I need to preface that this server is working without issue, but there is either a graphical bug or a back-end bug that is displaying (and possibly selecting) the incorrect adaptor on this unit for Remote Access connection tests. Please forgive the wall of text, but I need to explain my topology a bit below:
This unit has two 1GB ports bonded to my upstream switch as well as a 5GBs port connected to the same upstream switch. Both adaptors have different IP addresses. I’m forwarding outside connections to the 5GB adaptor IP address.
I just this morning put Plex behind a load balancer and am forwarding to 443 from outside using a Lets Encrypt certificate and that’s when I started to notice this issue. The certificate is applied correctly and I can watch media remotely from my Android player over 5G connection, as well as from plex.tv.
However, my server shows Remote connection is unavailable. Sometimes it will light up green and be fine but most of the time it fails and says unavailable even though it appears to work just fine from outside the network.
I noticed that the Remote Access screen is showing the IP address of my bonded 1GB adaptors and not my 5GB adaptor. I changed the adaptor to use the 5GB under the network section, but that appears to only control internal/local traffic. I found a post on reddit stating to put the following in my Custom URL section but that does not seem to have worked. Here is the format:
https://[ip-address].[server-id].plex.direct:[internal-port]
Is this a bug or is there a way to force the server to use a specific adaptor/IP for incoming connections?
Screenshots of the issue showing two separate IP addresses. I’m forwarding to the .25 while the .26 is the incorrect IP.
I have never had any luck with making the onboard adapters stay out of the way.
I have the 10GbE card installed. It runs directly to the 10G switch and then fans out for everything.
The only way for PMS to be happy is set the 10 GbE adapter as the NAS default gateway (force it in settings). Leaving things as “auto” will not yield the desired results. (PMS will use the first adapter which has a gateway address + valid way out as the adapter it uses. Your “Preferred” adapter only limits LAN responses.
You might want to remove or edit that screenshot.
LAN addresses are safe to post.
Public WAN addresses are those you want to keep private.
So I came home and the Remote Access section showed that it was up and running (screenshot working for .26), but after hitting the Apply button it worked a bit longer and then broke like shown above.
I checked on the QNAP and found that Default Gateway was set to Auto, and that the proper adapter (Adapter 1) was selected. However, I went to change the default gateway to statically use this adapter and only my bonded adapters (Adapters 2+3) were selectable. This seems like a bug on the QNAP which I’ll open a case about.
I went a step further and removed the IP configuration from my bonded adapters and now Plex is using the proper IP address (.25) and it showed working for some time, but looks like it broke again (Screenshots attached):
I just realized that I also have CloudFlare proxy turned on for my plex.mydomain.com which may be the main culprit here, as the outside IP address is not what is being advertised in the Media Server GUI. I’m going to turn the proxy feature off and report back the results. I̶ ̶d̶o̶ ̶w̶a̶n̶t̶ ̶t̶o̶ ̶a̶s̶k̶ ̶-̶ ̶a̶r̶e̶ ̶t̶h̶e̶r̶e̶ ̶a̶n̶y̶ ̶u̶s̶e̶-̶c̶a̶s̶e̶s̶ ̶w̶h̶e̶r̶e̶ ̶w̶e̶ ̶c̶a̶n̶ ̶h̶a̶v̶e̶ ̶C̶l̶o̶u̶d̶F̶l̶a̶r̶e̶ ̶p̶r̶o̶x̶y̶ ̶e̶n̶a̶b̶l̶e̶d̶ ̶f̶o̶r̶ ̶e̶x̶t̶e̶r̶n̶a̶l̶ ̶P̶l̶e̶x̶ ̶t̶r̶a̶f̶f̶i̶c̶ ̶i̶f̶ ̶t̶h̶a̶t̶ ̶i̶s̶ ̶t̶h̶e̶ ̶c̶a̶u̶s̶e̶ ̶o̶f̶ ̶t̶h̶i̶s̶ ̶i̶s̶s̶u̶e̶?̶
Edit 2: With Cloudflare proxy disabled for plex.mydomain.com, the same issue is occuring. So what else might be mis-configured here? I have the following Custom URL’s configured:
When Plex says Not available … are things broken, or still working?
Don’t add that one, Plex always automatically registers it.
LAN address/hostname first
Custom Server Access URLs (shuffled)
Detected Public IP address (if Remote Access enabled)
Relay (if enabled + Remote Access enabled)
But Plex also does some weird things (and breaks) if the host’s actual internal IP address (or detected external address) is entered as a Custom URL. I haven’t tested what happens if the internal hostname is entered there, but it isn’t necessary.
Are all three of these really active? If :443 is correct, remove the others.
Note that whenever Remote Access is enabled, Plex will attempt to automatically map a port with UPnP/NAT-PnP, and will detect and register the address with Plex.
If you don’t want this to happen, you may want to DISABLE Remote Access, and rely instead on the connectivity you’ve manually established.
Thanks @Volts - The reason behind registering the first custom URL was to try and force the remote connection over my primary 5GB NIC instead of the bond. After removing the bond’s IP address, Plex showed the correct NIC and after re-applying the IP is stuck to the 5GB NIC. I’ve since removed that config line as suggested.
I’m still going to open a case with QNAP regarding the default gateway selection though as that seems like a bug.
As for your other suggestions, yes I have all three of those domains active. 443 for public and 32400 for internal, but I have the rule on my firewall (disabled) to swap over to in the event of an emergency.
Regarding the token, here’s the output of that page even when RA reports it is working correctly in the GUI:
I’m not certain if this output is because I didn’t provide a valid token (I assume so). I assume the token is my Server ID when connecting remotely?
You actually blew my mind with the suggestion to DISABLE Remote Access. You’re correct that the RA setting isn’t really needed as I already established in my testing, and it makes sense that it’s more for a UPnP environment. I’ve disabled it since it’s not really needed and UPnP is just another potential security hole.
It took me a while to get back to this thread because in my troubleshooting I also realized that my server was connecting as a remote client on my internal LAN. I thought this was due to the introduction of the Load Balancer I put Plex behind, but this was in fact due to my unbound/PiHole DNS combo, so I’ve been living this way for 6-8 months without noticing! After some sleuthing I found I had to add the following into my unbound.conf file and local access is working as intended now:
#Internal Domains
private-domain: “plex.direct”
I should also add that after correcting the DNS issue with plex.direct, the RA configuration still flaps between available and unavailable. But as mentioned, I’ve just disabled that setting all together now. This one can likely be closed out unless someone wants me to report back on the NIC gateway bug on this model QNAP. Also wondering about that TokenID for the URL provided to I can test that as well.
In that screenshot there’s a plugin related to itch.io installed in your browser, and it’s reading reading and modifying the XML. That text is definitely not from Plex.
I should have included this link too - how to locate a token:
Thanks, yes the X-Token XML is what I’m expecting! I assume that Chrome extension data (Script Auto Runner) was present just because there was nothing actually on that page for the extension to act on.
