Remote access says its good for about 30 seconds and then it switches back to blocked

Server Version#: 1.31.3.6819-2ef591a4c
Player Version#: 1.31.3.6819-2ef591a4c (Plex web)

Every time I enable Remote Access, it’ll say that the server can be reached from the Internet successfully and then after about 30 seconds, it fails. I’ve seemingly tried everything: enabling UPNP, adding the DNS rebind to my firewall, creating NAT rules with a different public port, creating NAT rules with a private public port, trying through my VPN, trying through Comcast …

If I VPN into my network, I can use Plex no problem … but it never works remotely and seems like the port is always closed.

At least from what I can see on my firewall end, the port should be open. I am using a Hitron CODA cable modem which is always in bridge mode.

Not sure what else I can do … I’ve been fighting with this for hours and hours the past few days but haven’t been able to get through.

Other ports that I’ve opened for other apps seem to work just fine but Plex … nope.

Thanks.

[snip]

Removed logs.

To add: I’m using Pihole for DHCP and DNS but I’ve got all Plex domains whitelisted (including the analytics.plex), OPNsense as the main firewall, a USW-48-PRO Unifi POE+ switch.

I’ve tried setting this whether on my phone or on my laptop … it also seems like changing the port sometimes causes Plex to freeze. Doesn’t happen every time but when it does, it’ll be inaccessible for about a minute.

I am having the exact same issue, with the same PMS version on ubuntu 20.04. Remote Access will be enabled and work for 30 seconds and then red check mark and it is not working anymore…

It’s not actually working for 30 seconds. The way Plex handles this is misleading

It turns green as it tries to scan and check to see if remote access is working and then turns red after it’s done testing it

There’s little chance it’s actually working at all

If it’s working you may have an “indirect” connection aka a relay connection

This is limited to 2mpbs and depending on what you’re trying to play this may cause some playback issues

Have you read through this?
https://support.plex.tv/articles/200931138-troubleshooting-remote-access/

Can you see the port you opened for Plex at https://canyouseeme.org/

You are right it is actually “working” as an indirect connection. It was working flawlessly until these past 2 BETA releases. I am not able to see my port opened at canyouseeme.org which is odd

This is the same thing that I’m seeing.

It was working fine until recently.

No, the port is not open … I have other servers that are open and working just fine though. Seems to be something with Plex … I posted logs though and am open to the idea that I could be wrong but not sure where to look.

Already combed over that guide a thousand times. I’m a network admin so am quite familiar with the usual firewall/NAT/server access troubleshooting steps.

I don’t really read logs but I do see this

ERROR - [EventSourceClient/pubsub/172.105.96.32:443] MyPlex: mapping failed due to potential double NAT configuration

I also see a lot of this. This may not be related but it looks like a problem someone is going to have to look into for you

ERROR - [CreditsDetectionManager] BufferingLineReader: failed to read line (error: -1)
Mar 17, 2023 04:24:20.004 [0x7fd891aacb38] ERROR - [CreditsDetectionManager] BufferingLineReader: failed to read line (error: -1)
Mar 17, 2023 04:24:31.426 [0x7fd891aacb38] ERROR - [CreditsDetectionManager] BufferingLineReader: failed to read line (error: -1)

Update, apparently on my router my entry for Plex port forwarding was erased for some reason. I re-entered it, restarted my server and it is now working, for now…

Thanks for checking.

I’m not sure what that would be referencing.

My network is 172.16.1.0/24 and it’s successfully mapping the UPNP.

That port seems to be HTTPS and I don’t have HTTPS required or enabled.

That last one seems to be happening all over the place these days. I’ve got it set on a schedule to detect credits but looks like Plex’s credits detection feature still has some bugs.

I’m a bit out of my element for your type of setup.

I know a few people here who can help. If no one stops by soon, and I see them around later I’ll ping them for you

Appreciate it.

I’m going to keep poking around at my firewall and see if it’s something in there that I’m missing.

Whether I find something or not, I’ll update.

Thanks again!

@namast

Just coming online here.

Seems the gang is helping you.

If I may add a few things?

1. Please turn DEBUG logging back on. There’s no space saved by turning it off. With it off, debugging these type issues is profoundly more difficult.

2. It does look your real ISP is somewhere in the Comcast system

3. Plex.tv does see your LAN IP as published on your 172.16.x.x LAN

4. Your Logs show me that your PMS system is connected to a router which has a WAN port IP address different than that of the ISP which connects you to Plex

Mar 17, 2023 03:42:21.238 [0x7fd893af0b38] WARN - [EventSourceClient/pubsub/172.105.96.32:443] MyPlex: attempted a reachability check but we're not yet mapped.
Mar 17, 2023 03:42:32.790 [0x7fd88fce4b38] WARN - PublicAddressManager: WAN IP on router does not match public IP from plex.tv
Mar 17, 2023 03:42:41.249 [0x7fd893af0b38] ERROR - [EventSourceClient/pubsub/172.105.96.32:443] MyPlex: mapping failed due to potential double NAT configuration

There is indeed double NAT here somewhere.

1. Your machine at 172.16.1.252
2. A router at 172.105.96.32 (your logs)
3. The real IP which connects to Plex.tv (what I see at Plex.tv)

Does this help?

Regarding another point in your logs I see.

