1. Post filters have been ramped up due to high spam activity. If your post is marked for moderation, be patient. A moderator will review and release it as soon as possible.
    Dismiss Notice
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Bypass Plex traffic on router running vpn client, Working good so far, Testing for few days

Discussion in 'Asuswrt-Merlin' started by Ajay1685, Feb 8, 2017.

Tags:
  1. Ajay1685

    Ajay1685 Occasional Visitor

    Joined:
    Aug 19, 2016
    Messages:
    39
    You will need 3 scripts from the first post openvpn-event , services-start and Plex_StaticRoute.sh in your scripts folder (screenshot attached).


    Answer 1: You will still need to keep the port forward, Plex remote access needs to see your WAN IP after your VPN connection is established, Plex_StaticRoute.sh will ensure that plex sees the WAN IP and (screenshot of the log showing script being executed every hour to implement any new ip detected for plex.tv),
    DNS4 and DNS5 in the script are DNS servers of my ISP for accurate plex.tv lookups.
    I use openvpn-event script for routing traffic to 32400 through WAN and not the VPN (tun11 in my case). You have to edit the scripts to ensure your VPN interface (probably there is much better way of doing it, but this will have to do for now untill understand more about routing and events).


    Answer 2: Mine is set to Policy based routing just to ensure everything is pushed through VPN by default. In the policy I have routed the whole subnet through VPN (screenshot attached)

    Answer 3: you only need Custom configuration box if your VPN provider requires any other settings besides the basic one, I have a few lines in custom config , not for "Plex traffic bypass" but rather send buffer , receive buffer and other stuff.

    Make sure you go through scripts and change IPs according to your setup/subnet. VPN_1.PNG VPN_Script_Log.PNG
     

    Attached Files:

    Last edited: Dec 30, 2017
  2. pacmanpc

    pacmanpc Occasional Visitor

    Joined:
    Dec 27, 2017
    Messages:
    24
    Thanks alot for the reply but its still doing my head in

    Due to the openvpn-event script not seeming to do anything on my end i'm assuming there is an error in this line? i see mention of tun11 when i connect to vpn so maybe its being set wrong?


    # Copy IP Routing Rules
    ip route show table main | grep -Ev ^default | grep -Ev tun1$VPNID | while read ROUTE;
    do

    Should i change it to

    # Copy IP Routing Rules
    ip route show table main | grep -Ev ^default | grep -Ev tun11$VPNID | while read ROUTE;
    do

    is there a way to check it working?

    I do see the hourly script running but it keeps posting the below info and it doesn't change

    Dec 31 19:00:00 admin: Starting Plex static route script...
    Dec 31 19:00:12 admin: Grabbing current ipaddresses from plex.tv
    Dec 31 19:00:12 admin: Current registered ip addresses: 52.31.73.202 52.214.33.245 54.77.197.74 52.31.73.202 52.30.134.235
    Dec 31 19:00:12 admin: Route doesn't exist, creating...
    Dec 31 19:00:12 admin: New routes using 52.214.33.245 created
    Dec 31 19:00:12 admin: Route doesn't exist, creating...
    Dec 31 19:00:12 admin: New routes using 52.30.134.235 created
    Dec 31 19:00:12 admin: Route doesn't exist, creating...
    Dec 31 19:00:12 admin: New routes using 52.31.73.202 created
    Dec 31 19:00:12 admin: Route doesn't exist, creating...
    Dec 31 19:00:12 admin: New routes using 54.77.197.74 created
    Dec 31 19:00:12 admin: Plex static route script complete.

    its the same message every time giving me the impression its not routing properly in the first place.

    i copied the scripts that were posted exactly and put them into the jffs/scripts folder using winscp and did 1 edit to set DNS from my ISP

    I have to be missing something. below is my settings
    vpn settings.png port forward.jpg Wan Setting.jpg LAN.png



    I'm guessing its something to do with my LAN and WAN ip settings?
    Bridged modem has LAN ip 192.168.0.1
     
    Last edited: Dec 31, 2017
  3. pacmanpc

    pacmanpc Occasional Visitor

    Joined:
    Dec 27, 2017
    Messages:
    24
    What exactly do i edit in openvpn-event? as i stated before i need all but Plex to go through VPN when its active
     
  4. Ajay1685

    Ajay1685 Occasional Visitor

    Joined:
    Aug 19, 2016
    Messages:
    39
    Did you make sure only Plex_StaticRoute.sh has " .sh " , extension and other two does not have any extension. Also did you apply read write permissions after copying the scripts to script folder.

    if your VPN interface is tun11 for sure than you do not need to edit the script. tun1$VPNID is correct

    you should put your customized log events in the beginning of the script , and look for that in the log events might help.
     
