nope, but let me ask you this now. This is setup as a second router. First one is connected from isp modem to wan port this one is from 1lan port to wan. So does the first routers settings affect this one? It is not dd-wrt btw
Plex server has only ever been connected to the isp router. Sorry for the confusion. If I go the route of port forwarding, do I forward the ports from the first router to the second, or to the plex machine?
okay let me explain. The primary router is a comcast cable modem/wifi router which the plex has been connected to for years and works fine remotely. To that I connected a secondary router (dir 820L) which is non dd-wrt and not vpn. To that I have connected the Dir 860L dd-wrt with vpn. So I can connect remotely to the plex when connected to isp but would like to connect that machine via the vpn.
So I forwarded port 32400 from router 1 to router2 and then again from 2 to 3 and from 3 to the pc housing the plex. Now plex is remotely accessible from all 3 routers with vpn off. With vpn on it is not accessible from any
Also just came across this:
The most important port to make sure your firewall allows is the main TCP port the Plex Media Server uses for communication:
TCP: 32400 (for access to the Plex Media Server) [required]
The following ports are also used for different services:
UDP: 1900 (for access to the Plex DLNA Server)
TCP: 3005 (for controlling Plex Home Theater via Plex Companion)
UDP: 5353 (for older Bonjour/Avahi network discovery)
TCP: 8324 (for controlling Plex for Roku via Plex Companion)
UDP: 32410, 32412, 32413, 32414 (for current GDM network discovery)
TCP: 32469 (for access to the Plex DLNA Server)
Wondering if any or all of these need to be added to the script and or the forwarded ports?
I'll try to clarify, though I suspect my ignorance in this matter will always cloud it somewhat.
First off it's openvpn client running on router#3 and yes it's 3 routers connected wan to lan. Now I never said I had to forward all the ports to connect on router 1. I had always forwrded 32400 from router1 to the plexserver and it all works good connecting to that router. So I thought the idea next was to get it to connect to the vpn router with the vpn disabled. That is when I had to forward 32400 from r1 to r2 to r3 and that worked and enabled me to connect the plex via all 3 routers until I enabled the vpn client and ran the script after which I can't connect to any. Once I change the forwarding rule on R1 back to directly to plex it's back up again, as I would expect.
Quote:
Now if you told me the plex server was on the local network of router #3, ok, that makes sense, since you would need to port forward as far as that network in order to reach it. And if that same router #3 had an OpenVPN client running, you'd need to take all these steps w/ the script we've been working on to get remote access to that plex server while the OpenVPN client was active.
I guess that's kind of the point. The idea is to try to have that machine running through the vpn if possible. So I switch it to that network(wifi) to try to achieve that. Don't know if the fact that it's wifi affects anything but it runs fine on wifi when connected to R1. So it sounds to me like we're more or less on the same page. It seems to be a matter of getting the script to do what we want.
Everyone seems to be indicating that only port 32400 has to be forwarded.
I agree, all my research has indicated the same thing. My only thought on that was if it is possible that if the server "responds" through another port, the connection times out before the response makes it's way through the vpn? Again, probably a stupid thought since I have no idea what I'm talking about.
Anyway, thought I would attach this snip I took of the server connection page in case it might tell you something. Note that the private IP it shows is indeed the one being assigned by r3 but the public IP is that of the vpn. I assume that it needs to be my ISPs IP?
The public ip shown in the pic is the one provided by the vpn service. The privat ip of my primary router is 10.0.0.1 the public ip is 73,xx.xx.xx.
Yes it does work with vpn disabled as long as I have 32400 forwarded from r1-r2-r3.
Now I have a couple questions. I noticed the last line of the script is called "SSH traffic: bypass vpn". Do I need to have ssh enabled?
I was reading Here about a similar situation but regarding ssh port forwarding around vpn. This person determined that what was missing was a rule for the outbound traffic on the same port. Can this be something to try to add to the script?
