Raspberry pi 4 "This server is unclaimed and not secure"

Server Version#: 1.25.5.5492-12f6b8c83
Player Version#:

I have a Raspberry Pi 4 running “Raspbian GNU/Linux 11 (bullseye)”, I created a plex user which has r/w permissions to my external USB disk where I will store media (nothing there yet).

I then installed Plex Media Server using apt (adding the key and repo at https://downloads.plex.tv/repo/deb etc). Installation seems to run fine, I get the little summary and it finishes up with Installation successful. Errors: 0, Warnings: 0. Installation seems to have used my existing plex user OK, everything under /var/lib/plexmediaserver/ is owned by user plex, permissions seem correct, all looks good.

If I visit http://192.my.ip:32400/web/ I get the “Customize your Media” page, if I click “Finish Setup” I land on the dashboard a spinner in the main content area which never goes away. I can click the user icon and “Sign in”, apparently successfully. Back on the dashboard if I click settings → General I see “This server is unclaimed and not secure”. If I click “Claim Server” the button spins for 30s or so and goes back to “Claim Server”.

Right beneath that it shows my version and that there is an update available:

Version 1.25.5.5492 An update is available. [Please install manually.]

The version number matches the one I have installed. apt-get update does not show an update available.

I’ve tried logging out/in, clearing browser history, changing my password and ticking to sign out all other connected devices. I tried repeating it all in an incognito window, I tried downloading and running the ClaimIt.sh script from Release V1.1.0.0 · ukdtom/ClaimIt · GitHub on my Mac. I created a new account and repeated all the above with that new account. I rebooted the RPI, and the Mac I am working on, and repeated the above. I manually stopped, started, and restarted the server, eg systemctl restart plexmediaserver. systemctl status plexmediaserver shows the server is running fine, all seems OK.

I am on the same local wifi network as the RPI. The RPI has internet access, I can ping, wget, ssh etc from it out to the internet. My router is configured to assign it a static IP. The RPI is not running a firewall.

I wondered if the version in the apt repository is old or buggy, so I apt purged it, manually removed any left over files, then downloaded the ARM7 .deb from the downloads page, and installed that using dpkg -I. I repeated all of the above, but without success - it still says there is an update available, and that the server is unclaimed.

If I log out and don’t bother with signing in to an account, my local clients (eg a smart TV) can’t find the server, even if I manually specify the IP.

Any ideas?

Any guidance appreciated, thanks.

By watching the logs I see various network related errors, so I tried looking at network related settings.

I tried disabling IPv6 (my router does not do ipv6 AFAIK) under Settings → Network → Advanced, I also tried specifying the “Preferred network interface” to eth0/the RPI IP (rather than the default “Any”). I restarted Plex after each of those changes, but it did not help.

I browsed my router’s UPnP settings and found a huge list of mappings for the RPI IP, I guess all my failed attempts. I disabled UPnP and re-enabled it, and rebooted the router, to clear those and start fresh.

I don’t think I attached the right logs yesterday, I’ve removed those and am adding a fresh batch. Here are a few observations from the logs, though I have no idea if I am focussing on the right things.

Feb 21, 2022 10:29:54.749 [0xb24a6d48] DEBUG - Network: [My-RPI-iP].abcdefghijklmnopqrstuvwxyz012345.plex.direct failed to resolve to [My-RPI-iP] but instead yielded “198.18.1.1”

Not sure what this means but 198.18.1.1 is not on my local network - my network is 192.168..

Feb 21, 2022 10:29:58.167 [0xb28c2d48] DEBUG - NAT: UPnP, mapped port 20722 to [My-RPI-iP]:32400.
Feb 21, 2022 10:29:58.167 [0xb28c2d48] DEBUG - PublicAddressManager: Mapping succeeded for [My-RPI-iP]:20722.

This looks good, and if I go to the UPnP settings on my router I can see an entry there mapping internal port 32400 to external port 20722 for my RPI IP.

