Plex+Unraid+VPN: How to remote access media? (MyPlex)

Hi. I’m currently running my server on Windows 7 with old hardware I had laying around. I’m going to upgrade to a new and better server, and Unraid seems like the perfect base for my needs. The problem is that my current setup is based on Cutting Cords’ guide (found here: http://www.cuttingcords.com/home/ultimate-server/getting-started), and the guide is based on Windows.

I assume I will be able to set up most the way I want in Unraid, the only issue I have is that I want to use a VPN service from NewsHosting (and I am using it on my current server according to the guide from Cutting Cords here: http://www.cuttingcords.com/home/2014/11/8/protecting-your-privacy-with-vpn). There’s a script in the guide from XFlak that enables remote access to the server even though all traffic runs through the VPN service.

The question is: How can I use the Windows-based script by XFlak to enable remote access to a Unraid-based Plex Server?

simplify your life and just create a Windows VM on the Unraid. here is a video showing how. https://youtu.be/dpXhSrhmUXo

Why not buy a router that you can flash DDWRT on and setup VPN that?

Plex still sits behind a router but traffic goes out normally, you can enable/disable your client-initiated VPN connection to handle your services if you don’t want to deal with port forwarding.

What device is your client going to be? Is there a reason you want to VPN to your server rather than accessing it the standard way?

If I understand what you are wanting, the issue is all outbound traffic from your unraid box will be forced down your VPN service, and thus traffic to plex will fail.

The script seems to be a way to identify plex IP’s from DNS and create static routes out your DG rather than the VPN.

Easiest way would be to rewrite the script in all honesty. Linux scripting far more powerful than in windows batch files.

Might be worth xposting in /networking or /scriptswap.

fwiw, unraid and plex work together absolutely fantastically, VM’ing windows on top of unraid would be a bad idea, just for this script functionality.

You may want to consider putting Deluge & Usenet on a VM with VPN. Windows 8 and higher of Windows have Hyper-V built in for running VMs. As long as you have a legit Windows license, Windows 10 is a free upgrade. I wouldn’t recommend going to Windows 8 if you are going to upgrade.

A windows based option to Unraid is Stablebit Drivepool. Just mentioning this since you are already familiar with Windows.

I see VM being recommended a couple of times. This will work great as it will allow you to VPN just the VM and put anything you want to VPN on there. The drawback there is VM performance and the pain of setup.

An alternative to this is to handle all of the problem from the network side. Have you seen PFSense? The options are outrageous here and possibly even overwhelming. I will tell you it has taken me close to a year to perfect my setup and even then it is sometimes a pain, but worth it.

In a nut shell what you can do is set up your VPN as an interface, set up an alias list that allows you to “flag” IP’s (you can add and remove from the list any time), and then set up your rules to route traffic through the VPN interface when it meets criteria and the device is on the alias list. An example of rules that would fit your need: 1)if the device is not on the alias list route normal (normal devices) 2)If it is on the alias list and the outbound port is 32400 or 80, route normal (allows plex to peep on through) 3)If it is on the alias list and the port is not 32400 or 80, then route VPN. (anything else on the server)

The added benefit here is that you can use this VPN throughout your network with zero extra setup because you can add and remove devices from the alias list any time. Want your cell to route through hong kong? Done. Want to get canadian netflix on your smart tv? Done.

The drawback is more hardware and more headache if you mess up PFSense. But this is barely scratching the surface of the things pfsense can actually do.

I didn’t include any links but take a look at this and if you are serious about giving it a shot I can PM you some links or post them back to this thread, just do not have them with me right now. A little google foo and a trip to /r/pfsense will teach you what you need to know about pfsense overall.

Thanks! Are there any downsides in setting up Windows as a VM and running my download/media settings in Windows instead of running it in Unraid via docker?

Not sure if I understand how this will work… I want to run both Usenet/Torrents and Plex Media Server on the same computer, how does adding and flashing another router solve the problem? I’m open to this solution, if it works.

I need remote access for a couple of notebooks and android phones (me and wife). Other clients will access the media locally (dedicated HTPC, my gaming rig). Might also be 2-4 guest users that will access remotely (friends/family). They will probably be using either Chromecast (casted from smart phones) or a dedicated HTPC.

A google search turns up a lot of relevant information, and looks like it would be able to solve a lot. However, I know very little about networks and/or coding, so I think this might be a bit out of my league (hence me relying on tutorials/guides to setup my current Windows-based server).

Your understanding of my problem is 100 % correct! Here’s the Windows script that I’m using today, and it’s been working great for allowing remote access to my Plex server:

@echo off
setlocal
set PATH=%SystemRoot%\system32;%SystemRoot%\system32\wbem;%SystemRoot%
chcp 437>nul

echo VPN Bypass for Plex Media Server
echo by XFlak
echo.