I guess I'm not completely sure what you mean, or what exactly I'm supposed to be testing. All I know is when I enable the vpn I get the result I posted the pic of. My only option is to click the retry button which yields the same results.
I can tell you at that point no devices I have can connect to the server whether on the lan or outside it because the devices are all android and so will only connect through plex.tv.
Is it possible to try to ping the ip of the server fom outside the lan?
Okay I got this working but with a slight problem. This is the code as it is in my firewall.
Code:
#!/bin/sh
sleep 10
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 0 > $i
done
#
# Delete table 100 and flush any existing rules if they exist.
#
ip route flush table 100
ip route del default table 100
ip rule del fwmark 1 table 100
ip route flush cache
#iptables -t mangle -F PREROUTING
#
# Copy all non-default and non-VPN related routes from the main table into table 100.
# Then configure table 100 to route all traffic out the WAN gateway and assign it mark "1"
#
# NOTE: Here I assume the OpenVPN tunnel is named "tun11".
#
#
ip route show table main | grep -Ev ^default | grep -Ev tun1 \
| while read ROUTE ; do
ip route add table 100 $ROUTE
done
ip route add default table 100 via $(nvram get wan_gateway)
ip rule add fwmark 1 table 100
ip route flush cache
#
# Define the routing policies for the traffic. The rules will be applied in the order that they
# are listed. In the end, packets with MARK set to "0" will pass through the VPN. If MARK is set
# to "1" it will bypass the VPN.
#
So the problem was a double nat, and since the vpn client won't work with the nat disabled, I had to bridge my comcast router so now its just a modem. Anyway, plex server is now remotely accessible. So now here are my issues/questions.
1-Before I bridged the router I had only a vpn killswitch saved to the firewall and all worked well. After bridging it, I could not get internet access until I removed the killswtch. After that I put in the code to bypass the vpn with port 32400 and bingo! Only problem now is I have no killswtch. Is it because the wan ip is different now?
2-Since the wan ip has changed to something like 98.342.51.314, Should I change the router ip to something like 98.342.510.314?
Oh and the kill switch I was using is:
Code:
WAN_IF="$(ip route | awk '/^default/{print $NF}')"
iptables -I FORWARD -i br0 -o $WAN_IF -m state --state NEW -j REJECT
I did not disable Nat intentionally or otherwise, In fact I even restored the router to factory defaults and started from scratch to no avail. Then the other day I was reading on plex connectivity issues and the one that jumped out at me was the double NAT. I can't claim to say I understand why it worked and I'll even go so far as to say it makes no sense since I was able to connect through the double nat without the vpn enabled.
If there is a solution to this without bridging that router I'd love to find it because with it bridged my connection drops constantly.
BTW, I have relocated things geographically so that I am now able to plug the 2 routers directly into main router instead of the daisy chain and can also connect the server via cable rather than wifi if that makes any difference.
Also, and it's just occurring to me as I'm writng this, but when I had them daisy chained was it actually a triple nat?
Never tried using UPnP cuz I read that it doesn't work with vpn. I do have it working now with the main router un-bridged. So as I stated previously the "vpn router" is now plugged directly into the main router and the server plugged into the "vpn router". these other changes were implemented:
Code:
rebind-domain-ok=/plex.direct/
was added to Additional DNSMasq Options.
VPN killswitch is removed from firewall script. (temporary I hope)
With those changes I got the "Fully accessible outside your network
You can access this server from signed-in Plex apps or in a browser at https://plex.tv/web. " response from the server.
However, when attempting to connect with the firestick on my tv I got a message saying the server was not reachable, and suggesest that "I set Allow Fallback to Insecure Connections=Always" on the server. I don't know if that is a security issue, but it did allow the firestick to connect.
So as I see it now, the biggest issue is the killswitch. So based on the codes I posted a couple posts back, do you see any issues with that killswitch code that would undo what the other code is trying to do?