Using Plex Server with a VPN

@dg.gomes said:
Hi gadgeypop, I’m looking for a script that would add the IPs to the bottom of my Openvpn configuration file. Do you think it’s something you could write? Cheers

I should be able to if you can tell me where the file is located and is it an .ovpn file?

@mcmax said:
Hi all!

running my Plex server on a Synology DS412+ behind an openVPN connection to Private Internet Access, I was also looking for a solution to have Plex bypass the VPN. @JB09 's script (which i adapted to Synology’s needs a little bit) works great when I run it from the terminal, however, running it as a cronjob just won’t work. I’d appreciate any ideas!

Here’s the script:

#!/bin/sh
#PATH=/opt/bin:/opt/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/syno/sbin:/usr/syno/bin:/usr/local/sbin:/usr/local/bin
#Fetch Current Server Address for plex.tv
DNS="$(dig plex.tv +short) $(dig serienjunkies.org +short)"
UNIQ_IP=$(echo "$DNS" | tr ' ' '
' | sort -u | tr '
' ' ')

for IP in $UNIQ_IP
do
        #Create localroute variable to see if route exists
        localroute=`ip route list table 2| grep $IP`
        #Check if route exists
        if [[ -z "$localroute" ]]; then
                #route doesn't exist, add route
                ip route add "$IP" via 192.168.100.1 dev eth0 table 2
                echo "Route mit der IP "$IP" erfolgreich hinzugefuegt"
                logger "Route mit der IP "$IP" erfolgreich hinzugefuegt"
        else
                #route exists, hurray
                echo "Routen existieren bereits!"
                logger "Routen existieren bereits!"
        fi
done
exit 0

and here’s the relevant crontab line:

*/5	*	*	*	*	root	/opt/skripte/addroutes.sh >> /opt/skripte/cron.log

there’s no output in the cron.log file.

EDIT: I do not know what I did, other than installing this script from jimmybonney.com/articles/manage_crontab_synology/ to manage crontab on Synology using the traditional “crontab” command. Maybe it checked my crontab file for syntax and fixed it. Anyway, cron seems to run the script now and it works great! Thanks again, @JB09 !

@mcmax Thanks for the script! Had to tweak it some to make it play nice on my synology (don’t really want to run any optware) but once tweaked it works perfectly through DSM’s Task Scheduler

EDIT 04/30/2020:
If anyone is interested in the changes/tweaks I made and how I am running this on my Synology here it is:

My script is almost exactly the same as the original, but, it utilizes the DNS Server package and Task Scheduler to avoid the need for any optware installation and cron modification.

The big caveat here is that static routes are probably not going to help you if you’re running your VPN on the Synology itself. In my case the VPN is running on another machine that acts as a proxy. The Synology then has two physical connections, one that goes to my VPN Proxy machine and one that goes directly to my router (and out to the internet).

On to the actual script and setup.

Lucky for us, we don’t actually need to use/run the DNS package, we just need the tools that are part of it, so you can leave the package “Stopped” on your synology, once it is installed. The script itself I saved as plexroutes.sh and stored in one of my Shared Folders. Then I created a task in Task Scheduler that runs daily to execute it. The script will update the Static Route table to force Plex to use the designated interface.

<Synology_IP_Here> this value should be replaced with the IP address of the interface Plex is using on the Synology

<Synology_Interface_Here> this value should be the interface name (Ex. eth0, eth1, etc.)

#!/bin/sh
#PATH=/volume1/@appstore/DNSServer/bin/:/opt/bin:/opt/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/syno/sbin:/usr/syno/bin:/usr/local/sbin:/usr/local/bin
PATH=/volume1/@appstore/DNSServer/bin/:/opt/bin:/opt/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/syno/sbin:/usr/syno/bin:/usr/local/sbin:/usr/local/bin
#Fetch Current Server Address for plex.tv
DNS="$(dig plex.tv +short)"
UNIQ_IP=$(echo "$DNS" | tr ' ' '\n' | sort -u | tr '\n' ' ')

for IP in $UNIQ_IP
do
        #Create localroute variable to see if route exists
        localroute=`ip route list table static-table | grep $IP`
        #Check if route exists
        if [[ -z "$localroute" ]]; then
                #route doesn't exist, add route
                ip route add "$IP" via <Synology_IP_Here> dev <Synology_Interface_Here> table static-table
                echo "Route with the IP "$IP" successfully added"
                logger "Route with the IP "$IP" sucessfully added"
        else
                #route exists, hurray
                echo "Route already exists!"
                logger "Route already exists!"
        fi
done
exit 0

