China tried to login

Yes, I do have Plex.

The way that it's supposed to work is your Plex server connects to the main Plex site with your account credentials. Then, you go to www.plex.tv and login there. The system will see that your home server is connected to the main Plex system (which you just logged into) and will direct you into your system through that connection. There should not be a need to open up port 32400 to the Internet.

I know we have gotten really off topic here, but I encourage you to do a little digging about this topic. I don't know how your Plex is configured to work exactly, but if you have access to Plex through www.plex.tv you DO have ports open in your firewall, knowingly or unknowingly. You might have UPnP on in your router, or you have NAT-PMP in your router, but you cannot access your Plex server without an open port. Even Plex documents state this to be true.

https://support.plex.tv/hc/en-us/articles/200484543-Enabling-Remote-Access-for-a-Server
 
if my sisters PS4 and mom's android TV could vpn into my plex server i'd probably VPN it too.. I have the bandwidth and power.. but I also host the family DVR.

THIS is my problem with VPN to Plex also, as I too am hosting family DVR now. I want to put PlexRequest open to family also, what do you think of the security to this being outward facing?
 
I know we have gotten really off topic here, but I encourage you to do a little digging about this topic. I don't know how your Plex is configured to work exactly, but if you have access to Plex through www.plex.tv you DO have ports open in your firewall, knowingly or unknowingly. You might have UPnP on in your router, or you have NAT-PMP in your router, but you cannot access your Plex server without an open port. Even Plex documents state this to be true.

https://support.plex.tv/hc/en-us/articles/200484543-Enabling-Remote-Access-for-a-Server

Seriously, I know that. What I am telling you is your Plex Server opens them, NOT you. And plex.tv knows which ones those are. You don't need to know or care. It may be 32400, or a different one(s). Point is, you don't have to forward them manually.

What I am telling you, is you DO NOT need VPN to access your Plex server. You can access it from plex.tv once your server is configured correctly.

Your initial post was a concern that you needed to establish a VPN connection from all of your devices to connect to Plex remotely. I am telling you this is not true. Just login to your account and you are in. Very simple.
 
@Rockford622, there is no way in hell Plex opens port 32400 without my expressed permission.. and no, plex.tv wont work at all if you dont setup the port forwards.

If your router has automatic port forwarding, plex will open the ports on your behalf.. and if you have automatic port forwarding enabled you should disable it for your own saftey.

Seriously.


@ruppmeister, my plex runs in a freebsd jail on my freenas, with my absurd levels of paranoia I have no qualms about opening plex to the internet.. worst case someone gets to steal some stolen movies.. the operating system gets security updates automatically, I have admin access and is secure by default. it contains absolutely no personal information.. other that how far into walking dead I am.. its like the opposite of IPCams and I dont worry about it at all.
 
Last edited by a moderator:
  • Like
Reactions: ruppmeister
I agree with @nayr here - don't allow applications to control your firewall settings, please.
@Rockford622 - I don't have an ability to VPN to home to use Plex due to device limitations that are used to access my Plex server. I know that Plex needs ports open to work remotely, that isn't the concern. The concern is have a bunch of ports open to the world to port scan my IP, OR setup a reverse proxy to obfuscate the different services that I am hosting on my network through ports 80 and 443.
 
Last edited by a moderator:
I said I don't know what port it opens for certain. Probably doesn't matter.

Yes, it will work. I don't have to manually open any ports on my router and plex.tv works just fine. My Plex server is a client that establishes a connection to a remote server. Then, through plex.tv I login to my account. The server that validates my credentials sees that my server at home is also logged in and therefore allows me to connect to it. I have a VPN (1723) port forwarded to my NAS and a BI port forwarded to my PC...that's it. I can see and watch my entire library from anywhere I have an Internet connection on any device.

Technical details aside, I was trying to point out to @ruppmeister he does not need to do anything special to view Plex remotely.
 
Last edited by a moderator:
I agree with @nayr here - don't allow applications to control your firewall settings, please.

How do you think something like a remotely controlled thermostat works then? You have to have the ability to change settings on it from outside your home network. You don't connect directly to it, yet you can change the settings on it remotely through a remote server you login to.

What device limitations are you referring to? I can view my Plex library from any iOS device just by logging into it. NO VPN needed.

So, I'm guessing you are just trying to avoid a server from behind your network maintaining a persistent connection to a remote server on the Internet? How is that any different that keeping port 32400 open on your firewall 24/7?
 
Technical details aside, I was trying to point out to @ruppmeister he does not need to do anything special to view Plex remotely.

Ummm, yea. It is people like you that UPnP was created, but just the same, it is people like you who don't consider the ramifications of hosting stuff outside your network. In MY network, I DO have to do something "special" to get Plex to work, just like I have to do something "special" to get Blue Iris and other service to work. I don't allow software to open ports in my firewall. I DO THIS MYSELF! Preciate your insights though, @Rockford622
 
Last edited by a moderator:
@Rockford622, how do you think my remotely controlled thermostat works? HINT: VPN is the ony way to access it.
 
Last edited by a moderator:
Good lord. I give up. Just trying to help you @ruppmeister. I figured you didn't know that you could setup your server that way and connect to it. I didn't know you were intentionally trying to make things difficult for yourself. My bad.

And @nayr...Really not necessary to respond that way. I get that you are paranoid, I just didn't know to what degree. Now I do.

I don't give a rats ass if my Plex server or Nest thermostat has a port open for my convenience. Apparently others do.

Carry on.
 
Last edited by a moderator:
Good lord. I give up. Just trying to help you @ruppmeister. I figured you didn't know that you could setup your server that way and connect to it. I didn't know you were intentionally trying to make things difficult for yourself. My bad.

And @nayr...Really not necessary to respond that way. I get that you are paranoid, I just didn't know to what degree. Now I do.

I don't give a rats ass if my Plex server or Nest thermostat has a port open for my convenience. Apparently others do.

Carry on.

Just make sure you don't open up a Vera controller. Those things are just one huge backdoor. (this has been a public service announcement)
 
Last edited by a moderator:
for iphones openvpn app.. i have a pfsense router with pfblockng. running.. It will keep out the counties you say to block via blacklists etc. my BI box is open to the internet nobody yet tried to enter.
 
I see that china tried to log in to my Blue Iris at 12:02am from 117.21.173.4 in myu Status Connections tab. I dont know if they were successful. Maybe it was just an attempt?

Any way to block the ip?

The offenders: http://who.is/whois-ip/ip-address/117.21.173.4

Are you sure the China attempt was trying to access BI? I ask this because I noticed a camera I was playing with was using its own version of DDNS for mobile connections. Part of the heartbeat could have been a return response. I have myself semi-locked down. I will run a proper VPN again once I get my ClearOS box setup. Make sure you do not have DDNS set up on any camera...or BI for that matter. I use a DDNS that runs off my server for keep alive and its ports are shut down to non-Lan traffic. I can't even inbound to the server without going through another computer on my network. My cameras only get access through BI and those that accept it, I have IP filtering set so again I can only access them through a computer on my LAN that is specifically setup.