Hi all, apologies for yet another remote access post as I see there are a few of them recently. I am just a little confused with what my PMS is doing and trying to determine if it’s the router or the server.
To summarise the situation:
My router runs OpenWRT and I am behind a VPN, however certain traffic I tell to bypass the VPN, which includes the PMS. For PMS this is done by using a policy that says anything from the server IP on local port 32400 should not go through the VPN.
I have PMS on a manual port (30500) as I am not a fan of UPnP, so have a firewall rule that redirects WAN traffic from 30500 > 32400. I have tested this via canyouseeme/yougetsignal, which confirms that port 30500 is open. I can also log directly on to the PMS via server IP/DDNS:30500.
From the information above it all seems like it should work, except the remote access keeps reverting to the IP of the VPN, which results in it not being available. If I can access the PMS via its IP or DDNS then that means the router is correctly bypassing the VPN for PMS traffic? I only get indirect or no access when using plex.tv/desktop or the plex app however, so do I perhaps need to include some Plex DNS names as well?
Your server must be locatable by “Plex Cloud” in order for remote clients to connect to it. Since the client apps know plex.tv should be around it simply sends a request to the “Plex Cloud” asking “where is server xxxx” and Plex Cloud will give them the latest address even if your ISP is changing it constantly; users don’t have to know about dynamic DNS, and Plex can work with DigiCert to get SSL certificates signed in ways that major companies like Apple, Roku, etc will accept as trusted so you can make a secure connection to your personal server.
To make this work your Plex Server makes an outbound call to “Plex Cloud” to keep its IP address updated. Plex Cloud looks at the IP address that the server is calling from and records it. When your server is making this call the traffic is going over the VPN which is why the cloud is associating your server with the VPN IP.
The Plex team has given you an escape hatch though. You can set the “Custom server access URLs” to what you know your access will be. If you’re using HTTP (non-secure) and dynamic DNS this is simple. Set this value to “http://dvs00.ddns.net:30500” where dvs00.ddns.net is your dynamic domain.
If you’re using HTTPS this won’t work since clients like Roku and Apple TV won’t work unless you set up a valid SSL certificate that is signed by someone Apple, Roku, etc will accept. If you just use your IP address instead (assuming it doesn’t change much) you can still use SSL. Use “https://1.2.3.4:30500” replacing 1.2.3.4 with your actual IP in that case.
Lastly if it’s just you needing access you can check your client app to see if you can manually force the entries. For example in iOS go to Settings > Advanced > Server Connections to manually enter the IP info.
I have come across that in the settings before but I don’t think I had configured it properly. The thing is the server was working fine remotely until recently when I updated the firmware on the router, so it still could be to do with that.
Do you know if I not using https under custom server access then PMS considers this an insecure connection though?
Also strangely the current status of my PMS looks like below with the custom server url added, when accessed via app.plex.tv/desktop:
EDIT: This seemed to be working but after a while it seems to become unavailable again. Like above the public IP is my actual WAN address so I am still confused.
Remote access will always show a red X now but I can confirm no users have problems with it. My ISP hasn’t changed my IP in weeks so I’m not too worried about it. Everyone connects using HTTPS.
I usually test this setting up the server then turning off the wifi on my phone and try to stream something over LTE. If you watch the console you can see the connection is getting through. You’ll also see messages if the client has to fallback to HTTP from HTTPS.
I think I am going to have to blame the OpenWRT firmware on my router then, as that is what handles the VPN traffic and routing instead of my QNAP. That is a good way to test it at home though I agree, though for me it has come up as an ‘indirect’ connection over LTE/4G. The strange this is it doesn’t start off this way e.g. if I restart the PMS or the remote access option, but will revert to ‘unavailable’ after several minutes from my tests.
For now, I have gone back to my previous router firmware version and it works without even needing the custom server URL, which I will leave as you suggested too. It must be some network setting that is different between firmware versions even though the VPN bypass must be working else I wouldn’t be able to connect to the PMS via DNS/IP.
Thanks for your help and suggestions though Jonno, I guess I will wait for a new firmware version and hope that is better.
