VPN

[videopalace 26]

Hello,

 

I have the following: I have Emby server installed on a Windows server 2016 (server PC), on this PC I have also installed Express VPN (I use this because of the split tunneling). The Emby server app is excluded on the ExpressVPN app to use VPN. When I now contact the server via a web browser on a different PC other than the server, I get a privacy error on my website (when the VPN is enabled on the server). When the VPN is switched off I get it without problems. My site is SSL verified (https). Is there a setting in Emby that I should pay attention to so that I get that privacy error when logging in via a web browser when the VPN is on?

[Luke 37116]

 

 

Is there a setting in Emby that I should pay attention to so that I get that privacy error when logging in via a web browser when the VPN is on?

 

No setting.

 

Are you using an SSL certificate that the browser trusts? If the browser doesn't' trust your certificate, then this could be why.

[videopalace 26]

yes, it is with an SSL certificate (issued by let's encrypted). The strange thing is: with VPN and split tunneling there is a privacy error, without VPN there is no privacy error.

[Guest asrequested]

Are you sure that the VPN will play well with your SSL/domain?

[videopalace 26]

Like i say, with VPN enabled it doesn't connect to my https website, with VPN disabled it connects to my https website. (Everything except Emby must behind the VPN).

Edited September 4, 2019 by Patrick1945

[Guest asrequested]

So that would imply that the VPN doesn't play well with your SSL/domain. Im assuming you've portforwarded, correctly?

[videopalace 26]

what ports are you talking about? In Emby, port 443 is assigned for https traffic and this port is also forwarded on the modem / router.

[Luke 37116]

Try switching back to the default ports and see how that compares. Try using http and see how that compares to https.

[Guest asrequested]

It sounds like you're hitting the VPN firewall, or there is a port conflict. I know that Torguard doesn't allow you to forward port 443.

[videopalace 26]

on the standard port (8920) it works the way I want it, VPN on and access to my https website. Only: the wording of the URL is not what I want, it is now "https: // mydomain: 8920" and I would just like to have "https: // mydomain" to enter in the web browser (easier for friends). which port can I use for this (except port 443 where it was blocked)

[videopalace 26]

port 443 works without VPN but not with VPN?

[Guest asrequested]

Yes, the VPN service has their own firewalls and security, with their own rules. You need to navigate that, in the same way you navigate your own router/firewall. So they may not be allowing you to do certain things. You'll have to check with them. This is one of the reasons I have not taken the SSL/domain route. Someone else on here was having the same issue. I suggested they might use cloudflare, as they offer something similar to a VPN. I'm assuming you want a VPN for the anonymity?

[videopalace 26]

what matters to me is that Emby uses its own reverse proxy (from Emby itself) and that the rest of the server uses the VPN (for anonymity indeed).

[Guest asrequested]

I think you need to talk to the VPN peeps. Or use Cloudflare.

[moviefan 184]

There is clearly a conflict with ExpressVPN and port 443.

 

You demonstrated that above by it working on port 8920.

 

If you are getting a certificate warning then something else is serving up an untrusted certificate.

 

Emby is not involved and there is no setting inside of Emby which will change this behavior.

[videopalace 26]

How I solved this now: There are 3 programs on the server that needed to be protected. 1) Emby Server. 2) DELUGE Torrent client. 3) Web browser. Since a VPN client does anonymize the entire server, this is a good consideration, only: Emby conflicts with VPN clients (no longer accessible via web browser). The solution: an anonymous PROXY! 1) Leave Emby untouched. 2) DELUGE supports proxy settings in its software and 3) I use an extension for the web browser. Conclusion: no more conflicts and I remain externally accessible!

[Guest asrequested]

But you have no encryption. I used to do that, and they still traced back to me. Trust me, it isn't secure. You want strong encryption between you and the proxy. And using their VPN servers, all identifying information is removed. That doesn't happen if you just use a proxy. Your ISP can see everything.

[videopalace 26]

It is a socks5 Proxy I use

[Guest asrequested]

It is a socks5 Proxy I use

So was the one that I used. It still cost me $10 a song when they found me.

[videopalace 26]

If I could, I also used VPN, but since EMBY blocks SERVER when I use a VPN and is no longer accessible via the internet (I use a screenless server), the only solution for me is to use PROXY.

[Guest asrequested]

Did you talk to your VPN tech support?

[videopalace 26]

what a VPN cannot work on is on port 443 and that is exactly what I want.

[moviefan 184]

So was the one that I used. It still cost me $10 a song when they found me.

 

That is interesting.  Although SOCKS doesnt necessarily mean encryption.  Were you using an SSH tunnel?

[Guest asrequested]

That is interesting. Although SOCKS doesnt necessarily mean encryption. Were you using an SSH tunnel?

No, just a Torguard proxy. That was a few years ago.