Running Plex over a Split Tunnel VPN
|
Posts: 6
Threads: 1
Joined: Dec 2016
Reputation:
0
[Not Solved]
Dec 31, 2016, 07:47 AM
Would it be possible to run Plex Media Server over a split tunnel VPN similar to the guides on the main site.
Has anyone done this sort of thing before? I know that plex doesn't allow you to specify which interfaces it would work with. Not sure if this sort of thing would be possible on linux.
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Not Solved]
Dec 31, 2016, 09:38 AM
Personally, I never tried it, but at first I don't see any reasons why Plex would not work (unless the slower speeds provided by VPN).
If I'm correct, Plex runs as user plex. Try to change the user and group for Plex systemd to run as vpn user and group (just make sure you change all the required permission from plex to vpn, and to have the same members added to vpn group as it is with plex user). This will only change the user who runs Plex, in our case to vpn user, and vpn user has all the traffic tunneled across VPN. So you actually don't bind any interface from inside Plex.
I think you will need an nginx reverse proxy configured for Plex if you want to access it from local network. For applications or Web based Plex access there should be no problem, but again, not sure how the ports will be opened.
Let us know your results!
Posts: 6
Threads: 1
Joined: Dec 2016
Reputation:
0
[Not Solved]
Dec 31, 2016, 06:00 PM
I have been having issues with connecting to it regularly since it is in a different location and the route between me and it are weak. It's on a 1gbps port so it should work fine but doesn't. What I do now is connect to a VPN which gives me better speeds to it but if I could work it to where it would route through the vpn instead, it would be perfect.
Posts: 6
Threads: 1
Joined: Dec 2016
Reputation:
0
[Not Solved]
Dec 31, 2016, 07:21 PM
(This post was last modified: Dec 31, 2016, 07:52 PM by camjac251.)
I had found this reddit thread on someone has has been able to do it but it was without the split tunnel part.
https://www.reddit.com/r/PleX/comments/4..._vpn_issue
Anything run on the user will go through the VPN and everything not run through it won't? Also too, I run all of my other apps as root and I run plex as root currently too. Is there any way to make sure Plex is able to read the directories and files that have the ownership set to root? I have always not been able to figure that out in the past, since deleting also would fail since the plex user didn't have permissions to.
One last thing, I was using https://github.com/Nyr/openvpn-install to install the openvpn server. I'm not sure if it generates a config file that allows for all ports to be forwarded automatically.
I had it running on an Ubuntu 16.04 VPS. If I could figure out how to run through the vpn and recognize its new IP and port, it would work.
Posts: 6
Threads: 1
Joined: Dec 2016
Reputation:
0
[Not Solved]
Jan 01, 2017, 08:29 AM
(This post was last modified: Jan 01, 2017, 08:33 AM by camjac251.)
(Dec 31, 2016, 09:38 AM)drake Wrote: Personally, I never tried it, but at first I don't see any reasons why Plex would not work (unless the slower speeds provided by VPN).
If I'm correct, Plex runs as user plex. Try to change the user and group for Plex systemd to run as vpn user and group (just make sure you change all the required permission from plex to vpn, and to have the same members added to vpn group as it is with plex user). This will only change the user who runs Plex, in our case to vpn user, and vpn user has all the traffic tunneled across VPN. So you actually don't bind any interface from inside Plex.
I think you will need an nginx reverse proxy configured for Plex if you want to access it from local network. For applications or Web based Plex access there should be no problem, but again, not sure how the ports will be opened.
Let us know your results!
I tried experimenting with it just now but have been running into some issues. I was able to setup the VPN on its own user account like the guides had shown but integrating it with Plex has been a bit challenging. I'm not too sure how to port forward correctly with OpenVPN. I read online that what you would do is setup an iptable port forward from the openvpn server to the openvpn client ip, but I couldnt connect to the client ip from the server, only to the public ip of the client. I was able to ping the server from the client but not the client from the server, and I believe the iptable reroutes call for the client ip inside of the public ip.
I had ended up with https://github.com/Angristan/OpenVPN-install to install the OpenVPN server, then I had installed a later version (not using the github project) on my server with Plex. I couldn't access plex remotely so I used an ssh tunnel to connect locally to port 32400. It shows the remote IP as my VPN IP but when I try to retry the manual port 32400, it fails, this is without any iptable redirects on the openvpn server side. I had then enabled
Code:
sysctl -w net.ipv4.ip_forward = 1
on both sides and sometimes when I go to retry the port forward it will give me a success status but on refresh of the plex web app page, it goes back to saying it isn't connected online. I'm wondering if it has anything to do with this https://www.reddit.com/r/PleX/comments/3...h_openvpn/ or what I had linked above causing it to somehow reject the connection. I am honestly stuck right now and don't know what to do from here.
