I’m guessing that most of the posts I’m reading here that talk about using using Roon remotely without ARC are employing VPNs deployed on routers/firewalls and giving access to the LAN in general
I don’t have that facility so I’m toying with another solution and was hoping for thoughts from the more technically minded in the community
My headless Debian based roonserver is administered via SSH and is manually connected to NordVPN as indicated by:
# nmcli con show --active
NAME UUID TYPE DEVICE
tun0 xxxxxxxxxxxxxxxxxx tun tun0
If I now install ARC am I right in saying that because the connection between my phone out in the world and my Roonserver at home runs over tun0 , my security concerns are mitigated as per the other VPN solutions mooted, regardless of what mischief ARC/Roon inflict on my router with UPnP?
You need software to help create a proper vpn, like Tailscale.
NordVPN uses VPN-like technology to route outbound traffic away from your ISP so they can’t snoop on you and report you to copyright enforcers. It’s not really a VPN.
You need software to help setup a virtual private network between your device and your home. Look into software like Tailscale
Thanks Danny, I didn’t know that about NordVPN, which is quite big here in the UK
I will certainly investigate Tailscale or similar (must have a linux CLI app, for example)
The question for me then becomes can I run ARC over an encrypted tunnel such that port forwarding works? For me running a VPN at the periphery means a new router which I’d rather avoid, so I’m looking to run Tailscale or whatever on my Roonserver itself and hope ARC can be coerced into connecting from out in the world
If you use VPN then you don’t need port forwarding. Tailscale gives you access to selected subnet(s) from your home network. Roon ARC will then work like in your home network.
You don’t need new router for that.
Would it be possible for you to give me a guide on this? I’m on AirVPN - Roon is on Windows machine - but I couldn’t get it to work using AirVPN port-forwarding (my Plex server works fine).
I’m a novice when it comes to all of this, so if you can help, I’d appreciate an ‘idiot’s guide’!
I don’t use Windows so a lot of what follows is speculation but this is how I would approach it
Turn on UPnP on your router. If you are worried about your router exposing UPnP to the WWW, you can check with various online tools (grc.com Shields Up! for example) that it is implemented securely
Turn off AirVPN in Windows and manually port forward on your router (see Roon Port Forwarding but note that you don’t have to use port 55000, Roon will randomly select one for you). Then check in Roon > Settings > Roon ARC. Make sure the port number is the same one you have manually forwarded and you should also see your Core there with your LAN IP (192.168.x.x I would think)
At this point Roon should tell you ARC will work. If it doesn’t then there’s something else “wrong” with your config and/or network that I wouldn’t be able to troubleshoot
Assuming you get the OK from Roon, disable/discard the port forwarding rule you just created, connect to AirVPN and look again in Roon ARC Settings. Now Roon should tell you ARC will fail and you should also see the Roon core has now been assigned a new (VPN) IP. Mine is in the 10.x.x.x range so I’m guessing yours would be too
Now, go to your Client Area at airvpn.org and forward the same port number as stated in Roon ARC settings, go back to Roon ARC settings and refresh and now it should work
Test by using your phone to connect ARC when on mobile data
Aside from the fact that I am running Roon on linux and connect to AirVPN using a command line tool/SSH the above is a refined version of what I did
If we use VPN like tailscale connect to home network, will the traffic to ARC automatically go through VPN instead of port forwarding?
I am a little bit concerning open port on internet.
Thank you for helping and giving great instructions, I apprecaite it. However it didn’t work
I can get it to work when AirVPN is off. I then disabled UPnP (I couldn’t delete the automatically setup TCP port forward rule on my router.)
You were exactly right about the IP change from 198 to 10, however when I went to open the port forward number in the AirVPN “Port Forwarding (web)” it said the port I chose was already open - I have two other port forward numbers but they are much lower numbers). I tried another 55*** number with the same message of it already being open.
I then got AirVPN to choose the number by leaving the port number option blank it chose 12***, then went and opened that port forward number in my router, put that number in Roon Arc settings and hit reload, but to no avail.
If you expose your LAN to WWW by running VPN on the router, you don’t need ARC or port forwarding as once your phone connects to the VPN it is, in effect, on the LAN so can be used as an output device by Roon without ARC
I understand this is not the recommended setup though because of latency issues which ARC usually manages
My router shows no forwarded ports when I configure using UPnP, but I accept that it might simply be that these are hidden from me by the router web UI
If Roon is listening on port 12xxxx and AirVPN are forwarding 12xxxx and you have a TCP VPN config (ARC uses TCP not UDP) and UPnP on the router it should work. In essence that is what I have and it does work
Thinking about this a bit, I’m not sure you have to worry about port forwarding at all
If you establish a VPN from inside your network then the connection between your PC and the AirVPN server is established already and providing you are forwarding the correct port in the Air VPN Client Area it should just pass through your router on the established connection I believe
