Circumventing Network Bans with WireGuard
Before this week, it had been a long time since I visited the Plex subreddit.
I shared my last article there, which was a technical write-up of moving my Plex instance from a Hetzner auction server to a virtual machine running on hardware in my home network, and the considerations that influenced the migration.
It didn’t take long for me to realize that a culture of hostility towards even the mention of Hetzner or other cloud hosting providers has strongly taken root since Plex announced it’s blanket network ban on IP ranges associated with Hetzner data centers.
I saw many posts and comments of users asking about issues with their Plex instances that had for years been working without issue on Hetzner servers until this past October when Plex enacted their very poorly communicated network ban, which hit a significant number of customers like myself who had paid for a lifetime Plex Pass.
Although I myself am not pursuing this option for reasons outlined in my last article, I wanted to share a clear and detailed example of how to circumvent Plex’s ban on IPs originating from Hetzner data centers (because gatekeeping is for losers).
WireGuard VPN Connection Details⌗
This can work with any WireGuard VPN provider (even with your own WireGuard server on another machine!) but for the sake of simplicity I have chosen to use Mullvad as the reference in this tutorial.
- Go to mullvad.net and open an account
- This is actually a very cool process; no email, no details, they just provide you a secret account ID
- Once you have an account, navigate to “Add time to your
account”
- You can just add 1 month of time for 5 EUR if you want to try out the quality of their service
- Head over to the WireGuard Configuration page
- Select “Linux” and then hit “Generate key”
- Select a Country, City and Server for your exit location (bottom of the page)
- Scroll down a little more to hit “Download file” and get your authentication details
- You’ll only be able to do this once! Make sure you do it before you navigate away
At this point you’ll have a .conf
file containing the fields
Interface.PrivateKey
and Interface.Address
which you’ll need later.
Server Configuration⌗
Below is a fully annotated NixOS server configuration which sets some sane server defaults, configures SSH access, firewall rules, and brings up a Plex container which sends all outgoing requests through a WireGuard VPN using your new connection details.
This server configuration does not include hardware configuration, which is
naturally prone to variation, especially on auction servers, however it should
not be too difficult to adapt my
nixos-hetzner-robot-starter
template (video walkthrough) to
work with your server’s hardware.
If you have any questions or comments you can reach out to me on Twitter and Mastodon.
If you’re interested in what I read to come up with solutions like this one, you can subscribe to my Software Development RSS feed.
If you’d like to watch me writing code while explaining what I’m doing, you can also subscribe to my YouTube channel.
If you found this content valuable, or if you are a happy user of
komorebi
or my NixOS starter
templates, please consider sponsoring me on
GitHub or tipping me on
Ko-fi.
Mullvad and Hetzner: Please feel free to give me some free VPN time / compute power for all this free positive PR ;)