PIA, PfSense, Plex
-
Hi there,
I think this is the right place to post this as most of the setup was through openvpn for PIA. I just setup a PfSense box and PIA to route my entire network. While I'm at home I can access Plex without any issues but when I'm not in the network it is not accessible. Reading through some posts it sounds like I need to possibly open up some ports? I'm still really new at this side of things so please excuse that.
As for my setup it looks like this :
Modem
PfSense Box
Wireless Router
UnRAID Box running Plex, Sonarr, CouchPotato, and Transmission.I do want to make sure if I'm able to get this working that any of my torrent traffic is still private as well.
On a side note but not as important (pretty sure it's a related process) my Netflix no longer works inside my home.
Thanks in advance.
-
Also if it is relevant I followed the instructions here to setup PIA and PfSense - https://www.privateinternetaccess.com/forum/discussion/18111/openvpn-step-by-step-setup-for-pfsense-firewall-router-with-video
-
while i'm not positive about PIA, i do know most VPN service providers do not forward remote ports, which is what you'll need to do if you want to access plex remotely.
since you are running plex and transmission on the same box, i'm assuming you don't want to run all it's traffic in the clear. there is probably a way to route just the plex traffic in the clear and the torrent traffic through the vpn but, that is far beyond my pay grade.
easy fix, use airvpn instead. they are the only VPN provider i've seen that allows you to forward ports. you can forward up to 20 ports. they also have a very detailed pfsense setup guide. https://airvpn.org/topic/11245-how-to-set-up-pfsense-21-for-airvpn/ which i suspect was written by someone from this forum.
as for your netflix not working, real simple reason https://torrentfreak.com/netflix-cracks-down-on-vpn-and-proxy-pirates-150103/ i believe the pfsense setup guide in the previous link has information on setup with at least 3 nics so you can also run traffic in the clear.
me personally, i just run 2 separate boxes for plex and torrents and run the openvpn client on the torrent box. much easier. if you don't have 2 boxes available you could always run your torrents in a vm with the openvpn client. that's what i used to do.
-
Alright so just to make sure I understand this isn't a setup issue with my PfSense box. It's due to the vpn not being able to have those ports open?
I've got like three months of PIA access so I'll probably make use of it for the time I have and see what I can work out. It sounds like if I add an extra nic to my PfSense box I can have everything on that lan unprotected and it will work like it did before I added the PIA is that correct?
Lastly if that is the case if I do a Plex VM using Windows or Linux on my unRAID box and also add an extra nic on that box will the vm have the ability to use the unprotected network? Not overly familiar with VMs but my unRAID box is pretty powerful and it has to be on anyways so I figure that will work if that can do that.
-
Alright so just to make sure I understand this isn't a setup issue with my PfSense box. It's due to the vpn not being able to have those ports open?
yes, that is correct.
I've got like three months of PIA access so I'll probably make use of it for the time I have and see what I can work out. It sounds like if I add an extra nic to my PfSense box I can have everything on that lan unprotected and it will work like it did before I added the PIA is that correct?
also correct. one port for your clear-net and one port for your vpn and one port for your wan.
Lastly if that is the case if I do a Plex VM using Windows or Linux on my unRAID box and also add an extra nic on that box will the vm have the ability to use the unprotected network? Not overly familiar with VMs but my unRAID box is pretty powerful and it has to be on anyways so I figure that will work if that can do that.
the short answer to your question is yes. while you wouldn't normally need an additional physical nic to run a vm with a bridged virtual interface, i am not sure if the clear-net route needs to be physically completely separate from the vpn route. there are others here with more experience who can probably help you with that.
make sure to plan out where you are going to keep your plex library and where you are going to keep your torrents as you will have to define which folders to share between the vm client and the host.
-
make sure to plan out where you are going to keep your plex library and where you are going to keep your torrents as you will have to define which folders to share between the vm client and the host.
Ugh i just thought about this… if my Plex VM is on a different network(unencrypted) than my unraid box(PIA protected) how will Plex be able to see the files on the unraid box?
-
make sure to plan out where you are going to keep your plex library and where you are going to keep your torrents as you will have to define which folders to share between the vm client and the host.
Ugh i just thought about this… if my Plex VM is on a different network(unencrypted) than my unraid box(PIA protected) how will Plex be able to see the files on the unraid box?
you can define local folders to share between the vm client and host in your vm configuration. this will allow you to move files back and forth between the host and the client.
-
No, PIA doesnt forward ports. I have the same setup and what I did to get everything to work was to setup a NAT port forward from pfsense box to Plex.
And then I made a firewall rule to route Plex around the VPN to my WAN.
There was hours and hours of trial and error to get this to work. The key was to specify in the FW rule destination not PIAVPN and set gateway as WAN.
See pics
![NAT rule.png](/public/imported_attachments/1/NAT rule.png)
![NAT rule.png_thumb](/public/imported_attachments/1/NAT rule.png_thumb)
-
I think the best solution is to switch VPN provider. I am Plex Pass member, pfSense user and AirVPN user. Those 3 work pretty well together. AirVPN allows you to setup port forwardings (up to 20) so you basically apply the same concepts you set on routers.