b0dyr0ck2006 57 Posted December 5, 2016 Share Posted December 5, 2016 I've recently setup a VPN with the company PIA for various security and personal reasons but I'll leave my tinfoil hat off for the moment. I am basically looking for some advise on getting the system setup on the server machine. It seems there has been a few threads started on this topic over the years but from what I can see, never a solution. The basic structure of the idea is to have the server machine secured via the VPN (which is hosted, not a router or gateway VPN) and yet still allow my various users to be able to connect as simply as possible. As I understand it, each time the VPN software is disconnected and restarted I am assigned a new IP so this would cause issues with people connecting to the server unless I gave them the new IP address each time. Some users need their hand held to connect, even with Emby Connect. I would assume that with PIA the IP addresses would be randomly circulated anyway. Now currently, with the VPN software off I can browse the server machine remotely and locally fine but when I activate the VPN I can't access remotely. I have added a forwarding port on my router that ties with the VPN and it is separate to the Emby port. Understandably so the VPN is doing its job and changing my IP, using the IP provided in the server settings: http://xxx.xx.xxx.xxx:8086 I cant connect. Using the IP from the VPN: http://xxx.xx.xxx.xxx:8086 doesnt work and even if I change the port on the end to the one i've set for the VPN still doesnt connect. Oddly when the VPN is running my internal IP changes too and Emby reports it as: http://10.73.1.35 this I really dont understand. So, Is it possible to set up this and keeping life as easy as possible for the users? If so, could you explain how please. Links to other threads: remote access when running vpn emby theater wont connect to local server running vpn issue with vpn and local network clients how to connect remotely when running vpn Link to comment Share on other sites More sharing options...
Luke 37071 Posted December 5, 2016 Share Posted December 5, 2016 The server tries to detect your IP address but VPN's can potentially make this difficult. The best thing to do is customize your own external address under the server dashboard -> advanced -> hosting. Link to comment Share on other sites More sharing options...
b0dyr0ck2006 57 Posted December 5, 2016 Author Share Posted December 5, 2016 The server tries to detect your IP address but VPN's can potentially make this difficult. The best thing to do is customize your own external address under the server dashboard -> advanced -> hosting. So in this instance I would add the current IP provided by the VPN including the port forward or the port forward from emby? http://xxx.xx.xxx.xxx:8096 or http://xxx.xx.xxx.xxx:34555 I appreciate I am trying to circumnavigate the VPN, but ultimately I want the traffic to and from the server to remain untouched and everything else via the VPN Link to comment Share on other sites More sharing options...
Happy2Play 8282 Posted December 5, 2016 Share Posted December 5, 2016 each time the VPN software is disconnected and restarted I am assigned a new IP so this would cause issues with people connecting to the server unless I gave them the new IP address each time So you are saying your WAN address changes with every restart, without your VPN being active? If so there isn't anything that can be done beside using a DDNS service. Link to comment Share on other sites More sharing options...
b0dyr0ck2006 57 Posted December 5, 2016 Author Share Posted December 5, 2016 Sorry, perhaps I didn't explain it right. Every time I restart the vpn I get assigned a new address. Not Emby. I'm trying to tunnel all traffic through the vpn EXCEPT all emby traffic, if that's possible Link to comment Share on other sites More sharing options...
Happy2Play 8282 Posted December 5, 2016 Share Posted December 5, 2016 And Emby is showing your VPN address or your WAN address? Link to comment Share on other sites More sharing options...
b0dyr0ck2006 57 Posted December 5, 2016 Author Share Posted December 5, 2016 My wan address Link to comment Share on other sites More sharing options...
Happy2Play 8282 Posted December 5, 2016 Share Posted December 5, 2016 Trying to picture what you are trying to do. So WAN access works just fine when the VPN is off but stops working when the VPN is on? Link to comment Share on other sites More sharing options...
b0dyr0ck2006 57 Posted December 5, 2016 Author Share Posted December 5, 2016 Correct Link to comment Share on other sites More sharing options...
jdfisher 2 Posted December 5, 2016 Share Posted December 5, 2016 I too have similar issues, I don't care about wan access, but when the VPN is connected I can't access it on my local network. In other threads that I have read thru day you can enter the local ip each time, but that's not ideal. Sent from my SM-G920V using Tapatalk 1 Link to comment Share on other sites More sharing options...
b0dyr0ck2006 57 Posted December 5, 2016 Author Share Posted December 5, 2016 I too have similar issues, I don't care about wan access, but when the VPN is connected I can't access it on my local network. In other threads that I have read thru day you can enter the local ip each time, but that's not ideal. Sent from my SM-G920V using Tapatalk Try binding the local ip in hosting settings Link to comment Share on other sites More sharing options...
Happy2Play 8282 Posted December 5, 2016 Share Posted December 5, 2016 I too have similar issues, I don't care about wan access, but when the VPN is connected I can't access it on my local network. In other threads that I have read thru day you can enter the local ip each time, but that's not ideal. Sent from my SM-G920V using Tapatalk How are you connecting? app.emby.media or local ip Link to comment Share on other sites More sharing options...
moviefan 184 Posted December 6, 2016 Share Posted December 6, 2016 (edited) Does PIA support hosting applications? From a brief glance on their web site I see absolutely no reference to this whatsoever so I doubt that it's supported. They would need to have both their firewall, as well as their routing settings configured in a way to backhaul this traffic back to you. As far as bypassing the VPN just for Emby I don't think this is possible. You can bypass the VPN for specific destinations by manipulating route tables, but source address policy-based routing is not supported on any OS except for linux. Edit: Here is a discussion about this on PIA's forums basically confirming what I stated: https://www.privateinternetaccess.com/forum/discussion/8860/host-server-on-my-personal-connexion-while-pia-is-on Edited December 6, 2016 by moviefan Link to comment Share on other sites More sharing options...
