How I got Roon working over OpenVPN (hard for me, easy for you)

HI - I am running this on my QNAP NAS (where my Roon Core and OpenVPN also run) and am getting:FATA[0000] tun0: has an invalid layer type: 0x526177

Oddly, I am able to play Roon to my Phone’s output (S20) while VPN’d in, but not from my laptop (Win10) while at the office. I can connect to my Roon Core from laptop while VPN’d but can’t play to it’s audio output. Started on the other Tinkering thread, ended up here. Would appreciate any help!

@GMahal : i’d probably need more info, but something seems really off with something in your setup. If you post the output of ifconfig tun0 and your openvpn config file that might help.

Curious: what kind of CPU is your QNAP box?

Appreciate the reply! Here is the info:

QNAP Model# TVS-671-i3-4G: Dual-core Intel Core i3-4150 3.5 GHz Processor

[~] # ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.2.1 P-t-P:10.0.2.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:211699 errors:0 dropped:0 overruns:0 frame:0
TX packets:249451 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:55702926 (53.1 MiB) TX bytes:222421042 (212.1 MiB)

[/etc/openvpn] # cat server.conf
cd /etc/openvpn
dev tun
keepalive 10 60
reneg-sec 0
persist-key
persist-tun
duplicate-cn
script-security 3
client-to-client
management localhost 7505
#username-as-common-name
client-cert-not-required
auth-user-pass-verify /usr/sbin/qvpn.sauth via-env

ca /etc/openvpn/keys/ca.crt
dh /etc/openvpn/keys/dh1024.pem
key /etc/openvpn/keys/myserver.key
cert /etc/openvpn/keys/myserver.crt

client-connect /etc/openvpn/connect.sh
client-disconnect /etc/openvpn/disconnect.sh

status /var/log/openvpn-status.log
writepid /var/run/openvpn.server.pid

port 1194
proto udp
max-clients 5
server 10.0.2.0 255.255.255.0

push “dhcp-option DNS 8.8.8.8”
push “redirect-gateway def1”
comp-lzo
cipher AES-128-CBC
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA

Thanks for the info… but that didn’t help :frowning:
Can you confirm what version of udp-proxy-2020 you’re running? That layer type value is really weird and way way off from what is considered “valid”.

$ udp-proxy-2020 --version
udp-proxy-2020 Version 0.0.6 -- Copyright 2020 Aaron Turner
0fa4f07f646486a02d0d0a93e8f79552cb07d7a2 (v0.0.6-8-g0fa4f07) built at 2021-03-10T20:08:00-0800

./udp-proxy-2020-0.0.4-linux-x86_64-static --version

udp-proxy-2020 Version 0.0.4 – Copyright 2020 Aaron Turner
9c36680c6a2e69296724760d105510e518eae11c (v0.0.4) built at 2020-10-03T01:13:12+0000

Could be operator error? I’m not too familiar with this stuff just tinkering…

You have an old version. Please download the he latest version from GitHub

Ah, ok. I grabbed version 0.0.6 and no longer get that error. The script runs but the audio output of my laptop still isn’t available in Roon when I VPN in. I have tried the following commands:

./udp-proxy-2020-0.0.6-linux-amd64-static --port 9003 --interface br0,tun0 --cachettl 300
./udp-proxy-2020-0.0.6-linux-amd64-static --port 9003 --interface br0,tun0 --fixed-ip=tun0@10.0.2.1
./udp-proxy-2020-0.0.6-linux-amd64-static --port 9003 --interface br0,tun0 --fixed-ip=tun0@10.0.2.2
./udp-proxy-2020-0.0.6-linux-amd64-static --port 9003 --interface br0,tun0 --fixed-ip=tun0@10.0.2.6

Where:
br0 is the local ip of my NAS (192.168.0.90)
10.0.2.1 is tun0’s inet address
10.0.2.2 is tun0’s P-t-P adress
10.0.2.6 is the laptop’s VPN ip

honestly, I don’t know if there is a working solution… running both your Roon and OpenVPN on the NAS has some rather odd/unique networking implications. The problem is when you specify br0 that just sends packets OUT that interface, not TO that interface.

You might have better luck trying the loopback interface instead of br0.

