Plex Remote Access on asuswrt Merlin close but not working

[BobZBlob]

Hi, I'm new, so my apologies in advance if have I screwed up, or omit an important part.

I have an ASUS RT-AC5300 router with Asuwrt-Merlin 380.68 and am using ExpressVPN.

I have the VPN working using OpenVPN.
I route all traffic over the VPN.
I have created exceptions for Amazon FireTV, Xbox, etc. so they route directly and Hulu/Netflix work.

I am having trouble getting Plex Remote Access to work. I have spent a couple of days googling, reading, googling, reading. I'm sure I'm close and hope someone can give me some direction.

In the OpenVPN cliet setup "Custom Configuration" I have setup routes for the Plex IP ranges that I found online and from looking on google's DNS:
nslookup plex.tv 8.8.8.8

So I have several lines in the custom configuration that look like:
route 52.17.42.0 255.255.255.0 [my public IP address without VPN]

On the WAN page, Port Forwarding tab, I have a forward with the following:
Service Name: Plex
Source IP: Blank [No entry]
Port Range: 32400
Local IP: LAN IP of my Plex Server
Local Port: 32400
Protocol: TCP

If I tracert any of the plex.tv IPs, I can see that they are not going through the VPN, while all other IPs are.

In Plex -> Settings -> Server -> Remote Access I have manually set the public port to: 32400

I've tried telnet to my public IP and port 32400, but it won't connect... which makes sense that remote access is not working.

As I can tracert to plex.tv without going through the VPN, and I have port forwarding set to forward port 32400 to my server, my limited knowledge of this makes me think I should be able to connect.

I appreciate any help and pointers to what I have missed, done incorrectly or additional information you need to understand what isn't working.

Thank you very much!

 

[bnhf]

Hi, I'm new, so my apologies in advance if have I screwed up, or omit an important part.

I have an ASUS RT-AC5300 router with Asuwrt-Merlin 380.68 and am using ExpressVPN.

I have the VPN working using OpenVPN.
I route all traffic over the VPN.
I have created exceptions for Amazon FireTV, Xbox, etc. so they route directly and Hulu/Netflix work.

I am having trouble getting Plex Remote Access to work. I have spent a couple of days googling, reading, googling, reading. I'm sure I'm close and hope someone can give me some direction.

In the OpenVPN cliet setup "Custom Configuration" I have setup routes for the Plex IP ranges that I found online and from looking on google's DNS:
nslookup plex.tv 8.8.8.8

So I have several lines in the custom configuration that look like:
route 52.17.42.0 255.255.255.0 [my public IP address without VPN]

On the WAN page, Port Forwarding tab, I have a forward with the following:
Service Name: Plex
Source IP: Blank [No entry]
Port Range: 32400
Local IP: LAN IP of my Plex Server
Local Port: 32400
Protocol: TCP

If I tracert any of the plex.tv IPs, I can see that they are not going through the VPN, while all other IPs are.

In Plex -> Settings -> Server -> Remote Access I have manually set the public port to: 32400

I've tried telnet to my public IP and port 32400, but it won't connect... which makes sense that remote access is not working.

As I can tracert to plex.tv without going through the VPN, and I have port forwarding set to forward port 32400 to my server, my limited knowledge of this makes me think I should be able to connect.

I appreciate any help and pointers to what I have missed, done incorrectly or additional information you need to understand what isn't working.

Thank you very much!

So when you go to Plex "Web" on your LAN and then to Settings - Server - Remote Access, and enable Remote Access does the IP address your Plex Media Server is reporting match your current public IP from your ISP? Do you have your Plex server setup via DHCP Reservation so its LAN address won't change? Have you checked the Windows Firewall settings on your Plex Server to be sure TCP 32400 is allowed inbound?

Also, I'm not sure that your allowing just certain IP addresses through for Plex (that you found online) is going to work. As far as I know, Plex's servers are involved in remote access (credentials and tracking your Dynamic IP like a DDNS server) but when you're actually streaming something from a remote location I doubt that traffic is going via Plex. It wouldn't scale well for them to do it that way. The IP addresses you'll be streaming your content to are unknown, since it could be from any remote location you choose, or anybody else chooses that you share your content with (a cool feature of Plex I use with my far flung family).

 

[BobZBlob]

Thank you for the quick reply.

So when you go to Plex "Web" on your LAN and then to Settings - Server - Remote Access, and enable Remote Access does the IP address your Plex Media Server is reporting match your current public IP from your ISP?

Yes

Do you have your Plex server setup via DHCP Reservation so it's LAN address won't change?

Yes

Have you checked the Windows Firewall settings on your Plex Server to be sure TCP 32400 is allowed inbound?

The firewall is disabled for both private and public networks.

Ok, interesting idea... I somehow had the feeling that I was opening port 32400 on my Public IP (at the ISP, not VPN) and so it would be accessible. More to figure out, I guess.

 

[bnhf]

Thank you for the quick reply.

