Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sick of Plex

    OpenVPN
    3
    5
    664
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      edwardnizz
      last edited by

      I was running Plex for years without any issues, locally and remotely until I found out today that plex had a data breach. I changed my password and cant get anything to work right. I'm sick of plex and was looking for a way to share my files anywhere using OpenVPN and whatever end client outside the network.
      The questions are:

      • can I use OpenVPN to connect to my media files?
      • Do I need a dyndns server to do this?(i have a dynamic IP)
      • What android based and windows based app should I use to watch my library.
        My original setup consists of:
      • My PFsense router
      • a Raspberrypi as the media device (all outbound traffic goes through an OpenVpn client using PIA)
      • an Nvidia Shield (formally running the Plex media server)
        -the Pi and Shield share the same subnet.
        I hope I'm explaining this right.
      johnpozJ 1 Reply Last reply Reply Quote 0
      • AndyRHA
        AndyRH
        last edited by

        A least the breach was not 6 months ago and we are just now finding out. I setup 2FA (should have a long time ago) and I am waiting to reset my password. Too much activity right now with 2 million people changing their passwords at 1 time.

        A VPN connection is just a network connection. On Windows I prefer Media Player Classic. Small and seems to always work. I do not know of one for mobile devices that will play media from a file share, mostly because I have not looked.

        o||||o
        7100-1u

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @edwardnizz
          last edited by johnpoz

          @edwardnizz @AndyRH yeah I saw all the news this morning and did have a breach email in my inbox this morning.

          I personally didn't have too much issue, I just changed the password via the plex web gui interface without much difficulty. Took a bit to get it reclaimed, seems the issue was revolving around ssl cert used and and the token that was changed and then the cert not being valid, etc.

          Once I connected locally via just http seemed to work just fine with the reclaim.

          I think I was just lucky with time of day that I did it, because for sure trying to reset it via plex.tv site email was very much delayed.

          Now if I read the info I saw correctly it was a hash that that could of been lossed, which is much harder to get the password from - you need to bruteforce it really and validate the hash for whatever password, etc. And seems the good news was not only was salt used, but also pepper.

          And if you had followed good practice and used a good password anyway - even harder to find vs say just p@ssw0rd1 etc..

          The password I changed to was even a stronger password, waiting to enable 2fa for a couple of days - letting the dust settle.

          But with Andy here using a vpn while a secure way to access files - accessing media files is way different experience than access your media through something like plex. If your worried about outside access. You could really just allow for local auth via the bypass method and just completely disable remote access be it via direct or relay mode.

          Then use your vpn connection for your remote users to just access the plex instance.

          While I do give them props for coming clean so quickly - they had to know there would be a made rush in changing passwords. Maybe some clearer warning of delays or issues with speed of getting it changed, possible info on who could maybe wait a bit before changing or those that should look to changing right away, ie those that were using bad passwords from the get go, and clearer instructions that turning on 2fa would be a form of mitigating the problem until rush has subsided in changing passwords. I am waiting til the weekend to do 2fa because I have a couple of 3rd party tools that access plex, and while they were not that hard to just get the token once I changed the password - not sure if will be that simple if enable 2fa, and if they are having such delays in changing password - not sure if same sort of delays or issues with 2fa enable/disable - I did see one post were someone saying trying to enable 2fa was not working. So think I can just wait til the weekend to tackle that.

          If the passwords were stored with secure salt and pepper that is more props.

          What I didn't really like that I ran into, while my devices all seemed to have to reauth right away after changing the password. Some of my family members didn't have to reauth for quite a few hours.. Maybe that was capacity issues as well. But later in the day both of my sons devices did require reauth, and my nieces machine, etc.

          What might be nice going forward is some way to force your friends to have to change their passwords. And maybe someway to know that they did change the password before they can access the server. While anyone with a plex account should be getting the email at some point here shortly - how many will actually pay attention or actually change it?

          I did send out an email to all my users to please change their passwords, and use strong and even enable 2fa.. How may actually will - now friends access is not as bad as admin access - but still don't want anyone that is not actually my friend accessing my media. Some of them have access to home movies, etc.

          With any and all breaches - its never a fun time for anyone that is for sure.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • E
            edwardnizz
            last edited by

            Your right they did let us know quickly. My passwords are all different and pretty intricate so I shouldn't be too worried. Just with the Nvidia shield, I couldn't find a way to sign in to the server portion. It makes things difficult. I got thousands of files and when I do a factory reset on the Shield, it takes a lot of time and patience. the shield is good but not as good as a real server would be. especially since my files are coming from the pi.
            but to the OVPN question. I could set that up with only the media folders to share if i want? Do I need a static address? i never did a site to client VPN before. Once I am able to figure it out. I would probably use Nova player for my android devices and have my shares use it once they connect on the client.

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @edwardnizz
              last edited by johnpoz

              @edwardnizz said in Sick of Plex:

              with the Nvidia shield, I couldn't find a way to sign in to the server portion.

              Oh from like the shield interface to plex - yeah that is prob limited sort of interface. For some more advanced server stuff you prob better access the plex from your fav browser.

              And via the plex.tv url because if you access it direct via ip or local name, etc. that web gui interface is normally a few revisions behind what is available when you use https://app.plex.tv/desktop/#!/

              webinterface1.jpg

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.