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Not Solved]
Jan 02, 2017, 07:07 PM
Plex is more difficult to use with VPN and Split Tunnel.
Do you use your own VPN server?
Did you try to configure everything as in the guide? I suggest the following, to troubleshoot: on a clean system, configure OpenVPN Split Tunnel following our guide Link
You can select plex as the vpn user instead of vpn, or change plex user to vpn
Then check if Plex is reachable or not if tunneled over the VPN connection. I don't know if Plex works at all if no port forwarding is enabled (UPnP), if not, it is probably not possible to tunnel Plex over VPN since no VPN provider will allow you to open multiple ports, especially not ports selected by user. If Plex runs without port forwarding, then it should work over VPN too.
Posts: 6
Threads: 1
Joined: Dec 2016
Reputation:
0
[Not Solved]
Jan 02, 2017, 08:26 PM
(Jan 02, 2017, 07:07 PM)drake Wrote: Plex is more difficult to use with VPN and Split Tunnel.
Do you use your own VPN server?
Did you try to configure everything as in the guide? I suggest the following, to troubleshoot: on a clean system, configure OpenVPN Split Tunnel following our guide Link
You can select plex as the vpn user instead of vpn, or change plex user to vpn
Then check if Plex is reachable or not if tunneled over the VPN connection. I don't know if Plex works at all if no port forwarding is enabled (UPnP), if not, it is probably not possible to tunnel Plex over VPN since no VPN provider will allow you to open multiple ports, especially not ports selected by user. If Plex runs without port forwarding, then it should work over VPN too.
I was running my own vpn at first which I wasn't able to figure out with portforwarding. AirVPN allows you to forward ports, so I tried that out and it worked. The problem however is to make it work, I had to clear my iptables every time on boot because this is what I saw
Code:
iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i tun0 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i tun0 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -m owner --uid-owner 1001 -j ACCEPT
-A OUTPUT -o tun0 -m owner --uid-owner 1001 -j ACCEPT
-A OUTPUT ! -s ***.***.***.**/32 -o eth0 -j REJECT --reject-with icmp-port-unreachable
This could probably explain why I couldn't access the client IP from the server although after clearing it, using my own vpn server, I still couldn't. Plex allows you to change the port that you forward, by default it is 32400. AirVPN allows you to port forward a random port or a custom port (given its not taken) to your own port, you just type in which port you want to forward to and it will create an open port for you to use, which is what I did. With those Iptables above, portforwarding kept failing, it would say connected on plex for a second or two then say not connected. The local port for plex never changes, it is always 32400, but the remote port can be changed.
After doing iptables -F to flush them all, I was able to get plex to stick with the port and it said it could be connect, and still retained the VPN IP when it was showing the outside network that it was connected to. Were those IPTables set by the two scripts that get executed when the split tunnel vpn starts up?
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Not Solved]
Jan 06, 2017, 12:54 PM
If you want Split Tunnel VPN to work, don't flush the iptbales rules, otherwise your system will not be protected and split tunnel will not work! Yes, the rules you listed are added and needed by the script for split tunnel vpn.
I think you will need to open the Plex port number with iptables. I'm not sure if an INPUT rule is enough or we need an OUTPUT rule too.
Try to add this rule, replacing port number with the port you use for Plex (of course, make sure the split tunnel rules are loaded, not flushed)
Code:
sudo iptables -I INPUT 2 -i tun0 -p tcp --dport PORT_NUMBER -j ACCEPT
Posts: 70
Threads: 1
Joined: Jul 2021
Reputation:
0
[Not Solved]
Mar 27, 2024, 03:07 AM
(This post was last modified: Mar 27, 2024, 03:08 AM by jonesPhedra.)
The game promotes adaptability Geometry Dash as players adjust their strategies based on the movements of other snakes.
|
|
Recent Posts
|
About Swap
jonescelinaa Apr 10, 2024, 06:58 AM
|
Tracker Status: Error Connection Time Out
jonesPhedra Apr 04, 2024, 08:17 AM
|
Split Tunnel Docker Containers
jonesPhedra Mar 27, 2024, 03:10 AM
|
Plex server not powerful enough, but only with s...
jonesPhedra Mar 27, 2024, 03:02 AM
|
game Geometry Dash Scratch
jonescelinaa Jan 31, 2024, 04:21 AM
|
Latest unread posts | Unanswered posts |
|