How to connect remotely when running VPN

[RedStripe 14]

Windows 7 Pro
Server Version 3.0.5597.1
Router D-Link dir-655
VPN->PrivateInternetAccess

VPN is running on same machine as EmbyServer.
I ensure that EmbyServer is started after any VPN start/re-starts.
************************  QUESTION: Is it necessary to prioritize startups like this? **********************************

Below is a screenshot of Advanced settings:

 

Below is a screenshot of my VPN settings:


The URL I use to connect to EmbyServer is my ISP_provided_IP:8096. The IP is static.

Remote access (from laptop) works fine with VPN off.

I am ABLE to connect to EmbyServer with the ISP_provided_IP:8096 from the server machine.
I am UNABLE to connect to EmbyServer with the ISP_provided_IP:8096 from a client machine (laptop).

I saw a direction in the forum to "...go to dashboard -> advanced -> hosting and override your external address".  I assumed this meant to enter my ISP_provided_IP in the "dashboard -> advanced -> hosting -> External WAN Address:".. Still no joy.

There was another direction on the forum to "...manually edit the common config file and put in the machine name/ip address for the server." I poked around around looking for a "common config file" to no avail. What tag would I edit if I found it?

After hours of trying different settings (e.g., port mapping on/off) and searching this forum and the web for a solution, I have become very frustrated and need your help. Thanks

Here is my server log:   server-63566876397.txt

 

Thanks
 

[JeremyFr79 228]

You can't have the VPN and Server on the same Port, you need to change your VPN port.

[RedStripe 14]

One of the configs I tried was with the "Local Port" blank and port forwarding off. Still no joy!

[JeremyFr79 228]

You have to specify a port for the VPN to use for connection hence why blank didn't work, however you can't use the same port as Emby server.  use something random no in use like say 33444 or something.  

[JeremyFr79 228]

Ok let's rewind......Are you running the VPN Server on your server or your gateway/router? Are you trying to use the VPN for external clients to connect to your server, or for the Server to connect somewhere else?

[RedStripe 14]

VPN is running on same machine as EmbyServer. My primary rerason for running VPN is for anonymous torrenting and web surfing. That all seems to work fine. My issue is remotely connecting an Emby client (Windows 8.1 laptop) to the Emby server (Windows 7 Pro desktop). VPN off... laptop displays web client just fine. VPN on...no joy! I've set the Local Port in PIA as you suggested...no joy!

 

When you refer to "Server", I assume you are referring to the EmbyServer and not the Windows 7 machine. With that distinction being made, the answer to your question is->I am trying to connect a remote Web client to the EmbyServer with VPN running on the "server machine". Again, VPN off...Emby web client connects to EmbyServer and successfully displays my media in the browser; VPN off...the connection times out.

[JeremyFr79 228]

OK, thanks for the info, so here's the problem, when you connect the machine through VPN you are creating a private tunnel.  All traffic at that point is directed through the tunnel thus preventing any non private traffic from connecting.  In short it's working exactly like it should.

[JeremyFr79 228]

What you would want to do is see if your VPN service allows you to only redirect certain traffic through the VPN leaving the other stuff untouched.  I'd have a strong feeling they don't as since you're using torrenting over VPN which typically uses random and rotating ports for connections.  But specifically you'd want to see if you could make the VPN software not handle traffic on 8096.  Otherwise you're stuck with having to leave the VPN down in order to access your machine remotely.

[RedStripe 14]

Thank you!! I was beginning to sense that was the case. Now there's several hours of my life I'll never get back

 

Thanks again.

[JeremyFr79 228]

yeah no problem, I run a VPN at home, but I do so so that I can securely connect to my home network to access files, or do administrative tasks remotely on the servers when I'm not home, but most importantly I use it when on public WiFI with any of my mobile devices so that I know all my traffic is encrypted and secure and going through a trusted gateway i.e. my home router.

[RedStripe 14]

OK. Now I'm confused again. If you can connect remotely via VPN, why can't Emby? Is the trusted gateway to home network 1) ISP_provided_IP or 2) the VPN_provided_IP or something else?

 

Again my setup is:

Windows 7 Pro
Server Version 3.0.5597.1
Router D-Link dir-655
VPN->PrivateInternetAccess (running on Win7 desktop)

 

 

Worded badly ; better stated-> If you can connect remotely via VPN why can't you remotely connect to Emby? I inferred from your previous post that you could not remotely connect to a machine running VPN at all.

Edited May 11, 2015 by RedStripe

[JeremyFr79 228]

You're using VPN to connect OUT, meaning you are connecting VPN to a gateway somewhere else (in order to hide your true IP & encrypt data when torrenting)  I am using VPN to connect in, however my VPN is hosted on my Router/Firewall box (Pfsense) not on the server(s) in my network.  I'm making a secure connection to my router which then make's it look like I'm local to the network.  You're doing the opposite of that, your server is connecting to a VPN gateway somewhere else and like I said once that outbound VPN tunnel is created it is then routing all traffic through that, ignoring anything coming at it that's not coming through the VPN connection.  Make sense? 

 

so in a nutshell you're connecting to a VPN

I'm hosting a VPN

[RedStripe 14]

Makes sense...thanks again.

 

Can you recommend hardware (router?) software (VPN?) for a setup like yours?

Can an Emby client connect with your setup?

[JeremyFr79 228]

So my router is a Dell Poweredge 1950 Server, running Pfsense (http://www.pfsense.org) which is an openbsd router/firewall software,  it's fairly easy to setup, but also get's very advanced very quickly.  I run OpenVPN within Pfsense which give's me a VPN connection back to my house when I need it.  this is incoming only, it's not an outgoing VPN.  Meaning you can't use it for going out of your network and masking yourself.

 

But like I said earlier running my own VPN let's me use open wifi when i'm out and about without having to worry about "man in the middle" attacks stuff like that as i just VPN into my network which give's me a fully encrypted, secure and private tunnel back to my router at home.  All my internet traffic routes through that tunnel thus preventing "packet sniffing" etc  So if say I want to access my bank account while on public WiFi (normally a big no no) I can do so with much more security.

[RedStripe 14]

JeremyFr79,

 

Thanks so much for your time! Your explanations were crystal clear and are the first "big picture" view of VPN capabilities. Most other responses  to questions (mine&others) go directly into the weeds without taking into account the desired macro-level mission of the user. If you are not a teacher you should be.

 

I appreciate your patience

RedStripe

[JeremyFr79 228]

JeremyFr79,

 

Thanks so much for your time! Your explanations were crystal clear and are the first "big picture" view of VPN capabilities. Most other responses  to questions (mine&others) go directly into the weeds without taking into account the desired macro-level mission of the user. If you are not a teacher you should be.

 

I appreciate your patience

RedStripe

No problem, glad I could help, I'm not a teacher, but I spent my years doing help desk and support (I now maintain hardware in data center's for a very large internet company) So I'm used to trying to break things down, we all learn at some point and lord know's I have and continue to ask my own questions on stuff, we can't all know it all  But we can always be helpful and share the knowledge we do have when the time arrives.  Feel free to PM me or post here if you have any more questions.  And lastly have a good day!

Edited May 11, 2015 by JeremyFr79