What's new

A few questions about my setup

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

TheLyppardMan

Very Senior Member
I’d just like to ask a few questions about my setup, that the experts on this forum would probably be able to answer very easily.

I have a Plex server running on my Synology DiskStation 218+ and in order to allow remote access I have had to add a port forwarding rule to my ASUS RT-AX88U router. So my first question is, does that pose a significant security risk and if so, would connecting to the router/NAS via the OpenVPN server I already have set up on the RT-AX88U provide any benefit or is it simply the fact that having any port forwarding rules on the router poses a security risk whether or not I am actively connecting remotely?

The other thing I wanted to ask about is whether using an alternative DNS server such as OpenDNS or Google would be a better option than using the default one provided by my ISP (Plusnet) and if so, why?
 
Opening any port is a security risk. In the case of Plex you're relying solely on the security provided by Plex itself, which I wouldn't trust. If there's a vulnerability in Plex then not only is your Synology at risk but potentially everything on your LAN. And if you're forwarding the standard Plex port (32400) from the internet you're just asking for trouble IMHO.

Accessing Plex via an OpenVPN server is much more secure because unlike Plex its sole purpose is to create secure network connections. Do bear in mind that if you're connecting via the router's VPN server the client has full access to the LAN, not just the Plex server. So that might not be appropriate in all circumstances.
 
Last edited:
I think if you delete the port forwarding rule, the Plex server will still try to use uPnp to insert a rule. And is it the case that even if you disable uPnP, the server will try to use Plex Relay?

So the most secure method would be to disable remote access and then make the OpenVPN connection?
 
i have plex port forwarded, namely because the family I let have access use devices that can't run a VPN connection nor am I about to buy them a router to set up a site-to-site. it's not as secure as i'd like, but I use a non-standard port (obfuscation to slow down any attacks), and plex runs in a little isolated container so even if someone should break in, they don't have much access to the host system.
 
Using a DNS server that returns a block IP for known hostile hosts improves the security of your local clients. They will be blocked from connecting to hosts known to contain malware thus avoiding a drive by infection. It can also stop a virus from calling home to a command and control server.

A VPN server such as the ones hosted on our Asus routers can have vulnerabilities yet there more likely to be detected and corrected than one for Plex through Plex is common enough that vulnerabilities will be discovered and patched. They seem to be responsive to bug reports.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top