How I got Roon working over OpenVPN (hard for me, easy for you)

You would run udp-proxy-2020 on the firewall, not the NAS. Sorry, I don’t know the specific details on how to install the startup scripts, but I would assume it is similar to pfSense which is also FreeBSD based.

If you want to try the “UDP Broadcast Relay” plugin by all means feel free to do so, but this thread is about udp-proxy-2020.

I was hoping you can help me with some guidance. I am running roon under ubuntu 20.04 server with no issues. I added a standard openvpn configuration to the same server and opened port 1194 on my router for udp traffic. The vpn works fine. I can access roon without issues on my macbook and iphone without installing udp-proxy over the vpn. But when I try a windows 10 machine with overvpn, it will open roon but not show the audio devices on the windows machine. I added udp-proxy to the roon server, but it does seem to make any difference. On the windows machine for both the local and outside network firewall I did allow the roon and raat apps on both the local and outside networks. I turned off both firewalls with any improvement. Any idea why my mac and iphone work fine even without udp-proxy, but I cant seen the audio devices on my win10 laptop. Any advice would be most appreciated. Also any idea why this works with macbook and ios perfectly without udp-proxy? Thanks!

I have to be honest, I definitely haven’t tried running all 3 on the same box. More commonly would be running udp-proxy-2020 and some VPN on your router/firewall.

That said, knowing what the network interfaces on your ubuntu box is and how you configured udp-proxy-2020.

Honestly, my guess is that udp-proxy-2020 can’t help you here since all 3 are on the same box. Moving Roon to a docker container so it has a different IP address than OpenVPN/udp-proxy-2020 is probably what you need to do, but honestly, I’ve no experience with this sort of configuration.

One of these days I’d like to have a full Roon+VPN+udp-proxy-2020 docker solutoin via docker-compose, but not there yet.

1 Like

I am now running udp-proxt-2020 on the ubiquity edge router. Roon is running on a separate ubtuntu server. I launch udp-proxy and it starts ok, but when I bring up the roon client I get the following error? Any advice or how I can start the logging? Thank you.

admin@EdgeRouter-6P:~/udp-proxy$ sudo ./udp-proxy-2020-0.0.11-linux-mips64 --port 9003 --interface br0,vtun0,lo,eth0
FATAL can’t serialize IP header: (layers.IPv4) {
BaseLayer: (layers.BaseLayer) {
Contents: ([]uint8) ,
Payload: ([]uint8)
},
Version: (uint8) 4,
IHL: (uint8) 5,
TOS: (uint8) 0,
Length: (uint16) 126,
Id: (uint16) 48974,
Flags: (layers.IPv4Flag) ,
FragOffset: (uint16) 0,
TTL: (uint8) 2,
Protocol: (layers.IPProtocol) UDP,
Checksum: (uint16) 0,
SrcIP: (net.IP) (len=4 cap=114) 10.10.10.218,
DstIP: (net.IP) ,
Options: ([]layers.IPv4Option) ,
Padding: ([]uint8)
}

Almost certainly because you specified lo. you most likely just want to use --interface br0,vtun0

Awesome!
I can confirm it works also on opnsense, running:
OPNsense 22.1.7_1-amd64
FreeBSD 13.0-STABLE
and over Wireguard to iPhone endpoint.

1 Like

Just a little heads up for everyone reading this threat:

I had the opportunity to ask Roon during last weeks “home network webinar” if they were willing to share the technical details for their network discovery protocol. Sadly, I was informed that Roon has a policy to not share any details of their network protocols. :frowning:

The good news though, is that the protocol is not actually that complicated. And thanks to others in the Roon community who shared pcap files I was able to write a rather simple “protocol dissector” for Wireshark. What is that? It’s basically a secret decoder ring which translates network traffic into something that is easy for humans to understand. As someone who believes in open source software, I’ve shared my code with the Wireshark community and I hope/expect them to accept it in a future release.

Example screen cap

In the mean time, I can say it has helped me diagnose a problem with Roon and udp-proxy-2020 with one person already. Hopefully that means we’ll have a solution for him soon, but time will tell. But progress never the less. :slight_smile:

Anyways, if anyone is still having issues please reach out on github and open a ticket. I’ll need some “pcap files” which udp-proxy-2020 will generate for you. And that + the new Wireshark protocol dissector can probably help pinpoint the problem you’re having.