Feb 21, 2022 10:30:05.041 [0xb27f1d48] DEBUG - [HttpClient] HTTP/1.1 (0.3s) 200 response from GET http://[My-router-iP]:5000/Public_UPNP_gatedesc.xml
Feb 21, 2022 10:30:05.044 [0xb25c7d48] DEBUG - NetworkServiceBrowser: found 3 SSDP devices via http://[My-router-iP]:5000/Public_UPNP_gatedesc.xml
Feb 21, 2022 10:30:05.044 [0xb25c7d48] DEBUG - NetworkServiceBrowser: SSDP arrived: [My-router-iP] (Router (Gateway))
Feb 21, 2022 10:30:05.044 [0xb25c7d48] DEBUG - NetworkServiceBrowser: SSDP arrived: [My-router-iP] (WAN Device)
Feb 21, 2022 10:30:05.044 [0xb25c7d48] DEBUG - NetworkServiceBrowser: SSDP arrived: [My-router-iP] (WAN Connection Device)

This looks like at least internally on my local network Plex networking is working. I can also grab that Public_UPNP_gatedesc.xml from my router file with curl.

It also then successfully grabs similar XML files from a few other devices on my local network.

Feb 21, 2022 10:30:09.740 [0xb27f1d48] DEBUG - [HttpClient] HTTP simulating 408 after curl timeout
Feb 21, 2022 10:30:09.740 [0xb27f1d48] DEBUG - [HttpClient] HTTP simulating 408 after curl timeout
Feb 21, 2022 10:30:09.741 [0xb281ed48] ERROR - PublicAddressManager: Unable to get public IP adddress from myPlex (httpCode=408):

My guess is this is the root of the problem - it seems Plex can’t reach outside my local network?

Any help appreciated! Thanks.

Plex Media Server Logs_2022-02-21_10-37-06.zip (25.8 KB)

What IP address resolves if you run:
dig 192-168-1-22.CertificateUUID.plex.direct
And:
dig @1.1.1.1 192-168-1-22.CertificateUUID.plex.direct

You can find your find your certificateUUID using the information in this post (short version: it’s in Plex server’s Preferences.xml file):

They should both resolve to 192.168.1.22.

1. The repo is always kept a few versions behind. This is intentional - in case of some sort of bug you want the early adopters who manually download to find it as they’ll also be more likely to know how to roll back. if you want the latest version, manual download as you did is the way to go.

2. It does seem like Plex, Pi and your router aren’t getting along - have you tried a manual port forward? (it should only have 1 uPNP entry, so multiple indicates unsuccessful retries)

@gamete

I looked at your account (the email for the forum)

There is no server entry so there will be no certificate at this time.

Are you accessing the server http or https ?

For claiming: http://LAN.IP.of.host:32400/web -or- http://127.0.0.1:32400/web if on the same host.

As additional claiming method:

1. SSH / terminal window on the host

2. open browser to Claim | Plex

3. It will present a token

4. COPY it

5. Within the next 5 minutes (the token expires)

6. curl -X POST http://127.0.0.1:32400/myplex/claim?token=PASTE_TOKEN_HERE’`

7. It will take 15-20 seconds until it responds with a bunch of flags in XML format.

8. It will close out with </MyPlex>

9. You may now access the server normally.

10. Will will still be presented with the Got It banner on first access.

Thanks for the reply -

Sorry if I am misunderstanding - I am assuming I replace CertificateUUID in those hostnames with an ID I get from Preferences.xml? There are a few options to choose from - MachineIdentifier, ProcessedMachineIdentifier, and AnonymousMachineIdentifier - I’ve used the first, MachineIdentifier, below, though AFAICT neither get an answer so do not map to anything:

dig 192-168-1-22.abcb0720-b04d-4d60-8967-3000e13fdbcf.plex.direct

; <<>> DiG 9.16.22-Raspbian <<>> 192-168-1-22.abcb0720-b04d-4d60-8967-3000e13fdbcf.plex.direct
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42600
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;192-168-1-22.abcb0720-b04d-4d60-8967-3000e13fdbcf.plex.direct. IN A

