Fedora 3 Posted May 18, 2020 Share Posted May 18, 2020 Hi Guys I am new on Emby and I would some help to get off from this issue.I am just another one struggling with remote Access, I have not problem at all to get server location when on /local but as I try to establish a connection from outside my local eth it looks blocked.So after a research around, I have to dealing with port forwarding and all that staff, because Upnp not seem to works on my case... However I ve two router on my local, 192.168.1.1 and 192.168.3.1, the xxx.xxx.1.1 is the ISP modem wired to xxx.xxx.3.1 which is a linksys 3200 running DDWRT firmware and open vpn client who provide the service to all my lan/wlan devices connected to the 192.168.3.1/xx including my home server which is behind that too and..... now as I said on /local there are not problem I ve set all rules on server firewall and its working,but not that easy when my attempts are from outside, (wan) I ve open 8096/tcp port for an unsecure connection but not lucky with it, UpnP is active too on both router but if I disable that nothing change, tried to uncheck the UpnP box on Emby server , still "cannot locate it" also tried to sing up for an easy remote access, you know, just avoiding to get lost dealing with address location, but I don,t think is that the problem. IMG.https://pasteboard.co/J8VsSKU.pngNow after rebooting, open/close Ports and UpnP I decided to try in a easier way to understand where I get blocked... so I ve temporary connected my server On my ISP modem (which has not a port forwarding options/ only UPnP port mapping is available on that router) and with UpnP active it finally works on both /local and remotely perfectly.... so with this done we got a clear idea that is not my first Modem/router the reason. (192.168.1.1)Now my question are... It could be by the firewall may provided from VPN?because all my network its behind that, including the server, as I get back connected to my linksys (192.168.3.1) it back to not working, also from Open VPN client settings I ve disabled the Firewall protection by VPN side, rebooted and no works, well I suspect that the IP when I try to connect remotely is that VPN gives... But to do just one more attempt I ve Used my real one too, used easy remote access, still not luckyfrom /local on Emby Server setting all Users have "allow remote access" checked, only the Admin user who has the right to change server settings haven't got the option active but I don't think its that the problem, otherwise I couldn't even connect remotely using My ISP modem on step before.All right, this is it, Hopefully some sweet could help me, I m sure is just about ports, but opening from the port forwarding seems not working Also I ve launch a port scanning inside and outside and well inside its okay, outside even opening 8092 port, the only port showed open are the common such as domain, http/s mails excc exc... and I don,t know why SSh port too is opened, ( talking about internet side) I don't use SSH and I didn't open it from outside, but if I check my vpn/proxy's IP, that ssh port and common service ports are opened, not the 8092 whatever I do on the router, that ports won't changeI thinking to try to open that port using command line instead the GUI router interface, you know some times linux like the old way but I m not sure if with IPTABLES stuff will do a miracleWaiting some professional advice Thank you all 1 Link to comment Share on other sites More sharing options...
BAlGaInTl 279 Posted May 18, 2020 Share Posted May 18, 2020 I ve two router on my local, 192.168.1.1 and 192.168.3.1, the xxx.xxx.1.1 is the ISP modem wired to xxx.xxx.3.1 which is a linksys 3200 running DDWRT firmware and open vpn client who provide the service to all my lan/wlan devices connected to the 192.168.3.1/xx including my home server which is behind that too and..... now as I said on /local there are not problem I ve set all rules on server firewall and its working, but not that easy when my attempts are from outside, (wan) I ve open 8096/tcp port for an unsecure connection but not lucky with it, UpnP is active too on both router but if I disable that nothing change, tried to uncheck the UpnP box on Emby server , still "cannot locate it" also tried to sing up for an easy remote access, you know, just avoiding to get lost dealing with address location, but I don,t think is that the problem. IMG. https://pasteboard.co/J8VsSKU.png You have a couple of options. I take it you mean that you have an OpenVPN server on your DDWRT router? Are you able to connect to that from outside your LAN? If so, you could just do that, and then use Emby. It would definitely be a more secure option. If you must access directly, I think you need to do portforwarding from both routers. I would start with disabling UPNP. Personally, I think it's nothing but issues. Then you would have to forward the necessary ports from your ISP router to your DDWRT router, and then on to your server. If you get that working, then I would seriously consider looking for information on how to secure that connection using SSL. . Link to comment Share on other sites More sharing options...
