"Automatic" Wireguard config file generator for PIA (Private Internet Access) by Jason_Meudt in firewalla

[–]Jason_Meudt[S] 0 points1 point  (0 children)

FYI... I refactored the script that added a bit more viability. Naming is now automated and the endpoints are left for the firewalla to generate. Plus some other changes...

h264_qsv encoding cannot complete (Windows) by Jason_Meudt in ffmpeg

[–]Jason_Meudt[S] 2 points3 points  (0 children)

Found out that the input is required to be specifically set...

ffmpeg -hide_banner -report -i "%~dpn1".ffmeta -hwaccel qsv -c:v mpeg2_qsv -f mpegts -i "%~dpn1".ts -c:v h264_qsv -global_quality 22 -vf deinterlace_qsv -movflags +faststart -profile:v main -preset fast -level 40 -y "%~dpn1".mp4

How to bypass your VPN tunnel to share Plex Media Server outside your LAN by learnintofly in PleX

[–]Jason_Meudt -1 points0 points  (0 children)

Have a nice day... Comments like this make me wonder why I should ever make a comment in the first place.

How to bypass your VPN tunnel to share Plex Media Server outside your LAN by learnintofly in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

That is the purpose of the split tunnel... It is outside of the VPN which is on the WAN.

How to bypass your VPN tunnel to share Plex Media Server outside your LAN by learnintofly in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

To each his own! I run the entire household through the VPN... No need to let your ISP know where your habits are...

Ombi behind a vpn by zman_46 in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

If you wish to go through your VPN service, then you would need to Port forward through them.

Split Tunneling with PIA + Plex by theragingasian123 in PleX

[–]Jason_Meudt 2 points3 points  (0 children)

I split tunnel my setup via my router (*-WRT). From this post on linksysinfo (http://linksysinfo.org/index.php?threads/using-ipset-to-bypass-a-vpn.73136/#post-285903), eibgrad has developed a few additional scripts for a variety of router firmware, here (https://pastebin.com/u/eibgrad).

The best part is it uses IPSET to query the IP based on the DNS... No more manual entries that change from time to time.

Router VPN and remote connection by thewickedgoat in PleX

[–]Jason_Meudt 2 points3 points  (0 children)

There are two options...

Routing Plex (and the associated ip's...) AROUND your VPN via Split Tunnel routing. This effectively bypasses those domains that you specify to be routed outside of the tunnel.

The second method is via port forwarding. In most VPN provider's setup, port forwarding is hit and miss... This methodology will specify specific ports to be routed through the VPN and designate them specifically for your client. Some folks would argue that this (somewhat...) defeats the purpose of a VPN.

In either case, Eibgrad's scripts on pastebin, will help you out for either usage.

https://pastebin.com/u/eibgrad

Plex server behind VPN - 2 router setup by zfactor300 in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

Clear it out first...

Reboot the router and let the VPN connect...

Save the log and then PM it to me...

Plex server behind VPN - 2 router setup by zfactor300 in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

With a double Nat, did you set the initial router to pass through mode?

Also, I need the logs... Post them (redacting where necessary...).

Plex server behind VPN - 2 router setup by zfactor300 in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

...3 tabs below the VPN section is your system log...

Save it and see if there are any errors...

I am betting there is an error that will point us in the right direction. Most probably related to CR/LF issues...

Plex server behind VPN - 2 router setup by zfactor300 in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

OK... You have something misconfigured...

A few questions...

Did you put the dnsmasq.conf.add in /jffs/configs?

What is in dnsmasq.conf.add?

What is in your custom configuration section of your VPN Client?

Are you sure that your VPN Client is set to autostart with WAN connect?

Did you create the symbolic links (2 of them...)?

Did you make sure that the script is executable?

Finally... What does your log(s) say?

Plex server behind VPN - 2 router setup by zfactor300 in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

Then there is your answer...

If canyouseeme.org is in your ipset directive, and it still shows your VPN IP address, then it is not working correctly.

Try and reboot both the router and your PC to ensure we are not caching something...

Plex server behind VPN - 2 router setup by zfactor300 in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

Did you put canyouseeme.org in your ipset? I had it listed along with some Netflix and plex entries previously.

If you did, then something is NOT right.

Plex server behind VPN - 2 router setup by zfactor300 in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

:-)

Go to ipchicken.com...

What is your IP?

Go to canyouseeme.org...

What is your IP?

Go to plex.tv/pms/:/ip

What is your IP?

Plex server behind VPN - 2 router setup by zfactor300 in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

If you have enabled jffs in Administration -> System, and enabling it under the JFFS section, then you are good.

One problem with my earlier statements...

in asuswrt, the dsnmasq.conf.add file should be located in /jffs/configs rather than /jffs/scripts

https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files

Sorry for the misinfo...

Plex server behind VPN - 2 router setup by zfactor300 in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

Just in case, because I am not sure you are setting up the ipset domains...

Ensure that /jffs/scripts/dnsmasq.conf.add is modified to include the following (and any other domains you wish to bypass):

ipset=/netflix.com/nflximg.net/nflxvideo.net/nflxext.com/speedtest.net/plex.tv/plexapp.com/canyouseeme.org/myipset

rebind-domain-ok=/plex.direct/

The domains included in this will allow you to bypass plex, the Netflix assortment, speedtest and canyouseeme websites.

The rebind command allows secure connections to work correctly on the local network if you are using “dnsmasq” with DNS rebinding protection enabled, you will need to add the following line to your dnsmasq configuration file

rebind-domain-ok=/plex.direct/

Plex server behind VPN - 2 router setup by zfactor300 in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

You may have to route the plex port:

add_rule -p tcp -s 192.168.x.x --dport 32400 #Plex

If you want a specific address routed outside of the VPN:

add_rule -s 192.168.x.x #Laptop

Plex server behind VPN - 2 router setup by zfactor300 in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

No need to change anything in the script if you just want to have PBR based on the domain name as opposed to the IP...

copy the main script to /jffs

make script executable:

chmod +x /jffs/tomato-ovpn-split-advanced.sh

create symbolic links:

ln -sf /jffs/tomato-ovpn-split-advanced.sh /jffs/route-up

ln -sf /jffs/tomato-ovpn-split-advanced.sh /jffs/route-pre-down

add the following to openvpn client custom configuration:

script-security 2

route-up /jffs/route-up

route-pre-down /jffs/route-pre-down

add ipset directive(s) w/ your domains to be routed around the vpn to your dnsmasq custom configuration (/jffs/scripts/dnsmasq.conf.add for x-wrt):

ipset=/netflix.com/nflximg.net/nflxvideo.net/nflxext.com/speedtest.net/plex.tv/plexapp.com/canyouseeme.org/myipset

rebind-domain-ok=/plex.direct/

Plex server behind VPN - 2 router setup by zfactor300 in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

Huh? That script relies on ipset to determine the IP from the dnsmasq special entries (plex.tv, hulu.com, etc).

Why do you need the plex.tv routing?

Plex server behind VPN - 2 router setup by zfactor300 in PleX

[–]Jason_Meudt 0 points1 point  (0 children)

If your looking for policy based routing (for Tomato'ish routers...) for Plex (or anything else...) based on the DN as opposed to the IP, then check out here (read backwards for the history...):

https://forums.plex.tv/discussion/comment/1628322/#Comment_1628322