Plex and PfSense VPN

[Bmoney]

How can I set up my Pfsense router with a PIA VPN so I can access my Plex server outside my network. I set up port forward but server can still not make it out the network. 

[dalekphalm]

On 2/11/2019 at 8:00 PM, Bmoney said:

How can I set up my Pfsense router with a PIA VPN so I can access my Plex server outside my network. I set up port forward but server can still not make it out the network. 

You're misunderstanding a few things here.

 

First, some basics. VPN stands for Virtual Private Network. In it's most basic sense, it allows a secure remote connection to a network.

 

VPN relies on a Server, and a Client.

 

PIA is a commercial VPN provider that provides VPN masking services. Essentially, you're using a Client to connect to PIA's VPN Server, to get "access" to the local network of the server.

 

In the case of PIA, it basically just changes your WAN (Wide Area Network - or "Internet") IP address to something different (and often will report your geolocation differently too).

 

PIA does not allow you to remote connect to your own networks, as their VPN server resides out in the web in some Data Center.

 

So, back to the problem at hand. You CAN setup a VPN server yourself (using any number of methods), that you would host on your own network - this might be on your router (some routers support VPN Server out of the box, others don't), or on a separate Server, or possibly even on your NAS or Desktop computer.

 

In this case, you'd need a VPN Client (most OS's have these built in now, but third party clients do exist) for whatever remote computer you're using to connect to Plex. Note: PIA's client WILL NOT WORK, as it can only connect to PIA's VPN Servers, not your own.

 

You'd also need a VPN Server, as noted above.

 

Frankly though, if you can't get port forwarding to work, a VPN Server is unlikely to solve your problems, as you'll need to port forward your VPN Server anyway.

[mtz_federico]

PIA does offer the ability to portforward specific ports but I believe it only works when you are using their client and on pfsense you have to use OpenVPN.

[dalekphalm]

50 minutes ago, mtz_federico said:

PIA does offer the ability to portforward specific ports but I believe it only works when you are using their client and on pfsense you have to use OpenVPN.

You misunderstand.

 

PIA ONLY offers you the ability to use their client (on your device) to connect to their servers.

 

You need to host your own VPN Server. PIA cannot help you with that (unless there's a VPN Hosting service they offer that I'm unaware of).

[paddy-stone]

On 2/13/2019 at 2:07 AM, dalekphalm said:

Frankly though, if you can't get port forwarding to work, a VPN Server is unlikely to solve your problems, as you'll need to port forward your VPN Server anyway.

If the router can use openVPN, then it shouldn't need to port forward if it also can use Dynamic DNS, this is how I connect to my VPN server at home anyway, very easy setup.

[Mikensan]

Yea if you can't get Plex to work natively over the internet, a VPN is going to be an uphill battle. Focus on getting Plex to work as it was designed.

 

I'm not sure if it is a plexpass feature or not, but plex does support "indirect" or whatever connections, so assuming the server hosting plex can reach the internet - it will bridge the gap for you at the cost of reduced speeds/quality.

[mtz_federico]

20 hours ago, dalekphalm said:

You misunderstand.

 

PIA ONLY offers you the ability to use their client (on your device) to connect to their servers.

 

You need to host your own VPN Server. PIA cannot help you with that (unless there's a VPN Hosting service they offer that I'm unaware of).

https://www.privateinternetaccess.com/helpdesk/kb/articles/how-do-i-enable-port-forwarding-on-my-vpn

[dalekphalm]

8 hours ago, paddy-stone said:

If the router can use openVPN, then it shouldn't need to port forward if it also can use Dynamic DNS, this is how I connect to my VPN server at home anyway, very easy setup.

You mean if the Router can host an OpenVPN server, yes?

 

Which would be true, but very few consumer routers support that out of the box (Yes, custom firmware, etc, but hardly anyone uses those and it's frankly something I'd only recommend for a techy person or someone who is willing to go down that rabbit hole).

 

Also, Dynamic DNS and port forwarding don't really have anything to do with each other.

 

Dynamic DNS basically compensates for the fact that most consumer Internet Connections use DHCP, so their IP Address changes occasionally. Dynamic DNS uses a client (or, is built in to the router), which just "checks in" with the Dynamic DNS provider every so often to make sure the current IP Address is up to date. This has absolutely nothing to do with port forwarding. Dynamic DNS is not required - period - for a VPN Server - though it makes things easier since you don't have to check your IP in case it changed.

 

Port Forwarding, on the other hand, is a system created to enable you to "get through" NAT (Network Address Translation). Your WAN (Wide Area Network - or, "The Internet") IP Address is the exterior facing IP. Your Local Server IP Address (if using a separate VPN Server) is part of your LAN (Local Area Network - or, your network inside your home).
 

Because of NAT and firewall rules and the lack of port forwarding, nothing on the WAN can see anything on your LAN. You use port forward to "associate" a specific port on your WAN connection with a specific LAN IP address inside your local network.

 

For example, I'm trying to remote connect to my Plex Server - I send a request to my WAN IP, using Port # 1328 (Note: made up port, not the real port that Plex uses). My Router receives this request, but doesn't know what to do with it. So the request is dropped.