Happy2Play 8282 Posted December 6, 2016 Share Posted December 6, 2016 OP has some more testing to do but can maintain using there WAN address while VPN is active, Since VPNs continuously change you external IP there isn't an easy way to have external access through the vpn. Link to comment Share on other sites More sharing options...
moviefan 184 Posted December 6, 2016 Share Posted December 6, 2016 OP has some more testing to do but can maintain using there WAN address while VPN is active, Since VPNs continuously change you external IP there isn't an easy way to have external access through the vpn. The issue here isn't the changing address, and the address doesn't continuously change anyway. It changes each time the VPN connection is re-established. The problem is that the PIA service as a whole is not setup to allow inbound connections from the internet whatsoever so anything running on this VPN connection is not going to work for Emby or any other service he wishes to host. The only way around this would be to bypass the VPN for Emby. The PIA forum post I referenced discusses a couple workarounds but I don't think either will meet his goal: 1) He could manipulate the host's routing tables for specific destination IP addresses, so if he knows the source of the external requests there would be a way to make this possible. 2) He could also create a VM and launch his VPN from within the VM for traffic he wanted to privatize, and leave the bare metal installation on his regular connection with Emby installed there. I really don't see any way of doing this unless he wants to switch to a linux installation and do something like this: http://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/ 1 Link to comment Share on other sites More sharing options...
Luke 37071 Posted December 6, 2016 Share Posted December 6, 2016 Great info, thanks ! @@leebo you might want to read this as well. Link to comment Share on other sites More sharing options...
Happy2Play 8282 Posted December 6, 2016 Share Posted December 6, 2016 (edited) Already tested with OP, the WAN isn't changing. the VPN just tunnels thru it so you can still come in along side it. Edited December 6, 2016 by Happy2Play Link to comment Share on other sites More sharing options...
moviefan 184 Posted December 6, 2016 Share Posted December 6, 2016 Not sure exactly what you meant by the WAN isn't changing, but I went to search a bit more as I was curious. Seems the previous thread I linked to is certainly not the only one on this subject and there may be some more hope. Here is another interesting one: https://www.privateinternetaccess.com/forum/discussion/4558/tcp-port-forwarding-not-working I see several that indicating there IS a port forwarding setting in the PIA tray icon. Has OP configured this? If you can forward the Emby port via the PIA then this would be a way to properly host a service via his VPN. It's funny because although I see MANY posts referencing this capability I see no posts where someone confirms that it is working for them. There is an interesting utility created by Xflak that allows for bypassing VPN for Plex but unfortunately it works on the premise I mentioned in my previous post - excluding traffic to/from Plex's servers since everything for Plex is tunneled through their servers. https://xflak40.wordpress.com/apps/#VPN-Bypass-for-Plex-Media-Server Link to comment Share on other sites More sharing options...
b0dyr0ck2006 57 Posted December 6, 2016 Author Share Posted December 6, 2016 As an update to this in case anyone else is having these issues or at a later date comes across this thread: With port forwarding setup on the VPN software and the router I can remotely connect to the server ONLY by using the WAN (remote) IP that is on the server dashboard, for example: http://123.456.7.89:1234 I currently cannot connect via iOS apps or with app.emby.media as I am presented with a timeout error Link to comment Share on other sites More sharing options...
moviefan 184 Posted December 7, 2016 Share Posted December 7, 2016 What about if you add a new server with the same WAN IP address? Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Luke 37071 Posted December 7, 2016 Share Posted December 7, 2016 What address are you entering exactly? please show us that screenshot. thanks. Link to comment Share on other sites More sharing options...
Happy2Play 8282 Posted December 7, 2016 Share Posted December 7, 2016 (edited) When the server finally recognizes vpn it would change external ip on dashboard and connections via Connect would fail. OP is still testing but ended up entering LAN and WAN addresses in Advanced-Hosting, do to vpn changing them and causing connections to fail. Edited December 7, 2016 by Happy2Play Link to comment Share on other sites More sharing options...
b0dyr0ck2006 57 Posted December 7, 2016 Author Share Posted December 7, 2016 What address are you entering exactly? please show us that screenshot. thanks. Sorry @@Luke I'm not publicly posting ip addresses, defeats the whole point of a VPN. Link to comment Share on other sites More sharing options...
Happy2Play 8282 Posted December 7, 2016 Share Posted December 7, 2016 Sorry @@Luke I'm not publicly posting ip addresses, defeats the whole point of a VPN. @@b0dyr0ck2006 Are your mobile apps able to connect now with this change? Link to comment Share on other sites More sharing options...
Solution b0dyr0ck2006 57 Posted December 7, 2016 Author Solution Share Posted December 7, 2016 Update. After assistance from @@Happy2Play currently the system seems to be working. The steps we took are: Bind local ip and remote (external) ip to original settings. For example: local http://192.168.0.3 Remote (external) http://188.888.88.88 These have been added in the server at advanced->hosting Once the network addresses have been bound, start up the VPN software. Setup port forwarding on the VPN and add that port to the router, ensure that this is a different port to the one that emby uses. This should allow your users to connect to emby as normal. This is until as or when your service provider changes your IP, at which point you will need to bind your new external network address again. Currently, still in testing stages, I can connect via iOS apps, remotely and local, via the web and theatre. Both with connect and using the direct IP address shown on the server dashboard. 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now