Oh, good to know…using lo instead of br0 did not help. I guess it’s time to explore other options…

I do have a couple of PI’s sitting around at home. Maybe I use one of those for VPN rather than using the QNAP? I saw some discussion about Wireguard. I could try that on one of the PI’s…

Or, I could move the Roon Core from the QNAP to a Win10 NUC that is (rarely) used as a Media PC…

I also started playing with ZeroTier yesterday but wasn’t having any luck with that…

Yeah, all those ideas should work. One of these days I want to play with Nebula as well.

I am fairly comfortable with DietPi as I use it for my Roon enpoints, and since I’m familiar with OpenVPN and now have played with udp-proxy-2020 a little bit, I think the quickest path to success for me will be to use DietPi+OpenVPN-udp-proxy-2020 on one of my spare Pi’s.

Moving OpenVPN from my NAS to the PI should eliminate whatever was causing the issue before?

basically you just need Roon Core running on a different box (or at least VM/container?) from the VPN/udp-proxy-2020.

So, I moved the Roon Core from the NAS to my Win10 NUC and am still having the same issue - Laptop’s audio outputs not shown in Roon. Once I disconnect from the VPN and attach to my local LAN, the audio outputs show up. Here is some debug info:

DEBU[1255]/build/udp-proxy-2020/cmd/listen.go:131 main.(*Listen).handlePackets() handlePackets(br0) ticker
DEBU[1257]/build/udp-proxy-2020/cmd/listen.go:332 main.(*Listen).learnClientIP() tun0: Learned client IP: 192.168.1.6
DEBU[1257]/build/udp-proxy-2020/cmd/listen.go:128 main.(*Listen).handlePackets() tun0: received packet and fowarding onto other interfaces
DEBU[1257]/build/udp-proxy-2020/cmd/send.go:32 main.(*SendPktFeed).Send() br0: sending out because we’re not tun0
DEBU[1257]/build/udp-proxy-2020/cmd/listen.go:332 main.(*Listen).learnClientIP() tun0: Learned client IP: 192.168.1.6
DEBU[1257]/build/udp-proxy-2020/cmd/listen.go:128 main.(*Listen).handlePackets() tun0: received packet and fowarding onto other interfaces
DEBU[1257]/build/udp-proxy-2020/cmd/send.go:32 main.(*SendPktFeed).Send() br0: sending out because we’re not tun0
DEBU[1257]/build/udp-proxy-2020/cmd/listen.go:153 main.(*Listen).sendPackets() processing packet from tun0 on br0
DEBU[1257]/build/udp-proxy-2020/cmd/listen.go:290 main.(*Listen).sendPacket() br0 => 192.168.0.255: packet len: 140: ffffffffffff245ebe042f3108004500007e3a38000080117ce1c0a80106c0a800ffe39b232b006a0000534f4f4402510a736572766963655f6964002464353262326362372d303263352d343866632d393831622d613130663061616464393362045f746964002462613637636632652d666638352d346561312d386664332d636364646532663661326164
DEBU[1257]/build/udp-proxy-2020/cmd/listen.go:153 main.(*Listen).sendPackets() processing packet from tun0 on br0
DEBU[1257]/build/udp-proxy-2020/cmd/listen.go:290 main.(*Listen).sendPacket() br0 => 192.168.0.255: packet len: 140: ffffffffffff245ebe042f3108004500007e0d1c00008011a9fdc0a80106c0a800ffe39b232b006a0000534f4f4402510a736572766963655f6964002464353262326362372d303263352d343866632d393831622d613130663061616464393362045f746964002462613637636632652d666638352d346561312d386664332d636364646532663661326164
DEBU[1257]/build/udp-proxy-2020/cmd/listen.go:332 main.(*Listen).learnClientIP() tun0: Learned client IP: 192.168.1.6
DEBU[1257]/build/udp-proxy-2020/cmd/listen.go:128 main.(*Listen).handlePackets() tun0: received packet and fowarding onto other interfaces

