A Guide to Using Plex with ExpressVPN (Bypass It) and Avoid the Giant Headaches Accompanied by Trying to "Split Tunnel" (apologies for image, only way to get submitted)

Ended up just editing my original comment with a link to the pastebin I created for this. Tested out what a “pastebin” link type post looks like, and unfortunately it doesn’t pull any of the textual content from the external link “into” the OP…which means that nothing but the title of the post will “count” towards being indexed in search results.

At least with the image post being the actual “content” of the post, Google uses OCR (optical character recognition) as the actual content of the post, so at least this way the title AND content of the post (despite being an image) will count towards users finding it when searching, and can then use the PasteBin link I added (thanks to you and your good idea!) for following along and copy/pasting.

Sounds like that falls under the 1%

You’re correct, but that’s not even what I was saying. I said “the MOST secure,” not “secure enough.”

Can you help me understand why a vpn is necessary above and beyond the 2fa and existing plex security in your situation?

I understand that you’re saying that it’s “the most secure” approach, but I don’t understand how this extra layer adds any actual additional security. It might give the perception of additional security but there’s a point where the extra effort required to get additional security isn’t warranted or justified.

Do you have actual use cases in mind that your approach guards against that the existing plex 2fa and https doesn’t? As far as I can see, all the vpn is doing in your case is presenting a different ip address to plex.tv, which provides that ip address to the client attempting to connect.

Your actual external ip address is still exposed to the internet, but perhaps port 32400 isn’t if you use a VPN and therefore that makes you think you’re more secure?

But that’s not really true anyway. If you route plex through a vpn then it’s the vpn’s ip address and port 32400 that’s exposed to the internet, which is in essence your plex server anyway - it’s just not on your own external ip address. And there’s no difference between the two.

But I don’t see how that makes any real difference anyway unless there is an exploit discovered on that port and thus on the plex server. And while that may one day happen, that’s also true for any port, but at least with the plex port you have a company that would take action immediately to remedy it.

The only other aspect of using a vpn’s address instead of your own is that your server appears to be in a different geography or location. That doesn’t make it any more or less secure though. It may hide your true location from plex.tv, but if plex.tv wants to know where you really are all they have to do is ask their code running on your server.

With all the added complexity that you’ve demonstrated in your post, and the problems and effort required to get it working and troubleshooting it when it fails, it’s hard to see how this approach is giving you any real additional security at all.

In fact, it’s far more likely that during all of the effort you went through to try to get this working, you accidentally weakened your security in other ways. It’s common to make unintended changes to configurations during troubleshooting that don’t get fixed after the problem is solved, and the system then remains in an unstable state from then on.

I’m interested to hear what you see as true additional security and benefits of having your plex server accessed through a vpn, beyond simply a perception or belief that it’s more secure.