So when you go to Plex "Web" on your LAN and then to Settings - Server - Remote Access, and enable Remote Access does the IP address your Plex Media Server is reporting match your current public IP from your ISP?

Yes

Do you have your Plex server setup via DHCP Reservation so it's LAN address won't change?

Yes

Have you checked the Windows Firewall settings on your Plex Server to be sure TCP 32400 is allowed inbound?

The firewall is disabled for both private and public networks.

Ok, interesting idea... I somehow had the feeling that I was opening port 32400 on my Public IP (at the ISP, not VPN) and so it would be accessible. More to figure out, I guess.

Only credentialed Plex clients or other Plex servers you authorize will be able access your server. But in order for them to find you the MyPlex corporate server needs to keep track of your Public IP. The most common problem people have is Double NAT which makes it impossible for MyPlex to do it's DDNS-like job. Have you tried to connect to your server using a client that's not on your LAN? It may actually be working -- or will as soon as you fix your policy routing.

 

[BobZBlob]

I have tried connecting many times from my mobile device, which is not on the Wi-Fi/LAN and it cannot connect.

 

[bnhf]

I have tried connecting many times from my mobile device, which is not on the Wi-Fi/LAN and it cannot connect.

If you could post a screenshot of the VPN Client configuration page from your router that would be helpful. Be sure to include the bottom portion showing the policy rules you've configured.

 

[BobZBlob]

I will attach a screenshot, and will copy/paste the custom configuration as it doesn't scroll well:

fast-io
persist-key
persist-tun
nobind
remote-random
pull
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1450
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
# Plex Remote Access
route 52.16.200.0 255.255.255.0 [ISP Public IP]
route 52.17.42.0 255.255.255.0 [ISP Public IP]
route 52.18.19.0 255.255.255.0 [ISP Public IP]
route 52.18.201.0 255.255.255.0 [ISP Public IP]
route 52.31.137.0 255.255.255.0 [ISP Public IP]
route 52.48.79.0 255.255.255.0 [ISP Public IP]
route 52.48.133.0 255.255.255.0 [ISP Public IP]
route 52.48.208.0 255.255.255.0 [ISP Public IP]
route 52.212.16.0 255.255.255.0 [ISP Public IP]
route 54.72.10.0 255.255.255.0 [ISP Public IP]
route 54.72.91.0 255.255.255.0 [ISP Public IP]
route 54.171.122.0 255.255.255.0 [ISP Public IP]

 

[bnhf]

I will attach a screenshot, and will copy/paste the custom configuration as it doesn't scroll well:

fast-io
persist-key
persist-tun
nobind
remote-random
pull
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1450
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
# Plex Remote Access
route 52.16.200.0 255.255.255.0 [ISP Public IP]
route 52.17.42.0 255.255.255.0 [ISP Public IP]
route 52.18.19.0 255.255.255.0 [ISP Public IP]
route 52.18.201.0 255.255.255.0 [ISP Public IP]
route 52.31.137.0 255.255.255.0 [ISP Public IP]
route 52.48.79.0 255.255.255.0 [ISP Public IP]
route 52.48.133.0 255.255.255.0 [ISP Public IP]
route 52.48.208.0 255.255.255.0 [ISP Public IP]
route 52.212.16.0 255.255.255.0 [ISP Public IP]
route 54.72.10.0 255.255.255.0 [ISP Public IP]
route 54.72.91.0 255.255.255.0 [ISP Public IP]
route 54.171.122.0 255.255.255.0 [ISP Public IP]


View attachment 10296

So, first I'd suggest getting rid of everything below and including "# Plex Remote Access" in your custom config area. Second, I'd add another line to your "Policy Rules" that includes the LAN IP of your Plex Media Server as the "Source IP", 0.0.0.0 as the "Destination IP" and WAN as the "Iface". Save changes and reboot the router.

Check your Plex Media Server and see if "Remote Access" shows as enabled and available. Then, try one of your Plex Clients, first on your own network and then as a remote client using cellular or whatever other network you have access to.

Finally, if it's still not working, turn off your VPN client and check Plex as described above.

 

[BobZBlob]

This would take the server and have it bypass the VPN entirely, correct? Ok for testing, but my desired is that box is on the VPN, except for Plex, if that is possible.

 

[bnhf]

This would take the server and have it bypass the VPN entirely, correct? Ok for testing, but my desired is that box is on the VPN, except for Plex, if that is possible.

Yes, that machine would bypass the VPN. So -- tell me more about the server. What other applications are you running on it? Is this a true headless server, or is it a workstation doing some server tasks? What are the rough specs in terms of processor, memory and the like?

In order for Plex remote to work we need to to bypass the VPN and allow any IP address through (that's authorized of course). So the reason I'm asking the above questions is that I'm wondering if we could policy route the REST of what you're doing with the PMS machine to the VPN. The only other option I can think of is to put the PMS in a virtual machine using Oracle VirtualBox or the like. A VM would get it's own IP and then we could route the VM to the WAN and the host to the VPN. The server would need some horsepower to do that though, which is why I'd like to know the specs.

