XFlak, thank you very much as I have been using your bypass with PIA successfully with the Windows (8.1) Task Scheduler for almost a year now. All this software is updated regularly and current as of today. At some point in the last couple of months, the remote access stopped working. I tried to use your batch files on there own, but no matter what I do, I can’t seem to get the remote access to punch through the VPN. I would be happy to troubleshoot and provide you any info. I am okay with operating systems, but not with programming. Note, that the Plex server does permit remote access with PIA turned off. Any help or ideas would be appreciated.
Hey Guys I think I figured out what’s going on here on Windows 10, at least for me.
The PIA kill switch from what I can see just disables the normal network connection’s gateway to ensure traffic doesn’t leak after a VPN disconnect. When I added the static routes it seems as though the Plex server is identifying the correct public IP, but no internet connection (red X by public address in remote settings). To get around this I manually configured the gateway in the standard network connection, once that was done it was green across the board in Plex for remote access. I tested with multiple IP tools to check if I was still being identified by the VPN, DNS leak tools, and torrent magnet links all passed. VPN kill switch still seems to be working, disconnect and all traffic stops. The only issue is if the VPN drops, then the gateway is cleared, and remote access is dead until I can go in and reset the gateway.
This is on Windows 10, I noticed some others have mentioned this process got broken on Win 10, so I’m wondering if the static routes aren’t applying the gateway after a certain point. When I tracert to the plex URLs then I see it going through the right gateway, not sure why it’s not identifying past then. Any ideas I am all ears (would prefer to have this more hands off).
I am having same issues of Internet red x on Windows 10 causing no route-around.
Worked fine before with Windows 7. The script (with VPN on) gives error:
" *** UnKnown can’t find plex.tv: Query refused "
If I turn VPN off then script works as normal.
Hopefully @XFlak can help.
Just thought I’d share what guide I followed to get it working for me and my particular scenario.
I am running my Plex Media Server on a PC running OpenMediaVault (which is a NAS OS working on Debian linux). And I have a VPN tunnel which does not allow me to open ports. The guide that I used to get it working is this: https://www.niftiestsoftware.com/2011/08/28/making-all-network-traffic-for-a-linux-user-use-a-specific-network-interface/
Happy configuring 
Just an update… that this script worked for over a year for me and then stopped late last year, though I am unsure of the exact date. I have run the script every which way possible and cannot get Plex to work outside my network. Win 8.1, PIA and current versions of Plex everywhere. When I turn off PIA, things work again.
I’d love to hear what you all are doing to get this to work on Windows 10 again.
I am also still struggling with this. I am using VyprVPN Server, connected to a fixed IP address. The VPN and MPS are on a (Dutch) Windows 10 PC. I am a bit of a n00b, but I tried the following options:
- Tried the scripts made by XFlak. None worked for me.
- On my Zyxel router changed the NAT port forwarding rule to use the new external IP address. No effect.
- I read on this forum I might have to add a route. Tried to 'route -p add but got an error saying “The route addition failed: The object already exists”
I asked the guys at VyprVPN if they had a solution. They wrote:
'VyprVPN does not block any ports so it should work with the software. We do not provide direct support for Plex Media Server however we can guess that the issue is when you connect to VyprVPN your IP address changes to VyprVPN IP address. Which in turn you will have to connect to that IP address or change the settings in the media server to use the VyprVPN IP address. ’
Two questions:
- what I do not get is the response inside PMS under Server - Remote access - Server mapping. Without the VPN active, the IP address under ‘Private’ is the correct IP address of the PC with PMS (192.168.1.3). With the VPN active, this changes to 10.10.0.6. Might this be the cause of the problem? Why does this happen?
- Is there anything else I can try?
Thanks,
Bert-Jan
I am guessing here, but is that 10.10.0.6 address your VPN adapter’s address? Run an ipconfig /all and see if it’s there.
@yooniverse said:
I ran into the issue of bypassing my VPN for Plex server and worked on it for a few days, and read through most of this thread.What I realized last night was that my.plexapp.com is hosted on Amazon Web Services cloud, and the servers are load-balanced with distributed DNS. The static route to my.plexapp.com was only half of the solution, because it doesn’t work when Plex’s IP address changes on you. As a result, as some have realized, you see it resolving to many different IP addresses, and I see some very interesting and elaborate solutions devised to address this.
However, I think I’ve managed to solve it very simply.
Add a persistent static route to ONE of the IP addresses, say for example, 184.169.173.31, with your gateway being the IP address of your router (ex: 192.168.1.1)
Add an entry in your hosts file to resolve my.plexapp.com to that IP address.