;; AUTHORITY SECTION:
plex.direct.		300	IN	SOA	plex.tv. ns-plexdirect.plex.tv. 2021122201 604800 7200 1209600 300

;; Query time: 200 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Feb 21 13:43:54 AEDT 2022
;; MSG SIZE  rcvd: 147

and

 dig @1.1.1.1 192-168-1-22.abcb0720-b04d-4d60-8967-3000e13fdbcf.plex.direct

; <<>> DiG 9.16.22-Raspbian <<>> @1.1.1.1 192-168-1-22.abcb0720-b04d-4d60-8967-3000e13fdbcf.plex.direct
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53652
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;192-168-1-22.abcb0720-b04d-4d60-8967-3000e13fdbcf.plex.direct. IN A

;; AUTHORITY SECTION:
plex.direct.		300	IN	SOA	plex.tv. ns-plexdirect.plex.tv. 2021122201 604800 7200 1209600 300

;; Query time: 590 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Feb 21 13:50:49 AEDT 2022
;; MSG SIZE  rcvd: 147

I repeated the above with both the ProcessedMachineIdentifier and the AnonymousMachineIdentifier with similar results - ANSWER: 0.

What does this mean?

Thanks for the reply and suggestions, I really appreciate it -

Only http, https does not work (neither https://192.168.1.22:32400/ on my Mac, nor https://127.0.0.1:32400/web/ in a VNC session to the RPI work).

I tried this, using a VNC session to the RPI and 127.0.0.1:32400/web, and an SSH session on the RPI. I have to log in at https://plex.tv/claim, I get a token, but after exactly 1 minute curl returns a 500/server error:

curl -X POST http://127.0.0.1:32400/myplex/claim?token=claim-....
<html><head><title>Internal Server Error</title></head><body><h1>500 Internal Server Error</h1></body></html>

I repeated the process and watched the logs, in case it tells you anything I had to log in again at https://plex.tv/claim, I mean the log in from a few minutes previously is not remembered.

Plex Media Server.Log entries from this attempt:

Feb 21, 2022 14:12:07.256 [0xb2590d48] DEBUG - Request: [127.0.0.1:51868 (Loopback)] POST /myplex/claim?token=xxxxxxxxxxxxxxxxxxxxygERFZ (2 live)
Feb 21, 2022 14:12:07.257 [0xb2590d48] DEBUG - HTTP requesting POST https://plex.tv/api/claim/exchange?token=xxxxxxxxxxxxxxxxxxxxygERFZ
Feb 21, 2022 14:12:22.272 [0xb27f1d48] DEBUG - [HttpClient] HTTP simulating 408 after curl timeout
Feb 21, 2022 14:12:22.272 [0xb2590d48] DEBUG - MyPlex: Did token exchange for claim (returnCode: 408)
Feb 21, 2022 14:12:22.274 [0xb2590d48] DEBUG - MyPlex: Got a token poked, let’s act on it.
Feb 21, 2022 14:12:22.274 [0xb2590d48] DEBUG - HTTP requesting GET https://plex.tv/api/v2/user/privacy?X-Plex-Token=
Feb 21, 2022 14:12:37.290 [0xb27f1d48] DEBUG - [HttpClient] HTTP simulating 408 after curl timeout
Feb 21, 2022 14:12:37.291 [0xb2590d48] WARN - [Analytics] Couldn’t get analytics privacy settings. Trying again soon.
Feb 21, 2022 14:12:37.292 [0xb2590d48] DEBUG - HTTP requesting GET https://plex.tv/api/v2/release_channels?X-Plex-Token=
Feb 21, 2022 14:12:52.308 [0xb27f1d48] DEBUG - [HttpClient] HTTP simulating 408 after curl timeout
Feb 21, 2022 14:12:52.309 [0xb2590d48] WARN - [AutoUpdateRequestHandler] Couldn’t get update channels. Trying again soon.
Feb 21, 2022 14:12:52.309 [0xb2590d48] DEBUG - Sync: onMyPlexSignOut
Feb 21, 2022 14:12:52.310 [0xb2590d48] DEBUG - HTTP requesting GET https://plex.tv/api/v2/features?X-Plex-Token=
Feb 21, 2022 14:13:07.322 [0xb27f1d48] DEBUG - [HttpClient] HTTP simulating 408 after curl timeout
Feb 21, 2022 14:13:07.323 [0xb2590d48] WARN - FeatureManager: Couldn’t get features. Trying again soon.
Feb 21, 2022 14:13:07.323 [0xb2abad48] DEBUG - Completed: [127.0.0.1:51868] 500 POST /myplex/claim?token=xxxxxxxxxxxxxxxxxxxxygERFZ (2 live) 60067ms 325 bytes (pipelined: 1)
Feb 21, 2022 14:13:07.323 [0xb2611d48] DEBUG - HTTP requesting GET https://plex.tv/api/v2/features?X-Plex-Token=>