Fedora 3 Posted May 18, 2020 Author Share Posted May 18, 2020 You have a couple of options. I take it you mean that you have an OpenVPN server on your DDWRT router? Are you able to connect to that from outside your LAN? If so, you could just do that, and then use Emby. It would definitely be a more secure option. If you must access directly, I think you need to do portforwarding from both routers. I would start with disabling UPNP. Personally, I think it's nothing but issues. Then you would have to forward the necessary ports from your ISP router to your DDWRT router, and then on to your server. If you get that working, then I would seriously consider looking for information on how to secure that connection using SSL. . thanks for reply, Well Following your tips I ve worked to get in remotely, and I can remotely connect using both router just without VPN active So I ve Deactiveted UpnP everywhere set all port forwarding rules as it should and its works only if the VPN is disconnected.... Leaving all settings exactlly as they are just turn on open VPN client it won't work anymore So basically the problem is the VPN ololoo that fun Link to comment Share on other sites More sharing options...
BAlGaInTl 279 Posted May 18, 2020 Share Posted May 18, 2020 There could be a firewall rule that is preventing it from working when the VPN is on. There is a way to get it to work behind a VPN.. Is your VPN a server that you can connect to? Or is it a client that you connect to a VPN service with so all your traffic goes through a VPN? If it's the latter, you can do that with some VPN, but you have to do some extra setup. Link to comment Share on other sites More sharing options...
Fedora 3 Posted May 18, 2020 Author Share Posted May 18, 2020 There could be a firewall rule that is preventing it from working when the VPN is on. There is a way to get it to work behind a VPN.. Is your VPN a server that you can connect to? Or is it a client that you connect to a VPN service with so all your traffic goes through a VPN? If it's the latter, you can do that with some VPN, but you have to do some extra setup. No its a Vpn Service provided from third party so I m just a client .... I don't know how to dealing with it because I must be behind a vpn... its just a bit more secure but if the VPN is ON Emby not work from remote access... tried so many different way, but as I turn On the VPN open client the remote connection get lost Link to comment Share on other sites More sharing options...
BAlGaInTl 279 Posted May 18, 2020 Share Posted May 18, 2020 (edited) No its a Vpn Service provided from third party so I m just a client .... I don't know how to dealing with it because I must be behind a vpn... its just a bit more secure but if the VPN is ON Emby not work from remote access... tried so many different way, but as I turn On the VPN open client the remote connection get lost Ah... Yes, you need to use a VPN service that will support the passthough of ports. It could involve additional setup with your VPN provider. I know that there are users here that have this setup, but I can't remember who off the top of my head. Then you would have to connect to your VPN WAN address, not the IP address given to you by your ISP. Who is your VPN provider? Edited May 18, 2020 by BAlGaInTl Link to comment Share on other sites More sharing options...
Fedora 3 Posted May 18, 2020 Author Share Posted May 18, 2020 Ah... Yes, you need to use a VPN service that will support the passthough of ports. It could involve additional setup with your VPN provider. I know that there are users here that have this setup, but I can't remember who off the top of my head. Then you would have to connect to your VPN WAN address, not the IP address given to you by your ISP. Who is your VPN provider? I m gonna send an Email to them to see if they could help cause If I did understand right what you said its their job now allow Emby go over, so Its anything I can change on my side However its P.I.A. vpn ... you should know them if u know the top VPN providers Link to comment Share on other sites More sharing options...
BAlGaInTl 279 Posted May 18, 2020 Share Posted May 18, 2020 I'm pretty sure they support it, you probably just have to log on and set up a port forward similar to what you do with your routers. There was some discussion about it here: https://emby.media/community/index.php?/topic/76272-pia-private-internet-access-vpn-remote-server-access/?hl=%2Bvpn+%2Bsetup Not sure if that's helpful, I didn't really study it. Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted May 18, 2020 Share Posted May 18, 2020 (edited) PIA doesn't do static IPs, and I think port forwarding is only supported at the client level. Your setup seems a bit convoluted though. Assuming you have cat5 coming from the ONT (and that you have fiber) the only reason to ever keep the shitty ISP modem is so that your DVR(s) work. Assuming you only use internet from your ISP, ditch it and plug your Asus directly into the WAN line. So much less of a configuration headache. Of course this is all moot if you still have coax internet coming in. Edited May 18, 2020 by mastrmind11 Link to comment Share on other sites More sharing options...
BAlGaInTl 279 Posted May 18, 2020 Share Posted May 18, 2020 PIA doesn't do static IPs, and I think port forwarding is only supported at the client level. Your setup seems a bit convoluted though. Assuming you have cat5 coming from the ONT (and that you have fiber) the only reason to ever keep the shitty ISP modem is so that your DVR(s) work. Assuming you only use internet from your ISP, ditch it and plug your Asus directly into the WAN line. So much less of a configuration headache. Of course this is all moot if you still have coax internet coming in. Ah... I didn't realize that was a client feature. Probably not as easy to configure on a simple router client. Link to comment Share on other sites More sharing options...
