Plex + PIA + Windows + Remote Access

binman_uk

Hi,

I know this has been discussed in various threads online and on this forum, but I was wondering if someone can help me with my specific setup here as I can't get any of those instructions (and scripts) working. Essentially, I use PIA + Plex Media Server and have some issues with getting remote access to work properly in some situations.

I'm on Windown 10 x64 with the latest PlexPass release and the single port forward I get from PIA is used for torrents so using that isn't an option.

As a bit of background, I'm a Unix/Linux SysAdmin by trade so don't mind a technical discussion and I'm more than happy to get my hands dirty to try and find a solution to this, but a point in the right direction would certainly be helpful from someone who's done this before.

Networking Details
Local machine =   192.168.1.60            [Windows Device "Ethernet", gateway 192.168.1.1, fixed IP]
ISP Public IP =   82.x.x.x

VPN TAP Adapter = 10.x.x.x                [Windows Device "Ethernet 2"]
VPN Public IP   = 196.x.x.x

My Plex port is 32400 and it's added into the Port Forward section correctly in my Tomato router (destination 192.168.1.60)

*** SCENARIO #1 ***
If I leave PIA at its default settings (i.e. no DNS leak protection and no kill switch) then Plex remote access actually works ok, even with the VPN running. It detects the local machine as 192.168.1.60 and the public IP as my ISP's one (82.x.x.x). This is obviously less than ideal because I'd prefer the kill switch and DNS leak protection enabled.

Output of ipconfig:

Ethernet adapter Ethernet:
   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 192.168.1.60
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

Ethernet adapter Ethernet 2:
   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.x.x.x
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . :

Result:
Fully accessible outside your network
Private 192.168.1.60 : 32400  Public 82.x.x.x : 32400   Internet

Occasionally Plex will detect the Public as the VPN address 196.x.x.x (which obviously breaks remote access) but a reboot usually fixes it. Maybe this is something to do with the ordering of the network interfaces on the machine or the order in which the Plex server or VPN client come online.

***SCENARIO #2***
If I enable DNS leak protection or VPN kill switch then the PIA app removes the gateway (192.168.1.1) from my 192.168.1.60 connection and adds its own gateway to the TAP adapter.
When Plex is started I presume it tries to use the first adapter it finds that has a gateway assigned to it - which in this case is the TAP adapter - which breaks the remote access.

The output of ipconfig is as follows:

Ethernet adapter Ethernet:
   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 192.168.1.60
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet 2:
   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.x.x.x
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . : 10.70.10.5

Plex shows the following status:

    Not available outside your network
    Private Unknown IP  Public 196.x.x.x : 32400   Internet

I configured some static routes in order to bypass my VPN as xflak's script didn't work for me.
The commands are as follows (where "IF 13" refers to the 192.168.1.60 adapter):

        route add 52.212.16.88  mask 255.255.255.255 192.168.1.1 IF 13
        route add 52.48.208.249 mask 255.255.255.255 192.168.1.1 IF 13
        route add 52.17.42.37   mask 255.255.255.255 192.168.1.1 IF 13
        route add 52.16.200.112 mask 255.255.255.255 192.168.1.1 IF 13
        route add 54.72.10.166  mask 255.255.255.255 192.168.1.1 IF 13
        route add 52.18.201.205 mask 255.255.255.255 192.168.1.1 IF 13

Extract from the routing table:

    52.16.200.112  255.255.255.255      192.168.1.1     192.168.1.60     26
      52.17.42.37  255.255.255.255      192.168.1.1     192.168.1.60     26
    52.18.201.205  255.255.255.255      192.168.1.1     192.168.1.60     26
    52.48.208.249  255.255.255.255      192.168.1.1     192.168.1.60     26
     52.212.16.88  255.255.255.255      192.168.1.1     192.168.1.60     26
     54.72.10.166  255.255.255.255      192.168.1.1     192.168.1.60     26
        
Plex shows the following status:

    Not available outside your network
    Private Unknown IP  Public 82.x.x.x : 32400   Internet

So the route additions mean that Plex picks up the 82.x.x.x public IP address of my ISP but it's unable to detect the local IP for some reason.

If I then stop and start the Plex server process, it reports the following:

    Not available outside your network
    Private 10.x.x.x : 32400  Public 82.x.x.x : 32400   Internet

So in this case, it's picked up the ISP's public IP which is correct but it lists the local IP as that of the TAP adapter instead of the physical network card (10.x.x.x instead of 192.168.1.60).



