Unable to connect remotely... EVER

[Heckler 147]

I gave up on being able to connect remotely to my server a very long time ago. It has never worked, and I do mean NEVER... Not once.  I can connect locally, but not remotely.

 

I've followed everything to the letter, the firewall and ports are opened, address is correct... I've searched through dozens and dozens of threads for suggestions and nothing has helped.

 

Firewall rules are set up on the server (windows 7 (64), router firewall and port forwarding is all configured for both IPV4 and IPV6 and pointing at the server for ports 8096 and 8920

 

I can ping the IP address perfectly, the ports are setup and accessible, port forwarding is enabled to the mediaserver... but I've tried it with and without. I've created specific services for my router just to allow emby access on 8920.  I've not tried it on http because I'm not prepared to broadcast anything unsecure..

 

I've tried manually connecting to the server

I've tried it with and without the VPN connected, manually adjust the IP addy to make sure it's all correct.

 

I'm not using a custom cert, just the one created by emby.

 

I've long since given up ever thinking that it would actually work... and can't think why I bothered to try again... But I'm now determined to make it work and nothing I've done works, and I've got almost 20yrs experience of this kind of thing. Everything tells me it should work, but it doesn't.

 

I then tried to log in remotely through the browser (firefox & chrome from my desktop out (no VPN) and back in to the server (via VPN)),  it again refuses to connect and just repeats that the server can't be connected and to make sure emby is running.... which it always is.

 

Browser login remotely fails to work (local connection works fine, but that's not what I'm trying to do).

Android 6.0 (marshmallow) on an nVidia Sheild K1 tablet fails to connect (shows server listed, but even adding new server manually doesn't work)

Android 6.0 (CM OS on Wileyfox Storm) fails to connect but shows server listed, adding manually with same result.

 

So then I decided to try via http and get exactly the same results on all devices and browsers.

 

If you want logs, tell me which ones and which steps you want me to take to make sure the right info is logged.

 

 

I've gone through every step of the connectivity guide, firewall is correctly setup, router is correctly setup... Remote connection just never works.

Edited September 21, 2016 by Heckler

[Luke 37020]

Hi there, welcome. I would start by taking a look at our Connection Troubleshooter. Please try going through the steps listed there, and if a certain step doesn't work, please let us know what that is. That will help narrow down where the issue is. Thanks !

[Heckler 147]

@Luke  I've already been through the connectivity troubleshooter.

 

I can connect internally to the server via 192.168.0.4 via the browser perfectly, I can also connect fine from my phone using the emby app when using the home network.

 

The mediaserver has the firewall set up to allow emby (mediabrowserserver exe), ports 8096 and 8920 are both opened as I created specific rules for them in the firewall.

My router has had rules setup for port forwarding for TCP on the same ports and points to the mediaserver on 192.168.0.4

 

I've checked and triple checked the remote IP address, when I log in via the browser, phone or tablet (with wifi turned off), the mediaserver shows up, but refuses to connect... just says cannot connect at the moment, please ensure emby is running... which it obviously is.  I figure that the browser problem could be simply that the router isn't allowing a return connection that goes out and then back in. But that wouldn't explain my mobile devices.

 

If I ping the server through the external IP address it responds exactly as expected, so I know it can be seen.

 

I do use a VPN (Anonine) but have tested all of this with it connected and without, restarting emby server each time to make sure any changes are picked up and I've triple checked the remote IP address.

I've tried 20-30 times to connect manually without any luck, I've re-registered the server to my account 3 times to make sure.

 

The only thing that I've just noticed is that on the server dashboard, the internal IP doesn't show up as 192.168.0.4   but starts 10.20.xxx.xxx and if I ping that I get no reply.

 

I can't remember if/when that local host IP addy started showing up differently, and have no idea why it's different. It's not something I ever check because I connect to the server dashboard via bookmarks in my browser and had given up on remote connections a long time ago... Only attempting to connect again yesterday evening... and after about 3hrs of flaffing about failing to get it to work... gave up in frustration and annoyance again.

 

If you want logs, let me know which one, and what steps/process I should attempt so that the relevant info is in them.

 

Cheers

[CBers 6766]

My router has had rules setup for port forwarding for TCP on the same ports and points to the mediaserver on 192.168.0.4

 

Do you have UDP ports open as well ??

