Bypass Plex traffic on router running vpn client, Working good so far, Testing for few days

[pacmanpc]

its starting to do routes every time i manually start script
Dec 31 23:16:01 admin: Starting Plex static route script...
Dec 31 23:16:07 admin: Grabbing current ipaddresses from plex.tv
Dec 31 23:16:07 admin: Current registered ip addresses: 52.31.73.202 52.214.33.245 34.252.160.54 34.248.236.84 52.31.227.227
Dec 31 23:16:07 admin: Plex static routes exist. Cool!
Dec 31 23:16:07 admin: Route doesn't exist, creating...
Dec 31 23:16:07 admin: New routes using 34.252.160.54 created
Dec 31 23:16:07 admin: Plex static routes exist. Cool!
Dec 31 23:16:07 admin: Plex static routes exist. Cool!
Dec 31 23:16:07 admin: Plex static routes exist. Cool!
Dec 31 23:16:07 admin: Plex static route script complete

 

[Ajay1685]

now from the device on 4g network , open browser , type http://ISP_IP:32400/web , that will make sure the route to your plex server is clear and open.

 

[pacmanpc]

unsure what the gateway ip is since it isn't my static ip although its obviously from my isp

 

[pacmanpc]

now from the device on 4g network , open browser , type http://ISP_IP:32400/web , that will make sure the route to your plex server is clear and open.

can see plex server fine

obviously vpn isnt running yet

the script isnt getting any more ips now

 

[Ajay1685]

Check the same with VPN turned on, why would you keep checking with VPN off, we know it works without VPN.

 

[pacmanpc]

not working although now it seems to show my isp ip in remote server settings

whatsmyip.org shows ip as
Your IP Address is 38.84.134.54

plex shows remote ip as one from isp

 

[Ajay1685]

public IP in the plex is a good sign, now that the static route script is working, the next part is port 32400 forward from modem to router and router to plex machine.

try turning off the bridge mode in tp-link , and let it assign 192.168.0.2 for the Asus router on lan port.

you can also try , In plex network settings-> custom server access url enter https://YourISPpublicIP:32400

 

[pacmanpc]

public IP in the plex is a good sign, now that the static route script is working, the next part is port 32400 forward from modem to router and router to plex machine.

If you have static IP from ISP , set it up in your Asus router with correct Ip, mask and gateway

In plex network settings-> custom server access url enter https://YourISPpublicIP:32400

where do i setup the static ip? WAN?

 

[Ajay1685]

where do i setup the static ip? WAN?

this should be the info you get from ISP with a static IP.

 

[pacmanpc]

i turned modem off bridge mode and connected just to get the settings.

I have now manually typed them into the wan ip setting box as well as set the dns from isp

if i don't manually type it in how would i even know what the settings are since they dont show up

 

[pacmanpc]

is there any way to test the openvpn-event script? i don't think its actually working .
either that or i'm missing a router setting or is there something in the log i'm expecting to see?

 

[Xruptor]

Wouldn't the IPTables list continue to grow and grow with each new addition to it? You would have lots of routing with old invalid IP's in addition to the new IP's that are being routed. So eventually the IPTables list will be enourmous? Not sure if there is a way to clean it out and then add the new rules. Otherwise you will have old rules there with IP's that are no longer valid, every hour on the hour. I could be wrong of course.

 

[pacmanpc]

public IP in the plex is a good sign, now that the static route script is working, the next part is port 32400 forward from modem to router and router to plex machine.

try turning off the bridge mode in tp-link , and let it assign 192.168.0.2 for the Asus router on lan port.

sorry i totally missed this, so i unplug modem from the WAN port on back of router and plug it into a LAN port?
how do i get it to assign that ip to router? do i set the ip in the router like i already had or?

Sorry for being a noob about this but what exactly do i need to do?

atm i have modem lan4/wan socket connected to wan port on router and 4 other devices connected using lan ports in back of router.

 

[pacmanpc]

maybe it would be better if you explain your exact setup? i can copy and try get mine working lol

i'm guessing its my router settings i must have something either in WAN, LAN DHCP or something else configured wrong.

I now have modem in non bridged mode connecting to internet and port forwarding port 32400 to 192.168.0.2 which is WAN ip of my router.