FWIW it is only Plex that seems to not be able to reach the internet, from a shell on the RPI there is no problem, eg:

$ curl -v "https://plex.tv/updater/products/5/check.xml?build=linux-armv7neon&channel=16&distribution=debian&version=1.25.5.5492-12f6b8c83"
*   Trying 18.203.229.213:443...
* Connected to plex.tv (18.203.229.213) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=CH; ST=Nidwalden; L=Stans; O=Plex GmbH; CN=*.plex.tv
*  start date: Sep 22 00:00:00 2021 GMT
*  expire date: Sep 22 23:59:59 2022 GMT
*  subjectAltName: host "plex.tv" matched cert's "plex.tv"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x2fed20)
> GET /updater/products/5/check.xml?build=linux-armv7neon&channel=16&distribution=debian&version=1.25.5.5492-12f6b8c83 HTTP/2
> Host: plex.tv
> user-agent: curl/7.74.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 200
< cache-control: max-age=0, private, must-revalidate
< content-type: application/xml; charset=utf-8
< date: Mon, 21 Feb 2022 03:19:49 GMT
< etag: W/"62ffe10e5613908d0900ccec21f7517c"
< referrer-policy: origin-when-cross-origin
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< vary: Origin
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-request-id: a69a02c7-fc83-41b2-ad7c-8629309ff7d8
< x-runtime: 0.101556
< x-xss-protection: 1; mode=block
<
<?xml version="1.0" encoding="UTF-8"?>
<MediaContainer friendlyName="myPlex" identifier="com.plexapp.plugins.myplex" machineIdentifier="7ba08832d0a3cf23690a7cedb0c948a6b90aee1d" size="0" title="Updates">
</MediaContainer>
* Connection #0 to host plex.tv left intact

(I notice the returned machineIdentifier is not one of the identifiers in my Preferences.xml, in case that is relevant).

Thanks again for your help.

Thanks for the reply -

Thanks, makes sense, and good to know;

I’ll try anything at this point, manual port forward sounds good - though from what I can tell it is Plex getting out that seems to be failing, rather than the other way around, and a port forward won’t help that?

Thanks all! Have really been pulling my hair out so I do appreciate your help!

manual port forward is often more stable (and much more secure).

There is also an outage with the API happening right now, likely it won’t be helping anything you try now.

keep an eye on it here → Plex Status

OK, thanks, as I said I am ready to try anything at this point. I followed the info here and on my router forwarded external 32400 to internal 32400 on my RPI IP. But in Plex the option to manually specify the port is disabled. It says “First sign in to access your server from anywhere”, with “sign in” a link to the “claim this server” page (I am signed in, the user icon at top right shows “G” and the correct logged in menu). And I can’t claim the server. So AFAICT I can’t actually manually forward, since I can’t tell Plex to use the port I’ve specified … I tried to claim again just in case it is using 32400 anyway, but no luck. It might not be clear in the screenshot but the checkbox is disabled.