Any suggestions as to how I might get this working?

auser88

binman_uk said:

Hi,

I know this has been discussed in various threads online and on this forum, but I was wondering if someone can help me with my specific setup here as I can't get any of those instructions (and scripts) working. Essentially, I use PIA + Plex Media Server and have some issues with getting remote access to work properly in some situations.

I'm on Windown 10 x64 with the latest PlexPass release and the single port forward I get from PIA is used for torrents so using that isn't an option.

it's all media servers PIA has mine jacked up now these new releases screwed network up bad (but mine is self hosted but seeing more threads about it lately) I don;t expect a answer I never seen so many complaints abroad the net on PIA as I have here lately

With Kill switch and dns protect on drops like every 5 to 30 seconds thats if it reconnects.



10 64 here to but no sign of this being a 10 problem they got sharing worked out a good bit ago

binman_uk

auser88 said:

binman_uk said:

Hi,

I know this has been discussed in various threads online and on this forum, but I was wondering if someone can help me with my specific setup here as I can't get any of those instructions (and scripts) working. Essentially, I use PIA + Plex Media Server and have some issues with getting remote access to work properly in some situations.

I'm on Windown 10 x64 with the latest PlexPass release and the single port forward I get from PIA is used for torrents so using that isn't an option.

it's all media servers PIA has mine jacked up now these new releases screwed network up bad (but mine is self hosted but seeing more threads about it lately) I don;t expect a answer I never seen so many complaints abroad the net on PIA as I have here lately

With Kill switch and dns protect on drops like every 5 to 30 seconds thats if it reconnects.



10 64 here to but no sign of this being a 10 problem they got sharing worked out a good bit ago

The strange thing is - remote access worked fine with no scripts/routes before I rebuilt my PC last weekend, even with DNS leak protection and the kill switch enabled. I saw all the posts of people complaining for years and figured I was just lucky.
I have no idea what the difference is this time as I'm using the same hardware + versions of the PIA client and Plex.

Did you have to add static routes to enable Plex to be accessed remotely?y
I think what I've outlined above should work fine as it's the same methodology that's discussed in several different forums... it's driving me slightly crazy

auser88

binman_uk said:

auser88 said:

binman_uk said:

Hi,

I know this has been discussed in various threads online and on this forum, but I was wondering if someone can help me with my specific setup here as I can't get any of those instructions (and scripts) working. Essentially, I use PIA + Plex Media Server and have some issues with getting remote access to work properly in some situations.

I'm on Windown 10 x64 with the latest PlexPass release and the single port forward I get from PIA is used for torrents so using that isn't an option.

it's all media servers PIA has mine jacked up now these new releases screwed network up bad (but mine is self hosted but seeing more threads about it lately) I don;t expect a answer I never seen so many complaints abroad the net on PIA as I have here lately

With Kill switch and dns protect on drops like every 5 to 30 seconds thats if it reconnects.



10 64 here to but no sign of this being a 10 problem they got sharing worked out a good bit ago

The strange thing is - remote access worked fine with no scripts/routes before I rebuilt my PC last weekend, even with DNS leak protection and the kill switch enabled. I saw all the posts of people complaining for years and figured I was just lucky.
I have no idea what the difference is this time as I'm using the same hardware + versions of the PIA client and Plex.

Did you have to add static routes to enable Plex to be accessed remotely?y
I think what I've outlined above should work fine as it's the same methodology that's discussed in several different forums... it's driving me slightly crazy

Mine ended up being a EMBY update issue reinstalled to the newer version fresh it worked fine since then. I have been getting many disconnects port forwarding though figured was router but isnt just hd firmware update addressing any disconnects