Modem ip is 192.168.0.1 subnet mask 255.255.255.0 with default gateway set to 192.168.0.1

I have the WAN ip of router set to static ip mode with 192.168.0.2 as the ip and subnet mask 255.255.255.0 with 192.168.0.1 as gateway

I have the LAN ip of router 192.168.1.1 subnet mask 255.255.255.0 and LAN DHCP gateway 192.168.1.1.
Its port forwarding port 32400 to 192.168.1.32 which is my plex machine and main pc

not sure if these are set correctly as before i was running modem in bridged mode and having the router make the internet connection via pppoe with everything set to get ip automatically

 

[pacmanpc]

Anyone? Bueller? Bueller

 

[Ajay1685]

Wouldn't the IPTables list continue to grow and grow with each new addition to it? You would have lots of routing with old invalid IP's in addition to the new IP's that are being routed. So eventually the IPTables list will be enourmous? Not sure if there is a way to clean it out and then add the new rules. Otherwise you will have old rules there with IP's that are no longer valid, every hour on the hour. I could be wrong of course.

It should grow enormous only if the plex keeps changing IPs too frequently, but in this case I havent had more than 5-6 IPs over the course of 2-3 months , so haven't had issues.

may be a separate script can be setup to clean up every week !

If plex could let you choose IP to reach the server at instead of trying to find it out itself, the whole Plex_StaticRoute.sh drama could be avoided.

anyways I end up rebooting all my devices within 2 - 3 month period , so this may not work for someone who is looking for a set-it-and-forget-it for 6 months or more.

 

[Ajay1685]

is there any way to test the openvpn-event script? i don't think its actually working .
either that or i'm missing a router setting or is there something in the log i'm expecting to see?

you can use a custom logger msg within the script , and look for that message in the logs.
i.e logger "this is my openvpn-event script . . . . . . . . . . . . . . . . . . . . . . . "

My setup
Modem
Router 1 (WAN IP: from ISP, LAN IP: 192.168.1.1 subnet 192.168.1.0/24)
Router 2(WAN IP: 192.168.1.2, LAN IP: 192.168.2.1 subnet 192.168.2.0/24)

static route in router 1
192.168.2.0 255.255.255.0 192.168.1.2 LAN

port 32400 forwarded in router 1 for 192.168.1.2
port 32400 forwarded in router 2 for Plex Server

 

[Austin Dean]

Everything seems working as I intended, still testing for anything I may have missed.


I found this script reddit by a user name: Scare_norm
The script placed in /jffs/scripts/ as Plex_StaticRoute.sh (note: with extension .sh)

#!/bin/sh

logger "Starting Plex static route script..."

#Fetch Current Server Address for plex.tv

DNS1=$(nslookup plex.tv | tail -1 | awk -F " " '{print $3}')
DNS2=$(nslookup plex.tv 8.8.8.8 | tail -2 | awk -F " " '{print $3}' | tail -1)
DNS3=$(nslookup plex.tv 8.8.4.4 | tail -2 | awk -F " " '{print $3}' | tail -1)
DNS4=$(nslookup plex.tv 68.105.28.11 | tail -2 | awk -F " " '{print $3}' | tail -1)
DNS5=$(nslookup plex.tv 68.105.29.11 | tail -2 | awk -F " " '{print $3}' | tail -1)

logger "Grabbing current ipaddresses from plex.tv"
DNS="$DNS1 $DNS2 $DNS3 $DNS4 $DNS5"
UNIQ_IP=$(echo "$DNS" | tr ' ' '\n' | sort -u | tr '\n' ' ')
logger "Current registered ip addresses: $DNS"

for IP in $UNIQ_IP
do
        #Create localroute variable to see if route exists
        localroute=`route | grep $IP`
        #Check if route exists
        if [[ -z "$localroute" ]]; then
                #route doesn't exist, add route
                logger "Route doesn't exist, creating..."
                route add -net "$IP" netmask 255.255.255.255 gw `nvram get wan_gateway`
                logger "New routes using $IP created"
                echo $IP
        else
                #route exists, hurray
                logger "Plex static routes exist.  Cool!"
                echo "yay"
        fi
done
logger "Plex static route script complete."
exit 0

Here is my services-start script , also placed in /jffs/scripts/ , (note: without any extension)
to launch Plex_StaticRoutes.sh at boot and on the top setup cron job to execute every hour
Thanks to john9527

