “Why Isn’t It Working” section of this document:
But, in short, you need to find how your router handles DNS rebinding protection and allow *.plex.direct to bypass it. There is nothing you can do in Plex to mitigate this, it is purely a DNS issue (more than likely).
Thank you, this was very helpful in understanding the issue. I had no idea there was some kind of Dynamic DNS at work here.
@ChuckPa could you please tell me where can I find my server’s plex.direct URL to test if I can resolve it? I found one example of a plex.direct URL searching the forums and it looks like the IP address + some extremely long unique alphanumeric key.
Also, if I create a DNS entry for [my_server_identifier].plex.direct pointing to the 172.28.x.x address, will that work for any Plex clients running on that device? Thanks.
Your server’s *.plex.direct URL is composed of several parts. The easiest place to find it will likely be in a client’s debug logging. But you can determine what it is by aggregating the following bits of information:
Your server’s IP address, hyphen-separated. For example, 192.168.0.100 would be: 192-168-0-100.
Your server’s certificate UUID. This can be found in your Preferences.xml file, in your Plex data directory; the setting to look for is named “CertificateUUID.”
The static string “plex.direct.”
For example:
192-168-0-100.abcdefg12344567890.plex.direct
If you use a DNS server which logs such things, you can find the URL there as well by examine its query logs.
So I constructed the plex.direct URL and it appears that DNS rebinding protection is not the issue. my_server_id.plex.direct resolves to my non-routable 172.28.x.x IP. It even pops up with actual hostname of the QNAP device.
So I’m back to not understanding why Plex clients can’t find the same server that web browsers can. I can open my_server_name.plex.direct:32400 in Safari or Chrome and everything plays at full speed as local connections. Plex iOS clients will only connect indirectly.
This doesn’t seem to work? At least not on Brave. When I go to https://app.plex.tv, it changes to
But it’s not a traffic or adapter issue if I can connect to the plex.direct URL from a web browser and PMS sees it as a directly-connected local client? So why then is Plex client running on the same device from the same IP declared remote/indirect?
What do you see as the connection information published for your server if you browse to this address? (Don’t list it here, just examine it to ensure it looks correct.)
The link above will show your server and the connections published for it. Ones which are local will have local="1" at the end of the connection information.
So, that actually looks fine. the Private IP is showing as a local connection, the Public IP is not. The 10.0.0.x network doesn’t even seem to be part of the equation (though it is still the address shown in the Remote Access section of PMS settings).
Then there’s some client info. Here’s where things get screwy:
I’m really scratching my head as to why Plex is reporting these clients as “local=1” coming from 10.0.0.x addreses when they are connecting via 172.28.x.x addresses.
EDIT: I just realized these client devices are connected simultaneously to WiFi with 10.0.0.x addressing, cellular with IPv6 addressing, and VPN with 172.28.x.x addressing. It seems Plex client is only reporting the WiFi address back to the directory.
I disconnected from WiFi, restarted the device, and then connected to Plex over the VPN+cellular connection and began playing a movie. Still shows up as indirect, and the information listed in the resources API didn’t update (still shows the client on 10.0.0.x address).
Is there some way to trigger a refresh/update or purge the existing client data so it detects changes?
Thanks again, this looks like it it narrowing down the source of the device issues.
Out of curiosity, can your LAN on 10.0.0.X actually route to the internet through its Gateway? If not, drop the gateway on eth0, It’s only actually needed if the device needs to route to another subnet through the gateway device.
Let’s catch the eye of ChuckPA and see what’s the best outlook. He has hours from 10am - 2pm EST if you’re online then.