  5. pacmanpc

    pacmanpc Occasional Visitor

    Joined:
    Dec 27, 2017
    Messages:
    24
    yea changed octal to 0777 which sets correct r/w permissions? is this right?
    none except the Plex_StaticRoute has a .sh
    winscp.png


    what do you mean by this?

    i have been trying to follow instructions exactly but i'm sure theres something i have not done or with my setup.

    i don't think the routing is working at all

    would you mind posting your lan and wan settings to see if mine are right?
     
    Last edited: Dec 31, 2017
  6. Ajay1685

    Ajay1685 Occasional Visitor

    Joined:
    Aug 19, 2016
    Messages:
    39
    Don't worry about LAN or WAN settings yet, first figure out if the script (openvpn-event) are being executed when they need to be.

    from your log , it seems that cron job is setup correctly , and the Plex_StaticRoute.sh is being called as it should, try and figure out if the openvpn-event is being called
     
  7. pacmanpc

    pacmanpc Occasional Visitor

    Joined:
    Dec 27, 2017
    Messages:
    24
    Dec 31 21:43:20 custom_script: Running /jffs/scripts/openvpn-event (args: tun11 1500 1603 10.13.220.209 10.13.220.210)
    Dec 31 21:43:30 openvpn[1369]: Initialization Sequence Completed
    Dec 31 21:43:30 openvpn[1369]: [vpn.trust.zone] Inactivity timeout (--ping-restart), restarting
    Dec 31 21:43:30 openvpn[1369]: SIGUSR1[soft,ping-restart] received, process restarting
    Dec 31 21:43:30 openvpn[1369]: Restart pause, 5 second(s)
    Dec 31 21:43:35 openvpn[1369]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Dec 31 21:43:35 openvpn[1369]: TCP/UDP: Preserving recently used remote address: [AF_INET]38.84.134.54:443
    Dec 31 21:43:35 openvpn[1369]: Socket Buffers: R=[87380->87380] S=[16384->16384]
    Dec 31 21:43:35 openvpn[1369]: Attempting to establish TCP connection with [AF_INET]38.84.134.54:443 [nonblock]
    Dec 31 21:43:36 openvpn[1369]: TCP connection established with [AF_INET]38.84.134.54:443
    Dec 31 21:43:36 openvpn[1369]: TCP_CLIENT link local: (not bound)
    Dec 31 21:43:36 openvpn[1369]: TCP_CLIENT link remote: [AF_INET]38.84.134.54:443
    Dec 31 21:43:36 openvpn[1369]: TLS: Initial packet from [AF_INET]38.84.134.54:443, sid=2555ea2e 52195396
    Dec 31 21:43:37 openvpn[1369]: VERIFY X509NAME OK: CN=vpn.trust.zone
    Dec 31 21:43:37 openvpn[1369]: VERIFY OK: depth=0, CN=vpn.trust.zone
    Dec 31 21:43:38 openvpn[1369]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
    Dec 31 21:43:38 openvpn[1369]: [vpn.trust.zone] Peer Connection Initiated with [AF_INET]38.84.134.54:443
    Dec 31 21:43:39 openvpn[1369]: SENT CONTROL [vpn.trust.zone]: 'PUSH_REQUEST' (status=1)
    Dec 31 21:43:40 openvpn[1369]: PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.13.220.209 10.13.220.210,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 10.13.220.210,redirect-gateway def1'
    Dec 31 21:43:40 openvpn[1369]: OPTIONS IMPORT: timers and/or timeouts modified
    Dec 31 21:43:40 openvpn[1369]: OPTIONS IMPORT: --ifconfig/up options modified
    Dec 31 21:43:40 openvpn[1369]: OPTIONS IMPORT: route options modified
    Dec 31 21:43:40 openvpn[1369]: OPTIONS IMPORT: route-related options modified
    Dec 31 21:43:40 openvpn[1369]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Dec 31 21:43:40 openvpn[1369]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Dec 31 21:43:40 openvpn[1369]: Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
    Dec 31 21:43:40 openvpn[1369]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Dec 31 21:43:40 openvpn[1369]: Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
    Dec 31 21:43:40 openvpn[1369]: Preserving previous TUN/TAP instance: tun11
    Dec 31 21:43:40 openvpn[1369]: Initialization Sequence Completed
     
  8. pacmanpc

    pacmanpc Occasional Visitor

    Joined:
    Dec 27, 2017
    Messages:
    24
    looks like its calling the script but i don't think its actually doing anything?
     
