Jump to content

VPN's (PIA) and Emby


b0dyr0ck2006
Go to solution Solved by b0dyr0ck2006,

Recommended Posts

b0dyr0ck2006

I've recently setup a VPN with the company PIA for various security and personal reasons but I'll leave my tinfoil hat off for the moment. I am basically looking for some advise on getting the system setup on the server machine. It seems there has been a few threads started on this topic over the years but from what I can see, never a solution. The basic structure of the idea is to have the server machine secured via the VPN (which is hosted, not a router or gateway VPN) and yet still allow my various users to be able to connect as simply as possible. As I understand it, each time the VPN software is disconnected and restarted I am assigned a new IP so this would cause issues with people connecting to the server unless I gave them the new IP address each time. Some users need their hand held to connect, even with Emby Connect. I would assume that with PIA the IP addresses would be randomly circulated anyway. 

 

Now currently, with the VPN software off I can browse the server machine remotely and locally fine but when I activate the VPN I can't access remotely. I have added a forwarding port on my router that ties with the VPN and it is separate to the Emby port. Understandably so the VPN is doing its job and changing my IP, using the IP provided in the server settings: http://xxx.xx.xxx.xxx:8086 I cant connect. Using the IP from the VPN: http://xxx.xx.xxx.xxx:8086 doesnt work and even if I change the port on the end to the one i've set for the VPN still doesnt connect. Oddly when the VPN is running my internal IP changes too and Emby reports it as: http://10.73.1.35 this I really dont understand.

 

So, Is it possible to set up this and keeping life as easy as possible for the users? If so, could you explain how please.

 

Links to other threads:

 

remote access when running vpn

 

emby theater wont connect to local server running vpn

 

issue with vpn and local network clients

 

how to connect remotely when running vpn

Link to comment
Share on other sites

The server tries to detect your IP address but VPN's can potentially make this difficult. The best thing to do is customize your own external address under the server dashboard -> advanced -> hosting.

Link to comment
Share on other sites

b0dyr0ck2006

The server tries to detect your IP address but VPN's can potentially make this difficult. The best thing to do is customize your own external address under the server dashboard -> advanced -> hosting.

 

So in this instance I would add the current IP provided by the VPN including the port forward or the port forward from emby?

 

http://xxx.xx.xxx.xxx:8096

or

http://xxx.xx.xxx.xxx:34555

 

I appreciate I am trying to circumnavigate the VPN, but ultimately I want the traffic to and from the server to remain untouched and everything else via the VPN

Link to comment
Share on other sites

Happy2Play

each time the VPN software is disconnected and restarted I am assigned a new IP so this would cause issues with people connecting to the server unless I gave them the new IP address each time

So you are saying your WAN address changes with every restart, without your VPN being active?  If so there isn't anything that can be done beside using a DDNS service.

Link to comment
Share on other sites

b0dyr0ck2006

Sorry, perhaps I didn't explain it right. Every time I restart the vpn I get assigned a new address. Not Emby. I'm trying to tunnel all traffic through the vpn EXCEPT all emby traffic, if that's possible

Link to comment
Share on other sites

Happy2Play

And Emby is showing your VPN address or your WAN address?

Link to comment
Share on other sites

Happy2Play

Trying to picture what you are trying to do.  So WAN access works just fine when the VPN is off but stops working when the VPN is on?

Link to comment
Share on other sites

jdfisher

I too have similar issues, I don't care about wan access, but when the VPN is connected I can't access it on my local network. In other threads that I have read thru day you can enter the local ip each time, but that's not ideal.

 

Sent from my SM-G920V using Tapatalk

  • Like 1
Link to comment
Share on other sites

b0dyr0ck2006

I too have similar issues, I don't care about wan access, but when the VPN is connected I can't access it on my local network. In other threads that I have read thru day you can enter the local ip each time, but that's not ideal.

 

Sent from my SM-G920V using Tapatalk

Try binding the local ip in hosting settings

Link to comment
Share on other sites

Happy2Play

I too have similar issues, I don't care about wan access, but when the VPN is connected I can't access it on my local network. In other threads that I have read thru day you can enter the local ip each time, but that's not ideal.

 

Sent from my SM-G920V using Tapatalk

How are you connecting?  app.emby.media or local ip

Link to comment
Share on other sites

moviefan

Does PIA support hosting applications?

 

From a brief glance on their web site I see absolutely no reference to this whatsoever so I doubt that it's supported.

 

They would need to have both their firewall, as well as their routing settings configured in a way to backhaul this traffic back to you.

 

As far as bypassing the VPN just for Emby I don't think this is possible.  You can bypass the VPN for specific destinations by manipulating route tables, but source address policy-based routing is not supported on any OS except for linux.

