Jump to content

Android App Prompting to accept Pfsense self-signed cert on Local LAN


wedgekc

Recommended Posts

wedgekc

I'm confused as to why the Android app is asking me to accept my Pfsense self signed cert when opening the app on the LAN using an outside dns server (1.1.1.1). Doesn't the app try to connect using the LAN bind ip (192.168..) on the server dashboard first, meaning all local non ssl traffic? Connecting to Emby using the LAN ip works fine in the phone browser with outside dns servers.

 

I do have Emby behind a proxy server and I also use Pfsense that doesn't have NAT reflection enabled (I do have a domain override for the emby domain).  Everything works well except the android app connecting on the LAN with a dns server other than Pfsense.  My assumption was that it shouldn't matter because Emby is also listening on an local LAN ip.

 

if I clear all the data in the app and input my LAN server ip, I can login directly to the server and use the app once without it asking to accept the cert but if I close it and reopen, I get prompted to accept the self signed cert.

 

Server: 4.4.2.0

Android 10: 3.1.19

 

Thanks for the help.

 

 

 

 

 

 

Link to comment
Share on other sites

Hi, yes it will use the lan address when available, but the initial connection process will test both addresses for connectivity so that's why that happens.

Link to comment
Share on other sites

lifespeed

I'm confused as to why the Android app is asking me to accept my Pfsense self signed cert when opening the app on the LAN using an outside dns server (1.1.1.1). Doesn't the app try to connect using the LAN bind ip (192.168..) on the server dashboard first, meaning all local non ssl traffic? Connecting to Emby using the LAN ip works fine in the phone browser with outside dns servers.

When you use an IP address DNS is not used, you did not seem to understand this.  Probably what you need to do is configure pfSense to handle DNS queries first, so as to not route them to Cloudflare to resolve names to IPs on your local network.  I can't remember the exact details in pfSense to do this at the moment, but you can probably find it in the GUI for DNS resolver or forwarder (you'll only use one or the other) without too much trouble.  I recall the descriptions were clear.

 

I think this is something you address with proper router setup, not the Emby client.

Edited by lifespeed
Link to comment
Share on other sites

wedgekc

When you use an IP address DNS is not used, you did not seem to understand this.  Probably what you need to do is configure pfSense to handle DNS queries first, so as to not route them to Cloudflare to resolve names to IPs on your local network.  I can't remember the exact details in pfSense to do this at the moment, but you can probably find it in the GUI for DNS resolver or forwarder (you'll only use one or the other) without too much trouble.  I recall the descriptions were clear.

 

I think this is something you address with proper router setup, not the Emby client.

Hey lifespeed.  Thanks for the response.  I realize that when I use an IP that dns is not used.  I also have the dns resolver setup for Pfsense, using a host override for Emby (split dns).  That all works great on my phone assuming I'm using Pfsense as my dns server.  However, when I use a different dns server on my phone, my assumption (incorrectly) was that Emby would first try to connect locally using local ip (forgoing contact to the server via the domain) and then connect remotely (domain) if the server wasn't available locally but apparently it does both regardless. 

 

And It seems that when I change the dns on my new Android phone to something other than Pfsense it is forcing the dns over tls and whining about the cert.  I sometimes use a different dns server because I force google and youtube into safe mode for the kids using Pfsense.  Anyway, not the end of the world.  I can switch dns servers when I need to.

Link to comment
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...