This guide goes over everything you need for setting up AirVPN on Windows with ports for Plex and qBittorrent as well as optionally installing WireSock client for users who want app split tunneling.

*The original guide was deleted so I’m reposting since people are still looking for it.*

Create your AirVPN ports:

1. Login to AirVPN and create your devices (e.g., PC-1, Mobile-2, etc.).
2. Visit https://airvpn.org/ports/ and request a new port for Plex and qBittorrent.
3. In the notes section, name them as Plex and qBit.
4. In the device section, select the device you created from step 1.
5. For the Plex port, set the protocol to TCP only, and leave the rest of the settings as default.

If you don’t need app split tunneling you can download and install the AirVPN windows client https://airvpn.org/download/, then skip the optional steps below.

Otherwise see the following sections for setting up WireSock.

​

(Optional) Setup WireSock, WireSockUI, and your WireGuard config files:

1. Download and install WireSock: https://www.wiresock.net/
2. Download WireSockUI: https://github.com/wiresock/WireSockUI/releases. For Windows 10/11 users, download the AnyCPU .zip file. For older systems (Windows 7/8), download the AnyCPU no-uwp .zip file.
3. Extract the files to a folder of your choice. Note that there is no installer for WireSockUI.
4. Open the “WireSockUI.exe.config” file in a text editor (e.g., Notepad++) and set the following fields to True: AutoConnect, AutoRun, AutoMinimize, AutoUpdate, UseAdapter.
5. Generate your WireGuard config files by going to https://airvpn.org/generator/. Select Wireguard and choose your device. Select the servers you want to connect to and download the config files. My recommendation would be to download a config for your country and also all the configs for the city nearest to you. The nearest city will almost always give the best performance. If you have fast internet (1gbs+) I would recommend also downloading the config for the nearest 10gbit server.
6. Extract the config files to a temporary folder for editing. Open them in a text editor like Notepad++.
7. To allow local connections (e.g., Plex), add the line DisallowedIPs = 192.168.0.0/24 under the “AllowedIPs” line in each config file. If your subnet is something other than 192.168… then you can change it accordingly. If you’re not sure what to enter here you can use ipconfig in command prompt to find your default gateway. Add any other IPs here that you want to run outside the VPN connection. Note, the block 192.168.0.0/24 would include all IPs between 192.168.0.0 - 192.168.0.255. So if you have a different subnet address such as 192.168.1.0 or you need to open different IP ranges you can use this tool to help you figure out which block to use. Your subnet is generally the IP you use to login to your router followed by /24.
8. To exclude specific apps or folders from the VPN connection, add a line at the bottom of the config file: DisallowedApps = C:\path\to\file1.exe, C:\path\to\file2.exe, C:\path\to\folder1\, C:\path\to\folder2\. One thing I like to exclude is the windows printer service: C:\Windows\System32\spoolsv.exe. If you’re a gamer, some other ones you can add are the Steam and Epic Games folders: C:\Program Files\Steam\steamapps\common\, C:\Program Files\Epic Games\.
9. Save the edited config files.
10. Run “WireSockUI.exe”.
11. Add a tunnel and import all your config files.
12. Once imported, you can delete the original config files as they will have been copied to a new folder.
13. To edit the new config files, open the config files folder at the bottom right of the WireSockUI menu.
14. Open the settings menu in WireSockUI and ensure the following fields are enabled: AutoConnect, AutoRun, AutoMinimize, AutoUpdate, UseAdapter. Click Save.
15. You can now connect to the VPN by selecting any of your config files and clicking “Activate”.
16. To switch between servers, right-click the WireSock icon in the system tray.

Binding your network interface in qBittorrent:

• Open qBittorrent and go to Options > Advanced > Network Interface.
  • For WireSock set the network adapter to “Local Area Connection” or “WireSock”.
  • For AirVPN client it might be any variation of the following: Local Area Connection, Network Connection 3, utun0, tun1, TAP-windows adapter etc. (maybe someone could post in the comments what it was for you)
• To verify that it’s working correctly, you can use tools like https://ipleak.net/, http://checkmyip.torrentprivacy.com/, https://www.whatismyip.net/tools/torrent-ip-checker/, or legal torrents. When WireSock is not connected, all connections in qBit should stop.

Add your ports to Plex and qBittorrent:

1. In your Plex remote access settings, add the port assigned to you.
2. In qBittorrent, go to options > connection and add the port assigned to you.

Add a Windows firewall rule for your Plex port:

1. Click on the Windows icon.
2. Type wf.msc and hit Enter.
3. Click on Inbound Rules.
4. Under the Actions column, click on New Rule.
5. Select Port, then click Next.
6. Select TCP and Specific local ports.
7. Enter the port number you were assigned, then click Next.
8. Select Allow the connection, then click Next.
9. Check the boxes next to Private and Public, then click Next.
10. Enter a name, for example “Plex port XXXXX”, then click Finish.

Other notes (setting up standard WireGuard config files for mobile):

One other thing I wanted to mention is this tool which can help you setup regular wireguard config files for mobile to allow local connections for Plex. Since the regular Wireguard client doesn’t support the DisallowedIPs and DisallowedApps field you will need to use the tool to help you calculate what should be entered in the AllowedIPs field in order to allow local connections on mobile.

