WebOS 23.23.05
LG OLED G4
Plex for LG
Client: 5.93.1
Platform: 9.24
Plex Server: 4.145.1
Hi, I am not sure if this is a bug or network restriction. I use Plex locally at home only and do not transcode any media.
I have seen a few (unanswered/unresolved?) past comments about the ‘Entertainment’ Screensaver showing only a black screen and decided to try and fix the issue as i also have it on my LG TV.
I found that in Advanced Settings when I ‘Never’ allow an insecure connection (e.g. using secure connection) the screensaver works and as a bonus the background colour changing and matching the wallpapers works.
My issue with this is that now I am on the secure connection in home on my internal network Plex tries to transcode all media. I assume this is for the encryption side however my server is not capable of transcoding anything and I prefer untouched REMUX. I have the Server Transcoder settings set to disable video stream transcoding.
My question is why does Plex require a secure connection to be able to show the Entertainment Screensavers when its more than happy streaming the Video/Audio on an Insecure connection on the same internal network.
I really like the entertainment screensaver and playing ‘guess the movie title’ with the family before the name appears! If this feature could be allowed with the setting ‘Allow Insecure Connection’ & ‘On same network as server’ it would be great thanks.
It’s not the encryption which triggers the transcoding. At least not directly.
What is more likely to be happening here is this:
You are disallowing unencrypted connections. This leaves the client no other choice than to use an encrypted connection to your server.
And in your case this appears to be either the remote connection (which is usually bitrate-limited) or (worse) the Plex relay connection (which is limited to 1mbps without Plex Pass and 2 mbps with Plex Pass.).
It is this bitrate limitation which triggers the transcoding. Because you cannot control/change the bitrate of a media stream without transcoding it.
Now this means that there is apparently no direct encrypted connection to your server available when the client is within your home network. i.e. the same network as your server is.
Which naturally begs the question: “why?”
Encryption is done with security certificates. And such a certificate is always connected to a domain name. But normally, your server doesn’t have a domain name within your home network. It only has an IP address. And even if you set up an internal DNS server for your home network (in order to provide domain names), you also need a security certificate which is connected to that very domain. And it must be a publicly trusted certificate – i.e. not a self-signed one.
Plex is already providing your server with a domain name by default, together with the necessary certificate. These are issued automatically as soon as you connect your server to your plex.tv account.
However, many DNS resolvers you find in home routers or some web browsers won’t accept a domain name that has been defined by a DNS server that sits outside of the home network where the domain name is supposed to point at.
There are security reasons to do that. The name for this is “DNS rebinding protection”.
However in your specific plex-related case there is no malicious intent.
So, you want to check all these points, but number 2 in particular: Client says it won't play from "remote server", although the server is local
Hi, many thanks for the lengthly reply. I willt take a deeper look at this when i get a chace to investigate further using your info.
If this is due to DNS rebinding protection is this something that you typically turn off for individual connections or would i need to turn it off completely?
Thanks again for the info, i also see (Point 3) it could be because i have a mesh setup. Something else to look into.
It would be much easier if the entertainment screensaver did not require a secure connection, i dont understand that limitation.
Thanks again for your time and setting me in the right direction. I will post back with info if I ever get it sorted!
If your router (or DNS resolver, if it’s separate from the router) does provide a setting, you usually get a way to exempt particular domains from this protection. This domain would be plex.direct
Unfortunately, there are also many routers out there which don’t provide a setting at all. In which case you can only look for ways to replace the device – either the whole router, or just the “DNS resolver” part of it.
The former could also be achieved by replacing the firmware with an alternative one. DD-WRT, OpenWRT, or Tomato etc. do support running on a variety of popular routers. These are open source and typically provide much more features and customization than the closed-source original firmware of routers.
The latter could be achieved by using a different device or software which acts as a DNS resolver for the local network. Popular ones would be Pi-Hole or Privoxy. They primarily serve to “filter the internet” in general, but also provide the necessary configuration changes for the Plex use case.
Thanks again for the help. I could not find a DNS rebinding setting on my router. I dont really want to go the route of custom firmware or new router just to fix the screensaver and i can always use the insecure connection to watch movies.
I have been doing some tests, i can connect to the exact same Plex machine from a windows 11 laptop or my phone. When i connect from the laptop or phone the server dashboard shows a secure connection on my local network.
It seems that it is only on the LG TV that i cannot get the secure connection on my local network and playback is Indirect.
As you mentioned it is the bitrate limitation causing the transcoding. I was able to stream a very low bandwidth video with ‘Allow Insecure Connections’ = ‘Never’.
Can it still be the router “DNS rebinding protection” if the laptop and phone can establish secure local connection? It seems its only the TV that is having an issue with the certificate.
