Bringing out the big guns - PLEX, VPN and portforwarding
-
Hey friend I appreciate your reply!
(Firewall NAT) (please don't mind the rule called PLEX WAN for 10.20.30.35)
https://gyazo.com/ff25a52d9f9b266dfb838bf72cb9ed5f(Firewall Rules Interface OPT1)
https://gyazo.com/980c3a22fb7b399cf5fb64f7bc75857e(Firewall Rules Interface LAN)
https://gyazo.com/e47fabbec4e366f9e625817d4ff7b31cThe PLEX server's LAN address is 10.20.30.40 and the VPN Interface is OPT1. Does this help? The VPN is working incredibly well in terms of connectivity and stability and the PLEX machine does tell me that it is getting the public IP, my issue is just to be able to open port 32400 and allow traffic to go in and out through that port on OPT1..
-
Your VPN provider must support port mapping in their servers in order you can grant access to Plex from their IP.
I have the same setup and my provider AirVPN support this feature and work flawlessly.
In Plex settings you have to change port 32400 to the port mapped in VPN servers (if 32400 is not available).
Basically here the steps:
1 - VPN provider servers: map VPN port (normally random assigned) to 32400
2 - Plex settings: change port number to that assigned in VPN Servers
3 - pfSense: port forward VPN net:32400 to local Plex IP:32400In plex forums you can find the same solution I posted here and there.
https://forums.plex.tv/discussion/173129/plex-via-purevpn#latest -
Since my VPN provider both promises that it they support Plex and that they have tried to set up rules in my firewall (without success) I am fairly sure this is a confihuration issue on my end. Do you think you could post pictutes of all the rules in your set-up that are intended to make your plex server available thru vpn?
-
Here pfSense rules.
The key is now to map 32400 on VPN servers, for example port 45000.
In plex settings then change default to 45000… and you are done!
Remember Plex uses TCP on 32400, UDP is not necessary.
In your associated firewall rule use default gateway not VPN WAN.
-
Thanks!
I copied your rules but it did not work. PLEX shows the VPN provider's IP but clearly states that the machine is not available from the outside (ports 32400).
I've screenshotted both my rules, merged them into one picture and attached it here.EDIT: Just to clarify the VPN service I use offers a public IP without any firewall at all so there's no need to open anything up there.
 -
It is not a matter of firewall in VPN servers sides….you need to forward exactly port 32400, your provider must set this (other providers offer this service).
Because Plex Media Server registers itself as VPN_Public_IP:portX (that port MUST be set in plex settings) but since that port is not solely assigned to you and changes....from Plex Clouds is lost communication back to you....this trigger the condition "server not reacheable".
Again you really need your provider assign to you and only to you a port to be mapped to 32400, in order to establish the correct routing from Plex Clouds:Plex Clouds->VPN_Public_IP:portX->VPN_Tunnel_IP:32400->PlexMediaServer:32400
PortX is that assigned in VPN servers and set in Plex Media Server settings.Which is your VPN provider...I will check their services.
-
It's a Swedish provider at http://ovpn.se/en/
Just seems weird that they didn't tell me this when we were trying to solve the issue..
-
They don't offer port forwarding but this: https://www.ovpn.se/en/faq/functionality/does-plex-work-while-using-ovpn….
I don't like the fixed public IP assignment... frankly speaking you should change provider.
My provider offers several ips but I have assigned always the same ports, better solution for security. -
And I have the public address service configured on my plex machine, which brings me here :)
-
Try to set outbound rule with static port for your Plex Media Server, using your vpn gareway. this solution will open a comunication with plex clouds and they will be able to reach you without any port forarding since you have a state alive.
-
As much as I think that sounds like a great idea I am really not sure as to what to put where here. Could you please help me understand that?
I yellowmarked the areas where I am not sure. I am guessing the interface should be OPT1 (my VPN client running with the public id). Also the address under translation should be QA (which is my test machine for this). But when it comes to source destination and pool options I'm not sure.
 -
Interface: the one assigned to VPN
Source: ip of media plex serverTranslation
Address "network" and thick "static port"As a first step use the defaults and see the behavior.
-
Something like this? I can't select network under Translation Address. At the moment it is not working.
Also I should probably mention that you can't select a single client as source. Only an entire network. So if I input 10.20.30.40 (which is my PLEX client's ip) I get 10.20.30.0/24.
-
In source don't put any port…if Plex ask to go with 32400 the static port preserve natting the port.
In the transaltion section, in address you should be able to select "network address".... do you have other options? -
I can only choose from my host aliases and "other subnet".
-
Use exactly "interface address"
-
Still the same results.. Reposting my rules in the attached picture. Does it matter that I have rules to forward traffic coming in on 32400 via the WAN activated the same time as I have the corresponding rule but for traffic coming in from OPT1 (VPN)?
-
Can you post the gareway screenshot and interface assignement…
Opt1 is the VPN gateway? Or the interface assigned to plex subnet? -
Here you go!
Opt1 is the vpn gateway yes.
-
I don't have any other idea…sorry.