Using Plex Server with a VPN

I feel like such an idiot for not being able to make this work. I will try my best to describe what I’ve done so far in order to get help from anyone who is willing to provide some feedback.

I’ve set a static IP address for my computer (Windows 10, 64 bit).
I’ve set the port forwarding rule on my router so that 32400 (inbound and outbound) gets forwarded to the static IP address of my computer.
I’ve set 2 rules on my Windows Firewall for Inbound port forwarding (port 32400) for UDP and TCP.
I’ve downloaded PIA and set Request Port Forwarding and filled in the Local Port to be 32400 and set it so that it’s connected to CA Toronto which is Port forward enabled (I believe based off of what I read on PIA’s site).
I’ve connected to the VPN for PIA and then tried manually specifying the port number of 32400 on Plex and establishing a connection. This does not work.

I’ve tried using all of XFlak’s scripts (255.255.255.255, 255.255.255.252, 255.255.255.0, 255.255.0.0, 255.0.0.0) and manually specifying the port number each time of 32400, and I’ve also done it where I’ve unchecked the manually specify the port number and retried to establish a connection. None of them seems to work. When I don’t manually specify a port number, it seems that Plex shows my IP address from my actual internet connection, as Xflak mentioned it would, but the port is 0?! (ex. XXX.XXX.XX.X:0), However, when I do specify the port number manually the IP address switches to the one that’s assigned by PIA VPN connection.

I’m sorry if this doesn’t make much sense. I’m relatively new to this, and still trying to grasp an understanding of everything and I’ve tried to scour the forums and reddit and use different suggestions from everyone, but everything seems very old that has pictures to follow along and the pictures are no longer accessible and anything else seems a little more complicated than I am capable and I don’t want to ruin my computer.

Thank you in advance for any advice or help anyone is able to provide.

@TonnyBanh said:
I feel like such an idiot for not being able to make this work. I will try my best to describe what I’ve done so far in order to get help from anyone who is willing to provide some feedback.

I’ve set a static IP address for my computer (Windows 10, 64 bit).
I’ve set the port forwarding rule on my router so that 32400 (inbound and outbound) gets forwarded to the static IP address of my computer.
I’ve set 2 rules on my Windows Firewall for Inbound port forwarding (port 32400) for UDP and TCP.
I’ve downloaded PIA and set Request Port Forwarding and filled in the Local Port to be 32400 and set it so that it’s connected to CA Toronto which is Port forward enabled (I believe based off of what I read on PIA’s site).
I’ve connected to the VPN for PIA and then tried manually specifying the port number of 32400 on Plex and establishing a connection. This does not work.

I’ve tried using all of XFlak’s scripts (255.255.255.255, 255.255.255.252, 255.255.255.0, 255.255.0.0, 255.0.0.0) and manually specifying the port number each time of 32400, and I’ve also done it where I’ve unchecked the manually specify the port number and retried to establish a connection. None of them seems to work. When I don’t manually specify a port number, it seems that Plex shows my IP address from my actual internet connection, as Xflak mentioned it would, but the port is 0?! (ex. XXX.XXX.XX.X:0), However, when I do specify the port number manually the IP address switches to the one that’s assigned by PIA VPN connection.

I’m sorry if this doesn’t make much sense. I’m relatively new to this, and still trying to grasp an understanding of everything and I’ve tried to scour the forums and reddit and use different suggestions from everyone, but everything seems very old that has pictures to follow along and the pictures are no longer accessible and anything else seems a little more complicated than I am capable and I don’t want to ruin my computer.

Thank you in advance for any advice or help anyone is able to provide.

When your VPN, your firewall, and your antivirus is turned off, are you able to connect remotely?

@Thronic I will take a look at your Bypass, thank you
@jerry121802 Yes I am.

Hey @Thronic, just found and tried your Bypass for the first time and it seems to work great. I’d used XFlac’s scripts for a while but they were always kind of hit and miss.

I had a question about your software though: Presently, both my server and VPN are on the same local machine. I was considering handing the VPN duties to my router to allow all traffic in and out of my house the same protection. Does your Bypass still work if the VPN isn’t hosted locally?

Thanks for your reply, @Thronic! Really appreciate your work.

@XFlak said:
~Updated June 17, 2015~

I wrote a windows batch file to route plex.tv’s current IP address (with various subnet masks to choose from) to your machine’s default gateway (e.g. 192.168.2.1). I promise the bat file is safe, just google me and my reputation will speak for itself.