 

Not saying it's a fix, but I have both TCP and UDP ports forwarded to my Emby server PC.

[Heckler 147]

Do you have UDP ports open as well ??

 

Not saying it's a fix, but I have both TCP and UDP ports forwarded to my Emby server PC.

 

Yeah, I redid the rules on the router to allow both TCP & UDP through on those ports with no effect.

 

 

Also, if I haven't mentioned it, I set up port forwarding via IPV6 on the router too.. just in case.

Edited September 21, 2016 by Heckler

[CBers 6766]

Do you have any other services running on the same PC that work ??

[Heckler 147]

Do you have any other services running on the same PC that work ??

 Not many, it's not really used for anything else aside from emby server, but I have the VPN service setup, along with windows updates, utorrent works perfectly fine, my wireless/remote printer service works ok, Teamviewer remote desktop works fine, ServerWMC works ok, although I've removed the TV stick as I got a new TV with FreeviewHD and the TV stick wasn't HD.

 

using built in windows firewall and MSE, through an ISP supplied router (Sky, newest one) that I've configured access for.

 

 

I don't use it for gaming, but it does get some web browsing use and video streaming all of this done over wifi (n or ac I can't remember). I'm also on a fibre connection with the cabinet less than a hundred yards away.

Edited September 21, 2016 by Heckler

[CBers 6766]

So any services running that you can connect to remotely?

 

uTorrent perhaps?

[Heckler 147]

I'm currently connected via teamviewer to my server, which is connected to the VPN, utorrent is currently running on the server and grabbing something, MSE updated itself earlier this morning and installed new definitions.

 

I use teamviewer daily, and can connect to the mediaserver remotely when visiting my folks for example... that was last used on Tuesday whilst I was visiting them... So remote connections for other programs work perfectly through the VPN it seems.

 

 

Forgot to add that I am currently on the latest official build of 3.0.7200

 

 

There are also plugins that don't work... beeg & youjizz stopped working a long time ago and  were removed, but I assumed that this was down to lack of development or that they'd been abandoned.

Edited September 21, 2016 by Heckler

[CBers 6766]

Can you connect to uTorrent remotely, not via TeamViewer or VPN?

 

Have you removed all firewall rules for Emby on the PC and then reinstall Emby over the top of the current install and let it set the firewall rules?

[Heckler 147]

I'm using an older version of utorrent (2.2.1) because of issues I had with the program in later versions... I really didn't like the direction it was heading nor some of the intrusive and forced apps... So it's not got the remote feature built in, as I think that was v3 onwards.

 

I'll remove all the firewall entries on the server and reinstall and see what happens.

[ebr 14904]

Does canyouseeme.org work with your Emby Server IP and port?

[Heckler 147]

OK, I reinstalled 3.0.7200 and let emby configure itself, accepted the notice to allow it through the firewall

 

 

Then tried to remote connect from my phone over the network and via the desktop and still the same result... failed to connect, please ensure the server is running.

[Heckler 147]

Does canyouseeme.org work with your Emby Server IP and port?

 

 

OK, now this is unusual... the IP addy that reports is not the same as the one that emby is reporting.

 

the first 3 sets are right, but the last is showing xxx.xxx.xxx.8 on canyouseeme.org whilst emby is reporting that it's xxx.xxx.xxx.189... obviously the report for ports 8920 & 8096 can back as a failure.

 

 

So I disconnected the vpn and checked to see if the same discrepancy happened... it didn't, both cysm and emby dashboard showed the same IP and both ports 8920 & 8096 came back as successful connections.

 

So I went back and tried my phone, and that didn't work via the listed server... a manual connection to the server via the remote addy on port 8920 fails still, but port 8096 connected on the remote IP.

 

So I then reconnected the VPN, restarted emby and checked the IP address reported by the dashboard xxx.xxx.xxx.49 whilst canyouseeme reports it as  xxx.xxx.xxx.230 and whatismyip reports it as xxx.xxx.xxx.104

 

 

That's 3 different numbers....

