Bypass Plex traffic on router running vpn client, Working good so far, Testing for few days

[Ajay1685]

You will need 3 scripts from the first post openvpn-event , services-start and Plex_StaticRoute.sh in your scripts folder (screenshot attached).


Answer 1: You will still need to keep the port forward, Plex remote access needs to see your WAN IP after your VPN connection is established, Plex_StaticRoute.sh will ensure that plex sees the WAN IP and (screenshot of the log showing script being executed every hour to implement any new ip detected for plex.tv),
DNS4 and DNS5 in the script are DNS servers of my ISP for accurate plex.tv lookups.
I use openvpn-event script for routing traffic to 32400 through WAN and not the VPN (tun11 in my case). You have to edit the scripts to ensure your VPN interface (probably there is much better way of doing it, but this will have to do for now untill understand more about routing and events).


Answer 2: Mine is set to Policy based routing just to ensure everything is pushed through VPN by default. In the policy I have routed the whole subnet through VPN (screenshot attached)

Answer 3: you only need Custom configuration box if your VPN provider requires any other settings besides the basic one, I have a few lines in custom config , not for "Plex traffic bypass" but rather send buffer , receive buffer and other stuff.

Make sure you go through scripts and change IPs according to your setup/subnet.

 

[pacmanpc]

Thanks alot for the reply but its still doing my head in

Due to the openvpn-event script not seeming to do anything on my end i'm assuming there is an error in this line? i see mention of tun11 when i connect to vpn so maybe its being set wrong?


# Copy IP Routing Rules
ip route show table main | grep -Ev ^default | grep -Ev tun1$VPNID | while read ROUTE;
do

Should i change it to

# Copy IP Routing Rules
ip route show table main | grep -Ev ^default | grep -Ev tun11$VPNID | while read ROUTE;
do

is there a way to check it working?

I do see the hourly script running but it keeps posting the below info and it doesn't change

Dec 31 19:00:00 admin: Starting Plex static route script...
Dec 31 19:00:12 admin: Grabbing current ipaddresses from plex.tv
Dec 31 19:00:12 admin: Current registered ip addresses: 52.31.73.202 52.214.33.245 54.77.197.74 52.31.73.202 52.30.134.235
Dec 31 19:00:12 admin: Route doesn't exist, creating...
Dec 31 19:00:12 admin: New routes using 52.214.33.245 created
Dec 31 19:00:12 admin: Route doesn't exist, creating...
Dec 31 19:00:12 admin: New routes using 52.30.134.235 created
Dec 31 19:00:12 admin: Route doesn't exist, creating...
Dec 31 19:00:12 admin: New routes using 52.31.73.202 created
Dec 31 19:00:12 admin: Route doesn't exist, creating...
Dec 31 19:00:12 admin: New routes using 54.77.197.74 created
Dec 31 19:00:12 admin: Plex static route script complete.

its the same message every time giving me the impression its not routing properly in the first place.

i copied the scripts that were posted exactly and put them into the jffs/scripts folder using winscp and did 1 edit to set DNS from my ISP

I have to be missing something. below is my settings

I'm guessing its something to do with my LAN and WAN ip settings?
Bridged modem has LAN ip 192.168.0.1

 

[pacmanpc]

I use openvpn-event script for routing traffic to 32400 through WAN and not the VPN (tun11 in my case). You have to edit the scripts to ensure your VPN interface (probably there is much better way of doing it, but this will have to do for now untill understand more about routing and events).

What exactly do i edit in openvpn-event? as i stated before i need all but Plex to go through VPN when its active

 

[Ajay1685]

Did you make sure only Plex_StaticRoute.sh has " .sh " , extension and other two does not have any extension. Also did you apply read write permissions after copying the scripts to script folder.

if your VPN interface is tun11 for sure than you do not need to edit the script. tun1$VPNID is correct

you should put your customized log events in the beginning of the script , and look for that in the log events might help.

 

[pacmanpc]

yea changed octal to 0777 which sets correct r/w permissions? is this right?
none except the Plex_StaticRoute has a .sh

you should put your customized log events in the beginning of the script , and look for that in the log events might help

what do you mean by this?

i have been trying to follow instructions exactly but i'm sure theres something i have not done or with my setup.

i don't think the routing is working at all

would you mind posting your lan and wan settings to see if mine are right?

 

[Ajay1685]

Don't worry about LAN or WAN settings yet, first figure out if the script (openvpn-event) are being executed when they need to be.

from your log , it seems that cron job is setup correctly , and the Plex_StaticRoute.sh is being called as it should, try and figure out if the openvpn-event is being called

 

[pacmanpc]