For Windows:
Open your Command Prompt with “Run As Administrator” (right-click the Command Prompt icon in Accessories)
Add persistent static route: route add 184.169.173.31 192.168.1.1 -p
Open Notepad with “Run As Administrator” (see above)
In Notepad, open “c:\Windows\system32\drivers\etc\hosts”
Add a new line, “184.169.173.31 my.plexapp.com”
For Mac, you can basically follow the same idea.
The reason why this works is simple: you basically only need one of the my.plexapp.com IPs, because while AWS is presenting you with different IPs, all of the IP addresses actually work, so you just need to force your PC to pick just one. Instead of relying on DNS, with the hosts file entry present, Plex Media Server will only talk to my.plexapp.com on that one IP. Since that IP is statically routed to go out your non-VPN interface, Plex will see your public IP address, and your friends will come through the public IP (you still need your Plex port open, e.g., 32400).
Again, this is to have PMS bypass the VPN and go through your public interface. This is a different solution than those of you who are trying to (or want to) have your PMS go through the VPN.
My friends say my server is now available again, so as far as I know, this fixed the issue.
Hope this helps.
This worked for me. Thank you. 
Cheers.
@SHOCKWAVE said:
I am having same issues of Internet red x on Windows 10 causing no route-around.Worked fine before with Windows 7. The script (with VPN on) gives error:
" *** UnKnown can’t find plex.tv: Query refused "
If I turn VPN off then script works as normal.
Hopefully @XFlak can help.
I found that I had to enable DNS Leak Protection in order for the script to work.
I was getting the same error you were and after some research realized that nslookup could not identify the DNS server. So using the DNS Leak Protection gives nslookup the server to use.
Only drawback I see is that the IPv4 settings get changed so the internet will only work while connected to the VPN.
Hi all!
running my Plex server on a Synology DS412+ behind an openVPN connection to Private Internet Access, I was also looking for a solution to have Plex bypass the VPN. @JB09 's script (which i adapted to Synology’s needs a little bit) works great when I run it from the terminal, however, running it as a cronjob just won’t work. I’d appreciate any ideas!
Here’s the script:
#!/bin/sh
#PATH=/opt/bin:/opt/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/syno/sbin:/usr/syno/bin:/usr/local/sbin:/usr/local/bin
#Fetch Current Server Address for plex.tv
DNS="$(dig plex.tv +short) $(dig serienjunkies.org +short)"
UNIQ_IP=$(echo "$DNS" | tr ' ' '
' | sort -u | tr '
' ' ')
for IP in $UNIQ_IP
do
#Create localroute variable to see if route exists
localroute=`ip route list table 2| grep $IP`
#Check if route exists
if [[ -z "$localroute" ]]; then
#route doesn't exist, add route
ip route add "$IP" via 192.168.100.1 dev eth0 table 2
echo "Route mit der IP "$IP" erfolgreich hinzugefuegt"
logger "Route mit der IP "$IP" erfolgreich hinzugefuegt"
else
#route exists, hurray
echo "Routen existieren bereits!"
logger "Routen existieren bereits!"
fi
done
exit 0
and here’s the relevant crontab line:
*/5 * * * * root /opt/skripte/addroutes.sh >> /opt/skripte/cron.log
there’s no output in the cron.log file.
EDIT: I do not know what I did, other than installing this script from jimmybonney.com/articles/manage_crontab_synology/ to manage crontab on Synology using the traditional “crontab” command. Maybe it checked my crontab file for syntax and fixed it. Anyway, cron seems to run the script now and it works great! Thanks again, @JB09 !
Here is my take on it. It’s for QNAP NAS.
But you could probably use it on the most nix-based systems, but then check the row that resolves the ip adresses, because of differences in nslookup layout. Or use Dig or hostip if its available in your system.
#!/bin/sh
PLEX_IP="$(/usr/bin/nslookup www.plex.tv | grep Addresses: | cut -c 13- | sed s/", "/\
/g)"
GATEWAY=192.168.1.1 #Your default gateway.
EXIST=`ip rule | grep 99 | wc -l` # Create rule for ip table 99 if it not exists
if [ $EXIST -eq 0 ]
then
ip rule add from all lookup 99 prio 1000
fi
ip route flush table 99 #Flush old plex ip-adresses
for IP in $PLEX_IP
do
ip route add $IP via $GATEWAY dev eth0 table 99 # Store plex-ips in table 99
echo "Added $IP to routing table"
done
exit 0
To setup, first try the script so you know that its working.
- Run the script manually
- Check:
ip route list table 99
You won’t see the ips with the ‘route’ command because it only shows the main ip table.