BTW, using Plex remotely is at its best on a box with some power, as one of Plex's real strengths is its transcoding capability.

 

[BobZBlob]

Ok, you are making me think now. Which is good.

This is a 5 year old box:

• Windows 10
• i7-980 (6 cores) @ 3.33GHz
• 24 GB memory
• Around 30 TB of drive space
• I connect via RDP

On this box I run:

• Plex
• File sharing
• Other PCs backup to this via Acronis
• Cloud backup of all files
• Media Center Master
• I am planning to add Blue Iris software for security cameras

I have been doing my downloads on this box, hence the desire to have a VPN, but I'm moving that out of the house, to minimize issues.

I have setup VMware in the past, but was having trouble with the VMs seeing all of the drives and decided that simple Windows 10 was sufficient. Running Windows Server seemed like overkill as I've been trying to keep it simple. I thought of running VMware Desktop to create a VM for running some processes. I felt I didn't want to add the overhead and to keep as much horsepower for transcoding and such.

Plex may get 5 or 10 hours of viewing over the course of a week, although I've thought of opening it up for other family members to watch as well.

With the recent change in laws on ISP monitoring, and for general privacy, I want to keep as much encrypted as possible...

Thanks much for your help and good questions!

 

[bnhf]

Ok, you are making me think now. Which is good.

This is a 5 year old box:

• Windows 10
• i7-980 (6 cores) @ 3.33GHz
• 24 GB memory
• Around 30 TB of drive space
• I connect via RDP

On this box I run:

• Plex
• File sharing
• Other PCs backup to this via Acronis
• Cloud backup of all files
• Media Center Master
• I am planning to add Blue Iris software for security cameras

I have been doing my downloads on this box, hence the desire to have a VPN, but I'm moving that out of the house, to minimize issues.

I have setup VMware in the past, but was having trouble with the VMs seeing all of the drives and decided that simple Windows 10 was sufficient. Running Windows Server seemed like overkill as I've been trying to keep it simple. I thought of running VMware Desktop to create a VM for running some processes. I felt I didn't want to add the overhead and to keep as much horsepower for transcoding and such.

Plex may get 5 or 10 hours of viewing over the course of a week, although I've thought of opening it up for other family members to watch as well.

With the recent change in laws on ISP monitoring, and for general privacy, I want to keep as much encrypted as possible...

Thanks much for your help and good questions!

Excellent media server box! Perfect for Plex and Blue Iris (which I'm also pretty familiar with). No doubt you're going to want remote access for Blue Iris too, which also won't work over a VPN due to the need for port forwarding. Looking at what you're doing with this box, and given that you're planning to move download activity elsewhere, I don't really see a problem policy routing the whole thing to WAN. But, if you really want to be able to do both then I think VirtualBox is the answer. This computer has plenty of power to do everything you're doing now plus Blue Iris. One possibility would be to policy route the host to WAN with everything except for downloads and create a VM for that activity until you move it. At that point you wouldn't need the VM, but you'd have it available if things change.

The trick with VirtualBox is to do a "Bridged Adapter" for your network interface, then the VM gets its own IP which would allow you to policy route that to the VPN. DHCP Reservations required for everything we're talking about here. I love VirtualBox -- it's just such a great way to have other OSs available for experimentation or support. I currently have VMs available for just about every version of Windows, several versions of OS X, half a dozen different Linux distros, GParted Live and pfSense. I set stuff up for different projects and usually keep it around in case I need it later. So, I don't think you could go wrong going the VM route, and I think you'll really like having it once it's up-and-running. Plus it's free!

So that's what I'd recommend. Things should fall into place nicely this way, and you'll get the best possible performance for remote Plex, remote Blue Iris and for your cloud backup. BTW, you'll need a DDNS for Blue Iris remote which you can get for free from Asus. Check your router's DDNS tab for details, the address would be [whatever name you choose].asuscomm.com. If you haven't already done it, you may want to run an OpenVPN server too on your router which you'll be able get to using your new DDNS address.

 

[Diego]

You have to enable UPnP on the router in order to be able to open the ports for plex.
Advance settings>WAN>Internet connection>Basic conf>Enable UPnP YES and Apply.
Go to plex network>Server>remote access and click apply. You should be able to see plex from outside now assuming that you signed on on Plex.

 

[bnhf]

You have to enable UPnP on the router in order to be able to open the ports for plex.
Advance settings>WAN>Internet connection>Basic conf>Enable UPnP YES and Apply.
Go to plex network>Server>remote access and click apply. You should be able to see plex from outside now assuming that you signed on on Plex.

@Diego welcome to SNBForums! For future reference, though technically your answer was correct based on the subject of this thread -- if you read the first post you'll see this was a much more complicated issue involving the use of a VPN and policy routing with Plex.