#!/bin/sh
sleep 4
#Run the script at boot time
/jffs/scripts/Plex_StaticRoute.sh
#Set the script to run again each hour
cru a PlexStaticRoute "0 */1 * * * /jffs/scripts/Plex_StaticRoute.sh"
exit 0

my openvpn-event script , also placed in /jffs/scripts/ , (note: without any extension)
I found on snb forum by user CODYQX4

#!/bin/sh

# Setup FWMarks
WAN0=200
WAN1=201
VPN1=211
VPN2=212
VPN3=213
VPN4=214
VPN5=215

# Disable Reverse Path Filtering
sleep 10
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
    echo 0 > $i
done

# Reset Primary WAN Routing Table
ip route flush table wan0
ip route del default table wan0
ip rule del fwmark $WAN0 table wan0
ip rule del fwmark $VPN1 table ovpnc1
ip rule del fwmark $VPN2 table ovpnc2
ip rule del fwmark $VPN3 table ovpnc3
ip rule del fwmark $VPN4 table ovpnc4
ip rule del fwmark $VPN5 table ovpnc5
ip route flush cache
iptables -t mangle -F PREROUTING

# Reset Primary WAN Routing Table Rules
#VPN_LIST="1 2 3 4 5"
VPN_LIST="1"
for VPNID in $VPN_LIST
do
    # Copy IP Routing Rules
    ip route show table main | grep -Ev ^default | grep -Ev tun1$VPNID | while read ROUTE;
    do
        ip route add table wan0 $ROUTE
    done
 
    # Set Active VPN State
    VPN_STATE=$(nvram get "vpn_client"$VPNID"_state")
    if [ $VPN_STATE -eq -1 ]
    then
        nvram set "vpn_client"$VPNID"_state"=2
    fi
done

ip route add default table wan0 via $(nvram get wan0_gateway)
ip rule add fwmark $WAN0 table wan0
ip rule add fwmark $VPN1 table ovpnc1
ip rule add fwmark $VPN2 table ovpnc2
ip rule add fwmark $VPN3 table ovpnc3
ip rule add fwmark $VPN4 table ovpnc4
ip rule add fwmark $VPN5 table ovpnc5
ip route flush cache

# Plex Traffic: Bypass VPN
iptables -t mangle -A PREROUTING -i br0 -p tcp --sport 32400 -j MARK --set-mark $WAN0
iptables -t mangle -A PREROUTING -i br0 -p udp --sport 32400 -j MARK --set-mark $WAN0
iptables -t mangle -A PREROUTING -i br0 -p tcp --dport 32400 -j MARK --set-mark $WAN0
iptables -t mangle -A PREROUTING -i br0 -p udp --dport 32400 -j MARK --set-mark $WAN0

# SSH Traffic: Bypass VPN
iptables -t mangle -A PREROUTING -i br0 -p tcp --sport 22 -j MARK --set-mark $WAN0
iptables -t mangle -A PREROUTING -i br0 -p udp --sport 22 -j MARK --set-mark $WAN0
iptables -t mangle -A PREROUTING -i br0 -p tcp --dport 22 -j MARK --set-mark $WAN0
iptables -t mangle -A PREROUTING -i br0 -p udp --dport 22 -j MARK --set-mark $WAN0

# Portforwarding through VPN
iptables -I FORWARD -i tun11 -p udp -d 192.168.2.111 --dport 52525 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.2.111 --dport 52525 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 52525 -j DNAT --to-destination 192.168.2.111:52525
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 52525 -j DNAT --to-destination 192.168.2.111:52525

Will keep the post upto date as I make progress, Thank you RMerlin and this great community. All the credit goes back to the community there is nothing here I can take credit for its all the bits and pieces I found here on the forums.

Port 32400 forwarded to client running plex server in GUI
OpenVPN client setup page
Redirect Internet traffic : Policy Rules,
Block routed clients if tunnel goes down: Yes

I have a question regarding the compilation of scripts. The user that procured the openvpn-event (CodyQX4) also gave direction to include "route plex.tv 255.255.255.255 net_gateway" in the custom configuration window for the VPN client. I have this currently entered in the window. Does this affect the rest of the solution in this thread? Specifically the steps facilitated by John9527?