[SOLVED] - Post Upgrade - Plex Remote Access Issues

[GuruLee]

After upgrading from the latest 24.x to 25.1.3 yesterday, something is going on with my port forward NAT rule for Plex.
Plex shows remote access connected and green for about 3-5sec ,then it changes to 'Not available outside your network'.

Plex settings has always been setup with manual remote access port 32400.

Checking back on the Plex settings page regularly, it's evident that it's repeatedly flip-flopping, which is also evident with my Tautulli notification that monitors Plex remote access status.

Prior to upgrading my firewall, this was not an issue. All NAT and WAN interface rules are the same and no other known changes...

Changing NAT rule from TCP to TCP/UDP doesn't resolve it, which was a test as I know only TCP should be needed.

I am also not doing double NAT.

What's even more odd, I'm not able to reproduce any remote access issues with the Plex app when I simulate a remote connection on my cell phone cellular network or from a different ISP and geo. However, my remote friend is no longer able to connect the Plex from multiple devices.

Also when monitoring the firewall traffic, I see the inbound connections successfully being established on Port 32400/TCP and nothing's getting dropped.

[jim1985]

Does your ISP use IPv4 or IPv6?

[sarkyscouser]

At the very least I would recommend accessing plex via a reverse proxy.  Caddy is a simple reverse proxy to set up and handles certificates etc for you.  Yes you will need a domain and a ddns service (unless you have a static public IP address).

Alternatives are accessing over wireguard/tailscale or some people even use cloudflare tunnels, latter may be against cloudflares ToS but these options do not require any open ports.

If you search the plex and selfhosted subreddits you will find lots of posts on how to do these things and they will all be a step up from forwarding a port directly to plex.

[jim1985]

If your ISP is IPv4 only (as is mine) have a look at my post here: https://forum.opnsense.org/index.php?topic=45612.msg231178#msg231178


This solved many problems for me post upgrade, one of which was the same Plex remote access problem that you're experiencing

[GuruLee]

Does your ISP use IPv4 or IPv6?

IPv4

[GuruLee]

At the very least I would recommend accessing plex via a reverse proxy.  Caddy is a simple reverse proxy to set up and handles certificates etc for you.  Yes you will need a domain and a ddns service (unless you have a static public IP address).

Alternatives are accessing over wireguard/tailscale or some people even use cloudflare tunnels, latter may be against cloudflares ToS but these options do not require any open ports.

If you search the plex and selfhosted subreddits you will find lots of posts on how to do these things and they will all be a step up from forwarding a port directly to plex.

I've been port forwarding 32400 (no relay) for the last 7 years on my same static IP from ISP through Opnsense. So I'm very familiar.

I considered using my existing Swag/ngnix docker and switching Plex to direct on port 443,but I'm concerned about throughout limits with ngnix.

The only thing that changed was upgrading opnsense to 25.1 and now on 25.1.3

Any other suggestions?

[GuruLee]

If your ISP is IPv4 only (as is mine) have a look at my post here: https://forum.opnsense.org/index.php?topic=45612.msg231178#msg231178


This solved many problems for me post upgrade, one of which was the same Plex remote access problem that you're experiencing

Thank you for the heads up...
My IPv6 int setting is still properly set to none. The only other custom setting I have for my Wan interface is MTU size of 1492, which has been in place for several years.

[nodakbarnes]

Do you have a Plex subscription?

If not, may not pay to research this too much as they are removing remote streaming as a free option.

[meyergru]

Did you set the outside port manually via advanced options to the same port you used for the port forward in Plex?

[GuruLee]

Do you have a Plex subscription?

If not, may not pay to research this too much as they are removing remote streaming as a free option.

Yes, I'm a Plex Pass user for the last 10 years, not the issue.

[GuruLee]

Did you set the outside port manually via advanced options to the same port you used for the port forward in Plex?

Yes, I stated this the setup in my earlier post in this thread.

[meyergru]

No you did not. You stated that you used a port forward. The manual port setup is hidden in Plex unless you check the box.

[GuruLee]

All seems to point to the Plex side of things, as all looks well and good on the Opnsense side.
But just very much a coincidence this issue started happening right after the upgrade to 25.1 and persists after incremental updates to 25.1.3.

This is my Opnsense settings for Plex NAT and Port Forward, can some validate this for me?
=================
Firewall -> Nat -> Port Forward
From this page click + (add)
No RDR: unchecked
Interface: WAN
TCP/IP Version: IPv4
Protocol: TCP
Source: Any
Source Port Range: any/any
Destination: WAN Address
Destination port range: (other) 32400/32400
Redirect target IP: Plex server internal IP
Redirect target port: (other) 32400
Pool Options: Default
Description: Plex Media Server
NAT Reflection: Enable
Filter Rule Association: Pass

Firewall-> Settings -> Advanced
Reflection for port forwards: checked
Reflection for 1:1: checked
Automatic outbound NAT for Reflection: checked
Firewall Optimization: normal
=================
I posted my issue as well on the Plex forums here:
https://forums.plex.tv/t/plex-remote-access-repeatedly-enabled-disabled-bouncing/910647

[GuruLee]

I tried with NAT reflection enabled and disabled, no resolution.

Toggled these settings:
NAT Rule:
NAT Reflection: Enable / Disabled
Filter Rule Association: Pass / none

Firewall-> Settings -> Advanced
Reflection for port forwards: checked / unchecked
Reflection for 1:1: checked / unchecked
Automatic outbound NAT for Reflection: checked / unchecked
Firewall Optimization: normal

=====
I'm stumped on what broke this after years of no issue...

[cookiemonster]

The port forward settings look right for a port forward to a specific port, and this:

What's even more odd, I'm not able to reproduce any remote access issues with the Plex app when I simulate a remote connection on my cell phone cellular network or from a different ISP and geo. However, my remote friend is no longer able to connect the Plex from multiple devices.

Also when monitoring the firewall traffic, I see the inbound connections successfully being established on Port 32400/TCP and nothing's getting dropped.

suggests that it is working fine. Maybe either plex side, or your friend's side has a problem.