There are many smart home services that are accessible remotely without opening any ports etc.
Please, make Plex Remote Access more secure by default without need to opening ports and playing with routers and VPNs.
You can already enable remote access without opening ports. Just turn off the manual setting and let UPnP do it for you. This is no more or less secure than using port forwarding.
1 Like
You donât need a VPN. As far as the services youâre referring to, can you tell me of which services you speak? Nearly anything that allows access to your home makes a request to the router via UPnP or some other service. But UPnP is also port forwarding, itâs just doing it automatically so you donât have to.
1 Like
UPnP isnât safe either.
I know, some software that run locally, can be access remotely without UPnP, port forwarding etc. by some kind of âhand-shakeâ with cloud account. After that secured connection between local and cloud service is setup and the service is accessed remotely safe.
Again, I ask you which service? If I knew which service, I could tell you how theyâre circumventing the problem, and how it differs from the type of service plex is offering. (By the way, Plex does precisely what youâre talking about, you sign into plex.tv via your chosen app/platform, it then has communication with your server, and makes the connection. This is why you donât have to use a static IP public IP or Domain to connect to it, nor do you have to give that information to your plex users outside your network).
2 Likes
Plex already does this automatically, itâs called Plex Relay. If no incoming ports can be opened, traffic is tunnelled through Plex servers (max 1 Mbit for free, 2 Mbit for Plex Pass users).
Iâm not entirely sure if you fully understand why ports need to be open, this is how the internet works, any externally reachable server has to either have an open incoming port to itself, or route its traffic with an outgoing connection to a 3rd party relay/VPN server (that in turn has an open port to the wider internet).
Thereâs nothing wrong with portmapping (or in the case of IPv6, firewall rules) either manually or UPNP/NAT-PMP/PCP, server applications have had it for decades.
Thereâs a feature request to extend the automatic port configuration for IPv6: Support for PCP (Port Control Protocol, RFC6887) - firewall hole punching
UPnP or port forwarding has no affect on security. Thatâs just how to identify your server within your network. The security comes in how clients connect to the server. Plex automatically provides you an SSL certificate to create a secured connection between your server and the clients. This type of connection is as secure as doing online banking.
which service? For instance, Home Assistant Cloud where thereâs no need to opening ports or do anything in routers, if connecting to 3rd party cloud services.
UnPnP setup router automatically by opening a port as far as I noticed here: https://support.plex.tv/articles/200289506-remote-access/
2 Likes
I donât know what this service does, but here it looks like you are wrong:
I might have understood your post wrong, but again, I donât know what the service does or what it is used for.
Yes, the Home Assistant Remote access can be done by opening ports and much safer with Home Assistant Cloud service without any router config.
Yeah I donât think you understand how the internet works. The answers have already been posted in this very thread.
Your home assistance example uses the home assistance cloud.
This is the same as plex replay as already explained above.
remote home assistance is way less bandwidth than streaming high quality video/audio, which is why plex relay (through plexâs cloud) is limited bw.
1 Like
Of course, I do not know how internet works. You are above from others as the junky indeed.
Yes, UPnP opens a port. Opening a port is required for a device to connect directly to your computer from the internet. Having an open port in itself is not safe or unsafe. The security comes on what happens when something tries to contact your network on that port. With Plex, your PMS is what monitors that open port and responds when something comes in. PMS will use a secure connection, so unless the request coming through the internet is authorized (i.e. a Plex client that is signed into your Plex account), nothing happens.
Using a 3rd party to authenticate the connection does the same thing but instead of 1 single secured connection between the client and server, itâs 2 secured connections, client to the cloud and cloud back to the server. Plex offers the same thing with our Relay feature. If you want to use it, enable remote access and set a manual port using a port that isnât actually open. This will force any connections from the client to fail and get redirected through Plexâs Relay server.
Can we mark this feature request with âalready implementedâ?
1 Like
Waiting to hear back from the OP in case Iâm understanding the request wrong.
1 Like
Forwarding port 32400 makes PMS web interface available to everyone. There are free Movies & Shows, Live TV, etc. that are accessible without need to log in. If someone watches these free movies or live TV will this use up my data allocation?
I answered in your other thread. Those content does not come from your server, they come directly from Plex. It will use your bandwidth if you are watching from inside your network. But if your you access your local Plex Web from say your work location, it uses a little bit of bandwidth to load the app but when streaming, it does not go through your server.
Thanks!
Is there a way to lock that behind a login as well? When someone external hits my plex server i want them to get the plex login page, nothing else. Then obviously my users can login and access my server but others would be stopped/blocked at the login page.
