Nutshells are good.
Thanks, @Martin_Webster
2 Likes
“The Security for Everyday Users” would have to let you decide for yourself if you want to allow an open tcp-port from internet to your internal network. This is not normally something you do. There are basically two ways to make it more secure, and that would be 1) No incomping port-openings, use vpn to your router instead (ARC works just fine this way) or 2) If your router supports a true DMZ you could put your core on that network and open the incoming port to that. After that you have some internal problems however because Roon needs some kind of broadcast/multicast access to/from the endpoints/remotes to work. This can get messy, and Roon has not given a guide for this as far as I know.
You realise vpn to your router typically requires…an open incoming port? 
1 Like
Not necessarily. You’ve probably heard of Nat Traversal for example via Tailscale that can be installed on your router or any internal machine. How NAT traversal works
There are plenty of ways to succeed connecting to your home network (when connection is initiated from inside, using the usual ports open to the outside 443, 80, 53).
No I start an OPENVPN server on my gateway and my client connect with IPSEC.
Wouldn’t the openvpn server listen to incoming traffic on a port? And as such, wouldn’t that port be open (ie. The firewall doesn’t block connections?
Indeed. There are other ways, like the solution you suggested. I wish Roon would had chosen a solution that would be able to traverse multiple NAT topologies.
1 Like
Yes but it wouldn’t be redirected to a host on your inside protected network.