PfSense + Plex Media Server + PIA…Can it be done??
-
Let me just give you a quick overview of what my network (at least those parts that matter here) looked like before pfSense was in the picture. Then I'll explain what I'm hoping to accomplish bringing my new pfSense box into play.
Router/Firewall: DD-WRT Router with port forwarding for Plex to my Media Sever box (running on a VM box) - 192.168.2.1
Media Server: Plex Media Server as a Virtual Machine on ESXi 5.5 host - 192.168.2.200
Storage Server: UnRAID server holding all my media - 192.168.2.210With simple port forwarding in DD-WRT of the port needed for Plex configured, all outside requests (regardless of IP) over that port would be forwarded to 192.168.2.200. I realize this probably isn't the most secure way of doing things but it's the only way I knew how to make my server accessible users over my WAN connection.
Now with the implementation of pfSense I have the following goals in mind:
-
Tighten up as many holes as possible while still making the experience seamless to users
-
Make all traffic to and from my Plex server go out over an OpenVPN connection to Private Internet Access
-
Configure bandwidth quotas for users that connect to my server so that no one can consume more than 8Mbps of upload bandwitdth at a time
I don't how how possible/realistic these goals are but I'm not really sure how to go about approaching this scenario to ensure that I have security in place without making it inconvenient on my users. For example:
Will I have to configure incoming firewall rules for every single IP address that plans to connect to Plex?
If so, can I use hostnames/aliases so that those with dynamic IP's (most people) won't have to do much on their side of things?
How will this affect my ability to configure bandwidth quotas?As for the introduction my PIA VPN connection, is it possible to do what I'm looking to do? That is, have all traffic to and from Plex go out over that VPN connection while all other traffic goes over my standard WAN connection?
I'm hoping there is someone out there who is either doing this already, has attempted it and knows the pitfalls/limits, or could break down for me the best way to go about getting this setup. I'd greatly appreciate any insight you could offer.
Thanks!
P.S. I'm probably going to try putting pfSense on the same VM box as my Plex server since I have 3 spare NICs. But if this will all work better as a standalone box I'll go that route as well.
-
-
You can fulfill your requirements better with pfSense than with any other consumer box running DD-WRT. I know very well DD-WRT
I have a similar configuration (check my signature). My Plex Server runs on NAS, Plex in under VPN (AirVPN) and can be reached from outside via an AirVPN public ip (they offer a DDNS service as well) and dedicated port (yes, AirVPN offers port forwarding service, too).
pfSense manage accesses via IP/Aliases (not MAC), so you need to be ready for that. I suggest you to make some test on a VM before doing that in production.
-
You can fulfill your requirements better with pfSense than with any other consumer box running DD-WRT. I know very well DD-WRT
I have a similar configuration (check my signature). My Plex Server runs on NAS, Plex in under VPN (AirVPN) and can be reached from outside via an AirVPN public ip (they offer a DDNS service as well) and dedicated port (yes, AirVPN offers port forwarding service, too).
pfSense manage accesses via IP/Aliases (not MAC), so you need to be ready for that. I suggest you to make some test on a VM before doing that in production.
Someone else mentioned AirVPN yesterday to me as well that they do static port forwarding (unlike PIA which does dynamic so it changes each time you disconnect). I'm definitely going to look at them.
As for the managing access to my network, you mentioned I can only do it by IP/Alias. Is there anyway to do it by domain name? I'm just thinking I could have my users configured DDNS for their home networks since that's easy enough. Otherwise everytime their ISP changes their IP they'd lose access.
-
Someone else mentioned AirVPN yesterday […]
It was me….in Plex Forum.
I don't think you can manage access using domain, take a look to the Captive Portal features.
-
Someone else mentioned AirVPN yesterday […]
It was me….in Plex Forum.
I don't think you can manage access using domain, take a look to the Captive Portal features.
Oh haha, what up!
I will take a look at the captive portal features. I'm assuming if you're suggesting it that you can setup captive portal that doesn't require login?
Also, side note in regards to AirVPN…What kind of speeds do you get connecting to their servers?
-
I am not skilled with captive portal, I don't use it.
Regarding AirVPN, I have a poor 20/1 line, and I can connect to their servers at that speed (minus natural overhead), they don't apply any filter or throttle. -
I am not skilled with captive portal, I don't use it.
Regarding AirVPN, I have a poor 20/1 line, and I can connect to their servers at that speed (minus natural overhead), they don't apply any filter or throttle.Ahhh. I asked them for a trial so I can test my 150/75 connection.
How do you manage to have Plex working with 1Mbps upload speed? I imagine the upload speeds I get with AirVPN will be a big factor for whether or not I decide to go with them.
-
I am a home user, I don't stream outside my LAN….my upload requiremts are pretty low. In any case I am waiting for fiber.....100/10 is enough.
Please let me know how will go with AirVPN. -
I am a home user, I don't stream outside my LAN….my upload requiremts are pretty low. In any case I am waiting for fiber.....100/10 is enough.
Please let me know how will go with AirVPN.If you don't stream outside your LAN, why did you port forward through AirVPN for Plex?
-
I stream only mp3, not videos, and only 1 user….me. The rest of my family enjoy local stream, movie, cartoons, etc etc.... :P
-
I stream only mp3, not videos, and only 1 user….me. The rest of my family enjoy local stream, movie, cartoons, etc etc.... :P
Ahhhhh I see, that makes sense. Well it's just good to know that you were able to get your server accessible over your WAN but hiding it via AirVPN. I'm going to have to investigate what kind of speeds I can get through them because my server is consistently serving 5-6 users and I have a 75Mbps upload connection.
-
With appropriate hardware you see a 10%hit on your non vpn throughput
I'm on a 120/10 and see 111/9 usually aes256 blah blah aes-ni on a c2758 board etc -
@irj972:
With appropriate hardware you see a 10%hit on your non vpn throughput
I'm on a 120/10 and see 111/9 usually aes256 blah blah aes-ni on a c2758 board etcRight. I've got a c2558 board and think I'll be OK in that regard. I'm more concerned with the speed of the Air VPN servers.