The code is below but I also uploaded a zip containing the bat file and an exe version of the bat file (same as the bat file except runs invisibly). For best results, use windows task scheduler to launch the exe (with highest privileges) as often as you’d like.

This will ensure that even if the IP for plex.tv changes, your setup will automatically route it past your VPN. A list of routed IPs will be saved here:
“%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt”

I’m using PIA and this works perfectly.

Enjoy!

XFlak

P.S.

I forgot to mention. Check out my other projects at https://xflak40.wordpress.com

Tons of good stuff there, as well as donation links should you like my work and be feeling generous

@echo off setlocal set PATH=%SystemRoot%\system32;%SystemRoot%\system32\wbem;%SystemRoot% chcp 437>nul echo VPN Bypass for Plex Media Server echo by XFlak echo. ::get Default Gateway ipconfig|findstr /I /C:“Default Gateway”|findstr /I /C:“1” >“%temp%\gateway.txt” set /p gateway= <“%temp%\gateway.txt” set gateway=%gateway:: =% ::echo %gateway% ::If gateway is detected incorrectly, override it by uncommenting the below like (delete : and input your correct gateway ::set gateway=192.168.2.1 echo Getting plex.tv current IP addresses… echo. echo Note: Log of plex.tv’s routed IP’s saved here: echo %userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt echo. nslookup “plex.tv”|findstr /I /V “Server: Address: Name: timeout” >“%temp% emp.txt” findstr /I /C:"  " “%temp% emp.txt” >“%temp%\plex.tv.txt” echo. cd /d “%temp%” for /F "tokens=" %%A in (plex.tv.txt) do call :list %%A goto:donelist :list set PlexIP=%* set PlexIP=%PlexIP:*  =% echo %PlexIP% if not exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt” goto:skipcheck findstr /I /C:“%PlexIP%” “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt”>nul IF NOT ERRORLEVEL 1 (echo IP already routed, skipping…) & (goto:EOF) :skipcheck echo route -p add %PlexIP% mask 255.255.255.255 %gateway% route -p add %PlexIP% mask 255.255.255.255 %gateway% echo. echo %PlexIP% >>“%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt” goto:EOF :donelist ::clean no longer used IPs echo. echo Removing routed IPs no longer used by plex.tv echo. if exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt” del “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt”>nul if not exist “%userprofile%\AppData\Local\Plex Media Server” goto:doneclean if not exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt” goto:doneclean cd /d “%userprofile%\AppData\Local\Plex Media Server” for /F “tokens=" %%A in (PermittedPlexIPs.txt) do call :clean %%A goto:doneclean :clean set PlexIP=% findstr /I /C:”%PlexIP%" “%temp%\plex.tv.txt” >nul IF ERRORLEVEL 1 goto:remove echo IP still used: %PlexIP% echo %PlexIP% >>“%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt” goto:EOF :remove echo IP no longer used: route delete %PlexIP% route delete %PlexIP% goto:EOF :doneclean if exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt” del “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt”>nul if exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt” move /y “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt” “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt”>nul echo. echo Finished, exiting… @ping 127.0.0.1 -n 3 -w 1000> nul exit

edit: code was missing a “>”, old version still worked but log only retained latest IP, the 4 people who downloaded the last version may want to redownload the new one

edit2: updated script\attachments on May 12, 2015, it’s now more efficient\secure by using nslookup instead of ping and using subnet mask 255.255.255.255 instead of 255.255.0.0. Thanks to John Doe at cutting cords for the suggestions.

edit3: updated on May 20, 2015, now includes a read me, an uninstaller, and multiple versions of the script for different subnet masks. Try them in the following order until you find one that works for you. Warning, the further you get to the bottom of the list the more IPs will bypass your VPN.

255.255.255.255
255.255.255.252
255.255.255.0
255.255.0.0
255.0.0.0

edit4: updated on June 16, 2015, now it removes old IP addresses no longer used by plex.tv from being routed past your VPN. So only the current IP addresses used by plex.tv will bypass your VPN and nothing else.

edit5: minor update, also added version # (v5) and icon to the exe’s

I’ve just come across this and am about to give it a go… silly question maybe, but how do I tell if it’s working other than watching a few videos and seeing if i get hit with buffering at some point?!

Also, assuming it does work, how frequently do I need to run this via Task Scheduler? And do I need to re-start Plex server every time I do?

