Need help running Plex through a VPN

[brycesweaver]

Hopefully I'm in the right section of this forum. Sorry if my formatting is a bit off or I'm missing something completely obvious. I'm new to unraid and docker and I don't have an amazing understanding computer networking.

 

THE BACKGROUND:

I have an unraid build with plex running on it. I'm living in student housing that gives us a single ethernet port on the wall, that port isn't public and is behind a complex router. I don't have the ability to enable port forwarding, I'm currently double NAT-ing. I've contacted our internet provider but since it's handled through our landlord I can't get anything changed. The complex just got sold to a new company and no one knows (nor cares) what's going on and I'm only in this apartment for two more months. I can't run my router in bridge mode since that would be a security concern. I've had my plex server in my fiends apartment complex (where they've had a proper internet connection and I could port forward) but he's moving out this week so I had to take it back. For the past several hours I've been trying to get my plex container routed through my vpn client container but I must be doing something wrong.

 

 

SITUATION

I'm running a dperson/openvpn-client container pointed at PIA (tried denver and ca_montreal) here are the instructions for the container.

 

Quote

This OpenVPN container was designed to be started first to provide a connection to other containers (using '--net=container:OpenVPN-Client'), see the documentation for further help here: https://hub.docker.com/r/dperson/openvpn-client

 

The basic steps for a OpenVPN connection that requires a Username and Password are: 1) Rename your *.ovpn to 'vpn.ovpn' and place it in your OpenVPN-Client directory, 2) Create in the same directory a file named 'vpn.auth' and place your Username in the first line and the Password for the connection in the second line and save it 3) Restart the container open the logs and see if the connection to your VPN establishes successfully.

 

To tunnel traffic from another container through this container edit the template from the other container, set the 'Network Type' to: 'None', enable the advanced view in the top right corner and at 'Extra Parameters' add the following: '--net=container:OpenVPN-Client' (replace 'OpenVPN-Client' with the name of this container if you choose a different name for it) and write down the port(s) that you need to connect to. After that go back to edit this containers template and add the port that you have noted in the above step to this container and click 'Apply' now you can connect to the container that you tunneld the traffic though this container.

 

You can route the traffic from multiple containers through this container with the steps above, if you need more ports then simply add more ports in this containers template.

 

DNS: By default this container uses Googles DNS Server: 8.8.8.8 if you want to edit this enable the advanced view and edit this setting at 'Extra Parameters'.

 

ADVANCED CONFIG: If you leave the appdata directory for this container empty it will start up and you have to manually configure it with the builtin comand: 'openvpn.sh', see: https://hub.docker.com/r/dperson/openvpn-client

I have followed these instructions to no avail. I have a duckdns container that is routed through this container and the ip address is being updated so I know that my containers are connecting but none of the ports I have routed through it are accessible. I have tried with Ombi and plex but I'm unable to connect to the service through the internet {{IP_From_VPN_Log}}:3579. I'm currently just working on ombi because I feel It'll be simpler than plex.

 

attached are the configs for both ombi and openVPN-client 

 

 

Here is the log for openVPNClient 

Quote

Dump terminated
+ exec sg vpn -c 'openvpn --cd /vpn --config /vpn/vpn.ovpn --script-security 2 --redirect-gateway def1 --auth-user-pass /vpn/vpn.auth '
Sun May 16 10:56:07 2021 WARNING: file '/vpn/vpn.auth' is group or others accessible
Sun May 16 10:56:07 2021 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Sun May 16 10:56:07 2021 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
Sun May 16 10:56:07 2021 CRL: loaded 1 CRLs from file [[INLINE]]
Sun May 16 10:56:07 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]172.98.80.21:1198
Sun May 16 10:56:07 2021 UDP link local: (not bound)
Sun May 16 10:56:07 2021 UDP link remote: [AF_INET]172.98.80.21:1198
Sun May 16 10:56:07 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun May 16 10:56:07 2021 [ontario407] Peer Connection Initiated with [AF_INET]172.98.80.21:1198
Sun May 16 10:56:09 2021 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
Sun May 16 10:56:09 2021 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
Sun May 16 10:56:09 2021 TUN/TAP device tun0 opened
Sun May 16 10:56:09 2021 /sbin/ip link set dev tun0 up mtu 1500
Sun May 16 10:56:09 2021 /sbin/ip addr add dev tun0 10.19.112.83/24 broadcast 10.19.112.255
Sun May 16 10:56:09 2021 WARNING: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
Sun May 16 10:56:09 2021 Initialization Sequence Completed

 

and the OPVN file provided by PIAca_montreal.ovpn

 

Any sort of guidance would be apreciated.

[Electronics Wizardy]

Did you setup port forwarding on the vpn? Most don't by default, and I dont' see your config showing tht its been setup. What port is plex listening on?

 

 

Id just get a little vps from aws/google cloud/azure/other and setup a vpn server on tht for plex. Tht way you get a public ip instead of nat that most vpn providers use.

[brycesweaver]

On 5/16/2021 at 11:39 AM, Electronics Wizardy said:

Did you setup port forwarding on the vpn? Most don't by default, and I dont' see your config showing tht its been setup. What port is plex listening on?

 

 

Id just get a little vps from aws/google cloud/azure/other and setup a vpn server on tht for plex. Tht way you get a public ip instead of nat that most vpn providers use.

I haven't had luck with the port forwarding with pia when running plex on a windows desktop. So I'm not surprised that running it through a container hasn't been any easier. Unfortunately, I haven't been able to find anything about pia port forwarding when running through a docker container.

 

I started a 30 day trial with kamatera I was able to spin up a single service and I set up a openvpn access server. I'm attempting now to just create a new openvpn client container and then I will attempt to configure NAT/firewall settings on the VPS when I have the basics figured out.

 

Thank You for your reply!