 

So reinstalling emby and letting it add new firewall rules has changed something, and it looks like the VPN is causing some kind of problem... The issue I reported where the internal IP address on the dashboard for the local access should read 192.168.0.4  but when the VPN is connected that's reading something different. Instead of reading 192.168.0.4 it's showing as 10.20.xx.xx

 

 

This now has me stumped... the VPN is setup through windows, I'm not using any 3rd party clients... so I need to investigate that further as turning it off isn't an option I'm willing to take.

Edited September 21, 2016 by Heckler

[Heckler 147]

I downloaded the anonine VPN client and allowed that to configure itself using their recommended settings, disconnected my VPN and logged in via their client instead....  I'm still getting 3 different IP addies from emby/canyouseeme/whatismyip  and ports 8096 & 8920 fail to connect when it's in use, and only 8096 connects when it's not even though canyouseeme reports that 8920 is reachable when vpn isn't in use.

 

Also tried various encryption/connection methods such as PPTP, OPEN VPN UDP, OPEN VPN TCP & L2TP without success.

 

 

I've also double checked what the client is reporting as the correct IP and that's matching what  whatismyipaddress.com is reporting, but emby and canyouseeme.org are reporting the last group incorrectly.

 

 

I tried connecting the vpn through a variety of countries from the UK, USA, Sweden and so forth and all are showing me the same thing... regardless of the method of connecting/encryption or the country used... both emby and canyouseeme.org are reporting the incorrect IP address.

 

This is obviously the issue... every other remote connection program works as intended, the vpn itself is working correctly but emby and canyouseeme.org aren't able to work with it somehow.

Edited September 21, 2016 by Heckler

[Heckler 147]

It must have been a fluke.... whatismyip.com is reporting differently again... none of them match what the vpn client is reporting as my IP.

[Andy777 21]

It must have been a fluke.... whatismyip.com is reporting differently again... none of them match what the vpn client is reporting as my IP.

 

With 20 years of experience you should understand what VPN means. If you run a VPN client on your server (let's say the end point is in Sweden), it means that your server (running the VPN client) now resides in some Swedish network and NOT_not_in_your_home_network. Pinging the external address is not actually pinging your server but it is your router that answers the pings. The VPN "transfers" your server out of your local network to wherever the endpoint is. Your local server is not in your LAN/Wan anymore.

 

 

If you want to run your torrent stuff etc. over a VPN you should do it on a separate computer (or a virtual machine). While it is possible to do all those in a single computer, it requires skills to understand "split tunnel", "configuring virtual network interfaces" and manually editing routing tables.

 

If you want external access to Emby server to work:

1) Make sure the VPN is not connected

2) Go to Emby dahsboard and see the line "Remote access: https://......".

3) Go to Emby dahsboard and see the line "Local access: http:/whatever..."

 

4) login to your router, and configure port forwarding from external port 8096 to the ip address what you see in 3)

 

Configure your client (android or whatever) to access the address in 2). The ip address should be the same reported by the "whats my ip addres" _when_not_using_the_VPN.

 

Once you get that working, you can move to 8920 and SSL connections. You are apparently (based on the IP addresses you reported) running NAT on your server, so you can safely disable the software firewall to begin with (as long as you disable IPV6 also).

 

 

BR

Andy777

[Andy777 21]

 

I'm not using a custom cert, just the one created by emby.

 

 

If you want to use SSL you should generate your own custom cert. The default installation of Emby (naturally) does not have any knowledge of your external domain+hostname.If your ISP doesn't provide you with a _stable_ _static_ reverse DNS, you should subscribe a service as dyndns or similar. AND CREATE YOUR SELF SIGNED CERTIFICATE after that. AND install the certificate to your SSL clients such as the Android clients you have been talking about. BUT get the non-SSL working first, and then upgrade your setup to more complicated one.

BR,

A

[Heckler 147]

I opened a ticket with anonine, and all they said was that their VPN was behind a NAT and then promptly closed the ticket... so I've asked them to reopen it and give me a proper explanation and actually try to resolve it.

 

20yrs experience doesn't mean I know everything and networking and encryption protocols  were not my areas of expertise.. I'm more on the engineering and software design side of the industry... I know enough to resolve most things, but some far more knowledgeable would probably say I know enough to be dangerous. 

