Jump to content
mistercoffee

PIA Private Internet Access VPN remote server access

Recommended Posts

mistercoffee

I've seen some helpful posts regarding this by some advanced users, notably @@skidmarks and @@Tur0k but I'm having no luck. Anyone else successfully doing this with PIA? My setup is:

 

* Emby server 4.2.0.40 on MacOS 10.12.6 Sierra and also running PIA 1.1.1

 

* Internet is cable to an ISP-supplied modem, WAN port to Asus RT-AC68U, ethernet to the Emby server.

 

* Emby server has a manually-assigned IP via the Asus GUI to its MAC address.

 

* Emby remote port is 8096 via http

 

When my server is not connected to the PIA VPN, I can scan the server's public-facing IP (from another computer) for open ports and I see 8096 is indeed open. When I connect the server to the VPN and scan the server's new public-facing IP, 8096 isn't open. These are the things I've tried and have all failed:

 

1. Forward 8096 to the server's local IP address via the Asus GUI.

 

2. Enable port-forwarding in the PIA VPN client; change the Emby server remote http port to the port the VPN is forwarding (this is a read-only assigned port in PIA); forward the new port to the server's local IP address via the Asus GUI. Scanning the new public-facing IP shows the new port (and 8096) is not open.

 

3. Same as #2 but leave the Emby remote port as the default 8096.

 

4. In the Asus GUI additionally specify the destination local port as 8096.

 

5. All of the above with different PIA VPN locations among the ones that support port-forwarding.

 

6. All of the above with MacOS firewall disabled.

 

Thanks!

 

 

 

 

Share this post


Link to post
Share on other sites
Guest asrequested

 

2. Enable port-forwarding in the PIA VPN client; change the Emby server remote http port to the port the VPN is forwarding (this is a read-only assigned port in PIA); forward the new port to the server's local IP address via the Asus GUI. Scanning the new public-facing IP shows the new port (and 8096) is not open.

 

That sounds like a problem. How will the requests reach the server?

Edited by Doofus

Share this post


Link to post
Share on other sites
mistercoffee

That sounds like a problem. How will the requests reach the server?

 

In theory (I think), I try scanning port 12345 on the VPN public-facing IP of 123.45.67.89, which is exposed by the VPN and passes it through on the same port. My router forwards all 12345 traffic to my Emby server, which I've set to listen on 12345. Or I keep the server as 8096 and my router forwards 12345 to the Emby server:8096.

 

Do I have this wrong? 

Edited by mistercoffee

Share this post


Link to post
Share on other sites
sfatula

@@sundevil67, @@sfatula, @, do you have any VPN tips?

 

I am ubuntu now and never used PIA. I do have a Asus 68u, but I use it's VPN but really, don't VPN at all when connecting remotely. On the Asus port forwarding screen, I use what you see in the attached screen capture. Which means I have to change the public http and https port numbers on the Emby "advanced" screen. Pretty much, it was that simple, even when I had Mac server emby.

 

If I were using VPN remotely, I would not see 9652 and 9653 open as those are WAN not LAN ports, I would simply see 8096 and 8920 open just the same as local.

post-348227-0-41648600-1565281341_thumb.png

Edited by sfatula

Share this post


Link to post
Share on other sites
mistercoffee

I am ubuntu now and never used PIA. I do have a Asus 68u, but I use it's VPN but really, don't VPN at all when connecting remotely. On the Asus port forwarding screen, I use what you see in the attached screen capture. Which means I have to change the public http and https port numbers on the Emby "advanced" screen. Pretty much, it was that simple, even when I had Mac server emby.

 

If I were using VPN remotely, I would not see 9652 and 9653 open as those are WAN not LAN ports, I would simply see 8096 and 8920 open just the same as local.

 

Thank you for weighing in. What you describe is quite a different scenario but thanks all the same.

Share this post


Link to post
Share on other sites
mistercoffee

I wanted to update this to see if @@Luke or anyone has any ideas:

 

I took Emby and my router port-forwarding out of the equation. I shut down Emby server and started an http web server on the same machine, listening on port 8096. My public-facing IP was 40.xxx.xx.xx. I went to my phone (just LTE connection) and connected successfully to 40.xxx.xx.xx:8096. I had cleared all port-forwarding from my router GUI.

 

I then started the PIA VPN client on the server and it exposed port 57502 with a public-facing IP of 197.xxx.xx.xx. I restarted the web server to listen on port 57502. On my phone I was able to successfully connect to 40.xxx.xx.xx:57502

 

So what I'm wondering is, if this works with an http web server listening on 57502, why won't it work with Emby set to receive remote http traffic on 57502 with an otherwise identical setup?

 

thanks

Edited by mistercoffee

Share this post


Link to post
Share on other sites
Guest asrequested

I'm not sure how PIA operates. I use Torguard, and it's much more simple. Do they require you to make firewall rules? Maybe they're blocking access to something that Emby connect needs?

Share this post


Link to post
Share on other sites
Luke

If you're on the same network then even though you're using the remote url, the route may be optimized at the network levels. I think ultimately the VPN will need some configuration to allow the traffic.

Share this post


Link to post
Share on other sites
Guest asrequested

In theory (I think), I try scanning port 12345 on the VPN public-facing IP of 123.45.67.89, which is exposed by the VPN and passes it through on the same port. My router forwards all 12345 traffic to my Emby server, which I've set to listen on 12345. Or I keep the server as 8096 and my router forwards 12345 to the Emby server:8096.

