+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+--- Thread: remotely connected via openvpn - local but need it to be treated as remote (/t-remotely-connected-via-openvpn-local-but-need-it-to-be-treated-as-remote)
RE: remotely connected via openvpn - local but need it to be treated as remote - TheDreadPirate - 2024-12-12
This is the log I am looking for.
Code:
[2024-12-12 15:14:51.675 +00:00] [INF] User policy for "chenks". EnablePlaybackRemuxing: True EnableVideoPlaybackTranscoding: True EnableAudioPlaybackTranscoding: True
[2024-12-12 15:14:51.675 +00:00] [INF] RemoteClientBitrateLimit: 8000000, RemoteIP: "141.101.98.214", IsInLocalNetwork: FalseAs for still being remote when local, you need to enable "NAT loopback" on your router. This will tell the router to keep traffic local if a URL resolves to itself or another local device.
Your other option is to add custom DNS entries in your router that resolve your URL to the local IP of your jellyfin server.
You will need to add your router as a known proxy for NAT loopback. That field can support more than one address, comma separated.
You should also check if there is a setting in Infuse to NOT directly access media and to use Jellyfin's playback api.
RE: remotely connected via openvpn - local but need it to be treated as remote - chenks - 2024-12-12
(2024-12-12, 03:28 PM)TheDreadPirate Wrote: This is the log I am looking for.
Code:[2024-12-12 15:14:51.675 +00:00] [INF] User policy for "chenks". EnablePlaybackRemuxing: True EnableVideoPlaybackTranscoding: True EnableAudioPlaybackTranscoding: True
[2024-12-12 15:14:51.675 +00:00] [INF] RemoteClientBitrateLimit: 8000000, RemoteIP: "141.101.98.214", IsInLocalNetwork: False
As for still being remote when local, you need to enable "NAT loopback" on your router. This will tell the router to keep traffic local if a URL resolves to itself or another local device.
Your other option is to add custom DNS entries in your router that resolve your URL to the local IP of your jellyfin server.
You will need to add your router as a known proxy for NAT loopback. That field can support more than one address, comma separated.
You should also check if there is a setting in Infuse to NOT directly access media and to use Jellyfin's playback api.
hmmm, NAT Reflection was set to "system default" for the 2 port foward rules in opnsense for port 80 and 443.
i changed them both to "Enabled" and applied the changes.
tested Swiftin whilst local and it still applied the remote limiting rule to playback.
was the part about adding the router IP as a known proxy applicable to that or just if doing custom DNS entries?
RE: remotely connected via openvpn - local but need it to be treated as remote - TheDreadPirate - 2024-12-12
I, personally, prefer custom DNS entries. This way if your Internet connection goes out, DNS resolution for your jellyfin address will still work.
RE: remotely connected via openvpn - local but need it to be treated as remote - chenks - 2024-12-12
(2024-12-12, 03:46 PM)TheDreadPirate Wrote: I, personally, prefer custom DNS entries. This way if your Internet connection goes out, DNS resolution for your jellyfin address will still work.
ok i've added a host override in opensense for the domain (and subdomain) that i have.
set the override to point to my nginx local IP address (i assume that's correct).
i flushed the DNS on my laptop and now when pinging jellyfin.fubar.xyz is resolves to the local IP of nginx (previously it resolved to the WAN IP of cloudlfare), so i assume that is working correctly.
did you say i also then had to add the IP of my router to the known proxies in jellyfin as well? (which would be 192.168.50.1)
if that is correct i'll then test again using either Jellyfin Mobile or Swiftfin (both locally and remote) to see what happens.
i've also posted the question about endpoints etc over on the Infuse forum to see what they come back with.
RE: remotely connected via openvpn - local but need it to be treated as remote - TheDreadPirate - 2024-12-12
I THINK you only have to add the router to the known proxies for NAT loopback. I don't think you do for custom DNS entries since the router isn't acting as a proxy in that situation. Only in the NAT loopback situation.
RE: remotely connected via openvpn - local but need it to be treated as remote - chenks - 2024-12-12
Testing now seems to be doing what it should when using jellyfin mobile - playing full bitrate when local and restricted bitrate to 8Mbps when remote. This is when using the domain name with both connection methods.
Now I just need to try and get infuse to play ball.
Do I need to put in any extra protection now that my jellyfin instance is exposed to the Internet? Or is routing the domain name via cloudflare to nginx enough protection?
RE: remotely connected via openvpn - local but need it to be treated as remote - TheDreadPirate - 2024-12-12
Using cloudflare to proxy or tunnel video services is against their TOS. Nginx is the "protection". If you want to go the extra mile, you can setup fail2ban.
https://jellyfin.org/docs/general/networking/fail2ban/
RE: remotely connected via openvpn - local but need it to be treated as remote - chenks - 2024-12-12
Oops, never knew that, I just used it as an extra level of protection so that my own wan ip was “hidden”.
I don’t plan to use remote very often (probably just when on holidays), so will see what happens. Worst case I just have to set the nameservers back to the domain registrar and add the required A records.
RE: remotely connected via openvpn - local but need it to be treated as remote - TheDreadPirate - 2024-12-12
If your domain is set to "DNS only" in cloudflare, that is fine. It's only when you flip the switch to "Proxied" that it is a problem.