De1taE1even

I found this post because I had a similar issue. I saw that the Lime version of PMS had an update available, so I applied it, and when the docker container restarted, I couldn't get to the Plex UI and I saw the same "user not found" errors in the docker log. My solution was to use the video referenced above to use the official plex container instead. Followed the directions in the video and now my server is up and running again, no issues.

Thanks! I'll check that out. My whole house is wired, so bandwidth isn't an issue. Sent from my SAMSUNG-SM-N920A using Tapatalk

Should be plug-n-play.

Ah, gotcha. Didn't think about that. I was more worried about it from a system stability standpoint, but I didn't even think about having trouble booting from that card. Thanks for the info!

Sorry, maybe you misunderstood my question. Since I only have one USB bus, I was thinking about installing a legacy pci USB card to run unRAID off of, so that I can pass through my one USB bus to the VM. The legacy pci bus wouldn't get passed through. I was just wondering if I'd be asking for trouble by running unRAID off of a legacy pci-usb card.

Forwarding the onboard audio device to the VM shouldn't be an issue. My mobo has 2 sound devices, the one on the mobo itself, and the one supplied by the cpu. I also have an audio device from my GTX1070 (the one you said you didn't want to use). All 3 are available to forward to the VM. I never tried the intel one from my cpu, but I've gone back and forth between the Intel 9 series device and the GTX1070 audio controller, and both worked. Yep, as long as you have a second USB controller that your unRAID USB isn't using, you should be able to forward that bus to the VM. The newer versions of unRAID have made that even easier as well. If you look at the above screenshot, you'll see that my USB bus is selectable to forward to the VM. Nothing wrong with using a PCIe SATA controller, but I'd make sure it's a chip that has been known to be compatible. Check the lime-tech wiki for compatible devices. I have personally never passed through an entire SATA bus to a VM, but I know others have. If the PCIe slot and your SATA controller share the same bus (they sometimes do), you might have trouble getting this going, but I don't have much experience here, so someone else could chime in for a definitive answer. Yep, you should have no trouble here. I've had no issues with my 1070.

Hey all, I was trying to get a USB bus forwarded to a Windows VM on my backup server, but I'm having issues. My AsRock mobo only has 1 useable usb bus, so I can't forward it to my VM, since my unRAID flash has to utilize usb. I tried everything, including overriding ACS. My mobo's BIOS settings didn't help either. From the research I've done, it's actually not AsRock's fault. The H97 chipset is to blame evidently. If you want to utilize both usb 2.0 and 3.0 ports, the chipset automatically uses EHCI for all ports. There is evidently no way to force the mobo to use XHCI for 2.0 and EHCI for 3.0. That scenario simply isn't supported by the chipset. So, I don't know of a way around it. I searched around the forum a bit, and popular suggestion was to add a pcie usb card and forward that to the VM. Great! I even have one of those cards laying around! Well, I thought it was great until I realized I don't have an open pcie slot in my mobo! The only open slot I have in the mobo is an old-school PCI slot, which brings me to the question in the subject line. Is there any problem buying a PCI USB 2.0 card, and running the unRAID flash drive off of it, so that I can forward the EHCI bus to the VM? Thanks.

That's a good way to describe the two scenarios/methods. Right now I have no desire to do things like watch video, stream audio, transfer large files, etc, so the TeamViewer option is appealing, and I'll play with that a bit. I'm still going to get the VPN set up and play with it as well, just because, well, I can. I'll be using pfSense as soon as the NIC I bought comes in, and it'll be fun to play with and learn about. Again thanks to everyone for all the info. My picture is much clearer now.

Yeah I was realizing that as I was googling just now, but thanks for the clarification. I think I'm going to play around with both OpenVPN, and with a free PC remote access program (even if it's a Go To PC free trial), and decide between the 2. The one thing I don't want to do, for all the reasons I already knew, along with the ones provided by you guys, is having to expose ports at the router level, and trust my applications to handle security.

This is where I just want to bang my head against a wall. I never even thought to use a service like Go To PC, Citrix, etc to connect to my Win10 VM, vs direct access to the network. The most pathetic thing is we use services like these at work every friggin day, so yeah, I feel a bit dumb right now. Seems like these services might not be quite as secure, but maybe that isn't a deal-breaker as long as I have a reasonable amount of confidence that my home network won't get compromised.

Great point, I probably should have been more clear. I want access to all the web ui content, from the unRAID webfront, to sickbeard, sab, deluge, etc. I don't necessarily need "direct", or "command line" access to unRAID, but correct me if I'm wrong, if I have access to my Windows VM, what would keep me from opening up a putty session from there and logging into my unRAID machine? Seems like giving myself access to my Windows VM would be giving me access (in one form or another) to EVERYTHING.

Also within the reddit post I linked to, there was mention of using the Microsoft RDP protocol. I have a W10 Pro VM running 24/7 at home, so if there's a way to use RDP for remote access, that is secure, that could be an option as well. Of course, that would also require client software as well, so I don't know what I'm really buying myself at that point. Just another thing to research I guess.

Fair enough, thanks. If VPN is the obvious, easiest, borderline only right choice, then I'm all for it. I'm not opposed to VPN, it's just that there's an appeal to being able to use any internet-connected device, and route to https://www.mydomain.com/myProperlyRoutedService without having to deal with a VPN client first. Just wishful thinking. I also ran across this reddit thread that has a lot of useful information intertwined with the bickering between a couple posters: https://www.reddit.com/r/usenet/comments/2fevzc/nzb_360_users_how_have_you_configured_your_setup/#bottom-comments I guess it's just my pathetically simple-minded attitude that keeps getting in my way. At a high level, it just seems like you could have something between your router and the outside world (or be built into the router), that would provide robust authentication before allowing access to anything within your internal network, without having to rely on client software. Internet-connected device -> hit external ip or ddns url -> authenticate with home network firewall/authentication service with user and/or certificate authentication -> access to the goodies. I wouldn't think the goodies would need to be individually secured, because we've already determined authentication. Again, this thought process MUST be naive because if it were that easy, everyone would be doing it!

