Anyone know how to put Emby behind PIA VPN and be able to connect?

[DommTheDon 0]

Hey all,
I'm trying to get my Emby behind my PIA VPN. This way it can be connected to via the VPN IP and it be tunneled and not just widely available for the ISP or whomever to peep in. I've been grinding on this for a bit, and have scoured through forums and what not trying to find out how to do this and I can't seem to figure it out. I've tried running it on my router, and using VPN fusion to host the VPN and run it that way, I've tried utilizing the APP, I've tried getting my own dedicated IP for it and port forwarding. I'm at a loss. The dashboard will read the VPN IP for WAN, atleast when running via the Application, but fails when trying to connect to it. I can however still bypass it and connect my true IP. Anyone have any ideas?

[Luke 37065]

Hi, there's lots of topics about VPNs here. Have you taken a look at this?

 

[DommTheDon 0]

Thanks for the response!
I did read over that, but they were using ExpressVPN and I am using PIA. I also don't think they had any success while attempting getting it to work, correct me if I'm wrong, but they just excluded Emby to not be covered by their VPN. I am trying to have PIA hide behind my VPN and use its IP address, if possible, so that it covers all traffic to and from Emby. I am able to get Emby to work when split tunneling and excluding it as well, but that is not my goal.

Edited December 21, 2021 by DommTheDon

[Teknician 3]

I signed up for PIA for a great price and 39 months, and I can't figure out how to get it working with my server, also. I have tried everything, every setting and connection. I'm 2 minutes from canceling. 

I still have PUREVPN with port forwarding and been working pretty good, and at least they do show you an icon beside the server that works great with P2P. 

I'd seen that PIA was supposed to be faster and the price was great, but still have yet to get my Emby server thru. Maybe someone can chime in also, if you get PIA working and what server you're using. 

[GrimReaper 3293]

@cayars

[Carlo 4330]

Personally I would not use a public VPN on an Emby Server unless it was run in split tunnel mode (Emby not using the VPN) or with VPN port forwarding turned on and used to circumvent your ISP's CGNAT.  Part of the reason is IPs associated with public VPN services are often "dirty" and banned by sites due to previous activity associated with the IPs (people use VPNs to hide questionable or worse activity).

@Teknician How have you requested a port forward on PIA through the UI?  What you can try is to take the port they give you then set that for Emby's non secure ports.
That's all you should need to do.

[Teknician 3]

I'd thought about that, but then some of my friends who connect to it, really aren't smart enough to either change their connection port, or even set up a new connection. I do use a redirect address with No-IP, so at least everyone can still use the same url. 

I'll give that a shot and see how it works out. PureVPN with port forwarding works good, but thought I'd try PIA for speed purposes. 

Thank you.. 

Edited February 19, 2022 by Teknician
word replaced.

[Teknician 3]

Also, the reason I'm using a VPN is primarily torrenting and Emby. Am I wrong in thinking that my ISP Spanktrum can see my Emby traffic going out and wouldn't that be similar to seeding torrents that are maybe copyrighted matieral, although I would never do something like that!!

[seanbuff 840]

13 minutes ago, Teknician said:

Am I wrong in thinking that my ISP Spanktrum can see my Emby traffic going out

Not if you configure remote access for HTTPS and secure it with SSL. There are a number of community guides that document the process here.

[Teknician 3]

I looked at that before, and hadn't thought about it for a while, but I think I like that route, thank you. I'd much rather use ssl over a vpn to host. 

Thank You. I'll be working on that route. 

[Carlo 4330]

Most people blow it with their use of VPNs as they continue to use their default DNS servers which often belong to their ISP. If you do that it doesn't matter what or how you pass your traffic because you're giving your ISP a list of sites you use every time you look up a domain!

If you setup your Emby server to use a secured (encrypted) port then all inbound traffic will be "invisible" to the ISP.  They will see the traffic but not know what it contains so it's like being invisible.  Your outgoing traffic will have a URL they can see such as IP or domain so that can be tracked but not the contents of the packets.  So what the ISP would see is connections established from the outside but not know what the traffic contains.  It would see outgoing requests to meta-data providers from Emby as well as traffic to your remote peeps.

If using a VPN and not using your ISP's DNS server they would just see traffic from your server to the public VPN server but nothing else. How much this really matters is probably in the eye of the person using the service.  Generally speaking most people won't have issues with their ISP unless they are going over a data cap which a VPN won't help with or the big one, the ISP is getting notified of activity on your IP for violations of the DMCA or similar.

If you're in that latter category a public VPN is likely a good thing but is still probably best used in split mode with your Emby Server not running through it or simply do that "other" activity on another machine (real or virtual) that has it's own vpn.

To work around CGNATs or to make your Emby Server "invisible" to the ISP a far better solution is to use Cloudflare with a domain name over a Cloudflare tunnel.  That gives you a domain name to use remotely, a certificate from Cloudflare to use so your connections are secured, a tunneled connection directly between you and Cloudflare as well as the caching and protection Cloudflare gives you.

Just my 2 cents.
 

[Teknician 3]

Now that is interesting. Thank you, I will definetly look into Cloudflare. You guys have given me lots to think about, tonight. I'll be doing my research, all night. 

Thank Again, Guys!!