Dec 31 21:43:20 custom_script: Running /jffs/scripts/openvpn-event (args: tun11 1500 1603 10.13.220.209 10.13.220.210)
Dec 31 21:43:30 openvpn[1369]: Initialization Sequence Completed
Dec 31 21:43:30 openvpn[1369]: [vpn.trust.zone] Inactivity timeout (--ping-restart), restarting
Dec 31 21:43:30 openvpn[1369]: SIGUSR1[soft,ping-restart] received, process restarting
Dec 31 21:43:30 openvpn[1369]: Restart pause, 5 second(s)
Dec 31 21:43:35 openvpn[1369]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 31 21:43:35 openvpn[1369]: TCP/UDP: Preserving recently used remote address: [AF_INET]38.84.134.54:443
Dec 31 21:43:35 openvpn[1369]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Dec 31 21:43:35 openvpn[1369]: Attempting to establish TCP connection with [AF_INET]38.84.134.54:443 [nonblock]
Dec 31 21:43:36 openvpn[1369]: TCP connection established with [AF_INET]38.84.134.54:443
Dec 31 21:43:36 openvpn[1369]: TCP_CLIENT link local: (not bound)
Dec 31 21:43:36 openvpn[1369]: TCP_CLIENT link remote: [AF_INET]38.84.134.54:443
Dec 31 21:43:36 openvpn[1369]: TLS: Initial packet from [AF_INET]38.84.134.54:443, sid=2555ea2e 52195396
Dec 31 21:43:37 openvpn[1369]: VERIFY X509NAME OK: CN=vpn.trust.zone
Dec 31 21:43:37 openvpn[1369]: VERIFY OK: depth=0, CN=vpn.trust.zone
Dec 31 21:43:38 openvpn[1369]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Dec 31 21:43:38 openvpn[1369]: [vpn.trust.zone] Peer Connection Initiated with [AF_INET]38.84.134.54:443
Dec 31 21:43:39 openvpn[1369]: SENT CONTROL [vpn.trust.zone]: 'PUSH_REQUEST' (status=1)
Dec 31 21:43:40 openvpn[1369]: PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.13.220.209 10.13.220.210,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 10.13.220.210,redirect-gateway def1'
Dec 31 21:43:40 openvpn[1369]: OPTIONS IMPORT: timers and/or timeouts modified
Dec 31 21:43:40 openvpn[1369]: OPTIONS IMPORT: --ifconfig/up options modified
Dec 31 21:43:40 openvpn[1369]: OPTIONS IMPORT: route options modified
Dec 31 21:43:40 openvpn[1369]: OPTIONS IMPORT: route-related options modified
Dec 31 21:43:40 openvpn[1369]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Dec 31 21:43:40 openvpn[1369]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Dec 31 21:43:40 openvpn[1369]: Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Dec 31 21:43:40 openvpn[1369]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Dec 31 21:43:40 openvpn[1369]: Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Dec 31 21:43:40 openvpn[1369]: Preserving previous TUN/TAP instance: tun11
Dec 31 21:43:40 openvpn[1369]: Initialization Sequence Completed

 

[pacmanpc]

looks like its calling the script but i don't think its actually doing anything?

 

[Ajay1685]

looks like its calling the script but i don't think its actually doing anything?

I see that you have forwarded 32400 in router 2 (192.168.1.0/24 subnet)to plex machine ( 192.168.1.32), Did you also forward the port 32400 in the router 1 (192.168.0.0/24 subnet) to the WAN IP of the second router (192.168.0.2)

 

[pacmanpc]

I see that you have forwarded 32400 in router 2 (192.168.1.0/24 subnet)to plex machine ( 192.168.1.32), Did you also forward the port 32400 in the router 1 (192.168.0.0/24 subnet) to the WAN IP of the second router (192.168.0.2)

so i log into modem and do port forwarding on it? this sounds like its the issue but i need to figure out exactly how to do it
i'm a dummy when it comes to this lol

 

[Ajay1685]

is your router 1 a modem or modem/router combo ?

connect a device (laptop) to router 1 , and see if you can access plex (192.168.1.32:32400) from 192.168.0.0/24 subnet (laptop) ?

 

[pacmanpc]

i have a bridged modem connected to phone line for my internet connection and my asus router is connected to wan port of modem

due to it being bridged i'm unsure if i can even port forward

 

[Ajay1685]

i have a bridged modem connected to phone line for my internet connection and my asus router is connected to wan port of modem

due to it being bridged i'm unsure if i can even port forward

I see, so if you can access plex from remote IP , when VPN is turned down , than you may not have to route anything in TP-Link .

try to find out the issue , piece by piece , to narrow down . I am no expert myself I had hard time getting mine to work. spent days reading through forums

 

[pacmanpc]

oh i can access plex remotely no probs when vpn isnt running

 

[pacmanpc]

connected right now with my ipad over 4g.

as soon as i turn vpn on i lose connection

 

[Ajay1685]

restart plex server , then Go to plex remote access settings and see what public IP it sees ? VPN IP ? or your ISP IP ?

 

[pacmanpc]

without vpn it sees isp ip

 

[pacmanpc]

as you can see vpn stops it. even though i have all those scripts

i also have a static ip via isp so i can get past thier CGNAT setup and do port forward

 

[Ajay1685]

without vpn it sees isp ip

that is out of question , without VPN it will see ISP IP. I want to know what IP it sees with VPN.
Turn on VPN , restart the router just to make sure everything is working with VPN and scripts from the log , restart plex server and then check public ip in plex remote access ?

 

[Ajay1685]

so plex failed to see the ISP IP with VPN, than i guess the problem is with Plex_StaticRoute.sh

change DNS4 and DNS5 to your ISP DNS servers, restart router, ssh to merlin using putty , manually execute Plex_StaticRoute a few times with a couple of minutes gap.

you can also add
route plex.tv 255.255.255.255 192.168.1.1 to Custom config for VPN client , to see if that helps.