You’ll know it’s working if while connected to your VPN you see a green checkmark in plex’s media server settings indicating you’re accessible via the internet

Be sure to grab the latest version from my WordPress website

I have been banging my head against a wall on and off for 6 months trying to get this working. I use IPVanish. In the IPVanish.config (ovpn settings basically), you can make routes like a ovpn config. I don’t know if my list of routes are incorrect, but I keep getting the error stating my plex server is not available outside my network while my VPN is active. If I have an indirect connection, does that mean it works? I thought the goal is to have a direct connection.

route plex.tv 255.255.255.0 172.16.7.1
route app.plex.tv 255.255.255.0 172.16.7.1
route 52.17.40.0 255.255.255.0 172.16.7.1
route 54.77.98.0 255.255.255.0 172.16.7.1
route 52.208.253.0 255.255.255.0 172.16.7.1
route 34.249.151.0 255.255.255.0 172.16.7.1
route 34.251.191.0 255.255.255.0 172.16.7.1

What the hell am I doing wrong? Are these not the correct IPs? Am I missing something? Xflaks scripts seem to not be working for me either after installing/uninstalling each .exe. Thronics app doesn’t work either. Nslookup shows the actual hosts of Plex, but I made them /24 in case they may change to another IP. Everything is good when the VPN isn’t on, when I connect it throws the “can’t connect outside your network error.”

Edit: It looks like Thronics app adds the routes, but I am not seeing any change. Wtf?

Looking at the linux version of @Thronic vpn bypass, he’s including my.plexapp.com, plexapp.com, plex.tv, pubsub.plex.tv and pubsub.plex.bz. @XFlak script looks like it’s doing an nslookup just against plex.tv.

I’m having the same problem using nordvpn on ubuntu with exception routing. I can actually get to the freaking Plex webpage hosted on my server (https://externalip:32400) from the internet and play movies directly via a browser. But hell if I can get remote access to connect.

I suspect there’s an IP that I’m missing in my exceptions but I’ve entered all of them for the above url’s. I’m now trying to find a log somewhere in Plex that can tell me what IP is trying to reach it. I really don’t want to dig through a netstat dump.

Nord is the endpoint, client is actually openvpn on linux. I’ve seen all those options when I use the windows client Nord supplies. For linux they just have .ovpn config files.

The confusing part is that I can physically get in to my plex server directly from any IP that I create an exception route for. Which leads me to believe I’m not routing to a group of Plex IP’s that it’s trying to use to connect.

Hi, I read this post far enough to determine what my problem was in relation to my end game. My goal was to only have access to my media at home behind my router.

Excuse any grammatical issues I’m not a network pro by any shot. Just thought I would post some points about my experience in case it may help anyone on this topic.

My environment (relative to this post):
Dual band Gb router (DHCP server with static IP table mapping)
16 port switch (didn’t have to touch this)
iMac - OSX El Capitan - running ExpressVPN and Plex Server with media library.
2 x Sony Bravia TV (as DLNA clients)
I use a NAS as backup not to stream my media from.

So, for me, Plex has always worked, though intermittently dropped out and been a headache with wifi and i’m soooo sick of it. I generally don’t switch the VPN on unless I need to. Recently its stopped connecting completely… And well we want to watch some movies.

Now that I have it working I can say that on initial testing its all positive and I will send through any change should there be any other issues.

1. Disabled my VPN. As I thought that was the problem.
2. Disabled secure connections in PLEX Server.
3. Open Router and make note of Static IP’s for my DLNA media clients.
4. Insert those IP/Subnet masks into Plex Server (Network)
5. Enable remote access (publish). Manual specification area becomes editable.
6. Disable remote access to switch off internet access. (I didn’t publish the Plex server address:port so this is also disabled. Though is registered with IP and port.
7. Private connection is enabled and published behind my router firewall.
8. Test connection from Bravia TV using DLNA Client. Tick - works perfectly.
9. Enabled Secure connections in Plex (Network) and retested. Tick - works perfectly
10. Enabled VPN and retested. Tick - works perfectly.
11. Edit Update sleep setting to Stay awake. After I wrote this and put my machine to sleep I told the wife everything was all good and it did the same thing. Couldn’t connect to the server. Changed sleep settings on iMac (where Plex server is located) and its back up.

Moreover, I have Plex running in the background when I start the machine.
I don’t need to login to Plex TV. Not interested at this point in time.
There is no port forwarding at the moment. Though looks to be automatic if published as public.
I have tested both wifi and wired for home use and its really snappy.