Fedora 3 Posted May 19, 2020 Author Share Posted May 19, 2020 (edited) PIA doesn't do static IPs, and I think port forwarding is only supported at the client level. Your setup seems a bit convoluted though. Assuming you have cat5 coming from the ONT (and that you have fiber) the only reason to ever keep the shitty ISP modem is so that your DVR(s) work. Assuming you only use internet from your ISP, ditch it and plug your Asus directly into the WAN line. So much less of a configuration headache. Of course this is all moot if you still have coax internet coming in. Well the reason why I have the ISP modem is just because I cannot do otherwise ololol... no there are not any cat5, just classic one... the second router just help me to manage my network+Open VPN client a bit better than ISP modem which is a standard. Edited May 19, 2020 by Fedora Link to comment Share on other sites More sharing options...
Fedora 3 Posted May 19, 2020 Author Share Posted May 19, 2020 PIA doesn't do static IPs, and I think port forwarding is only supported at the client level. Your setup seems a bit convoluted though. Assuming you have cat5 coming from the ONT (and that you have fiber) the only reason to ever keep the shitty ISP modem is so that your DVR(s) work. Assuming you only use internet from your ISP, ditch it and plug your Asus directly into the WAN line. So much less of a configuration headache. Of course this is all moot if you still have coax internet coming in. the reason why I use the ISP modem is because I cannot do it otherwise, there are not cat5 from outside, just classic phone line, however I used a second router to make easier manage my network+VPN as the ISP modem its a standard model without many option |I may need. I ve chat with my VPN provider to see what could be done on my case, and at the end ITS NOT POSSIBLE, what they said its just " you cannot connect into your server remotely if its connected on VPN SERVER " open that for them would be a security issues cause they have to open a port which may cause security problems.... that s what they said.... So the second option is get a domain and use https protocols and all of it without VPN at all Its in my opinion to risky running a service in http using a real ip too ... If anyone has a different Ideas to get it works, more than welcome Link to comment Share on other sites More sharing options...
BAlGaInTl 279 Posted May 19, 2020 Share Posted May 19, 2020 the reason why I use the ISP modem is because I cannot do it otherwise, there are not cat5 from outside, just classic phone line, however I used a second router to make easier manage my network+VPN as the ISP modem its a standard model without many option |I may need. I ve chat with my VPN provider to see what could be done on my case, and at the end ITS NOT POSSIBLE, what they said its just " you cannot connect into your server remotely if its connected on VPN SERVER " open that for them would be a security issues cause they have to open a port which may cause security problems.... that s what they said.... So the second option is get a domain and use https protocols and all of it without VPN at all Its in my opinion to risky running a service in http using a real ip too ... If anyone has a different Ideas to get it works, more than welcome You are correct. Opening up the server using http only is not a good idea. What is your ultimate use case? As I said at the beginning, one way to do it is to create a VPN on your home network that you connect to for remote access. Then when you connect to that... you can access your server just like you are on your LAN. Other options: - Use your normal IP, but secure the connection using SSL. There are lots of ways to do this, and plenty of guides out there if this is the way you want to go. Regardless, unless you plan on setting up your own VPN server, you should do this if you want an outside connection. - Get a different VPN provider that DOES allow for passing through ports. Keep in mind, that you will still want to secure your server using SSL (IMHO). Link to comment Share on other sites More sharing options...
Fedora 3 Posted May 19, 2020 Author Share Posted May 19, 2020 (edited) You are correct. Opening up the server using http only is not a good idea. What is your ultimate use case? As I said at the beginning, one way to do it is to create a VPN on your home network that you connect to for remote access. Then when you connect to that... you can access your server just like you are on your LAN. Other options: - Use your normal IP, but secure the connection using SSL. There are lots of ways to do this, and plenty of guides out there if this is the way you want to go. Regardless, unless you plan on setting up your own VPN server, you should do this if you want an outside connection. - Get a different VPN provider that DOES allow for passing through ports. Keep in mind, that you will still want to secure your server using SSL (IMHO). Well sooner I will see how to set Up Emby with a https protocols just to start, then Set up a vpn tunnel site to site its a bit over my knowlodgies, it doesn't means that I will not do it, just need more time for me to learn how to..... step by step Nha I won't change VPN provider just because that, I don't mind, and I prefer learn more stuff than just by pass the hard job changing VPN provider making it easier Edited May 19, 2020 by Fedora Link to comment Share on other sites More sharing options...