There should be the ips from nslookup www.plex.tv - If it working, you can add it to crontab, so it runs every 15 minute
echo "*/15 * * * * /path/to/your/script/Plex.sh" >> /etc/config/crontab - Run
/usr/bin/crontab /etc/config/crontab
to load the changes. - Restart crontab:
/etc/init.d/crond.sh restart
I’ve been struggling over this and trying multiple solutions proposed on this and other forums - none seem to work for me. My setup may be a fair bit different though…
I have PMS installed on an ESXI (VMWare) virtual server.
Router is pfSense and OpenVPN running on pfSense.
Running the VPN on the pfSense router permits routing all traffic on specific IP’s through the VPN tunnel which is great for Usenet, BT etc…
The solution I’m using is as follows:
I have added an alias for specific external IP’s. Added a rule that permit that traffic to bypass the VPN. I have forwarded 32400 to the internal PMS IP on the normal gateway but only for the specific external IP’s.
On the PMS I have added a list of IP’s to the “List of networks that are allowed without auth”:
192.168.0.0/255.255.0.0,x.x.x.x/255.255.255.255,x.x.x.x/255.255.255.255…
(one x.x.x.x for each IP in my alias list)
I suppose I could just allow anything but I prefer to keep the list specific. The annoyance is that I have to update the PMS list and my alias when the IPs change but luckily this doesn’t happen all that often.
This all works as long as PMS is not signed in.
The only issue I have is that a warning message pops up stating the server is unclaimed and possibly insecure… Yes I know this but isn’t this method more secure since I am only permitting traffic to the specific IP’s (specified in my pfSense alias)?
If anyone believes its better (more secure) to log into Plex then please let me know (and why).
Lastly - is there a way to disable the warning message?
@clackspark said:
Here is my take on it. It’s for QNAP NAS.
But you could probably use it on the most nix-based systems, but then check the row that resolves the ip adresses, because of differences in nslookup layout. Or use Dig or hostip if its available in your system.#!/bin/sh PLEX_IP="$(/usr/bin/nslookup www.plex.tv | grep Addresses: | cut -c 13- | sed s/", "/\
/g)"
GATEWAY=192.168.1.1 #Your default gateway. EXIST=`ip rule | grep 99 | wc -l` # Create rule for ip table 99 if it not exists if [ $EXIST -eq 0 ] then ip rule add from all lookup 99 prio 1000 fi ip route flush table 99 #Flush old plex ip-adresses for IP in $PLEX_IP do ip route add $IP via $GATEWAY dev eth0 table 99 # Store plex-ips in table 99 echo "Added $IP to routing table" done exit 0To setup, first try the script so you know that its working.
- Run the script manually
- Check:
ip route list table 99
You won’t see the ips with the ‘route’ command because it only shows the main ip table.
There should be the ips from nslookup www.plex.tv- If it working, you can add it to crontab, so it runs every 15 minute
echo "*/15 * * * * /path/to/your/script/Plex.sh" >> /etc/config/crontab- Run
/usr/bin/crontab /etc/config/crontab
to load the changes.- Restart crontab:
/etc/init.d/crond.sh restart
I’m getting “/bin/sh^M: bad interpreter: No such file or directory” running this on QNAP. Any ideas?
Edit: Fixed this by changing the file to UNIX. I’m not getting “RTNETLINK answers: No such process” and nothing is displayed when I run the ‘ip route list table 99’ command.
Here is my take…
@XFlak said:
~Updated June 17, 2015~I wrote a windows batch file to route plex.tv’s current IP address (with various subnet masks to choose from) to your machine’s default gateway (e.g. 192.168.2.1). I promise the bat file is safe, just google me and my reputation will speak for itself.
The code is below but I also uploaded a zip containing the bat file and an exe version of the bat file (same as the bat file except runs invisibly). For best results, use windows task scheduler to launch the exe (with highest privileges) as often as you’d like.
This will ensure that even if the IP for plex.tv changes, your setup will automatically route it past your VPN. A list of routed IPs will be saved here:
“%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt”I’m using PIA and this works perfectly.
Enjoy!
XFlak
P.S.
I forgot to mention. Check out my other projects at https://xflak40.wordpress.com
Tons of good stuff there, as well as donation links should you like my work and be feeling generous
@echo off setlocal set PATH=%SystemRoot%\system32;%SystemRoot%\system32\wbem;%SystemRoot% chcp 437>nul echo VPN Bypass for Plex Media Server echo by XFlak echo. ::get Default Gateway ipconfig|findstr /I /C:“Default Gateway”|findstr /I /C:“1” >“%temp%\gateway.txt” set /p gateway= <“%temp%\gateway.txt” set gateway=%gateway:: =% ::echo %gateway% ::If gateway is detected incorrectly, override it by uncommenting the below like (delete : and input your correct gateway ::set gateway=192.168.2.1 echo Getting plex.tv current IP addresses… echo. echo Note: Log of plex.tv’s routed IP’s saved here: echo %userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt echo. nslookup “plex.tv”|findstr /I /V “Server: Address: Name: timeout” >“%temp% emp.txt” findstr /I /C:" " “%temp% emp.txt” >“%temp%\plex.tv.txt” echo. cd /d “%temp%” for /F "tokens=" %%A in (plex.tv.txt) do call :list %%A goto:donelist :list set PlexIP=%* set PlexIP=%PlexIP:* =% echo %PlexIP% if not exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt” goto:skipcheck findstr /I /C:“%PlexIP%” “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt”>nul IF NOT ERRORLEVEL 1 (echo IP already routed, skipping…) & (goto:EOF) :skipcheck echo route -p add %PlexIP% mask 255.255.255.255 %gateway% route -p add %PlexIP% mask 255.255.255.255 %gateway% echo. echo %PlexIP% >>“%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt” goto:EOF :donelist ::clean no longer used IPs echo. echo Removing routed IPs no longer used by plex.tv echo. if exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt” del “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt”>nul if not exist “%userprofile%\AppData\Local\Plex Media Server” goto:doneclean if not exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt” goto:doneclean cd /d “%userprofile%\AppData\Local\Plex Media Server” for /F “tokens=" %%A in (PermittedPlexIPs.txt) do call :clean %%A goto:doneclean :clean set PlexIP=% findstr /I /C:”%PlexIP%" “%temp%\plex.tv.txt” >nul IF ERRORLEVEL 1 goto:remove echo IP still used: %PlexIP% echo %PlexIP% >>“%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt” goto:EOF :remove echo IP no longer used: route delete %PlexIP% route delete %PlexIP% goto:EOF :doneclean if exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt” del “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt”>nul if exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt” move /y “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt” “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt”>nul echo. echo Finished, exiting… @ping 127.0.0.1 -n 3 -w 1000> nul exit
edit: code was missing a “>”, old version still worked but log only retained latest IP, the 4 people who downloaded the last version may want to redownload the new one
edit2: updated script\attachments on May 12, 2015, it’s now more efficient\secure by using nslookup instead of ping and using subnet mask 255.255.255.255 instead of 255.255.0.0. Thanks to John Doe at cutting cords for the suggestions.
edit3: updated on May 20, 2015, now includes a read me, an uninstaller, and multiple versions of the script for different subnet masks. Try them in the following order until you find one that works for you. Warning, the further you get to the bottom of the list the more IPs will bypass your VPN.
255.255.255.255
255.255.255.252
255.255.255.0
255.255.0.0
255.0.0.0edit4: updated on June 16, 2015, now it removes old IP addresses no longer used by plex.tv from being routed past your VPN. So only the current IP addresses used by plex.tv will bypass your VPN and nothing else.
edit5: minor update, also added version # (v5) and icon to the exe’s
So I was reading this topic and thought this post was gonna be the solution I was looking for! I’m using PIA and everytime it’s on, PMS gets off. Just like to everyone else.
I turned PIA on after downloading your files to get them tested and before I ran any of them I found out PMS was working normally. So I disconnected from PIA and it was working normally as it should right?!
I then reconnected PIA to another server (just in case) and PMS is working normally! I have no idea why! How!
Anyway lol
thanks for the files
EDIT:
Alright, so I wanted to dig further. Although I saw green checkmarks during my post above, I made some more tests.
Apparently the server is not allowing for remote connections:
But I tried it using a non-cached, unseen episode from my library to rule out “local saved content” possibility… and it turns out it works fine. flawless really. lol
For anyone using a Mac I put this together. It is a shell script/.app that finds the IP addresses of Plex.tv and routes them through your default gateway to avoid going over VPN. I’ve tested it on my setup and it works however I’d be grateful if anyone else is able to give it a try and provide some feedback.
Your README says this:
This process needs to be completed each time your Mac turns on again
Unfortunately the plex.tv IPs can change at any point in time. They only have a 60 second TTL.
Cheers.
@EddieA said:
@gadgeypopYour README says this:
This process needs to be completed each time your Mac turns on againUnfortunately the plex.tv IPs can change at any point in time. They only have a 60 second TTL.
Cheers.
Thanks for that info, I wasn’t aware they could theoretically change so often. Having tried the script out over the course of a day, however, they didn’t change and so hopefully it will work for a while before needing to be rerun.
I’m now looking at incorporating a cron job in to the script to run it every hour or so to ensure that the IPs are kept up to date.
Hi gadgeypop, I’m looking for a script that would add the IPs to the bottom of my Openvpn configuration file. Do you think it’s something you could write? Cheers