I have another related question and maybe it justifies its own thread, but I'll ask here first since we're on the subject. At work we use certificate authentication for most of our access, with some systems only requiring basic auth (username/password), and others requiring both. Is there a way to set up my home network to be exposed to the outer world (scary, I know), but be protected behind both certificate and basic authentication (two-factor authentication)? Seems like there could be an easier, yet still secure, way to gain access to my home network, other than VPN. Admittedly, there isn't much info on this thought, so I'm guessing many people much smarter than I would have done this already, if it were "remotely possible" (haha nerd puns). Thoughts? Thanks again.

Great! When I was talking about having my own domain, this is what I was thinking.

While I can't tell you how to do this anymore (it's been too long since I've used a setup like this), it is possible to set it up to only route traffic intended for your internal network into the VPN. Main benefit is you don't pass all your internet traffic over the VPN (which isn't necessary if all you're doing is trying to access your home network) so you get the performance benefit of normal internet traffic going out directly from your client and only traffic intended to hit your home network over your VPN. (this also lets you do things like access your home network and your work network at the same time, otherwise all traffic gets routed over your home network and you lose access to your internal corporate network) Google "vpn split tunneling" to look up information on this topic. YES, this would be great, I'll research it for sure, thanks!

Thanks. I use OpenVPN on a mixture of iPhone, Android tablet, and Windows 10 laptop clients. To answer your question - When the VPN is connected through, then all of the network traffic to of from the remote client will go through the VPN connection to your home router. Traffic to and from the outside world then goes straight from your router via its own NAT (network address translation) and firewall to the internet as provided by your ISP. The remote client will be given an IP address based on how you've set up the VPN in the OpenVPN advanced Settings in the router. So that address may be something like 10.8.0.2. To access your server, you could access it by it's local IP address on your home network (192.168.0.xx, for example), and that connection is then not exposed to the internet. Another way to look at is is that the remote VPN connection is almost just like any other device plugged into one of the Ethernet ports on your router, and it can see everything else on your home network. AWESOME, thank you. This is exactly what I was unsure about. Thanks for the clear explanation. It sure would be nice if you could somehow configure the VPN to only route certain requests through the VPN, like how you can specify a proxy connection with whitelists/blacklists, but I get how this concept wouldn't really work with a VPN.

Right! I always thought that if my stuff ran 24/7, that my dynamic IP wouldn't change, but I've seen in the past that it does. Admittedly, I haven't paid close attention to it, and maybe it hasn't changed in a while. I do still like the appeal of having my own domain though!

Yes! I know my way around computers and electronics pretty well for the most part, but I'm pretty ignorant with networking protocols, traffic monitoring, security, etc. I'm looking forward to changing that, at least a little bit.

Jeez, I'm an idiot. I spent all that time putting that post together, only to realize that S80_UK, you're the ONE THAT REPLIED! Here I am, quoting you, then mentioning you in my reply, like you're two different people. Ugh, I need some coffee. Hope you can navigate through my idiocy, and thanks again for the info.

No no, I'm grasping, but it's good to get confirmation. I always knew opening up access to unRAID without a secure VPN was a bad idea, which was what I was eluding to in my previous comment. Seems like that's what S80_UK is doing, unless I missed something, which is why I asked about it. He very well may be running a VPN server and just didn't mention it. Regarding third party VPN user for untraceable IP, that was just a thought, nothing I'll be getting very far into for now. I figured it wasn't the most secure concept, but good looking out, I'll be careful if I end up finding a use for it. I was simply saying that I bet I have the same firmware in my ASUS router that S80_UK is using, so I could set mine up similar to his. I plan to use ASUS's firmware to run OpenVPN and a DNS provider, just to get me started. I'll also be diving into pfSense in the mean time. This is what I'll be playing with. I got the router set up to use OpenVPN, and have my config token ready. Tying back to my original question(s), where I'm ignorant is how (and when) the VPN is doing what it's doing. Getting it set up and working is easy enough, but I was curious, at the client end, what's going on when you set up the secure connection to the VPN server, ie, is the VPN connection ONLY used for routing traffic to/from my VPN server, or is all traffic being routed through that connection. It absolutely does.

For what it's worth, I have the Asus RT-AC68U and I use no-ip.com which is one of the providers supported by the Asus firmware. It works well enough for my needs, which are mainly remote access to home when travelling or sometimes from work. I have the RT-AC66R, so we're using the same firmware I'm sure. That doesn't make you nervous from a security standpoint? I thought opening up external access to unraid wasn't considered a good idea, which is why I was looking into VPNs.

Exactly!

Really depends on what exactly you want to do, and how much you enjoy learning and tinkering vs just using the end product. I enjoy tinkering much more than using the end product, often to a fault.

Coincidentally, I see that my ASUS router supports a few DDNS providers, as well as having their own. I'll start there just to play around. I'll still probably go with a more fully-featured provider, where I can do things like use my own domain, have subdomains, etc. Technically this means that I wouldn't need pfSense either (my ASUS router has some DNS provider and VPN functionality), but I'm going to do that anyways, because I have the spare hardware, and hey, why not? WRT VPN from work, I've mentioned it to IT and I don't think it'll be a problem.