  9. Ajay1685

    Ajay1685 Occasional Visitor

    Joined:
    Aug 19, 2016
    Messages:
    39
    I see that you have forwarded 32400 in router 2 (192.168.1.0/24 subnet)to plex machine ( 192.168.1.32), Did you also forward the port 32400 in the router 1 (192.168.0.0/24 subnet) to the WAN IP of the second router (192.168.0.2)
     
  10. pacmanpc

    pacmanpc Occasional Visitor

    Joined:
    Dec 27, 2017
    Messages:
    24
    so i log into modem and do port forwarding on it? this sounds like its the issue but i need to figure out exactly how to do it
    i'm a dummy when it comes to this lol
     
  11. Ajay1685

    Ajay1685 Occasional Visitor

    Joined:
    Aug 19, 2016
    Messages:
    39
    is your router 1 a modem or modem/router combo ?

    connect a device (laptop) to router 1 , and see if you can access plex (192.168.1.32:32400) from 192.168.0.0/24 subnet (laptop) ?
     
  12. pacmanpc

    pacmanpc Occasional Visitor

    Joined:
    Dec 27, 2017
    Messages:
    24
    i have a bridged modem connected to phone line for my internet connection and my asus router is connected to wan port of modem

    due to it being bridged i'm unsure if i can even port forward
     
  13. Ajay1685

    Ajay1685 Occasional Visitor

    Joined:
    Aug 19, 2016
    Messages:
    39
    I see, so if you can access plex from remote IP , when VPN is turned down , than you may not have to route anything in TP-Link .

    try to find out the issue , piece by piece , to narrow down . I am no expert myself I had hard time getting mine to work. spent days reading through forums
     
  14. pacmanpc

    pacmanpc Occasional Visitor

    Joined:
    Dec 27, 2017
    Messages:
    24
    oh i can access plex remotely no probs when vpn isnt running
     
  15. pacmanpc

    pacmanpc Occasional Visitor

    Joined:
    Dec 27, 2017
    Messages:
    24
    connected right now with my ipad over 4g.

    as soon as i turn vpn on i lose connection
     
  16. Ajay1685

    Ajay1685 Occasional Visitor

    Joined:
    Aug 19, 2016
    Messages:
    39
    restart plex server , then Go to plex remote access settings and see what public IP it sees ? VPN IP ? or your ISP IP ?
     
    Last edited: Dec 31, 2017
  17. pacmanpc

    pacmanpc Occasional Visitor

    Joined:
    Dec 27, 2017
    Messages:
    24
    without vpn it sees isp ip
     
  18. pacmanpc

    pacmanpc Occasional Visitor

    Joined:
    Dec 27, 2017
    Messages:
    24
    non  vpn.png

    vpn on.png

    as you can see vpn stops it. even though i have all those scripts

    i also have a static ip via isp so i can get past thier CGNAT setup and do port forward
     
    Last edited: Dec 31, 2017
  19. Ajay1685

    Ajay1685 Occasional Visitor

    Joined:
    Aug 19, 2016
    Messages:
    39
    that is out of question , without VPN it will see ISP IP. I want to know what IP it sees with VPN.
    Turn on VPN , restart the router just to make sure everything is working with VPN and scripts from the log , restart plex server and then check public ip in plex remote access ?
     
  20. Ajay1685

    Ajay1685 Occasional Visitor

    Joined:
    Aug 19, 2016
    Messages:
    39
    so plex failed to see the ISP IP with VPN, than i guess the problem is with Plex_StaticRoute.sh

    change DNS4 and DNS5 to your ISP DNS servers, restart router, ssh to merlin using putty , manually execute Plex_StaticRoute a few times with a couple of minutes gap.

    you can also add
    route plex.tv 255.255.255.255 192.168.1.1 to Custom config for VPN client , to see if that helps.
     

Share This Page