hey, i wanted to update this, it seems the ISSUE IS FIXED!! what fixed it was making switch from:
secure = Preferred
to
secure = Required
(even with secure=disabled , users were still often getting tunneled, incorrectly)
This to me sounds like a bug / problem (ie there is no reason that required/preferred/disabled should have any impact on FORCING all users to be tunneled - i can see the tunnel requiring ssl, but that was not the issue here, the issue was TOO often use of the tunnel) , but since i made the change, everyone has been connecting directly! A few did have to do the reset home screen (as it was showing up as offline), which was a bit annoying as i had to walk a few friends through that process for the 2nd time now. (1st was when installed new plex server and deleted my old one, ALL users/friends had to reset home screen, or most just ended up delete xyz plex app, and reinstall).
thanks for all the replies and detailed info! very much appreciated.
