How to forward traffic from VPS to local plex server

Operating Systems & Open Source Open Source & Web-Based
1

I have a plex server running locally that I want to access remotely. When I enable the remote access option I get an error about double NAT. I checked and it’s not happening on my network, as my second router is set to AP mode. I found out that my ISP uses CGNAT and that’s probably what’s causing the issue.

So I setup a VPS with a wireguard tunnel and guessed that the traffic for plex would then make my server accessible, but I still can’t see it. I’ve opened port UDP 51820 on the VPS firewall, otherwise my server was unable to connect to the internet without it. Am I missing something else here? I read about needing to setup nginx but I thought the VPN tunnel would be enough?

Thanks

2

I setup nginx with the proxy_pass set to: 10.7.0.2 and I can now access it via browser. But when I try to access with the plex app, it still can’t connect to it.

3

If you don’t need the VPS for anything else and you only want to access plex, I would recommend using tailscale or cloudflare tunnels.

If you want a 3rd party free / selfhosted solution look at Headscale

It will (mostly) take care of routing and DNS for you.

4

If I use tailscale, do I need to have it installed on the client device to access the plex server?

5

yes

6

So what I want, is to be able to access the server without needing VPN client installed. I just need the VPS to get around CGNAT

7

i followed this guide and it works for me to punch though CGNAT dynamic DNS.

https://wiki.futo.org/index.php/Introduction_to_a_Self_Managed_Life:_a_13_hour_%26_28_minute_presentation_by_FUTO_software#Dynamic_DNS:_Setting_Up_FreeDNS

1 Like
8

What about if my VPS has a static ip already, do I need to use a dynamic DNS?

9

you still need some way to update the local IP address assigned to the your router (behind CG nat) to be propogated to the VPS.

10

I think I’ve fixed it and I don’t think anyone has documented a full guide on how to do it.

My setup is now as follows: Plex client → VPS → Nginx proxy manager → WireGuard VPN → Plex media server.

The things I did to fix it:

  • Remove port forwarding on router
  • Add Wireguard port to VPS port forwarding so server can access internet
  • Replace nginx with nginx proxy manager so SSL certificates can be used
  • Setup SSL certificate on proxy domain, otherwise Plex iOS app etc. won’t ever work remotely as it requires secure connection
  • Set forwarding hostname to the Wireguard client IP (not localhost or server ip)
  • Change Plex custom access URL to https://DOMAIN_NAME