::get Default Gateway
ipconfig|findstr /I /C:“Default Gateway”|findstr /I /C:“1” >“%temp%\gateway.txt”
set /p gateway= <“%temp%\gateway.txt”
set gateway=%gateway:*: =%
::echo %gateway%
::If gateway is detected incorrectly, override it by uncommenting the below like (delete : and input your correct gateway
::set gateway=192.168.2.1

echo Getting plex.tv’s current IP addresses…
echo.
echo Note: Log of plex.tv’s routed IP’s saved here:
echo %userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt
echo.

nslookup “plex.tv”|findstr /I /V “Server: Address: Name: timeout” >“%temp%\temp.txt”
findstr /I /C:" " “%temp%\temp.txt” >“%temp%\plex.tv.txt”

echo.

cd /d “%temp%”
for /F “tokens=*” %%A in (plex.tv.txt) do call :list %%A
goto:donelist

:list

set PlexIP=%*
set PlexIP=%PlexIP:* =%
echo %PlexIP%

if not exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt” goto:skipcheck

findstr /I /C:“%PlexIP%” “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt”>nul
IF NOT ERRORLEVEL 1 (echo IP already routed, skipping…) & (goto:EOF)
:skipcheck

echo route -p add %PlexIP% mask 255.255.255.255 %gateway%
route -p add %PlexIP% mask 255.255.255.255 %gateway%
echo.

echo %PlexIP% >>“%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt”

goto:EOF

:donelist

::clean no longer used IPs

echo.
echo Removing routed IPs no longer used by plex.tv
echo.

if exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt” del “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt”>nul
if not exist “%userprofile%\AppData\Local\Plex Media Server” goto:doneclean
if not exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt” goto:doneclean

cd /d “%userprofile%\AppData\Local\Plex Media Server”

for /F “tokens=*” %%A in (PermittedPlexIPs.txt) do call :clean %%A
goto:doneclean

:clean

set PlexIP=%*

findstr /I /C:“%PlexIP%” “%temp%\plex.tv.txt” >nul
IF ERRORLEVEL 1 goto:remove

echo IP still used: %PlexIP%
echo %PlexIP% >>“%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt”

goto:EOF

:remove
echo IP no longer used: route delete %PlexIP%
route delete %PlexIP%

goto:EOF

:doneclean

if exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt” del “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt”>nul

if exist “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt” move /y “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs2.txt” “%userprofile%\AppData\Local\Plex Media Server\PermittedPlexIPs.txt”>nul

echo.
echo Finished, exiting…
@ping 127.0.0.1 -n 3 -w 1000> nul

::pause

exit

::Other route commands
::route print
::route -p add 54.241.0.0 mask 255.255.0.0 192.168.2.1
::route delete 54.241.0.0 mask 255.255.0.0
::route -f

Edit: I agree it seems logical to not run Windows as a VM just for the sake of one single script. I don’t have the knowledge needed to rewrite this script for Unraid, so I’ll check out the subreddits you suggested!

Thanks for the advice, my old (and current) server is running Stablebit Drivepool, but Unraid seems like a much more flexible, long-term and scaleable solution.

I have also considered the VM-solution, but it seems silly to run a Windows VM just for the sake of one script (or just for the sake of running traffic through a VPN).

+1 here.

I’ve had unraid for years and finally upgraded to v6. Dockers are super easy to set up all of your apps. Once you understand dockers you can get the apps up in a few minutes. Easy to delete and rebuild dockers. Pfsense can handle all of your vpn, firewall and routing. And if you get the right cpu that can handle aes encryption it’ll handle vpn on high speed links. I have att 300/300 and I can easily get 200+ down through vpn (i haven’t really fully tested yet) whereas I doubt the highest end asus router can. (I also have the asus 87u which is now just a dumb AP). Instead of spending the $200 for the best asus spend it on a box like an Intel nuc you can use for pfsense.

Not that I’m aware of as long as you pass through any hardware you need during setup.

The idea is that instead of using your ISP-provided modem/router, you place a firewall behind the modem and place the modem into bridge mode so that your firewall is the brains of the network.

Then, you set up VPN on the firewall so that externally initiated connections (Say, you from airport wifi) connect directly to the firewall and then you can access local resources via 192.168.1.200 (or whatever the IP for the torrent front-end is). This is contrast to opening ports on your firewall and doing port mapping of, say, deluge.mydynamichostname.com:3400 to port 80 of the deluge web UI on local IP 192.168.1.200.

Only traffic from your client computer and the firewall is going through a VPN, the VPN isn’t persistent. As a client, you can choose when to start/stop the VPN connection. If you want to tunnel ALL your traffic through a VPN (not sure why you would) to some external service, my solution isn’t the most ideal.

So why not just use Plex in the normal fashion? You don’t need a VPN to be able to access it remotely.

Docker and unraid are meant for each other. There are dockers already built out there that are literally just instances of deluge / sab / nzbget behind a vpn. Then get dockers for sonarr and CP and you’re set. See this guys work - binhex (binhex) / Repositories · GitHub

Yeah, i checked it from the tutorial. It looks intimidating, but all it is doing is 3 things:

Pings my.plexapp.com,

parsing the IP address that is returned,

adding a static route for that address to go via the default gateway.

I’m not a linux guru, but that is a fairly simple script I reckon. /r/scriptswap will be able to sort that quickly I’m sure.

Yes, but I want to use a VPN for my Sonarr/Couchpotato/Deluge/Usenet setup. Should’ve made that clearer in the OP.