 

Edit:  Here is a discussion about this on PIA's forums basically confirming what I stated:  https://www.privateinternetaccess.com/forum/discussion/8860/host-server-on-my-personal-connexion-while-pia-is-on

Edited by moviefan
Link to comment
Share on other sites

Happy2Play

OP has some more testing to do but can maintain using there WAN address while VPN is active,

 

 

Since VPNs continuously change you external IP there isn't an easy way to have external access through the vpn.

Link to comment
Share on other sites

moviefan

OP has some more testing to do but can maintain using there WAN address while VPN is active,

 

 

Since VPNs continuously change you external IP there isn't an easy way to have external access through the vpn.

 

The issue here isn't the changing address, and the address doesn't continuously change anyway.  It changes each time the VPN connection is re-established.

 

The problem is that the PIA service as a whole is not setup to allow inbound connections from the internet whatsoever so anything running on this VPN connection is not going to work for Emby or any other service he wishes to host.

 

The only way around this would be to bypass the VPN for Emby.  The PIA forum post I referenced discusses a couple workarounds but I don't think either will meet his goal:

 

1) He could manipulate the host's routing tables for specific destination IP addresses, so if he knows the source of the external requests there would be a way to make this possible.  

 

2) He could also create a VM and launch his VPN from within the VM for traffic he wanted to privatize, and leave the bare metal installation on his regular connection with Emby installed there.

 

I really don't see any way of doing this unless he wants to switch to a linux installation and do something like this:  http://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/

  • Like 1
Link to comment
Share on other sites

Happy2Play

Already tested with OP, the WAN isn't changing. the VPN just tunnels thru it so you can still come in along side it.

Edited by Happy2Play
Link to comment
Share on other sites

moviefan

Not sure exactly what you meant by the WAN isn't changing, but I went to search a bit more as I was curious.  Seems the previous thread I linked to is certainly not the only one on this subject and there may be some more hope.

 

Here is another interesting one:  https://www.privateinternetaccess.com/forum/discussion/4558/tcp-port-forwarding-not-working

 

I see several that indicating there IS a port forwarding setting in the PIA tray icon.

 

Has OP configured this?  If you can forward the Emby port via the PIA then this would be a way to properly host a service via his VPN.  It's funny because although I see MANY posts referencing this capability I see no posts where someone confirms that it is working for them.

 

There is an interesting utility created by Xflak that allows for bypassing VPN for Plex but unfortunately it works on the premise I mentioned in my previous post - excluding traffic to/from Plex's servers since everything for Plex is tunneled through their servers.

 

https://xflak40.wordpress.com/apps/#VPN-Bypass-for-Plex-Media-Server

Link to comment
Share on other sites

b0dyr0ck2006

As an update to this in case anyone else is having these issues or at a later date comes across this thread:

 

With port forwarding setup on the VPN software and the router I can remotely connect to the server ONLY by using the WAN (remote) IP that is on the server dashboard, for example:

 

http://123.456.7.89:1234

 

I currently cannot connect via iOS apps or with app.emby.media as I am presented with a timeout error

 

b4b2d282ebf35364856a830d3419c162.jpg

Link to comment
Share on other sites

Happy2Play

When the server finally recognizes vpn it would change external ip on dashboard and connections via Connect would fail.  OP is still testing but ended up entering LAN and WAN addresses in Advanced-Hosting, do to vpn changing them and causing connections to fail. 

Edited by Happy2Play
Link to comment
Share on other sites

b0dyr0ck2006

What address are you entering exactly? please show us that screenshot. thanks.

Sorry @@Luke I'm not publicly posting ip addresses, defeats the whole point of a VPN.

Link to comment
Share on other sites

Happy2Play

Sorry @@Luke I'm not publicly posting ip addresses, defeats the whole point of a VPN.

@@b0dyr0ck2006 Are your mobile apps able to connect now with this change?

Link to comment
Share on other sites

  • Solution
b0dyr0ck2006

Update.

 

After assistance from @@Happy2Play currently the system seems to be working. The steps we took are:

 

Bind local ip and remote (external) ip to original settings. For example:

 

local http://192.168.0.3

Remote (external) http://188.888.88.88

 

These have been added in the server at advanced->hosting

 

Once the network addresses have been bound, start up the VPN software. Setup port forwarding on the VPN and add that port to the router, ensure that this is a different port to the one that emby uses.

 

This should allow your users to connect to emby as normal. This is until as or when your service provider changes your IP, at which point you will need to bind your new external network address again.

 

Currently, still in testing stages, I can connect via iOS apps, remotely and local, via the web and theatre. Both with connect and using the direct IP address shown on the server dashboard.

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...