I’ve noticed an increasing number of posts with this issue and the numbers are growing. Time I wrote this up as it should be a quick diagnosis.
First, the problem:
In Settings → Roon ARC if your diagnostics show:
where YY is a number between 64 and 127 and x.x is numbers.
Then, if just underneath that, you see:
There is an almost 100% chance your ISP is using Carrier Grade Network Address Translation (CGNAT). This is what is causing the multiple or “double NAT”. ARC does not currently work with CGNAT and will not auto configure with any MultipleNATFound scenario.
CGNAT cannot be remedied without involving / talking to your ISP. (*see VPN note below)
- If your ISP allows you to “opt-out” of CGNAT then ask them to do that.
- If your ISP offers “static IP” addresses then you can request this. There is often a charge for this. (The reason static IP works is because static IP is incompatible with dynamic CGNAT so it forces the ISP to move your service off of the CGNAT infrastructure. ARC does not require a static IP.)
Options not involving your ISP while leaving CGNAT in place:
- A VPN
That’s it. VPN is your only option at this point. Lots of people have had great results using TailScale and here is the link for information on using that as a solution. However, accessing Roon via a VPN is considered tinkering and not supported directly by Roon. The community will certainly support you.
ISPs Known to do CGNAT (this is not a complete list):
- Starlink - no way to opt-out and no static IP without moving to a business account
- T-Mobile 5G Home Internet - No way to get out of the CGNAT
Now, what if you see:
but the router_external_ip does not fall within the address range above? That means your network is the source of the double NAT. Fixing this can be done by you and you will not need to involve your ISP (most likely). Post a new thread describing everything about your network and people will help you. Without going into details, generally the two options at this point are:
- Put all but one of your routers into bridge mode.
- Manually set-up port forwarding on each router pointed towards your Core until you get to the router that the Core is plugged into.
And, for those wanting the “tech talk”:
RFC6598 is “IANA-Reserved IPv4 Prefix for Shared Address Space”
It is this block: 100.64.0.0/10
This space is specifically reserved and used to assign addresses to things within the Service Provider network which will never be routed to the public Internet. This is why it is used to address things on the “private” side of the CGNAT. This includes your ISP provided router. This is why we keep seeing this address block show-up in the diagnostics. Just about every ISP is / should be addressing customer CPE within this address block when using CGNAT. It’s also why I can be very confident when I see this address in the diagnostics that I know it’s a CGNAT issue. Customer configured equipment will / should use the traditional RFC1918 blocks and not this special shared block.
Anyway, I hope that helps.
@connor Please feel free to edit this and use it as your own.