I have an ubuntu media server with Plex, Mullvad and qBittorrent installed.
When I start up the machine all three auto start as intended include a full system VPN with Mullvad. However I want to exclude Plex from the VPN using the split tunneling feature of Mullvad. My current conundrum is you have to manually exclude Plex from the VPN using the Mullvad interface each time it restarts. This is unlike windows which has a toggle that stay on or off even after a restart. Does anyone know of a way to automate this process?
I’ve seen this question asked a few times but no concrete answer could be found (Source 1 / Source 2). For reference I’m fairly inexperienced with Linux and am trying my best to learn.
I’m also pretty inexperienced with linux, but I’ve come up with a solution that uses the mullvad split-tunnel CLI commands that works for me.
This is all on Ubuntu 24.04.1 LTS for the record.
I have a script in my home directory that determines the main PID of the plex process and adds it as an exclusion:
~/split_tunnel_plex.sh:
#!/bin/bash
# Get the status of Plex Media Server
status=$(systemctl status plexmediaserver)
# Extract the PID
pid=$(echo "$status" | grep 'Main PID' | awk '{print $3}')
# Add the PID to the Mullvad split tunnel
mullvad split-tunnel add $pid
Then I created a service to run the script at the correct time each boot:
/etc/systemd/system/plex_mullvad.service:
[Unit]
Description=Run script after Plex and Mullvad have started
After=plexmediaserver.service mullvad-daemon.service
[Service]
ExecStart=/home/MY_USERNAME_HERE/split_tunnel_plex.sh
[Install]
WantedBy=multi-user.target
Make sure the service is enabled:
sudo systemctl enable plex_mullvad.service
After rebooting, check to see if the process is excluded with mullvad split-tunnel list. I noticed there are actually 4 processes that are excluded but they all belong to plex. My best guess is that when an excluded process spawns another process it’s automatically excluded as well, but don’t quote me on that.
So even before your comment I was able to get to the systemctl file which I’m quite proud of! That being said I used the below command as the --full option told me not to edit that file and to use the below command instead (also didn’t need the dashes between the “plexmediaserver” bit in my case. The dashes caused it to not find the file.
sudo systemctl edit plexmediaserver
That being said, I’m presented with this screen which is very close to what you describe. the only issue is the commented out ExecStart line (green dot) seems totally different. It almost looks like I should be making a copy of the purple dot and then having that text (without the #) in the orange area up on top? Either that or use the below line in the orange box
Tried to follow this but nothing seems to happen there’s nothing excluded when checking with “mullvad split-tunnel list”. I tried just running the script but it still didnt add anything to the list.
Was plex definitely running when you ran the script? I forgot that I had to set up a different service to ensure plex starts automatically, before logging in.
You can try running the commands one at a time to see where the problem might be. Maybe the format returned from `systemctl status plexmediaserver` is different on my system vs yours and the step to extract the PID fails.
# /etc/systemd/system/plexmediaserver.service
# DO NOT EDIT THIS FILE DIRECTLY!
#
# Plex Media Server’s variables can be customized by creating an ‘overide.conf’
# file using ‘systemctl edit plexmediaserver’ which will create the following;
# /etc/systemd/system/plexmediaserver.service.d/override.conf
#
# An example of the override.conf would be as follows if you wished to edit
# your user, group, temp directory, or app support directory (without the leading #)
#
# [Service]
# Environment=“TMPDIR=/path/to/new/tmp”
# Environment=“PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=/home/myusername/Library/Application Support”
# User=myusername
# Group=mygroup
#
Thanks for the help. Got it working couple differences though for anyone else trying to follow along in the future. I had to change the command for getting the status to status=$(systemctl status snap.plexmediaserver.plexmediaserver). As that was the only plex service I had. Also after rebooting and checking if the PID was excluded 6 actually showed up. Plex also says it isnt reachable from outside the network but taking my phone off wifi I was still able to connect. I dont know if any of these differences are related to the fact that this is all inside a VM on proxmox but it works for me.
Thanks for such a wonderful reply! TheGratitudeBot has been reading millions of comments in the past few weeks, and you’ve just made the list of some of the most grateful redditors this week! Thanks for making Reddit a wonderful place to be
Still no dice with this. I added the above code to the orange area and Ctrl+X and “Y” to save it. I know it’s not working because Plex give an error saying it’s not available outside network with the VPN on and when I turn the VPN off, Plex is all green and “Fully accessible outside your network”. Hmmm the conundrum continues!
I eventually solved this by have a qbittorrent docker container and a gluetun docker container though mullvad and just running them together in isolation so everything else is excluded BUT qBittorrent instead of trying to add an exceptions. I appreciate the help though!
