why dont you do an (IPsec/OpenVPN) any from any to any on plexIP? I believe it would fall under IPsec, in your rules you control traffic flow. If anything just do an IPsec rule, see if that works – if it does then you’re good. You can also tighten it like :IPsec any to PLEXIP on PLEXPORT allow and then lock everything else any to any * * deny.
Check this vyprvpn review for more information.