 

Port Forwarding takes incoming WAN requests on Port # 1328 and forwards those requests to local IP 192.168.1.5 at the same (or even a different) Port #. Hence, the term "Port Forwarding".

 

Are you with me so far?

 

8 minutes ago, mtz_federico said:

https://www.privateinternetaccess.com/helpdesk/kb/articles/how-do-i-enable-port-forwarding-on-my-vpn

That document is entirely irrelevant to what you're trying to accomplish. I will reiterate. Forget about PIA. They cannot help you.

[Mikensan]

I give up, nevermind - redacted. 

[paddy-stone]

21 hours ago, dalekphalm said:

You mean if the Router can host an OpenVPN server, yes?

 

Which would be true, but very few consumer routers support that out of the box (Yes, custom firmware, etc, but hardly anyone uses those and it's frankly something I'd only recommend for a techy person or someone who is willing to go down that rabbit hole).

 

Also, Dynamic DNS and port forwarding don't really have anything to do with each other.

 

Dynamic DNS basically compensates for the fact that most consumer Internet Connections use DHCP, so their IP Address changes occasionally. Dynamic DNS uses a client (or, is built in to the router), which just "checks in" with the Dynamic DNS provider every so often to make sure the current IP Address is up to date. This has absolutely nothing to do with port forwarding. Dynamic DNS is not required - period - for a VPN Server - though it makes things easier since you don't have to check your IP in case it changed.

 

Port Forwarding, on the other hand, is a system created to enable you to "get through" NAT (Network Address Translation). Your WAN (Wide Area Network - or, "The Internet") IP Address is the exterior facing IP. Your Local Server IP Address (if using a separate VPN Server) is part of your LAN (Local Area Network - or, your network inside your home).
 

Because of NAT and firewall rules and the lack of port forwarding, nothing on the WAN can see anything on your LAN. You use port forward to "associate" a specific port on your WAN connection with a specific LAN IP address inside your local network.

 

For example, I'm trying to remote connect to my Plex Server - I send a request to my WAN IP, using Port # 1328 (Note: made up port, not the real port that Plex uses). My Router receives this request, but doesn't know what to do with it. So the request is dropped.

 

Port Forwarding takes incoming WAN requests on Port # 1328 and forwards those requests to local IP 192.168.1.5 at the same (or even a different) Port #. Hence, the term "Port Forwarding".

 

 

Are you with me so far?

 

That document is entirely irrelevant to what you're trying to accomplish. I will reiterate. Forget about PIA. They cannot help you.

I didn't word what I meant very well, I just meant it's easier if you have a router that does support OpenVPN and dynamc DNS, not that it replaces port forwarding or anything... I just meant that I didn't need to port forward. I don't appreciate the condecending tone though.

[dalekphalm]

8 hours ago, paddy-stone said:

I didn't word what I meant very well, I just meant it's easier if you have a router that does support OpenVPN and dynamc DNS, not that it replaces port forwarding or anything... I just meant that I didn't need to port forward. I don't appreciate the condecending tone though.

I apologize if you felt my tone was condescending. It wasn't. I was simply explaining why what you said was incorrect, so as to not to confuse others who may look at this information. Apologies for the confusion.

 

I agree with your statements here though. OpenVPN hosted directly on your router can eliminate the need for Port Forwarding. Dynamic DNS is simply a convenience factor for connecting to your IP - though definitely, Suuuper useful!

 

 

[paddy-stone]

8 hours ago, dalekphalm said:

I apologize if you felt my tone was condescending. It wasn't. I was simply explaining why what you said was incorrect, so as to not to confuse others who may look at this information. Apologies for the confusion.

 

I agree with your statements here though. OpenVPN hosted directly on your router can eliminate the need for Port Forwarding. Dynamic DNS is simply a convenience factor for connecting to your IP - though definitely, Suuuper useful!

 

 

Ok, sorry I got the wrong idea, and for my confusing post previously. Yes, that was what I was trying to say, but messed up - unfortunately it's part of my disability where I can't remember some words sometimes, and therefore can get a little muddled when trying to explain, it's very annoying for all involved 

 

 I'm a big fan of the router being able to have a openVPN server, makes life a  little easier for sure, especially with dynamic DNS too,. The setup is super easy, basically download the openVPN config to whichever devices you wish to be able to connect using it. Then going into the device and loading that .ovpn file into the Openvpn client.... that's for if you Don't need to use dynamic DNS to connect. And it has a separate tab for the dynamic DNS setup for those that need it, like myself. Again, super easy to setup the dynamic DNS settings and everything.

Just for reference, I am using a netgear D7000 modem/router, and it's not bad, had it for a number of years now, with not too many problems TBH. In that time I have had at least 3 ISP routers that never got used, and I still have them boxed. 

 

[Salacious B Crum]

On 2/14/2019 at 8:51 AM, Mikensan said:

Yea if you can't get Plex to work natively over the internet, a VPN is going to be an uphill battle. Focus on getting Plex to work as it was designed.

 

I'm not sure if it is a plexpass feature or not, but plex does support "indirect" or whatever connections, so assuming the server hosting plex can reach the internet - it will bridge the gap for you at the cost of reduced speeds/quality.

Yep spot on there should be no reason that you cannot get plex working natively you need to forward the correct port to the right ip that is if your router isn't plug and play google your routers manual