Plex remote access works out of the box with public IPv4 address and UPnP supported router. However, if you have only public IPv6 address, you may have trouble accessing your Plex server remotely. This guide will show you how to set up Plex remote access with a public IPv6 address on Windows.
- You have Plex Media Server running on Windows and you want to stream movies outside of home.
- Your ISP uses CGNAT for IPv4. Read Detecting Double-NAT for steps to check if you are behind CGNAT or Double NAT. No need to pay for a static public IPv4.
- Your ISP assigns public IPv6 address. Major ISPs including Jio and ACT in India provide public IPv6 addresses.
- In home router's admin panel, allow inbound TCP port 32400 on IPv6 firewall settings.
- Open Command Prompt and run
ipconfig /all
. Note down the IPv6 address of the network adapter connected to the internet. - In Plex Media Server settings, navigate to "Network" tab. Under "Custom server access URLs", enter
http://[your_ipv6_address]:32400
and save. - You should now be able to access your library from Plex apps outside of home network.
- Whenever your IPv6 address changes, you will have to update the URL in Plex settings manually.
This solution requires you to purchase a domain name and setup Let's Encrypt SSL certificate.
- Administrator access on Windows.
- A domain name with access to manage DNS records.
- Cloudflare account, free plan is sufficient.
- In home router's admin panel, allow inbound TCP port 32400 on IPv6 firewall settings.
- Use Cloudflare to manage DNS records for your domain. If you purchased domain from other registrar, follow this guide to switch to Cloudflare nameservers. Wait for your domain to be active on Cloudflare.
- Open Command Prompt and run
ipconfig /all
. Note down the IPv6 address of the network adapter connected to the internet. - In Cloudflare dashboard, navigate to DNS settings. Add an AAAA record with following details:
Name: plex IPv6 address: Your public IPv6 address TTL: 5 min Proxy status: DNS only
- In Plex Media Server settings, navigate to "Network" tab. Under "Custom server access URLs", enter
https://plex.yourdomain.com:32400
and save. - Setup DDNS tool to automatically update the AAAA record whenever your IPv6 address changes using below steps:
- Create a Cloudflare API token with Zone:DNS:Edit permission by following this guide. Note down the API token.
- Install DnsTube by following the steps in README. You may need to download and install dotnet from here for DnsTube to work.
- Extract the DnsTube package to a folder of your choice. Open a command prompt as Administrator and install the service using
install-service.bat
. - Once the service has started you can view the UI at the URL http://localhost:5666/index.html.
- In DnsTube UI "Settings" tab, enter the following details and save:
Email: Your Cloudflare account email Authorization Token: Your Cloudflare API token Protocol: IPv6 Update Interval: 300 min (how likely you think your IPv6 is going to change) Network Adapter: select the adapter connected to Internet, typically Wi-Fi.
- In DnsTube UI "Home" tab, wait for it to load DNS entries and select the checkbox next to the
plex.yourdomain.com
record you just created in Cloudflare dashboard.
- Setup Let's Encrypt SSL certificate with auto-renewal:
- Run the commands in Powershell to install win-acme.
dotnet nuget add source "https://api.nuget.org/v3/index.json" --name "nuget.org" dotnet tool install win-acme --global
- Follow the steps in win-acme documentation to setup Cloudflare plugin. Create another Cloudflare API token as per this documentation and note it down.
- Download the
pem2pfx.ps1
file from this gist and save it toC:\Users\yourusername\Desktop\plex\pem2pfx.ps1
. - Edit
pem2pfx.ps1
file. Replace path to desktop. Replace all occurences ofplex.yourdomain.com
with your domain name accordingly. Replace all occurences of123456
with a new password you want to use for the PFX file. - Open Powershell as Administrator. Run the command
wacs
to start the win-acme client. - Select the following options in win-acme TUI:
N: Create certificate (default settings) 2: Manual input Host: type "plex.yourdomain.com" and enter 6: [dns] Create verification records in Cloudflare DNS <Type Cloudflare API token in next menu and save it to vault> 2: PEM encoded files (Apache, nginx, etc.) File Path: C:\Users\yourusername\Desktop\plex\ <Type the password in console and save it to vault, this password should be the same as one in pem2pfx.ps1> 2: Start external script or program File: C:\Users\yourusername\Desktop\plex\pem2pfx.ps1
- By now, you should have a
plex.yourdomain.com.pfx
file inC:\Users\yourusername\Desktop\plex\
folder. - In Plex Media Server settings, navigate to "Network" tab. Set the following options and save:
Custom certificate location: C:\Users\yourusername\Desktop\plex\plex.yourdomain.com.pfx Custom certificate password: 123456 Custom certificate domain: plex.yourdomain.com
- Ensure wacs says "Scheduled task looks healthy" on startup.
- Run the commands in Powershell to install win-acme.
When you don't want dynamic DNS to run in the background, you can stop the DnsTube service. Open a command prompt as Administrator in DnsTube folder,
- To stop the service, run
stop-service.bat
. - To start the service, run
start-service.bat
.
Open a command prompt as Administrator in DnsTube folder, run uninstall-service.bat
.
For win-acme, launch Powershell as Administrator and start 'wacs'. Follow the TUI to revoke the certificates.
Hello,
not sure if this is the right channel but anyway. I am having troubles and have no idea what the problem is. It is not possible for me, to successfully follow this manual.
Specifically these steps
This one is only possible, if I start wacs with the argument --validation cloudflare
6: [dns] Create verification records in Cloudflare DNS
This part never comes, no matter what I do. It is completely skipped and for that reason, everything that relies on these files fails
_2: PEM encoded files (Apache, nginx, etc.)
File Path: C:\Users\BingBong\Desktop\plex_
<Type the password in console and save it to vault, this password should be the same as one in pem2pfx.ps1>
The external script also only works if I set the path for OpenSSL at the start of the powershell session
$env:path = $env:path + ";C:\Program Files\OpenSSL-Win64\bin"
2: Start external script or program
File: C:\Users\BingBong\Desktop\plex\pem2pfx.ps1
On another PC I tried as well but had to install .net first because this part here. Otherwise I had receive a cmdlet error
dotnet nuget add source "https://api.nuget.org/v3/index.json" --name "nuget.org"
I once did it get to work in the past but never again and that PC it worked on is gone. Is there another manual that covers this process on a virgin windows setup?
Thanks in advance.
Cheers