For example, in the tool you could enter AllowedIPs: 0.0.0.0/0, ::/0 which would send everything through VPN. Then in the DisallowedIPs field enter your subnet block e.g. 192.168.0.0/24 which would allow local connections on mobile (e.g. connecting to Plex). The tool would then generate the AllowedIPs field as follows: AllowedIPs = 0.0.0.0/1, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.1.0/24, 192.168.2.0/23, 192.168.4.0/22, 192.168.8.0/21, 192.168.16.0/20, 192.168.32.0/19, 192.168.64.0/18, 192.168.128.0/17, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3, ::/0. Then you would save the config files and import them using the Wireguard mobile app (Android, iOS). Note, the Wireguard mobile app requires the config file names to be very short, so you will need to rename the config files to something like WG_US_1.conf, WG_NY_2.conf, Air_FL_3.conf, etc.

Thank you. That’s a great guide that a lot of people should use. Hopefully it get’s pinned somewhere.

I only use AirVPN for qBit running in a VM with the WireGuard Windows client. I will check out the WireSock client.

I’m not sure why you would want to run Plex through a VPN.

Have a good holiday.

Great guide, appreciate it a lot.

For AirVPN client it might be any variation of the following: Local Area Connection, Network Connection 3, utun0, tun1, TAP-windows adapter etc. (maybe someone could post in the comments what it was for you)

for me it’s just “Eddie”. but i used to have a more generic name there too before i reinstalled it.

Amazing guide. Thank you!

Thanks so much! Got this setup in less than 10 minutes! Thanks so much! Still gotta test if this is really gonna hold up, but having my expectations high so far! The plex website shows as `Not available outside your network` every so often, but still didnt have any problems (have set it up 30 minutes ago), not sure if this is normal…

Here’s my .config so far if anyone is interested for WireSocks + Airvpn so only Plex traffic is routed through the vpn:

[Interface]
Address = **AIRVPN-DEFAULTS**
PrivateKey = **AIRVPN-DEFAULTS**
MTU = **AIRVPN-DEFAULTS**
DNS = **AIRVPN-DEFAULTS**

[Peer]
PublicKey = **AIRVPN-DEFAULTS**
PresharedKey = **AIRVPN-DEFAULTS**
Endpoint = **AIRVPN-DEFAULTS**
AllowedIPs = 0.0.0.0/0,::/0
DisallowedIPs = 192.168.1.0/24,192.168.88.0/24
PersistentKeepalive = 15
AllowedApps = Plex Media Server,Plex DLNA Server,Plex Tuner Service,PlexScriptHost,Plex Media Server

My hero. I only wish this was higher in the Google results, would’ve saved me a lot of time.

Dont use AirVPN… use Torguard instead. way faster speeds. with AirVPn i only got about 4mb/s stable Upload with is 720p
with Torguard i get way more

I’m not sure why you would want to run Plex through a VPN.

Yeah technically this is optional. I should probably include that in the guide but it also requires some further explaining. If someone didn’t want to run Plex through VPN they would just need to add PlexMediaServer.exe to the list of excluded apps. This would route all Plex server traffic outside of the VPN.

For some people it’s actually required in order to work. A lot of residential connections are behind what’s called CGNAT. So for those people it wouldn’t be possible to host Plex directly from their home connection without routing it through a VPN or some other method. Most don’t know what CGNAT is or what it means, but all you need to know is if you are trying to host Plex from your home connection and you can’t connect to it externally, CGNAT is likely the problem.

For other people there might be a different issue. If they have UPNP disabled on their router and they don’t want to open ports manually then routing through a VPN bypasses all these types of issues.

If your home connection doesn’t have these issues, then yeah there isn’t much of a reason to run Plex through VPN. And technically running Plex through VPN could impact the performance of your server, especially if your connection isn’t great to begin with. But as long as you have decent internet speeds, you’re using a good VPN and your settings are setup correctly the performance hit would be negligible anyway. One bonus would be routing all your media server traffic on a connection with no logs which is pretty neat. Realisticly though, running through a VPN connection would add maybe 5% hit to your max bandwidth and 30ms added latency on connections to your server.The added latency would have basically 0 impact on streaming and the bandwidth hit would be negligible. So in the end it just depends on your specific use case and personal preference.

Thanks for sharing. I was curious about that, I only used the Eddie client for a brief period and never checked this. I’ve been using Wiresock just for the split tunneling support. I heard they’re working on adding split tunnel support for the Eddie client soon so I might check it out again at some point.

A few steps for wiresock will have changed recently since wiresock is all in one now without needing wiresockui + wiresock vpn client. Still need to update the guide but the guide should be about the same otherwise.

Good point, I always forget about the parts of the world that have double NAT situations.

I actually don’t the the Eddie option in qBittorrent on Fedora, do you know why that is?

Yeah it seems to be pretty common on shared residential connections like apartments and condo buildings etc.

Wouldn’t Plex need a reserved Public IP for remote access to work trough VPN?

With AirVPN the port you receive is reserved for you on all servers, so you could switch to any server location/IP and it would update automatically in Plex and allow you to connect remotely.