 

Do I have this wrong?

Do you need to use a different port through them when forwarding? With Torguard I use the same port number all the way through.

Share this post


Link to post
Share on other sites
mistercoffee

If you're on the same network then even though you're using the remote url, the route may be optimized at the network levels. I think ultimately the VPN will need some configuration to allow the traffic.

 

I'm connecting to the web/emby server from outside the network. Web server works, emby doesn't. Same port. Obviously both are not running at the same time in case anyone wondered :)

 

What's the theory that the VPN needs config? If a port can listen and receive traffic on one app, why not the other? 

Share this post


Link to post
Share on other sites
mistercoffee

I'm not sure how PIA operates. I use Torguard, and it's much more simple. Do they require you to make firewall rules? Maybe they're blocking access to something that Emby connect needs?

 

PIA is simple. No, they don't require firewall rules. If there was anything special blocked or required it wouldn't work with my web server. Again, web server works, Emby doesn't -- same port, same machine, same VPN, etc. No difference at all except the app that is listening (web server vs Emby server).

 

What I'm trying to get at is what is different about a web server vs Emby server that makes one listen on a given port but the other not under the same circumstances.

Share this post


Link to post
Share on other sites
Guest asrequested

I think you've fallen down a rabbit hole...

  • Like 1

Share this post


Link to post
Share on other sites
mistercoffee

@@Luke please see my post above. I can hit the machine running the VPN client from outside the network if the machine is running a web server on port 57502. But not if Emby server is running on port 57502. Any theory that takes this into account appreciated.

 

I'm connecting to the web/emby server from outside the network. Web server works, emby doesn't. Same port. Obviously both are not running at the same time in case anyone wondered :)

 

What's the theory that the VPN needs config? If a port can listen and receive traffic on one app, why not the other? 

Share this post


Link to post
Share on other sites
Luke

Do any requests show up in the server log?

Share this post


Link to post
Share on other sites
mistercoffee

Do any requests show up in the server log?

 

Just requests from inside my network from other devices.

Share this post


Link to post
Share on other sites
Luke

Have you configured any options in the advanced section of the server?

Share this post


Link to post
Share on other sites
Guest asrequested

In theory (I think), I try scanning port 12345 on the VPN public-facing IP of 123.45.67.89, which is exposed by the VPN and passes it through on the same port. My router forwards all 12345 traffic to my Emby server, which I've set to listen on 12345. Or I keep the server as 8096 and my router forwards 12345 to the Emby server:8096.

 

Do I have this wrong?

Why are you changing the port? Given that you have access with PIA disabled, the problem lies with them. With Torguard I just stuck with 8096. Some of their ports have restrictions. I imagine PIA may have something similar. In my case I have two routers to forward through before it gets to the VPN. I don't think this is an Emby issue. I think you need to check with PIA.

Share this post


Link to post
Share on other sites
Guest asrequested

If you have UPNP enabled in the Emby server, that would not work with the VPN. If it's enabled in the Emby server, disable it.

Edited by Doofus

Share this post


Link to post
Share on other sites
mistercoffee

Have you configured any options in the advanced section of the server?

 

Yeah, I have External domain set to my public-facing non-vpn IP, based on this post:

https://emby.media/community/index.php?/topic/42196-vpns-pia-and-emby/?p=393320

 

To be clear, I'm not suggesting something's "wrong" with emby, I'm just trying to get these two things to work together. I'm a software engineer but not a network engineer so forgive my trial-and-error approach.

Share this post


Link to post
Share on other sites
mistercoffee

If you have UPNP enabled in the Emby server, that would not work with the VPN. If it's enabled in the Emby server, disable it.

 

Thanks, tried that but no change.

Share this post


Link to post
Share on other sites
mistercoffee

Why are you changing the port? Given that you have access with PIA disabled, the problem lies with them. With Torguard I just stuck with 8096. Some of their ports have restrictions. I imagine PIA may have something similar. In my case I have two routers to forward through before it gets to the VPN. I don't think this is an Emby issue. I think you need to check with PIA.

 

Yeah I'm not saying it's an Emby "issue" as if it's Emby's problem or a bug (nor is it PIA's), I'm just trying to troubleshoot my inability to get both apps working together.

Share this post


Link to post
Share on other sites
mistercoffee

@@Luke and @ no worries if you're out of suggestions (or time) for this. It's probably not worth more of your time. I tagged people who had done this successfully before hoping they would weight in but no dice. Cheers and thanks.

Share this post


Link to post
Share on other sites
sundevil67

I actually just gave up. I use noip.com for DNS & am able to access my Emby server remotely most of the time. I finally managed to get Live TV working reasonably well, so I've been afraid to rock the boat. I allow access to a handful of users & accept that if I'm connected to the VPN that authorized remote users are just SOL. I'd really like to enable VPN & SSL, and there are probably some scary security risks involved with the way I have it set up today... but I remember reading somewhere that NordVPN no longer supports a key technology required for this, and that there was also a compatibility issue with my Archer A7 router.

@@sundevil67, @@sfatula, @, do you have any VPN tips?

Edited by sundevil67

Share this post


Link to post
Share on other sites
Luke

Thanks for the feedback.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...