Thanks - I was hopeful the API outage was the cause of my problems but it has now been resolved and nothing has changed on my end.

It’s very odd that Plex thinks that is your address. It’s a private address, but a very special flavour of private address. Is the WAN IP on your router a public address? (if not sure what that means, just post the digits before the first .

No it is not, good point - I think I might be getting a double-NAT type problem, though that IP does not match anything on my network.

My internet comes into my provider’s modem/router, which has IP 192.168.20.1. I don’t use that other than to run an ethernet connection from it to a Netgear router. The Netgear is the router I use, all clients connect to it for wifi/DHCP/DNS/etc etc. I’ve just logged in to the provider modem and found it is probably doing CGNAT (it lists a WAN IP like 100.96… which according to https://support.plex.tv/articles/200931138-troubleshooting-remote-access/ is probably CGNAT).

That troubleshooting page suggests doing port forwarding on both devices, a forwarding chain. I tried that (on the provider’s router forwarding 32400 to the Netgear’s WAN IP, and on the Netgear forwarding 32400 → my RPI IP) but the problem is as described in my last post - I still can’t manually tell Plex which port to use.

Is there a way I can configure Plex to use 32400 before I’ve “claimed the server”?

Yes. There is a key/value pair in your Preferences.xml file named CertificateUUID. In the commands I listed above, replace “CertificateUUID” with the value. What you listed in your examples isn’t the correct value (hint: there will be no dashes).

But it may be moot, given the information @ChuckPa provided.

If I may add here?

A. LAN/WAN address

192.18.1.1 - This is an address in Oracle’s domain.

NetRange:       192.18.0.0 - 192.18.194.255
CIDR:           192.18.192.0/23, 192.18.194.0/24, 192.18.0.0/17, 192.18.128.0/18
NetName:        ORACLE-BRM4
NetHandle:      NET-192-18-0-0-1
Parent:         NET192 (NET-192-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Oracle Corporation (ORACLE-4)
RegDate:        1985-09-09
Updated:        2016-10-10
Ref:            https://rdap.arin.net/registry/ip/192.18.0.0

I think there is a misconfigured router/DHCP server here.
I also suspect there are two routers stacked one behind the other.

Suspect it should be 192.168.1.1 instead of the 192.18.1.1 – simple typo.

If this is the case, all of plex.tv’s replies are going to get routed to Oracle and not back to this machine thanks to the internet routine tables. OOOPS.

B. Certificate UUIDs

Please do not go pasting the CertificateUUID value into Preferences.xml as it is paired with the data stored with the actual Plex-generated certificate for the originating server.

Copying Plex.tv’s certificate info won’t work. Manual manipulation of any certificate chain is extremely delicate work and one must know exactly how the code is written.

C: ISP-provided address

When you log into the ISP modem-router, this is what you see for WAN address or is it how they configured your LAN address block?

Agreed. To be clear, I was suggesting copying the value from the Preferences.xml file to see if the server-specific FQDN could be resolved. I thought that was very clear from my posts (“can be found in”), but it doesn’t hurt to be explicit.

Hello
you are doing this

• curl -X POST http://127.0.0.1:32400/myplex/claim?token=PASTE_TOKEN_HERE’`

on the server the Plex Server is running?

Thanks for clarifying, and I guess you’re right about it being moot - I have no CertificateUUID.

Please do! I really appreciate all input, thank you.

Correct, I described this in my last msg;

That’s a good observation, it really does look like that. Unfortunately I can’t find any such typo anywhere in the config of either router. I have no idea where that IP is coming from, but AFAICT it is not either router.

Maybe some misunderstanding - nobody suggested modifying Preferences.xml, and I have not done that.

