Hi, I am new to setting up Twingate. Finally got everything working. I have had my port forwarded for my Plex server and a static IP address set up and has been running without issues. I wanted to try this in order to reduce the risk of port forwarding.
Once I got the network up and running, I deleted my port forwarding, but now cannot connect to PMS on my phone once turned off Wifi. Also, unable to connect on Wifi. I know I’m missing something here. Any help appreciated.
Thanks
Hi,
have you added the static local IP of your Plex Server as a Twingate Resource?
On your phone, once the Twingate Client is on, you wont be able to use the Plex app directly (as far as I know) but you will be able to point your browser to the local IP of your Plex server (and on port 32400 if you haven’t changed the default port) which will let you browse your own content and watch it from your device.
I’m still having issues using the Twingate app for IOS. I have been running PMS on docker with connectors deployed. Also set my local IP in Twingate. It’s also set to restrict traffic TCP and UDP on port 32400 and allow ICMP.
How can i get the app to work and also in general test that my PMS is working correctly on Twingate?
Thanks for any assistance
Hi @Mobes61,
I ran some tests and I believe I know what is going on in your case:
Twingate is a split tunnel solution which means you as the Administrator get to decide what traffic gets intercepted and tunneled through Twingate (let’s call this Twingate traffic) and which does not (let’s call this bypass traffic) by defining Resources.
In your case, it isn’t working because of a peculiarity of Plex itself: Plex does not allow for local authentication and instead relies on its own cloud servers for this.
When you are on Twingate on your iOS device and have a resource in Twingate for the local IP of your plex server, your browser sends a request to it on port 32400 (provided you use the default Plex port) but because authentication is not local and relies on plex’s own cloud servers and infrastructure, your local Plex server tells your device it needs to authenticate with plex first but because that part of the traffic is not covered by your existing Resource, it is bypass traffic and it breaks.
Taking a closer look at what FQDNs Plex actually uses, I can see analytics.plex.tv, clients.plex.tv, app.plex.tv and a few more: You can add those to Twingate traffic by creating a new Twingate Resource for *plex.tv (with no port restrictions):
This should allow you to authenticate and connect to Plex, I think.
Hi Bren
Hey sorry for the late reply. Have been busy. Thank you for the details. I think mostly makes sense. I want to take some more time with it and get back to you. Thanks again
