NAS Synology VPN Bypass Plex

Hi guys,

After several attempts, I finally got my dream setup to work -- and the solution is quite simple!

What this guide will do:

• All traffic from Synology Download Station will be through VPN.
• Direct connections, like Synology WEB GUI, SSH, Plex etc. will go through your regular WAN.
• All traffic will be Letencrypt SSL certified HTTPS

Make sure you have access to your NAS locally before switching on your VPN.
Also, make sure these ports are forwarded from your home Router to your NAS:

• 5001 (Synology Web GUI, HTTPS)
• 32400 (Plex)
• 80 (for Let's Encrypt verification)

Let's go

1. Connect your VPN connection from Network > Network Interface > i.e. "VPN - VyprVPN"
2. Check ON this bad ass mf option: Network > General > Advanced Settings (Gateway): Enable Multiple Gateways
3. Confirm that your Download Station is downloading with the correct VPN IP using this tool

Cool, eh?

Now, like me, you probably already have a domain set up to your dedicated ISP IP, say example.com.
So, heading over to https://example.com:5000 should be available to you, even if the NAS is connected to VPN.

Plex on the other hand is trying to AutoDiscover your VPN IP, which is why your Plex Media server won't be available through the Plex services. Though, you could access your Plex directly through https://example.com:32400

If you don't have SSL activated for your domain yet, let's do that first!

On your NAS:
1. Security > Certificate > Add
2. Next (Add a new certificate)
3. Next (Get a certificate from Let's Encrypt)
4. Download your certificate files.
5. Now, press Configure (within Security > Certificate) and set your fresh Letsencrypt certificate as Default.

To make Plex available by autodiscover and all your friends, do the following.

1. At your Plex Server settings, make sure you've specified ur public port manually (Server > Remote Access) to i.e. 32400.
2. Dont worry about Plex not reaching your server at this page. It never will as long as it tries to autodiscover your VPN IP.
3. Now, go to Server > Network. We're going to fill example.com into the "Custom certificate domain".

You also need to specify a value for "Custom certificate location".

1. Connect to your NAS via SSH
2. Open i.e. /volume1/Plex (wherever you've installed Plex)
3. Create a folder i.e. certificate
4. Using your File Station app at your NAS GUI, upload the certificate files you downloaded earlier directly to this folder.
5. Back into your shell, generate the pfx by writing the following:
   openssl pkcs12 -export -out domain.pfx -in cert.pem -inkey privkey.pem -certfile chain.pem -name "domain"
6. Head back over to your Plex > Server > Network and type in your complete pfx path
   ie. /volume1/Plex/certificate/domain.pfx
7. If you typed in any keyphrase, enter this into the "Custom certificate encryption key" field.
8. Further down on the same page, you'll see "Custom server access URLs". Add your domain https://example.com
9. Save changes.

Now, this should do the trick.

UPDATE

Even though the server is visible and accessible externally via app.plex.tv, streaming videos gets interrupted.
I suspect the "Custom server access URLs" are not working as intended.

I found this Plex forums thread: (Feature Request) Manually Enter Public IP Address

~~There is one small fix to this. I'll test it out for a couple of days and if it work I'll make a automatic script for it.

1. Using dig, you could dig A plex.tv
2. We're going to use all the IP addresses in the ;; ANSWER SECTION
3. SSH to your NAS and make a script.sh in your home directory.
4. Type route
5. Find your local network, i.e. 192.168.1.x and locate its Interface, i.e. ovs_eth1
6. Go into your script file vi script.sh (press i to start typing) and add a line for each IP from the ANSWER SECTION
7. ip route add X.X.X.0/24 via 192.168.1.1 dev ovs_eth1 (see example below)
8. Save your file (press esc, then : then wq then enter)
9. Confirm that traffic goes through correct interface traceroute -n -m 1 plex.tv
10. Double confirm that Plex discoveres the correct IP in Plex Server > Remote Access
11. Next to the manually specified port, press Retry to re-index your public IP.

Example of script.sh
ip route add 52.19.30.0/24 via 192.168.1.1 dev ovs_eth1
ip route add 34.253.32.0/24 via 192.168.1.1 dev ovs_eth1
ip route add 52.212.88.0/24 via 192.168.1.1 dev ovs_eth1
ip route add 34.241.247.0/24 via 192.168.1.1 dev ovs_eth1
ip route add 52.30.224.0/24 via 192.168.1.1 dev ovs_eth1
ip route add 54.171.211.0/24 via 192.168.1.1 dev ovs_eth1~~

UPDATE

I've made a simple script doing all the above for you.

1. Copy link of "Download Repository" for the https://bitbucket.org/shrty/plex-vpn-bypass/downloads/
2. wget the link to your NAS via SSH
3. Use 7z x file.zip to extract the repository
4. sh plex.sh inside the directory to generate routes. Follow the instructions. Feel free to check out the source

If you have remarks to this tutorial, please let me know in the comments so I can update it.