5 Likes

I have a home server behind NAT (I don’t have a public IP address), and I installed Roon on it.
I also have a cloud server that has a public IP.
And a phone that uses cellular.
So I set up WireGuard on all three devices and made the cloud server a relay server.
I ran udp-proxy-2020 on my home server, binding eth0 and wg0. And of course, it just didn’t work.

So, is it no go for me? Or any suggestions?

Is WireGuard host also running on the same server as udp proxy 2020?

@Eleatmelon_Ai1:

I don’t have a static IP from my ISP. I do get one Pubilc IP address via DHCP which my home router owns. All my devices on my network (other than the router/firewall) have Private IP’s.

I run OpenVPN, Wiregard and udp-proxy-20202 on my router/firewall (pfSense) and it works fine with either VPN option. This works because my DHCP address doesn’t change very often (typical of many ISPs) and I use a dynamic DNS service like dyndns.org so my phone/etc can always find the IP address of my firewall.

Does your ISP not do the same? Because if you have to use a cloud server (Linode, AWS, DigitalOcean, etc) then I hope you’re a network engineer who is used to diagnosing networking problems because that’s going to be hard. Meaning: I can’t give you directions, but I can help debug. But you’re going to have to be in the driver seat.

Thanks.
I tried Netmaker, and it somehow works for me (even without udp-proxy-2020).
Still no-go for my iPhone, but now I can stream music to my computer in office. That’s enough for now. :laughing:

Hi @Aaron_Turner. Thanks for the effort. I browsed through entire thread to find out udp-proxy-2020 is unusable when Roon core/Wireguard/udp-proxy-2020 is on the same machine.
My goal was to connect Roon bridge on RPi4 to core via Wireguard. There should be a note in Readme that this scenario is not possible.

I don’t get it, this is exactly the configuration I have. RPi 4 running wireguard and Roon Bridge, while the Roon core is on a Mac on the internal network. It works for me.

It is perfectly usable. Just remeber to use the parameter “no listen” (or something similar, it’s well written in the readme on github)

My scenario is:
NUC (Ubuntu 20.04)+RoonCore+Wireguard<------>RPi4(DietPi) RoonBridge+Wireguard.
Core doesn’t see bridge. I have tried udp-proxy-2020 running on both ends with almost all possible combination of parameters (–fixed-ip and --cache-ttl 500 and --no-listen) and still no luck. First I would like to know if this is do-able at all. Then I can post some logs.

My understanding so far is that all the talk here is about core/bridge BEHIND router/firewall with udp-proxy running on it. Not directly on core and/or bridge.

I cannot run udp-proxy-2020 without --no-listen on either side.

me@NUC:~$ sudo udp-proxy-2020 --port 9003 --interface wg0,lo --no-listen --level=debug --cache-ttl 500 -I wg0@172.31.30.2

I don’t have a way to replicate this config, but based on my experience with the standard Roon client on macOS/iOS, it’s pretty important that the VPN tunnel and udp-proxy-2020 are up and running before you start RoonBridge on the remote host.

Why are you routing packets on the loopback interface (lo)?

It was just an attempt. I have tried also: eno1,wg0 with no luck.
Logically it should be wg0 and lo0. I dont route any broadcast packets over eth interface on Raspberry. It is only for internet connection.
On the core side the eth iface serves my home LAN but this is not an issue here.

Mmm no. I have a setup that’s like yours. Roon core will send packets to the main interface (eno1) and you have to route them through the wireguard tunnel. So the interfaces in the configuration should be eno1,wg0. If you route them through the lo interface they will never reach the RPi. (Assuming I’ve understood correctly your setup).

Meanwhile on your rpi wireguard config you should set as “AllowedIP” 0.0.0.0/0 if you want to route all the traffic (but you won’t have internet connection anymore, unless you reroute the traffic out in the server (nuc)), or “10.10.10.0/24” (Assuming, as an example 10.10.10.10/24 to be the iprange of your wireguard network.)

Just a heads up: Roon 2.0 / ARC is here and it seems to work great :slight_smile: Security aware people can use something like Tailscale, OpenVPN, etc to avoid opening up your Roon core to the world via UPnP. I highly recommend Tailscale. :slight_smile:

That said, until Roon supports remote access for macOS/Windows clients, I still plan on supporting udp-proxy-2020.

1 Like