Help with remote access

[sutt359 0]

Hi Everyone hopefully someone can help me.

Ive been accessing my emby server remotely for years with IP address or emby connect without issue over port forwarding.

But it all stopped yesterday, i called my ISP and they have turned on something called CG NAT and ipv6. Now i can't connect to my server. 

Could someone point me in the right direction to getting it working again. 

They did say i could try a static IP to see if that fixes the issue but that's £8pm

Also my emby server only picks up ipv4 from the dash even thoe the home network is setup as ipv6.

 

 

[Happy2Play 8351]

@sutt359will look for other posts @cayarshas posted on this situation and update this topic.

 

 

Edited April 6, 2022 by Happy2Play

[Carlo 4331]

@sutt359 A CGNAT is a Carrier Grade Network Address Translation. Your home router has NAT (network address translation).  NAT is a method of sharing one public IP address with all computers behind it.  That's how you're able to use several devices and computers in your home network with only one IP from your ISP. Well, that how it was for you when you had a public IP address previously.  NATs are also the basic building block quite often for a firewall.  You don't get past the public IP address unless there is port forwarding setup to tell the router what to do with the incoming packets it otherwise would not know what to do with.  Any internet traffic that's started from a device/computer inside your network goes through the router and as part of it's routing mechanism tracks the originator and port used so it does know how to process incoming packets with your internal IP.   The private IP is also marked in the packets but can be spoofed so the router always checks it.

So knowing how this works at a high level you can see that inbound traffic meant to get to your Emby Server stops at your ISP's NAT they now put in place  You obviously can't log into their routers and setup port forwarding and there is little chance they will do this for you other than give you a static IP which runs $8 to $12 usually a month.

So basically you need a work-around to allow traffic to make it's way to your Emby Server.  There are a few methods but these all take a bit of work. Some are pretty easy but have tradeoffs.

First - If it's only you and your family who need access when remote for PCs, phones or tablets an easy solution is using a service such as ZeroTier or Tailscale. You can set this up for free but requires software running on both the device and the Emby Server.  These two services allow you to have a private network that's essentially a VPN that you will control.  You could give access to a couple of friends as well.  Typically you can have up to 50 devices on the free plan.  Both allow you to setup complete control of your network and grant access to a specific internal IP to another person using the service. This works because they act like moderator who orchestrates the VPN.  Your Emby Server will keep a VPN tunnel open all the time to their service.  When not using it there is zero activity except for a beacon once in a while which is just enough to keep traffic going back and forth to keep the tracking in place for your CGNAT.  When you fireup the app on a PC you also connect to their service.  Now both computers are logged in with a tunnel.  As soon as you try and access your Emby Server these services will try to establish a direct tunnel from your device to the Emby Server so it's not in the middle but a direct path.  This works 95+ of the time but can fail in some corporate networks who shut down udp and other ports needed.

Second - The is similar to above but you setup and run your own VPN service with a $5 a month VM.  You could setup and use OpenVPN for example.  I'm not fond of this method and would just do #1.

Third - Use a one way tunnel that's only needed for your server to bypass the ISP CGNAT.  This is similar to #2 except you use the hosting account public IP and basically setup a forward for ports 8096/8920 to go through the tunnel to your server.  The advantage of this is that you just give the public IP address used for your hosting to anyone and they setup their Emby Client as normal.  All the inbound traffic is relayed to your server.  You can setup and relay any type of traffic you want this way.

Forth - My preference but the most work.  Open an account for free at Cloudflare by registering a domain name you will use to access your Emby Server.  Cloudflare is a security screen/cdn network so a good thing. They also allow you to setup a tunnel (their software) from your server to their network.  So that works around the cgnat issue.  You will have all kinds of new security and performance controls on their dashboard as well.  You will also be using a certificate from them for secured access on port 443.   You can now open a browser and type in https://YourEmbyDomainName.com and it goes through their network to your server.  They cache images making your screens load faster in the future.

So Cloudflare is the most work but you end up getting a domain name, free tunnel, lots of extra security features and protection, domain management, secured access with a certificate ..  You will need a domain name but that's generally less than $10 a year.  Besides that cost it's your time to setup and get it working.  We have guides that cover most of this setup. Only thing you may need help with is the tunnel but I've got that covered for windows and linux.  It's extremely hard to set this up on a NAS and I'd not try.

So #1 or #4 are the way to go.

Carlo

[simonguillot@yahoo.ca 1]

I need help to sort this out please

 guys I am at loss

What is the best option? I heard cloudflare is no go.

Now twingate?

I desperately need help to acces my emby server and file server from outside

 

TIA

[Luke 37230]

1 hour ago, simonguillot@yahoo.ca said:

I need help to sort this out please

 guys I am at loss

What is the best option? I heard cloudflare is no go.

Now twingate?

I desperately need help to acces my emby server and file server from outside

 

TIA

Re: Duplicate posting from: