Jump to content


Photo

PIA Private Internet Access VPN remote server access

pia vpn remote macos

  • Please log in to reply
24 replies to this topic

#1 mistercoffee OFFLINE  

mistercoffee

    Advanced Member

  • Members
  • 35 posts
  • Local time: 04:10 PM

Posted 07 August 2019 - 09:57 PM

I've seen some helpful posts regarding this by some advanced users, notably @skidmarks and @Tur0k but I'm having no luck. Anyone else successfully doing this with PIA? My setup is:

 

* Emby server 4.2.0.40 on MacOS 10.12.6 Sierra and also running PIA 1.1.1

 

* Internet is cable to an ISP-supplied modem, WAN port to Asus RT-AC68U, ethernet to the Emby server.

 

* Emby server has a manually-assigned IP via the Asus GUI to its MAC address.

 

* Emby remote port is 8096 via http

 

When my server is not connected to the PIA VPN, I can scan the server's public-facing IP (from another computer) for open ports and I see 8096 is indeed open. When I connect the server to the VPN and scan the server's new public-facing IP, 8096 isn't open. These are the things I've tried and have all failed:

 

1. Forward 8096 to the server's local IP address via the Asus GUI.

 

2. Enable port-forwarding in the PIA VPN client; change the Emby server remote http port to the port the VPN is forwarding (this is a read-only assigned port in PIA); forward the new port to the server's local IP address via the Asus GUI. Scanning the new public-facing IP shows the new port (and 8096) is not open.

 

3. Same as #2 but leave the Emby remote port as the default 8096.

 

4. In the Asus GUI additionally specify the destination local port as 8096.

 

5. All of the above with different PIA VPN locations among the ones that support port-forwarding.

 

6. All of the above with MacOS firewall disabled.

 

Thanks!

 

 

 

 



#2 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 135734 posts
  • Local time: 04:10 PM

Posted 08 August 2019 - 12:00 AM

@sundevil67, @sfatula, @Doofus, do you have any VPN tips?



#3 Doofus ONLINE  

Doofus

    Advanced Member

  • Members
  • 12031 posts
  • Local time: 01:10 PM

Posted 08 August 2019 - 12:19 AM

 

2. Enable port-forwarding in the PIA VPN client; change the Emby server remote http port to the port the VPN is forwarding (this is a read-only assigned port in PIA); forward the new port to the server's local IP address via the Asus GUI. Scanning the new public-facing IP shows the new port (and 8096) is not open.

 

That sounds like a problem. How will the requests reach the server?


Edited by Doofus, 08 August 2019 - 12:28 AM.


#4 mistercoffee OFFLINE  

mistercoffee

    Advanced Member

  • Members
  • 35 posts
  • Local time: 04:10 PM

Posted 08 August 2019 - 08:44 AM

That sounds like a problem. How will the requests reach the server?

 

In theory (I think), I try scanning port 12345 on the VPN public-facing IP of 123.45.67.89, which is exposed by the VPN and passes it through on the same port. My router forwards all 12345 traffic to my Emby server, which I've set to listen on 12345. Or I keep the server as 8096 and my router forwards 12345 to the Emby server:8096.

 

Do I have this wrong? 


Edited by mistercoffee, 08 August 2019 - 08:47 AM.


#5 sfatula OFFLINE  

sfatula

    Advanced Member

  • Members
  • 346 posts
  • Local time: 03:10 PM
  • LocationCalera, OK

Posted 08 August 2019 - 12:24 PM

@sundevil67, @sfatula, @Doofus, do you have any VPN tips?

 

I am ubuntu now and never used PIA. I do have a Asus 68u, but I use it's VPN but really, don't VPN at all when connecting remotely. On the Asus port forwarding screen, I use what you see in the attached screen capture. Which means I have to change the public http and https port numbers on the Emby "advanced" screen. Pretty much, it was that simple, even when I had Mac server emby.

 

If I were using VPN remotely, I would not see 9652 and 9653 open as those are WAN not LAN ports, I would simply see 8096 and 8920 open just the same as local.

Attached Files


Edited by sfatula, 08 August 2019 - 12:28 PM.


#6 mistercoffee OFFLINE  

mistercoffee

    Advanced Member

  • Members
  • 35 posts
  • Local time: 04:10 PM

Posted 08 August 2019 - 02:05 PM

I am ubuntu now and never used PIA. I do have a Asus 68u, but I use it's VPN but really, don't VPN at all when connecting remotely. On the Asus port forwarding screen, I use what you see in the attached screen capture. Which means I have to change the public http and https port numbers on the Emby "advanced" screen. Pretty much, it was that simple, even when I had Mac server emby.

 

If I were using VPN remotely, I would not see 9652 and 9653 open as those are WAN not LAN ports, I would simply see 8096 and 8920 open just the same as local.

 

Thank you for weighing in. What you describe is quite a different scenario but thanks all the same.



#7 mistercoffee OFFLINE  

mistercoffee

    Advanced Member

  • Members
  • 35 posts
  • Local time: 04:10 PM

Posted 09 August 2019 - 02:44 PM

I wanted to update this to see if @Luke or anyone has any ideas:

 

I took Emby and my router port-forwarding out of the equation. I shut down Emby server and started an http web server on the same machine, listening on port 8096. My public-facing IP was 40.xxx.xx.xx. I went to my phone (just LTE connection) and connected successfully to 40.xxx.xx.xx:8096. I had cleared all port-forwarding from my router GUI.

 

I then started the PIA VPN client on the server and it exposed port 57502 with a public-facing IP of 197.xxx.xx.xx. I restarted the web server to listen on port 57502. On my phone I was able to successfully connect to 40.xxx.xx.xx:57502

 

So what I'm wondering is, if this works with an http web server listening on 57502, why won't it work with Emby set to receive remote http traffic on 57502 with an otherwise identical setup?

 

thanks


Edited by mistercoffee, 09 August 2019 - 02:45 PM.


#8 Doofus ONLINE  

Doofus

    Advanced Member

  • Members
  • 12031 posts
  • Local time: 01:10 PM

Posted 09 August 2019 - 02:56 PM

I'm not sure how PIA operates. I use Torguard, and it's much more simple. Do they require you to make firewall rules? Maybe they're blocking access to something that Emby connect needs?

#9 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 135734 posts
  • Local time: 04:10 PM

Posted 09 August 2019 - 02:56 PM

If you're on the same network then even though you're using the remote url, the route may be optimized at the network levels. I think ultimately the VPN will need some configuration to allow the traffic.



#10 Doofus ONLINE  

Doofus

    Advanced Member

  • Members
  • 12031 posts
  • Local time: 01:10 PM

Posted 09 August 2019 - 02:58 PM

In theory (I think), I try scanning port 12345 on the VPN public-facing IP of 123.45.67.89, which is exposed by the VPN and passes it through on the same port. My router forwards all 12345 traffic to my Emby server, which I've set to listen on 12345. Or I keep the server as 8096 and my router forwards 12345 to the Emby server:8096.

Do I have this wrong?


Do you need to use a different port through them when forwarding? With Torguard I use the same port number all the way through.

#11 mistercoffee OFFLINE  

mistercoffee

    Advanced Member

  • Members
  • 35 posts
  • Local time: 04:10 PM

Posted 09 August 2019 - 03:43 PM

If you're on the same network then even though you're using the remote url, the route may be optimized at the network levels. I think ultimately the VPN will need some configuration to allow the traffic.

 

I'm connecting to the web/emby server from outside the network. Web server works, emby doesn't. Same port. Obviously both are not running at the same time in case anyone wondered :)

 

What's the theory that the VPN needs config? If a port can listen and receive traffic on one app, why not the other? 