The LAN block. The ISP-provided router shows:

LAN Address: 192.168.20.1
Gateway: 100.96.x.x
WAN Address: 100.96.y.z
DHCP server range from 192.168.20.2 - 192.168.20.254

My Netgear router has a wired connection to the ISP-router and shows:

IP Address: 192.168.1.1
Internet IP Address: 192.168.20.2
Gateway: 192.168.20.1
DHCP server range from 192.168.1.2 - 192.168.1.254

All clients connect to the Netgear router; it handles DHCP, DNS, etc. The RPI has a wired connection to the Netgear, and has IP 192.168.1.22.

AFAICT it is this double-router config causing something like double-NAT (maybe with CGNAT as well? as described on https://support.plex.tv/articles/200931138-troubleshooting-remote-access/). If I knew which external port Plex wants to use, I could set up double-port forwarding from that port. Alternatively if I could configure the port myself in Plex, I could do the same. Are either possible, and is that a good solution?

Otherwise, am I right in thinking my other options are:

• try to turn my ISP-router into a bridge (no idea if that is possible and I’m reluctant to touch it);
• try to disable NAT on the ISP-router;
• … ?

Yes - from an ssh session to the RPI.

1. you can’t just temp connect the Pi straight to the ISP router and bypass the netgear to see what happens? You config looks solid with the double router setup, but something is not liking something.
2. Plex always runs on port 32400. With uPNP Plex and your router have a chat a decide a random port. Without uPNP it up to you to decide the external port based on your manual port forward rule. The only constant here is Plex is always always listening on 32400 - everything else is your config. I assume you have but you’ll need to do a double port forward.
   ISP router: WANIP:32400 → 192.168.20.2:32400
   Netgear router: 192.168.20.2:32400 → 192.168.1.22:32400
3. Is the random IP address 192.18.1.1 or 198.18.1.1? - your first post and your logs show the later which is a much weirder thing to be happening as that is a special reserved range.

OK, thanks - I tried that yesterday but without success;

Good catch - you and my first post are correct, it is 198.18.1.1. @ChuckPa’s last msg mistyped it and I didn’t notice.

I’ve just switched my ISP router to bridged mode, which I thought would solve everything, but unfortunately it didn’t help.

With all my various attempts I thought a new clean install might help, so I apt purged and manual rmed all Plex files, reinstalled from the downloaded .deb, double-checked all files are owned by user plex and tried again … with no change.

I tried a new port forward from my Netgear router (the ISP router is in bridge mode now and shouldn’t need any forwarding there), but that doesn’t work.

I tried the token/curl process @ChuckPa described earlier, with the same 500/server error result.

My Netgear router UPnP page shows a mapping has been auto-set up - “int. port” of 32400 being mapped to an “ext port” of 14988 for my RPI IP. Just in case, I added a port forward of ext 14988 to int 32400 for my RPI IP, but it didn’t help.

I am attaching fresh logs from today’s re-install and attempts, but AFAICT there is nothing new there.

Plex Media Server Logs_2022-02-22_15-32-13.zip (107.9 KB)

I’ve just asked my provider to disable CG-NAT, and it still doesn’t help. I’m at my wits’ end now, I have nothing left to try.

In case anyone still has patience and any suggestions, here’s where things stand now:

ISP-router is in bridge mode, it should be entirely out of the picture;

Netgear router:

IP Address: 192.168.1.1
Internet IP Address: 167.x.x.x → this matches what I see at eg https://www.whatismyip.com/, no double-nat, no CGNAT, nice and simple;
Gateway: 167.x.y.z
DHCP server range from 192.168.1.2 - 192.168.1.254

I’ve removed my previous port-forwarding attempts. ipv6 is disabled.

Logs of a fresh server start and claim attempt attached, though AFAIK errors are the same as previously, and the mysterious 198.18.1.1 still shows up.

Plex Media Server.log.zip (11.9 KB)