Nagi2288 0 Posted ... (edited) Hi everyone, I'm sorry if this has been asked before, I have been searching for a solution for hours and hours without any luck. If anyone knows or can point me to the right direction, it'll be greatly appreciated. My problem is that I want to access Plex remotely through AirVPN. Why? Because my ISP has double NAT and remote access is impossible without paying extra for static IP. I am using Unraid with Plex having it's own IP at 192.168.50.101 Router is Asus GT-AX11000 with latest Asuswrt-Merlin firmware. Here are the steps I have taken. Create a port through AirVPN Client Area, port is XXXXX Tunnel traffic from 192.168.50.101 through one of AirVPN's servers SSH to router, and add a nat-start file in /jffs/scripts Reboot, script is verified to run from /jffs/syslog.log Test port through AirVPN Client Area Testing the port fails with timeout errors. nat-start script: #!/bin/sh iptables -I FORWARD -i br0 -o tun11 -j ACCEPT iptables -I FORWARD -i tun11 -o br0 -j ACCEPT iptables -I FORWARD -i br0 -o vlan1 -j DROP iptables -I INPUT -i tun11 -j REJECT iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE iptables -I FORWARD -i tun11 -p udp -d 192.168.50.101 --dport XXXXX -j ACCEPT iptables -I FORWARD -i tun11 -p tcp -d 192.168.50.101 --dport XXXXX -j ACCEPT iptables -t nat -I PREROUTING -i tun11 -p tcp --dport XXXXX -j DNAT --to-destination 192.168.50.101:32400 iptables -t nat -I PREROUTING -i tun11 -p udp --dport XXXXX -j DNAT --to-destination 192.168.50.101:32400 tun11 should be the right interface, from what I've read it should correspond to OVPN1. There's also tun12, which I assume is OVPN2. Edited ... by Nagi2288 Quote Share this post Link to post
OpenSourcerer 1441 Posted ... On 7/5/2022 at 3:03 PM, Nagi2288 said: Why? Because my ISP has double NAT and remote access is impossible without paying extra for static IP. Have you considered using Dynamic DNS? Like https://www.nsupdate.info/. I think this will solve your problem without the need for any VPN, it just complicates things. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
go558a83nk 364 Posted ... On 7/5/2022 at 8:03 AM, Nagi2288 said: Hi everyone, I'm sorry if this has been asked before, I have been searching for a solution for hours and hours without any luck. If anyone knows or can point me to the right direction, it'll be greatly appreciated. My problem is that I want to access Plex remotely through AirVPN. Why? Because my ISP has double NAT and remote access is impossible without paying extra for static IP. I am using Unraid with Plex having it's own IP at 192.168.50.101 Router is Asus GT-AX11000 with latest Asuswrt-Merlin firmware. Here are the steps I have taken. Create a port through AirVPN Client Area, port is XXXXX Tunnel traffic from 192.168.50.101 through one of AirVPN's servers SSH to router, and add a nat-start file in /jffs/scripts Reboot, script is verified to run from /jffs/syslog.log Test port through AirVPN Client Area Testing the port fails with timeout errors. nat-start script: #!/bin/sh iptables -I FORWARD -i br0 -o tun11 -j ACCEPT iptables -I FORWARD -i tun11 -o br0 -j ACCEPT iptables -I FORWARD -i br0 -o vlan1 -j DROP iptables -I INPUT -i tun11 -j REJECT iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE iptables -I FORWARD -i tun11 -p udp -d 192.168.50.101 --dport XXXXX -j ACCEPT iptables -I FORWARD -i tun11 -p tcp -d 192.168.50.101 --dport XXXXX -j ACCEPT iptables -t nat -I PREROUTING -i tun11 -p tcp --dport XXXXX -j DNAT --to-destination 192.168.50.101:32400 iptables -t nat -I PREROUTING -i tun11 -p udp --dport XXXXX -j DNAT --to-destination 192.168.50.101:32400 tun11 should be the right interface, from what I've read it should correspond to OVPN1. There's also tun12, which I assume is OVPN2. Just type "ifconfig" at the ssh command line to see a list of the network interfaces to see which one your openvpn client is using. Your port forwarding rules don't seem to be following this guide. XXXXX isn't a port and the to-destination IP is just an IP not IP and port like you have it. If you change XXXXX to 32400 things will probably work since that's plex's default port. Quote Share this post Link to post
cheapsheep 6 Posted ... On 7/5/2022 at 3:03 PM, Nagi2288 said: nat-start script: Have you made sure that the script is executable ? chmod a+rx /jffs/scripts/* These rules should be sufficient (adjust tun and port(s)): iptables -I FORWARD -i tunXX -p udp --dport XXXXX -j ACCEPT iptables -I FORWARD -i tunXX -p tcp --dport XXXXX -j ACCEPT iptables -t nat -I PREROUTING -i tunXX -p tcp --dport XXXXX -j DNAT --to-destination 192.168.50.101:XXXXX iptables -t nat -I PREROUTING -i tunXX -p udp --dport XXXXX -j DNAT --to-destination 192.168.50.101:XXXXX Make sure you have also enabled port forwarding in the GUI (WAN->Port Forwarding). If everything went successful, you should be able to see your forwarded port there. Quote Share this post Link to post