#12 mistercoffee OFFLINE  

mistercoffee

    Advanced Member

  • Members
  • 35 posts
  • Local time: 04:10 PM

Posted 09 August 2019 - 03:48 PM

I'm not sure how PIA operates. I use Torguard, and it's much more simple. Do they require you to make firewall rules? Maybe they're blocking access to something that Emby connect needs?

 

PIA is simple. No, they don't require firewall rules. If there was anything special blocked or required it wouldn't work with my web server. Again, web server works, Emby doesn't -- same port, same machine, same VPN, etc. No difference at all except the app that is listening (web server vs Emby server).

 

What I'm trying to get at is what is different about a web server vs Emby server that makes one listen on a given port but the other not under the same circumstances.



#13 Doofus ONLINE  

Doofus

    Advanced Member

  • Members
  • 12031 posts
  • Local time: 01:10 PM

Posted 10 August 2019 - 01:09 AM

I think you've fallen down a rabbit hole...


  • sfatula likes this

#14 mistercoffee OFFLINE  

mistercoffee

    Advanced Member

  • Members
  • 35 posts
  • Local time: 04:10 PM

Posted 10 August 2019 - 11:57 PM

@Luke please see my post above. I can hit the machine running the VPN client from outside the network if the machine is running a web server on port 57502. But not if Emby server is running on port 57502. Any theory that takes this into account appreciated.

 

I'm connecting to the web/emby server from outside the network. Web server works, emby doesn't. Same port. Obviously both are not running at the same time in case anyone wondered :)

 

What's the theory that the VPN needs config? If a port can listen and receive traffic on one app, why not the other? 



#15 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 135734 posts
  • Local time: 04:10 PM

Posted 11 August 2019 - 01:01 AM

Do any requests show up in the server log?



#16 mistercoffee OFFLINE  

mistercoffee

    Advanced Member

  • Members
  • 35 posts
  • Local time: 04:10 PM

Posted 11 August 2019 - 01:15 AM

Do any requests show up in the server log?

 

Just requests from inside my network from other devices.



#17 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 135734 posts
  • Local time: 04:10 PM

Posted 11 August 2019 - 01:48 AM

Have you configured any options in the advanced section of the server?



#18 Doofus ONLINE  

Doofus

    Advanced Member

  • Members
  • 12031 posts
  • Local time: 01:10 PM

Posted 11 August 2019 - 11:41 AM

In theory (I think), I try scanning port 12345 on the VPN public-facing IP of 123.45.67.89, which is exposed by the VPN and passes it through on the same port. My router forwards all 12345 traffic to my Emby server, which I've set to listen on 12345. Or I keep the server as 8096 and my router forwards 12345 to the Emby server:8096.

Do I have this wrong?


Why are you changing the port? Given that you have access with PIA disabled, the problem lies with them. With Torguard I just stuck with 8096. Some of their ports have restrictions. I imagine PIA may have something similar. In my case I have two routers to forward through before it gets to the VPN. I don't think this is an Emby issue. I think you need to check with PIA.

#19 Doofus ONLINE  

Doofus

    Advanced Member

  • Members
  • 12031 posts
  • Local time: 01:10 PM

Posted 11 August 2019 - 11:48 AM

If you have UPNP enabled in the Emby server, that would not work with the VPN. If it's enabled in the Emby server, disable it.

Edited by Doofus, 11 August 2019 - 12:21 PM.


#20 mistercoffee OFFLINE  

mistercoffee

    Advanced Member

  • Members
  • 35 posts
  • Local time: 04:10 PM

Posted 11 August 2019 - 10:42 PM

Have you configured any options in the advanced section of the server?

 

Yeah, I have External domain set to my public-facing non-vpn IP, based on this post:

https://emby.media/c...-emby/?p=393320

 

To be clear, I'm not suggesting something's "wrong" with emby, I'm just trying to get these two things to work together. I'm a software engineer but not a network engineer so forgive my trial-and-error approach.







Also tagged with one or more of these keywords: pia, vpn, remote, macos

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users