Hi @mcmax
Could you post the script with the tweaks you made please, would like to give this a try on ds1815+
Thanks

Running Xflaks script, works with Kasperksy 2015 completely shut down. When Kaspersky turns back on it blocks it when its scheduled to run again. Any help getting to to work with Kasperksy would be greatly appreciated.

I stopped using plex on my Windows machine because the same issue with PureVPN. Now I run plex an Fedora machine as a docker image. Still I would like to find the correct set of command to do this in windows so I can still use windows as a backup plex server.

@ms1760 said:
So I’m back. After a around six months this stopped working for me and I didn’t bother to fix it as i had no need. However I now do again and have come across something that may be disabling this for some of you. Im currently on windows 7 using this script but i also now use Kaspersky internet security 2015 (2016 breaks pia). Anyway i have noticed Kaspersky blocks this script from running. I realized this when booting up in safe mode with networking to try to figure this out. When Kaspersky is off this works flawlessly. When it is on it seems to break it. Now Kaspersky has recently (since the v58 update of pia) been blocking new services that are created in the temp folder by rubyw.exe (a necessary file for pia). I noticed this exe also opens up in the temp folder as a new instance every time. The problem I’m having is I cannot create an exclusion to this exe file as the exe runs the batch from the temp folder so Kaspersky thinks its a new service and automatically classifies it as low restricted in application control. Firewall is also reading it as a new instance every time. Any thoughts on this? I currently got the bright idea to put the batch by itself on my desktop and change the scheduler to run just the batch not the bundled exe. Hopefully this solves the problem. Ill check back. Also someone asked albeit last year what mask i got it work with … it worked for me with all of them. The first one that worked is ending in .252 i tinkered with it and got .255 to work as well. I’m currently on 255. I have yet to have a security related issue with pia but it certainly is a piTa and does not play well with other programs as does kaspersky (which breaks everything).

I have an idea to fix this, hold tight

v6 of my VPN Bypass for Plex Media Server script can be found here:
https://xflak40.wordpress.com/apps/

v6 of the script released on June 1, 2016: Changed how the exe is packaged so as to not run from the temp folder and should therefore not cause problems for folks using Kaspersky or other anti-viruses that similarly block services launched from the temp folder.

@XFlak said:
v6 of my VPN Bypass for Plex Media Server script can be found here:
Apps | XFlak40

v6 of the script released on June 1, 2016: Changed how the exe is packaged so as to not run from the temp folder and should therefore not cause problems for folks using Kaspersky or other anti-viruses that similarly block services launched from the temp folder.

Thanks! Works great. I really appreciate the time you put into this.

@morphene said:

@XFlak said:
v6 of my VPN Bypass for Plex Media Server script can be found here:
Apps | XFlak40

v6 of the script released on June 1, 2016: Changed how the exe is packaged so as to not run from the temp folder and should therefore not cause problems for folks using Kaspersky or other anti-viruses that similarly block services launched from the temp folder.

Thanks! Works great. I really appreciate the time you put into this.

Actually, I guess it’s not working for me… I disconnected my phone from WiFi and the Plex app on it can find the server over 4G and play videos but says it’s an “indirect” connection. No one else seems to be able to see the server however. Using this in Windows 10 BTW.

EDIT: Never mind, it’s working great now. Just needed to reboot… doh!

So I’ve read through this topic a bunch of times, tried a lot of options, and I’m just not getting anywhere.

I’m using Ubuntu 16.04 with OpenVPN (using SlickVPN cert [everyone mentions PIA but I messed up and bought a year to Slick so not sure what else to do besides switch to PIA?])

Anyway, everything works locally, autostarts on boot, VPN connects, peachy.

I can’t get remote access to Plex. It says it is available, I’ve manually forwarded ports, got the green check.