 

With 20 years of experience you should understand what VPN means. If you run a VPN client on your server (let's say the end point is in Sweden), it means that your server (running the VPN client) now resides in some Swedish network and NOT_not_in_your_home_network. Pinging the external address is not actually pinging your server but it is your router that answers the pings. The VPN "transfers" your server out of your local network to wherever the endpoint is. Your local server is not in your LAN/Wan anymore.

 

 

If you want to run your torrent stuff etc. over a VPN you should do it on a separate computer (or a virtual machine). While it is possible to do all those in a single computer, it requires skills to understand "split tunnel", "configuring virtual network interfaces" and manually editing routing tables.

 

If you want external access to Emby server to work:

1) Make sure the VPN is not connected

2) Go to Emby dahsboard and see the line "Remote access: https://......".

3) Go to Emby dahsboard and see the line "Local access: http:/whatever..."

 

4) login to your router, and configure port forwarding from external port 8096 to the ip address what you see in 3)

 

Configure your client (android or whatever) to access the address in 2). The ip address should be the same reported by the "whats my ip addres" _when_not_using_the_VPN.

 

Once you get that working, you can move to 8920 and SSL connections. You are apparently (based on the IP addresses you reported) running NAT on your server, so you can safely disable the software firewall to begin with (as long as you disable IPV6 also).

 

 

BR

Andy777

 

I opened a ticket with anonine, and all they said was that their VPN was behind a NAT and then promptly closed the ticket... so I've asked them to reopen it and give me a proper explanation and actually try to resolve it if that's possible.

 

20yrs experience doesn't mean I know everything and networking and encryption protocols  were not my areas of expertise.. I'm more on the engineering and software design side of the industry... I know enough to resolve most things, but some far more knowledgeable would probably say I know enough to be dangerous. 

 

I've not used a dynamic dns service in about 10-12yrs, so will have to sort one out again, and read up on self certs.

 

The non ssl side will only work if the VPN is disconnected, but that's not going to happen I need the vpn more than I need remote access to emby. Every other remote service I use on the mediaserver works with the VPN, it's just emby that doesn't like it.

 

The port forwarding is all set up and correct, and works when the VPN is off, canyouseeme.org ok's both 8920 & 8096 and I even setup port forwarding for those ports on tcp/udp and ipv6 to be sure.

 

My IP from the ISP is semi static but I get no warning of change and sometimes when I reboot the router/modem it changes, sometimes it doesn't... the IP for the VPN changes every single time though and has never been the same twice... so a dyndns would help.

 

But as I said... I need the vpn more than I need remote access to emby... I was hoping to set my mum up for her new Samsung 4K TV to access my server for her movies... But I may have to duplicate my server on her PC with less media as she's only got 2TB whilst I've got 15TB (and fast running out of room)

[pir8radio 1292]

If your VPN is behind a nat they are blocking all inbound ports that didn't have a request from your pc first (this is how team viewer works)..   I doubt they will open the ports for you... But i'm not familiar with that vpn service..      if you had another non VPN pc you could run a reverse proxy on it, let it handle the remote emby connections and be the bridge between the net and your emby server.  Allowing you to keep the vpn running on the emby server.  

Edited September 26, 2016 by pir8radio

[pir8radio 1292]

I believe only their Swedish servers allow inbound ports. Try one of them.

[Heckler 147]

I believe only their Swedish servers allow inbound ports. Try one of them.

 

Funnily enough, that's what I was doing, I'd also tried about a dozen different servers located around the EU... I opened a ticket with the VPN provider and explained to them what was happening... they've looked into it and have a couple of servers located in Sweden that are not normally listed... It requires them to send me a specific config file to access.

 

I'm just waiting for that and will then do some more testing.

 

Will possibly still need to look into self certs if I want to get SSL working though... Will test first and see what works or doesn't with the new config when that's all setup.

[Untoten 295]

Yeah, I redid the rules on the router to allow both TCP & UDP through on those ports with no effect.

 

 

Also, if I haven't mentioned it, I set up port forwarding via IPV6 on the router too.. just in case.

Disable IPV6 for everything.

[Heckler 147]

Just to revisit this... I have received the files needed from anonine to bypass the NAT on a swedish server... But have not had time to setup a new connection and test it out... Hoping to do that next week as I've got the whole week to myself and only some sanding, filling, sanding, paiting, sanding, painting, lacquering, sanding, buffing to do.