Jump to content

Can't connect using VPN even though web browser works


TheShanMan

Recommended Posts

TheShanMan

My router has a VPN server running. I'm connected to the VPN from outside my network and Theater can't connect using IP address but a web browser works fine. What could the problem be? I'm entering https://ip and 8920 in the port field which matches what I'm putting in my browser.

Link to comment
Share on other sites

TheShanMan

Also for what it's worth emby android can connect to my server when my phone is connected to my VPN as well.

Link to comment
Share on other sites

You would not be able to connect to an SSL port by IP because SSL works with a domain.

If you connect to the VPN then use the 8096 non-SSL port.

Link to comment
Share on other sites

What domain is the ssl certificate associated with? The answer to that is the only way you'll be able to use https.

Link to comment
Share on other sites

TheShanMan

That must be it, because I used to port forward before setting up my VPN. Guess emby doesn't prompt about an invalid cert the way web browsers do. I'll be able to try connecting again later tonight. Thanks!

Link to comment
Share on other sites

TheShanMan

Nope. Couldn't connect with theater over http. Then I tried it in my browser and it automatically redirected me to https. So I turned off the external access option. Now the web browser says forbidden with http and client apps just don't connect. Being on the VPN, I guess emby sees the connection as external.

I wonder why the android client has no problem connecting over https.

Edited by TheShanMan
Link to comment
Share on other sites

It could be that the clients are connecting, but rejecting or not trusting your certificate.

Link to comment
Share on other sites

TheShanMan

So how do I get http to work? Is the problem with http that VPN connections are on a different subnet and thus they're considered external, even if I'm using the private IP to connect? It didn't look like there were any settings relating to other subnets establishing a connection - just for bandwidth restrictions.

Link to comment
Share on other sites

Quote

Is the problem with http that VPN connections are on a different subnet and thus they're considered external

It could be, but this is specific to your environment so it's hard to answer that without specific examples. Try loosening up some of the server network settings that might be restricting connectivity.

Link to comment
Share on other sites

TheShanMan

Not sure what there is to loosen though. I don't see any settings that relate to http connectivity other than LAN Networks which is blank and therefore shouldn't be an issue. My LAN subnet is 192.168.1.0 and my VPN subnet is 10.8.0.0.

Link to comment
Share on other sites

Even though it didn't solve it, you're probably better off leaving it off until the problem is identified, because it's possible for the problem to be caused in multiple ways.

Link to comment
Share on other sites

TheShanMan

Unless I have something specific to try, I'll need to leave it on for now so I can use emby. Once I get back from my trip I can turn that off if it's helpful. Ultimately, there's no sense using https over an already encrypted VPN so my goal is to not need https at all. But until there's a solution, only https actually works.

Link to comment
Share on other sites

On 7/22/2021 at 11:13 AM, TheShanMan said:

My router has a VPN server running. I'm connected to the VPN from outside my network and Theater can't connect using IP address but a web browser works fine. What could the problem be? I'm entering https://ip and 8920 in the port field which matches what I'm putting in my browser.

Keep in mind https or SSL connection only work in conjunction with a domain name and not IP address.

So if you have a point to point VPN between the client and the server it's essentially a local connection and you wouldn't connect via domain but by IP address using 8096.

In order to use your domain over VPN you would have to have support for loopback connections available on your network, but there is no point in doing this as the VPN connection is already encrypted.

Does this help?

Link to comment
Share on other sites

TheShanMan

Sounds like you're under the impression I'm trying to get https working. I'm not. I'm trying to get http working. Thanks though!

Link to comment
Share on other sites

This is what you said in post one

On 7/22/2021 at 11:13 AM, TheShanMan said:

My router has a VPN server running. I'm connected to the VPN from outside my network and Theater can't connect using IP address but a web browser works fine. What could the problem be? I'm entering https://ip and 8920 in the port field which matches what I'm putting in my browser.

So my point is you can't use SSL and IP but need a domain name.

But moving on what is the IP of the machine running Theater?  What is the IP being shown on Emby Server for local connections?

Link to comment
Share on other sites

TheShanMan

192.168.1.x is what server shows and what I'm using for clients to connect.

BTW like the Rush cover. 😎

Link to comment
Share on other sites

Yes but what are each of the specific IP addresses.  No need to hide/mask internal IPs.

OK let's get more info so we can help you better.

Do you share with anyone outside your house (any family or friends) that need to access your server via Internet without using a VPN?
Or will all outside connections be done only through your self hosted VPN server?

PS: Yes, I liked that cover since the Permanent Waves cover was in black and white but I found online the original picture used that was in color.
Kind of fun for me when people recognize it.

Link to comment
Share on other sites

Q-Droid
On 7/23/2021 at 3:31 PM, TheShanMan said:

Not sure what there is to loosen though. I don't see any settings that relate to http connectivity other than LAN Networks which is blank and therefore shouldn't be an issue. My LAN subnet is 192.168.1.0 and my VPN subnet is 10.8.0.0.

Have you tried adding your VPN subnet to the LAN Networks field in the Network settings? It should then treat your VPN subnet as another local network.

Edit:

If it's empty now you should add both (or more) of your subnets. 

 

Edited by Q-Droid
Link to comment
Share on other sites

TheShanMan
9 hours ago, cayars said:

Yes but what are each of the specific IP addresses.  No need to hide/mask internal IPs.

OK let's get more info so we can help you better.

Do you share with anyone outside your house (any family or friends) that need to access your server via Internet without using a VPN?
Or will all outside connections be done only through your self hosted VPN server?

PS: Yes, I liked that cover since the Permanent Waves cover was in black and white but I found online the original picture used that was in color.
Kind of fun for me when people recognize it.

True but the precise IP isn't helpful either. Nevertheless it's .98.

Access is now only via VPN. No more port forwarding, hence I won't care about https once I can fix this.

I bought Permanent Waves probably within about a year of its release as a kid. :)

2 hours ago, Q-Droid said:

Have you tried adding your VPN subnet to the LAN Networks field in the Network settings? It should then treat your VPN subnet as another local network.

Edit:

If it's empty now you should add both (or more) of your subnets. 

 

I guess I could give that a try but that would suggest the help text next to that field is wrong. Edit: That actually failed! I put in "10.0.0.0/8, 192.168.0.0/24" which is what the help text says is the default, and I could no longer connect over http on my LAN via browser. It redirected me to https.

Edited by TheShanMan
Link to comment
Share on other sites

TheShanMan

Good catch! I was thinking of /16, rather than /24. I just tried "10.0.0.0/8, 192.168.0.0/16" and it worked both on my LAN and VPN. So not only is the help text wrong (should say /16), but by default emby does NOT consider all the private IP's to be local. Hopefully both of those can be fixed but at least I have a workaround in the meantime. Thanks!

Edited by TheShanMan
Link to comment
Share on other sites

TheShanMan

In the sense of having a workaround, yes. But it would be good to see those 2 bugs fixed.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...