I didn’t do any changes in coding or service mods. Its essentially just a few settings in Plex and checking IP’s because I have opted for static IPs in my DHCP server which was a requirement for IP phones with the ISP I use.

Hope all that makes sense. I’m sure that it could be setup better but its working how I want it to at the moment. Happy to hear any security issues people may see.

Jason.

Hi,

I have modified latest XFlak40 script with 255.255.255.255 netmask in order to work in my system which is VPN Unlimited’s service based 24x7 on a windows server. Also have Plex Media Server service running as a different user so this needs to be addressed somehow different as per default code. These are the main changes:

• As my user profile is spanish based I needed to add a few words in place in order to keep the filters working. And took out the default gateway IP to a variable for the same reason. Variable is gatewayIP
• As running behind a service with its own user, I added a variable at beginning of the script with the user profile directory to be used. If not, the script would use the user running it which is not always the proper option. Variable is userProfileDir

I kept original XFlak40 lines commented out in order to be able to compare. Also made these steps:

• created a windows task to be run by admin user/privileges at system start running the script and before VPN is run, as in my case DNS proteccion avoid nslookup to get plex.tv IPs
• for Unlimited VPN I selected working mode as KeepSolid Wise UDP. Other modes may or not to work.

hope it helps…

my_script.rar (1.2 KB)

I’m finally saying “screw it” and setting up a VM for any app that needs to be on a VPN.

Actually , my remote access is working with my VPN activated and the green check mark isn’t activated. In fact, my Plex remote status in settings still says “Not available outside your network”, however when I use my phone to access plex, turn off my wifi network access and just use LTE to simulate external access, I can connect and play files remotely thru the active VPN. I also had a shared user try and it works for them also. It does transcode the file and throttle the connection, but is pretty stable. Again, the status still indicates Plex is not available outside my network. I am also using the original xflak script with a Task scheduler on Windows 10 with NordVPN. I followed the instructions written here --> Getting Plex Remote Access to work reliably with VPN by agossett on feb 3, 2018.

Hi code in can u tell me how ir vuze was running while the portforward with pia is working. I contacted pia support and it seems that the port is only open when data is moving through it.

" If you are using port forwarding and trying to verify the forwarded port, as this is a remote open port on our server, it will not show open on your system. Locally, as it is a listening port configured in your torrent software, it will register as “closed” on a standard port scan by default. Listening ports are only open while data is actively moving through them.

When using port forwarding, you assign ports that remain open, for applications on your computer to use unrestricted. This is sometimes necessary for specific applications so that they can access their servers uninhibited (such as torrents, etc.). The security risk associated with this, however, is that if in the unlikely case someone were to:

a) somehow know your local IP address (not the virtual IP that our VPN grants),
b) happened to be watching/scanning that IP for available, open ports, then it’s possible they could use one of these open ports to access/bypass the VPN tunnel, allowing access to your computer."

I no longer use Plex.

I attach my USB drive to the USB port on my router.

I use the Amazon Fire Stick (4K) on my TV and added the free app from Amazon, VLC Player, to the Fire Stick, to watch movies.

I use Vuze or a variant as in BiglyBT, Port forwarding with PIA is easy with there new Desktop clients. Vuze also offers a plugin to check your VPN connection called VPN helper along with Vuze network settings can bind to PIA interface. The desktop client has port forwarding servers displayed and can be easily used when required or as favorites. I use a Non forwarding server when not using Vuze. Split tunneling could also be an interesting setup, some VPN companies offer this option.

I use this and IPVanish. They don’t offer support for bypass. This program can be set to run as a scheduled task so it can be ran as a service. It will allow plex through your vpn and you will even get the green check mark. Since I run a VPN always, it is nice to add other websites to the list and restart the service to let them through the VPN. Works with Windows and most Linux distros.

Site is now in Norwegian…
https://nedrelid.net/programvare/VPN-Bypass/

After a search there are a few VPN companies supporting Split Tunneling.

ExpressVPN, PureVPN, Ivacy, AirVPN

A good article on the subject.

I have used the desktop app with pia canada and it did indeed give me a port number. Problem is if I enter that port number into plex remote access it won’t work as even though pia say’s the port is open it actually isn’t. If you use an open port scanner and check if pia’s designated port is open it will show as closed. However it only seems to open if I set the listening port of my torrent client to that port.

Here’s a little demo of this open/close port issue.