Mar 17, 2023 03:49:46.279 [0x7fd88fce4b38] WARN - Overzealous client asked for end range of 442367, content size is 239512; we'll clip.
Mar 17, 2023 03:50:04.159 [0x7fd891aacb38] WARN - SLOW QUERY: It took 460.000000 ms to retrieve 1 items.
Mar 17, 2023 03:51:04.323 [0x7fd891aacb38] WARN - SLOW QUERY: It took 390.000000 ms to retrieve 1 items.
Mar 17, 2023 03:52:27.973 [0x7fd88fce4b38] WARN - Overzealous client asked for end range of 770047, content size is 396116; we'll clip.

The SLOW QUERY is a concern. It’s occurring many places in the logs.
Did you recently / are you still adding a bunch of new media into PMS ?

Mar 17, 2023 07:47:02.690 [0x7fd88ce61b38] WARN - SLOW QUERY: It took 4900.000000 ms to retrieve 4 items.
Mar 17, 2023 07:47:04.870 [0x7fd88ce61b38] WARN - SLOW QUERY: It took 2130.000000 ms to retrieve 4 items.

that’s 4 seconds to retrieve 4 items when it should be less than 1 millisecond

Hey there. Thanks for the quick reply. I’m scratching my head big time on this one.

Debug logging is turned on. I have plenty of space so not too concerned (yet anyway) with Plex’s use of space.

No idea what that IP is … I’ve done a network scan and nothing is coming up at that IP. The entire network is at 172.16.1.0/24 with nothing else in between.

Only thing I wonder is if the modem is somehow throwing in its own IP but even then, that’s supposed to be at 192.168.100.1 and I have it set in bridge mode.

How does Plex get this IP address? What can I do to track that done? I’m on Linux and Windows so can check from either.

I checked my OPNsense firewall and confirmed that it is properly allowing the traffic incoming on those ports.

I’ve got an Ubiquiti switch but there doesn’t appear to be any firewall settings on it.

What’s interesting is that if I ping that address from my other local machines, they can’t reach it … ping it from the one that the Plex server is on and “sendmsg: Operation not permitted.”

I attached additional logs again.

The other error I’d love to tackle once I get this external access sorted. I’m brand new to Plex (maybe using it for two weeks) and this is a brand new install that I got in place on Ubuntu Server about three days ago. Everything on it is running fine though … except when I click the test for Remote Access, it locks up.

There’s no Docker containers installed and no daemon for it either.

I do have Mullvad as a VPN running on here but a split tunnel has it sitting outside of that … and that network is a 10. network anyway. If I disconnect from Mullvad, it doesn’t make a difference.

IPv6 is disabled; I have it set to only use the network GbE interface that connects it to the switch.

Relay isn’t enabled.

I’d like you to secure your filewall for now. NOBODY in from outside until this is sorted out.

Close those open ports.

We’ll take care of the firewall rules you need to allow Remote Access to work

Plex gets the IP address from the packet it receives. (src_addr)

Uninstalling PMS from QNAP == NUKE IT.
– When you come back in, it’s a full restart. Please don’t do that again unless you intend to nuke it.

If you’d like, I’ll send you a PM of what I see and we can discuss what’s truth versus what’s coming through to Plex ?

Not sure if that was a post intended for me or not. This isn’t on a QNAP NAS … it’s on an Ubuntu Server-installed server.

Seems that IP may be associated with Mullvad as the command is dropped when traceroute/ping through their interface but it’s not found when checking through the tunnel.

Almost wonder if I should pop Plex onto a different machine or maybe toss the programs I use through the VPN into a Docker container or VM.

Not sure if that was a post intended for me or not. This isn’t on a QNAP NAS … it’s on an Ubuntu Server-installed server.

That said, I’m thinking it’s something on this box that seems to be blocking things … if I forward that port from the firewall to another box I have, all is well.

I’ve closed the port.

I think it might be Mullvad doing something it shouldn’t despite the split-tunnel being in place. Going to try something.

GOT IT!!

Looks like Mullvad, despite excluding outgoing traffic from Plex, was still catching incoming traffic and blocking it. I was able to create a new rule.

In a terminal session:

1. $ nano rules
2. Add this:

table inet excludeTraffic {
  chain allowIncoming {
    type filter hook input priority -100; policy accept;
    tcp dport 32400 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
  }
 
  chain allowOutgoing {
    type route hook output priority -100; policy accept;
    tcp sport 32400 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
  }
}

3. $ sudo nft -f rules

Re-opened the NAT on the firewall to test and it connected INSTANTLY.

Sorry about the QNAP ref. I grabbed the wrong set of logs

As for firewall, I’d be careful of rules on the host + rules on the OPNSense.

OPNSense is a stateful firewall and more than capable.

I have PFSense here. As such, there are no rules on the host. My entire LAN is wide open to itself.

No worries. I’ve been there myself and surely will be there again. Haha.

The entire LAN is wide open to itself … but everything coming from the WAN is blocked. The rules are in place to allow outside world to access designated hosts and their services on the LAN. Unless I’m understanding you wrong…?

I did have all ports from the WAN closed as I was going to use a VPN to remotely get into Plex but then realized the fam who wants to access it would never be able to figure that out so the less secure way of opening Plex to the world is the option (unless there’s something that’s more secure without removing the convenience of family just opening Plex and connecting).

Appreciate the help. I think having someone to just talk it through with made a huge difference … something that when I tried with the guys I work with was way over their heads. lol