F5F Stay Refreshed Power Users Networks Connecting to Emby Media Server through a Tailscale VPN on a Roku Smart TV

Connecting to Emby Media Server through a Tailscale VPN on a Roku Smart TV

Connecting to Emby Media Server through a Tailscale VPN on a Roku Smart TV

I
IIlIlIIllIlI
Member
Find
61
02-18-2020, 10:16 AM
#1
Hi everyone. I’m running an Emby Media Server on TrueNAS Scale and need remote access for a family member. My ISP uses CGNAT, so port forwarding isn’t possible. I’ve set up pfSense with Tailscale as a subnet router, added custom DNS, and used Nginx Proxy Manager for HTTPS access via https://media.my.domain. This works well for devices running Tailscale, but my relative uses a Roku that doesn’t support Tailscale.

Currently, I forward traffic from his Roku to the local Pi via IP forwarding and a static route. The Pi handles the rest with Tailscale, which is convenient but doesn’t include DNS entries for a custom domain with HTTPS. It’s fine since everything passes through the VPN, but it limits my relative’s options.

I’m exploring ways to add HTTPS support without changing his router setup. My relative might also access it on his laptop, which would be better with a dedicated domain. I’ve considered installing Tailscale on a pfSense box, but that seems unnecessary and costly. Setting up Pi-Hole or AdGuard on the Pi could work, but I’m not sure how to manage DNS there.

I tried configuring Pi-Hole with Quad9 as secondary DNS, but it didn’t behave as expected—especially when the Pi failed. My router sometimes used Quad9 even when the Pi was online, which wasn’t ideal. Roku doesn’t allow me to manually set DNS servers, so I can’t just point it there.

NextDNS with custom entries is another option, though I haven’t tried it yet. The only supported method would be IP linking, which might not be straightforward. My ISP also uses CGNAT, which could interfere. Adding public DNS records that point to Emby’s private IP seems simple but feels risky.

I’m leaning toward using the IP address with HTTP for now, but I’ll check if others have better ideas. Thanks for any suggestions!
Reply
Reply
I
IIlIlIIllIlI
02-18-2020, 10:16 AM #1

Hi everyone. I’m running an Emby Media Server on TrueNAS Scale and need remote access for a family member. My ISP uses CGNAT, so port forwarding isn’t possible. I’ve set up pfSense with Tailscale as a subnet router, added custom DNS, and used Nginx Proxy Manager for HTTPS access via https://media.my.domain. This works well for devices running Tailscale, but my relative uses a Roku that doesn’t support Tailscale.

Currently, I forward traffic from his Roku to the local Pi via IP forwarding and a static route. The Pi handles the rest with Tailscale, which is convenient but doesn’t include DNS entries for a custom domain with HTTPS. It’s fine since everything passes through the VPN, but it limits my relative’s options.

I’m exploring ways to add HTTPS support without changing his router setup. My relative might also access it on his laptop, which would be better with a dedicated domain. I’ve considered installing Tailscale on a pfSense box, but that seems unnecessary and costly. Setting up Pi-Hole or AdGuard on the Pi could work, but I’m not sure how to manage DNS there.

I tried configuring Pi-Hole with Quad9 as secondary DNS, but it didn’t behave as expected—especially when the Pi failed. My router sometimes used Quad9 even when the Pi was online, which wasn’t ideal. Roku doesn’t allow me to manually set DNS servers, so I can’t just point it there.

NextDNS with custom entries is another option, though I haven’t tried it yet. The only supported method would be IP linking, which might not be straightforward. My ISP also uses CGNAT, which could interfere. Adding public DNS records that point to Emby’s private IP seems simple but feels risky.

I’m leaning toward using the IP address with HTTP for now, but I’ll check if others have better ideas. Thanks for any suggestions!

Reply
Reply
S
SwaggyTroll
Junior Member
Find
2
02-29-2020, 02:44 AM
#2
In such cases, ISPs often provide fixed IPv4 addresses (not behind CGNAT), usually costing between $5 to $15 per month based on location. Inquire with your provider about this choice. If it's offered and reasonably priced—though some target business users only—it can save you a lot of time and unnecessary complications.
Reply
Reply
S
SwaggyTroll
02-29-2020, 02:44 AM #2

In such cases, ISPs often provide fixed IPv4 addresses (not behind CGNAT), usually costing between $5 to $15 per month based on location. Inquire with your provider about this choice. If it's offered and reasonably priced—though some target business users only—it can save you a lot of time and unnecessary complications.

Reply
Reply
M
Matke04
Posting Freak
Find
825
03-01-2020, 03:36 PM
#3
Yes, they do, though it costs $20 each month.
Reply
Reply
M
Matke04
03-01-2020, 03:36 PM #3

Yes, they do, though it costs $20 each month.

Reply
Reply
P
ProjectShadow
Member
Find
187
03-01-2020, 10:32 PM
#4
The Roku TV allows manual input of network details, enabling you to configure it to connect via the Pi.
Reply
Reply
P
ProjectShadow
03-01-2020, 10:32 PM #4

The Roku TV allows manual input of network details, enabling you to configure it to connect via the Pi.

Reply
Reply
R
RomaxiGamerzYT
Member
Find
62
03-01-2020, 11:41 PM
#5
Not that I'm aware of. Just DHCP and even then it uses hardcoded DNS for some things.
Reply
Reply
R
RomaxiGamerzYT
03-01-2020, 11:41 PM #5

Not that I'm aware of. Just DHCP and even then it uses hardcoded DNS for some things.

Reply
Reply