Remote access not working reliably over split tunnel (PBR)

Server Version#: 1.40.2.8395

Plex Media Server.log.zip (688.1 KB)

Hi all,

So even though I had this working mostly reliably for the past couple of months, I still have trouble with remote access working, usually after any change/restart to the router or NAS.

It does not appear to be an issue with port forwarding but perhaps more of a DNS issue with the Plex servers. The server can be accessed via its external IP or DDNS name and https://v4.plex.tv/pms/:/ip returns the correct IP. When remote access is not working then PMS shows the IP of the VPN instead.

The split tunnelling is configured with the default route going to WAN but most traffic from the server is routed via the VPN with exceptions of 32400 and plex.tv.

@kesawi Do you have any more suggestions on checking for issues via https://plex.tv/api/resources?X-Plex-Token=XXXXXX_W. I can see from your screenshot it should load XML with the information that may help, but the only time I see that is when I was looking for my Plex Token.

@ChuckPa or another admin - would you be able to check from your side to see what has the correct IP/details and what doesn’t please?

So when I checked for the Plex token again it was different and saw the XML information as you suggested @kesawi.

<MediaContainer size="2">
<Device name="DVS-QNAP" product="Plex Media Server" productVersion="1.40.2.8395-c67dce28e" platform="Linux" platformVersion="QTS 4.3.6.2665" device="TS-431" clientIdentifier="3b0705714d5eb75170292b935e95988249868a46" createdAt="1450203430" lastSeenAt="1715809413" provides="server" owned="1" accessToken="isgXXXXXXXX" publicAddress="212.221.XXX.XXX" httpsRequired="0" synced="0" relay="1" dnsRebindingProtection="0" natLoopbackSupported="1" publicAddressMatches="1" presence="1">
<Connection protocol="http" address="10.1.1.100" port="32400" uri="http://10.1.1.100:32400" local="1"/>
<Connection protocol="http" address="xxx-x.freeddns.org" port="30500" uri="http://xxx-x.freeddns.org:30500" local="0"/>
<Connection protocol="http" address="212.221.XXX.XXX" port="30500" uri="http://212.221.XXX.XXX:30500" local="0"/>
</Device>
<Device name="TV 2018" product="Plex for Samsung" productVersion="5.81.1" platform="Tizen" platformVersion="4" device="18_KANTSU_UHD_BASIC" clientIdentifier="wclygvqvl5yqyqkw5puo3l3d" createdAt="1597443407" lastSeenAt="1715814665" provides="client,player" owned="1" publicAddress="212.221.XXX.XXX" publicAddressMatches="1" presence="0" accessToken="isgMBuszB28Zv134Lbph">
<Connection protocol="http" address="10.1.1.100" port="32400" uri="http://10.1.1.100:32400" local="1"/>
<Connection protocol="http" address="xxx-x.freeddns.org" port="30500" uri="http://xxx-x.freeddns.org:30500" local="0"/>
<Connection protocol="http" address="212.221.XXX.XXX" port="30500" uri="http://212.221.XXX.XXX:30500" local="0"/>
</Device>
</MediaContainer>

This seems to be from my TV but the IP and DDNS address is correct and not what PMS is telling me in Remote Access.

EDIT: Typically has now started working again, but I will keep an eye on it as I expect any change as I mentioned will break it again. That said in the last couple of months it usually updates/fixes itself about 24 hours later.

Sorry, I only just noticed that you’d tagged me in.

Could be that your router isn’t routing outbound traffic from Plex reliably and sometimes it’s going out of the WAN, while other times it’s going out the VPN.

Plex does publish its server list to https://s3-eu-west-1.amazonaws.com/plex-sidekiq-servers-list/sidekiqIPs.txt and you could try setting your router to send all traffic to those IPs via the WAN.

I also run multiple services from a single host with split tunnelling. I run each service in a Docker container using macvlan networking so that each container has a unique source IP address on my internal subnet. This makes it easier to route each service via either my WAN or LAN based on source IP.

This won’t work reliably; you also need Plex to respond to remote clients.

This is one of the best ways.

Thank you both, perhaps more technical solutions than I am capable of tho ehe. Something I will remember though next time it happens.

It has been stable for the last couple of weeks, then reverted back to the VPN IP recently, although nothing has changed. However, a server restart and a couple of retry’s got it working again.

I think I will just have to accept that if I make any change or restart it will take up to 48 hours before it’s working again.

How are you running your VPN and router? Is the VPN set up to be the default route?

It used to be that way yeh, but then I felt it would be more efficient to have WAN as the default instead.

Most traffic doesn’t need to go through the VPN, I have it set so only devices within a certain IP range and my NAS (excluding ports like 32400 for Plex) are routed to the VPN.

That’s probably where the issue lies. You may have traffic from Plex that doesn’t sit neatly in one of your firewall rules, and as it originates from the NAS IP address it goes out via the VPN.

I did wonder about that, if there is more to it than just the 32400 and plex.tv and plexapp.com for it to work reliably.

Also after the firmware upgrade on the router, it was using nft instead of IP tables for routing.

This was why I was wondering if there was a way to check if a PMS server had the right info.

I think I will just have to accept that it can take a day or so to correct itself at times, but after that is usually stable.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.