Jump to content

Emby Server on Mac OS running behind VPN with PIA


Recommended Posts

I recently migrated my server from a Windows machine to a Mac mini. I have everything back to how I want it, except for my ability to allow remote connections while I have my VPN (Private Internet Access) running. On my Windows machine, I would use the Split Tunnel to bypass the VPN. Unfortunately, Mac OS seems to have an issue with split tunneling which stops all internet traffic when enabled (a real bummer).
So now I am trying to use Port Forwarding as a way to allow connections through my VPN, though I am admittedly not very knowledge about this. I have searched these forums and read numerous threads about this topic, but I have still come away empty-handed. Perhaps someone can look at my specific situation and give me tailored guidance (and perhaps this may serve someone else in the future who faces a similar setup).

To begin:
I have SSL setup and can allow access to my server via https://mydomain.com.


I have forwarded the ports on my router (Google Nest) to allow connections from port 8920 and 443 (as well as 8096 and 80 non-secured ports).


When I turn on my VPN with Port-Forwarding enabled, PIA has reserved port 47853, as well as the new IP address of 456.456.456.456.

What do I do with this port number and/or VPN IP? 
On the Emby Network tab I see the local and public https ports are set to 8920. Does one of these change?
Or do they stay the same and I need to add a new Port Forwarding rule for 47583?
And if I need to add a new rule to my router, do I forward 47583 to 47583 or do I forward 47583 to 8920?


Lastly, since I am using SSL and I have my DNS record setup (in Google Domains) to direct mydomain.com to (my ISP assigned IP address), do I also need to update this record so it points to 456.456.456.456 (the VPN IP address when the application is enabled)?
(For all intents and purposes, we can treat my ISP IP address as static, technically it is dynamic, but I have a pretty good handle on that part of the process, so I don't want to get caught up in questions away from my main topic regarding the port-forwarding.)

If anyone can give me the exact steps of what I need to do, I would very much appreciate it.
These forums have been very helpful in the past and I hope to be able to contribute to them in meaningful ways in the future.
Thank you.


Link to comment
Share on other sites

HI, does your server dashboard display your correct remote address, even when using the vpn? If not, then you might want to customize that in Emby Server network settings. That might be all you need to do.

Link to comment
Share on other sites

First of all, thank you for the response.

When I have the VPN enabled, the Remote Server still shows as https://mydomain.com:8920.

Since I have SSL setup, the Dashboard does not display a remote IP address. 

But since you brought it up, what do you mean by “customize [remote address] in Emby Server network settings”? To which field on the Network tab are you referring? And what should I be putting in that field.

I was hoping that by providing all the screen shots I might be given explicit instructions on what needs to be set where.

Link to comment
Share on other sites

@cayars, I have seen you mentioned in several posts as someone who knows the most about this topic. Several posts you have had in the past are very old and either the topic links no longer exist, or the images are no longer functional. Would you be able to review my setup from my first post and given me specific guidance about what I am missing? Thank you in advance. @cayars

Link to comment
Share on other sites

@cp41 Sure thing.

You're on the right path.  Using a domain name is ideal. If you're WAN IP changes there are utilities you can run that watch for IP changes and kick off a script to update a DNS A record. Basically the same thing people have been doing with DDNS.  Many routers have this ability built right in.  This is outside the scope of Emby setup, but a perfect compliment.

The secret lies with "Charlotte", oh wait I mean with Split Tunnel VPNs as you already know.  I would forget about trying to get port forwarding working through a public VPN as it's not worth the hassle generally speaking. I know PIA was close to having this working (thought it was) on MAC it can be done on any OS via command line by manipulating the routing table by hand.

Before diving into this let me ask a couple questions first. Does your router support VPNs?  If so it might be best to have this running there.
Why do you need a VPN running on your Emby Server machine?  If there are aother programs running that require VPN can those be run on another computer, in a VM or from docker?  If so that's an easy way to use a VPN.


Link to comment
Share on other sites

Thank you for the response. 
That’s too bad about Port Forwarding through the VPN not being worth the hassle.
I was hoping it would just be a matter of a few config settings.

So far as I can tell, my router (Google Nest) does not have a native VPN, nor does it allow for manual configuration.
I use a VPN on the same machine where I host my server because it just my personal machine and I am trying to keep my internet traffic from being used as a way for companies to sell me and my data to other companies.

As far as updating routing tables, VMs, or docker…that is a little outside of my skill level.
I don’t know that I’d even know where to start.
But I do understand the concept. I could run a VM and have the VPN running on that machine, leaving my actual Emby Server unaffected. 
Do you have a site to where you could point me that could get me started? I am willing to give it a shot.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...