Fedora 3 Posted May 24, 2020 Author Share Posted May 24, 2020 I would not open a new thread for just this question, however I try to ask here before, if anyone know how to ....I managed to secure the emby server connection with SSL so now its all working both remote and local and https running as a charm Now I need to bypass Emby server from VPN app I m mean, I still need to keep the VPN open client on the server machine but I would to exclude Emby Server from vpn tunnel otherwise remote access won't work... the VPN app allow me to do, asking which executable file need to be excluded, as I m on Linux Mint and not on Classic Window where the .exe its easy to find... where is the file need to be placed on vpn app?? I had a look around /var/lib/emby ... but I couldn't find anythings on there... Any suggestions? Thanks Link to comment Share on other sites More sharing options...
Luke 37024 Posted May 24, 2020 Share Posted May 24, 2020 Hi, try running emby server and then check what processes are running. Please see if that helps. Thanks. 1 Link to comment Share on other sites More sharing options...
Solution Fedora 3 Posted May 25, 2020 Author Solution Share Posted May 25, 2020 Hi, try running emby server and then check what processes are running. Please see if that helps. Thanks. Well I did it before post the question and from GUI (system monitor) I couldn't find any process running by Emby, However I have double checked from terminal and from there I found the process, and realised that Emby has its own User so found the right folder and finnally excluted from VPN now,,,, may will help some one, letting Know that the application executable file is /opt/Emby-server/bin/Emby-Server (Linux ) thank you all guys, all done for now... 1 Link to comment Share on other sites More sharing options...
Luke 37024 Posted May 25, 2020 Share Posted May 25, 2020 Thanks for the feedback. 1 Link to comment Share on other sites More sharing options...
advarito 0 Posted February 6, 2021 Share Posted February 6, 2021 On 5/19/2020 at 7:36 PM, BAlGaInTl said: You are correct. Opening up the server using http only is not a good idea. What is your ultimate use case? As I said at the beginning, one way to do it is to create a VPN on your home network that you connect to for remote access. Then when you connect to that... you can access your server just like you are on your LAN. Other options: - Use your normal IP, but secure the connection using SSL. There are lots of ways to do this, and plenty of guides out there if this is the way you want to go. Regardless, unless you plan on setting up your own VPN server, you should do this if you want an outside connection. - Get a different VPN provider that DOES allow for passing through ports. Keep in mind, that you will still want to secure your server using SSL (IMHO). "As I said at the beginning, one way to do it is to create a VPN on your home network that you connect to for remote access. Then when you connect to that... you can access your server just like you are on your LAN. " How could I do this with Open VPN? thank you very much Link to comment Share on other sites More sharing options...
Fedora 3 Posted February 7, 2021 Author Share Posted February 7, 2021 9 hours ago, advarito said: How could I do this with Open VPN? thank you very much Lot of time since I start this Post, and lot things are changed, It's actually nearly time to buy a life time Emby Subscription now :p however replying to your question and as I mentioned above, "you need to set up an VPN server at your home, (is not 3party VPN involved like NordVPN, PIA, and so on...you need to make your own first) once you successfully set a VPN server and connected with it, you could just looking for your Emby machine server like at home so with a local IP esp:192.168.x.x/24 or whatever it is. of course you can do it with Open VPN protocol My configuration is exactly that at the moment using a VPN server running on a physical firewall so I closed all https port/connections from WAN and wherever I am, feels like home including shares folders/Drives, Emby.... and go on (finally). Link to comment Share on other sites More sharing options...
advarito 0 Posted February 7, 2021 Share Posted February 7, 2021 13 hours ago, Fedora said: Lot of time since I start this Post, and lot things are changed, It's actually nearly time to buy a life time Emby Subscription now however replying to your question and as I mentioned above, "you need to set up an VPN server at your home, (is not 3party VPN involved like NordVPN, PIA, and so on...you need to make your own first) once you successfully set a VPN server and connected with it, you could just looking for your Emby machine server like at home so with a local IP esp:192.168.x.x/24 or whatever it is. of course you can do it with Open VPN protocol My configuration is exactly that at the moment using a VPN server running on a physical firewall so I closed all https port/connections from WAN and wherever I am, feels like home including shares folders/Drives, Emby.... and go on (finally). Awesome, finally some light at the end of the tunnel. Could you share how you did it or a tutorial to follow about how to? thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now