A few questions about my setup

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

TheLyppardMan

Very Senior Member
I’d just like to ask a few questions about my setup, that the experts on this forum would probably be able to answer very easily.

I have a Plex server running on my Synology DiskStation 218+ and in order to allow remote access I have had to add a port forwarding rule to my ASUS RT-AX88U router. So my first question is, does that pose a significant security risk and if so, would connecting to the router/NAS via the OpenVPN server I already have set up on the RT-AX88U provide any benefit or is it simply the fact that having any port forwarding rules on the router poses a security risk whether or not I am actively connecting remotely?

The other thing I wanted to ask about is whether using an alternative DNS server such as OpenDNS or Google would be a better option than using the default one provided by my ISP (Plusnet) and if so, why?
 

ColinTaylor

Part of the Furniture
Opening any port is a security risk. In the case of Plex you're relying solely on the security provided by Plex itself, which I wouldn't trust. If there's a vulnerability in Plex then not only is your Synology at risk but potentially everything on your LAN. And if you're forwarding the standard Plex port (32400) from the internet you're just asking for trouble IMHO.

Accessing Plex via an OpenVPN server is much more secure because unlike Plex its sole purpose is to create secure network connections. Do bear in mind that if you're connecting via the router's VPN server the client has full access to the LAN, not just the Plex server. So that might not be appropriate in all circumstances.
 
Last edited:

elorimer

Very Senior Member
I think if you delete the port forwarding rule, the Plex server will still try to use uPnp to insert a rule. And is it the case that even if you disable uPnP, the server will try to use Plex Relay?

So the most secure method would be to disable remote access and then make the OpenVPN connection?
 

Jack Yaz

Part of the Furniture
i have plex port forwarded, namely because the family I let have access use devices that can't run a VPN connection nor am I about to buy them a router to set up a site-to-site. it's not as secure as i'd like, but I use a non-standard port (obfuscation to slow down any attacks), and plex runs in a little isolated container so even if someone should break in, they don't have much access to the host system.
 

Morris

Senior Member
Using a DNS server that returns a block IP for known hostile hosts improves the security of your local clients. They will be blocked from connecting to hosts known to contain malware thus avoiding a drive by infection. It can also stop a virus from calling home to a command and control server.

A VPN server such as the ones hosted on our Asus routers can have vulnerabilities yet there more likely to be detected and corrected than one for Plex through Plex is common enough that vulnerabilities will be discovered and patched. They seem to be responsive to bug reports.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top