Access VPN remotely with PrivateVPN enabled

[AndrewDub622 0]

Hey guys

I recently got PrivateVPN and got a vpn running on my NAS (OpenVPN) and can access my Server when I'm home and the VPN is on but when its on and I'm away from home I cant. Any advice. I'm a rookie

[Luke 37191]

Hi, do you need to configure the VPN for remote access?

[AndrewDub622 0]

Hey Luke yes I do I just don't know how to do that 

 

[AndrewDub622 0]

Oh it's PrivateVPN I'm using. I understand they support Port Forwarding. I'm running Emby on a Synology NAS if it helps 

 

[Luke 37191]

11 minutes ago, AndrewDub622 said:

Oh it's PrivateVPN I'm using. I understand they support Port Forwarding. I'm running Emby on a Synology NAS if it helps 

 

OK I think that would be a good thing to start with. You can learn what ports to configure in our remote setup guide:

https://support.emby.media/support/solutions/articles/44002137137-remote-setup

Please let us know if this helps. Thanks.

[AndrewDub622 0]

Cool! I'm assuming it's on the Mac or Windows PrivateVPN app. I try on the NAS with the VPN on and it doesn't let me change anything and it disables my rules. (Yes I'm a rookie) lol

[AndrewDub622 0]

Okay Ports are Forwarded on my Router. Next up, Forward them in the VPN I think. Still have UPNP on. I read the manual and understood most of it lol 

[AndrewDub622 0]

Not missing Plex at all, Emby is the king in my books

[kaj 243]

What I did, with exactly this problem, was to create an SSL cert for one of my sub domains, following this guide:

https://support.emby.media/support/solutions/articles/44001160086-secure-your-server

This then secured my Emby server.

I setup a VPN like you. This has all my NAs traffic going through it...except my secured Emby server, which I set up as follows:

For the same sub domain I setup a DDNS service, pointing to my public IP from my intenrnet provider (non VPN address).

 

The no-ip.com setting is the 'open' IP address from my intenrnet provider, and this is used to access my Emby server, as it bypasses the VPN.

The Synology address is the VPN address, so all other traffic goes through that. 

This is what works for me. I can see, for example, that if I use the excellent website iknowwhatyoudownloaded.com, that there is zero traffic on my internet provider IP adresses, but looking at the VPN provided IP, there is tons.

This method helps me keep Emby sercure but easily accessible for remote users, and all other traffic protected by my VPN provider.

[AndrewDub622 0]

Lol cool I uh might need a hand Kaj. Or maybe a remote connection if possible lol! But I'll see what I can do 

[kaj 243]

Feel free to send me a DM....the most important thing is to setup the SSL cert for connections to your Emby server. Once that is done, the rest is easy

[AndrewDub622 0]

Thx Kaj. Will do! 

[AndrewDub622 0]

Kaj you available for a hand 

[Carlo 4331]

@AndrewDub622 when you say PrivateVPN do you mean using OpenVPN built into Synology?

What exactly is the purpose of this type of VPN used with Emby?
You really don't gain anything going this route and it will never be as secure as a directly forwarded single port using encryption.

You're potentially exposing your whole machine and your network when using VPN so you want to make sure it's locked down well. If you're giving access to your Emby Server this way to remote users you will need to have different profiles setup for them vs you/admin as well.

It depends on need and what you're trying to accomplish but if the reason for the VPN is strictly/mainly Emby related it's the wrong way to try and secure your server because of the risks involved in not getting routing/forwarding and user permissions correct.  With a direct port forward to Emby Server running encrypted ports it's pretty much foolproof as the remote person has access to one port going to one machine only with no way to divert those packets elsewhere.