To specify, I can get minimal connection to Plex outside my LAN, but it gives some mention of indirect connection and I’d like it to be working as well as it done when not on the VPN (tested by turning VPN off and Plex works fine with ports forwarded on my router).

The Ubuntu server is the only thing running OpenVPN, not my router. I have a few open ports provided by SlickVPN (443, 8080, 8888) each of those says Plex should be good, but eventually it says Indirect Connection.

I’ve attempted so many things and my brain is melting:

• iptables (https://www.reddit.com/r/VPN/comments/4n2qmr/possible_to_guide_traffic_outside_vpn/)

• routes (https://forums.plex.tv/discussion/comment/969632/#Comment_969632)

• nano /etc/network/interfaces/ {https://www.reddit.com/r/PleX/comments/369jt1/guide_plex_vpn_on_ubuntu/}

Would love it if someone could mention something that would work best for my use case (get Plex outside the OpenVPN on my server).

I’ve tried experimenting with VM’s and even considered completely reinstalling Ubuntu 16.04 and going from there with the knowledge I’ve gained in the last 2 weeks… but it’s a last option. Maybe switching to Windows OS and using one of the guides/scripts people have reported working would be best… I dunno, just need to see the light at the end of the tunnel somewhere (no pun intended :P)

Thanks to anyone with any information… really appreciate it.

@XFlak said:
Try hard coding your gateway. It’s explained in the script itself how to do that. Let me know if it works. Thanks

How can you tell if it’s correctly identifying the gateway, and is there a way to hard code the gateway and still use it as an exe rather than a bat?

Edit: I figured out in Windows 7 the issue is that it wasn’t recognizing my gateway. After I hard coded my gateway into the script in the .bat file, it works! And I figured out I can use AutoIt to make the bat into an exe. On my Windows 10 server, it still doesn’t work. Any ideas? I tried hardcoding the gateway, and I added a pause at the end and it’s not giving any errors.

With the latest update u can just edit the bat file and still use the exe , the exe is basically just a shortcut to launch the bat silently.

For me to help identify the problem you’re having oh windows 10, remove all instances of >nul or > nul from the script and show me the output.

This script didn’t work for me on a Windows 10 machine with PIA VPN enabled.
Apparently the ‘nslookup’ in the script was giving a timeout and broke out of the script.
After some digging around I found that the nslookup didn’t work because of IPv6.

Only thing I had to do was to uncheck the Internet protocol (TCPIP/IPV6) in my LAN Adapter properties.
This enabled nslookup the succesfully lookup the “plex.tv” IP addressess and route them.

Hope this find can help some people out there having trouble with their Plex.

@XFlak said:
With the latest update u can just edit the bat file and still use the exe , the exe is basically just a shortcut to launch the bat silently.

For me to help identify the problem you’re having oh windows 10, remove all instances of >nul or > nul from the script and show me the output.

Thanks. I was deleting the altered bat file once I verified that the .exe was working. I didn’t know it was a shortcut to the bat. Let’s see if it continues working this time.

Thanks very much XFlak. it worked wonderfully. thanks

It’s working great on Windows 10 with the gateway hardcoded. Thanks!

Guys, I need a bit of help. I tried using xflak’s bypass on windows 10, tried the bat file but even after uninstalling it, the cmd window keeps popping up which is incredibly annoying when playing games. Have no clue how to get rid of it. Will appreciate any tips, thanks

Someone must have scheduled a windows task to run the bat file every so often. You should use the exe version which runs invisibly or disable the task.

Start Task Scheduler by going to your Start menu/screen, typing “schedule” and clicking the schedule tasks option. On the left side of the Task Scheduler window, click Task Scheduler Library. In the middle, you should see the task you added to make the bat file run. Right-click it and choose properties, and then “actions”, and then edit the action to run the .exe file instead of the bat file if you want it to still run without popping up any windows. Or you can right-click the task and just delete it if you don’t want it to run.

There is a page explaining how to properly create the task here https://www.cuttingcords.com/home/2014/11/8/protecting-your-privacy-with-vpn , but be sure to run the exe and not the bat.

Great, thanks guys, didn’t even occur to me to check the tasks