MightyPrinceOfEgypt

I'm almost in the same boat as you but with a slightly different result.  Basically while I still can't get Remote Access with VPN Kill Switch On (which is preferred), I am successfully able to have DNS leak protection on.  This is a very stable connection with tcp (not default udp).  My settings real quick in PIA are tcp, auto remote port, no port forwarding, no pia mace, no vpn kill switch (which works when needed with sacrifice of remote access to plex), dns leak protection on, ipv6 leak protection on, no small packets (was useful a year ago for stability) and debug off.
Other notable configurations - address reservation on almost all my devices, including the one computer I use for PIA, Port Forwarding for Plex is configured slightly different, basically 32400 is needed for Internal Start Port, but you can choose any port of your liking externally.  In my case I picked 32401 External Start Port, which is also on my Plex Server settings.  
My ipconfig with VPN Kill switch off AND DNS Leak protections on show my WiFi adapter Default Gateway properly and ipv4 local address, while my TAP (renamed VPN) adapter shows ipv4 10.xx.xx.xx external, Subnet mask 255.55.255.252, and Blank Default Gateway.  When you go into each Adapters properties, ipV6 unchecked on both, leaving all other settings on default (so local network available while connected on vpn).  I used to set windows to use same static ip I reserved to it but found it much more reliable to just keep it on obtain automatically for both ipv4 ones. 
If you prefer access to your local network (I do for local plex, printing, SMB, smarthome stuff, etc.. ) then see my next few settings (you probably already know all this).  Possibly Important in Windows 10, and kinda tough to find with the new networking settings, but public network for the TAP (VPN), and private network for your home.   Look in Windows Settings for Manage Known networks, Properties, set your home one as Make this PC discoverable  This might help prioritize it more in Plex.  I also disabled fully any inactive adapters, including virtual machine ones when unused.  I've done countless ipv6 leak tests, and dns leak tests, a good website for general info is ipleak.net and even according to windows 10 all my data usage is like 95% through openvpn while remaining 5% is through Plex Media Server.   
While I do love the Kill switch idea, I'm okay with using Proxy Primarily in torrents with vpn running with anonymous mode and simply force encryption (prefer on demand if desperate).  I do admit I run it as little as possible, usually when I'm working on pc so I can act fast.  This set up actually disrupts common udp trackers from even working, but beneficial in a way. I used to use utorrent but last month started qbittorrent (which has that anonymous mode for hiding all sorts of identifying info)  IP Filtering also a plus, look up DavidMoore's IPFilter updater to have banned list of watchers.  I'll be keeping an eye out for when vpn kill switch works alongside plex or if there's an easy work-around thats secure, but long term I've always felt like a dedicated server should be a completely separate pc on network from torrent one (which really doesn't need to be all that fast, just needs kill switch).  I have recently noticed a major issue with kill switch in v75, in past few weeks I have used it (with plex remote not working), and that's when it does kill, which is like once every week, However it does not Auto-Reconnect, and basically leaves your pc disconnected from the public internet fully waiting for you to say reconnect to where.  this might be because I prefer a specific server but they should have auto-reconnect, like the autoconnect at boot up.

MightyPrinceOfEgypt

Not sure if anyone is still keeping up with this thread but small update.  I've done some tests and found VPN Kill Switch is Not necessary at all if you use qBittorrent (currently 4.0.3), head into advanced options and set Very first option for "Network Interface" to your VPN Virtual Network Adapter (Tap or VPN if you name it like I did). 
Basically if your VPN Disconnects and you have that setting on your VPN Adapter and NOT Ethernet/Wifi one it will basically cut off everything to 0 down/0up, and with all trackers not working, basically unable to connect to anything until VPN is manually reconnected and in my short tests application is fully closed and opened.  I CONFIRMED this because I use this Torrent Address detection custom magnet link to see what my ip address is (you can find this on ipleak.net), and it could not connect at all when disconnected or when vpn is fully Disconnected/Closed no matter how much I tried (proxy and without).  I then tried connecting 5+ torrents with vpn disconnected and found all the updating timing out cause there is no connection.  Meaning that setting is very Crucial if you don't want your ISP seeing anything when properly set.  I recommend everyone to do a test though.  I also found I couldn't get it to resume until fully closing the qbittorrent and reopening, as the logger doesn't update when connection is cut out or resumed, but its a good benefit.  

I also tried this out  with and without proxy, and with Connection Tab -> UPnP NAT port forwarding setting off just in case (while using PIA server port # in that field above for its benefits on nearly dead torrents).  Keep in mind only certain PIA servers support portforwarding, none in the US support it, Canada does however .  Reason I also opened port forwarding option on VPN is because I learned risk with opening is if someone tracks that specific port number across many torrents and tries to identify you, not an issue for me as I'll switch servers and disable it when not needed, especially when connections are fully encrypted anyways. 

Now WORKING! Plex (using nonvpn adapter with port forwarding perfectly) + PIA (No Kill Switch) + Windows (Windows 10 here) + Remote Access (Fully working with this set up).  
Note in case it wasn't clear: Port Forwarding on PIA is optional for this, so is proxy/ipfilter in torrent program

marco

Well I wish you could break this down step by step for someone who isn't technically inclined.. I have the same issues with Plex and don't know what to do to be able to keep the VPN on while trying to torrent and stream media.