Ok, I am probably doing something wrong. Not sure what though…

Now I moved the VPN off of NAS and onto a RPi (OpenVPN) and the Roon Core to Win10 with the same result. No audio output love from the laptop. Debug output from the PI:

sudo ./udp-proxy-2020-0.0.6-linux-arm32-static --port 9003 --interface eth0,tun0 --cachettl 300 --debug
DEBU[0000]/build/udp-proxy-2020/cmd/listen.go:43 main.newListener() eth0: ifIndex: 2
DEBU[0000]/build/udp-proxy-2020/cmd/listen.go:53 main.newListener() eth0 network: ip+net string: 192.168.0.61/24
DEBU[0000]/build/udp-proxy-2020/cmd/listen.go:53 main.newListener() eth0 network: ip+net string: fe80::44c7:11a1:af0a:a39c/64
DEBU[0000]/build/udp-proxy-2020/cmd/listen.go:92 main.newListener() Listen: {eth0 0x1092940 [9003] 192.168.0.255 false 250000000 0 0x10a6700 map[]}
DEBU[0000]/build/udp-proxy-2020/cmd/listen.go:43 main.newListener() tun0: ifIndex: 4
DEBU[0000]/build/udp-proxy-2020/cmd/listen.go:92 main.newListener() Listen: {tun0 0x1092de0 [9003] true 250000000 0 0x10a6c00 map[]}
DEBU[0000]/build/udp-proxy-2020/cmd/interfaces.go:54 main.initializeInterface() eth0: applying BPF Filter: udp port 9003
DEBU[0000]/build/udp-proxy-2020/cmd/interfaces.go:66 main.initializeInterface() Opened pcap handle on eth0
DEBU[0000]/build/udp-proxy-2020/cmd/interfaces.go:54 main.initializeInterface() tun0: applying BPF Filter: udp port 9003
DEBU[0000]/build/udp-proxy-2020/cmd/interfaces.go:66 main.initializeInterface() Opened pcap handle on tun0
DEBU[0000]/build/udp-proxy-2020/cmd/main.go:116 main.main() Initialization complete!
DEBU[0005]/build/udp-proxy-2020/cmd/listen.go:131 main.(*Listen).handlePackets() handlePackets(eth0) ticker
DEBU[0005]/build/udp-proxy-2020/cmd/listen.go:131 main.(*Listen).handlePackets() handlePackets(tun0) ticker
DEBU[0010]/build/udp-proxy-2020/cmd/listen.go:131 main.(*Listen).handlePackets() handlePackets(eth0) ticker

Your logs show no packets from Roon Core to your laptop. Hard to debug remotely without more info, but for some reason udp-proxy-20202 isn’t seeing the UDP Broadcasts from the Roon Core (or at least the logs don’t show those events in the first set of logs you shared).

Also the second set of logs honestly aren’t interesting at all because there’s no traffic being passed so no idea what is going on there. Looks like it started correctly is about all I can say there.

One thing I sometimes notice is that the Roon app on my iPhone sometimes need to be restarted for things to work correctly. Only happens about 1 out of 10 times for me. Seems like there are sometimes Roon doesn’t want to send the UDP broadcasts- but that may be an iOS thing because when you switch apps on iOS it doesn’t “quit” the previous one.

Not sure if I was clear before: On box runs OpenVPN and udp-proxy-2020. The other box runs Roon. Don’t run udp-proxy-2020 on the same box as Roon.

If none of the above helps, you should try running tcpdump or Wireshark on the same box as your Roon Core and OpenVPN/udp-proxy-2020. You’ll want to specify a filter udp port 9003 so you don’t see ALL the traffic on your network and end up with a lot of noise.

tcpdump -ni eth0 -s 0 -w roon.pcap udp port 9003 is a good start. Replace “eth0” in the command with the name of the LAN ethernet/wifi interface on your box.

Wireshark has a pretty-ish UI so you should be able to figure that out more (or check the Wireshark website for docs). And then either share those two pcap files + the corresponding udp-proxy-2020 debug log on the web or email it to me at synfinatic <at> gmail <dot> com.

Hi Aaron, I appreciate your support. I might give the Wireshark thing a try next weekend.

I ended getting Zerotier working, however it looks like it’s blocked on my corporate LAN (not surprising)

Also, I was wondering - Do I need to forward any ports on my router when using udp-proxy-2020?

For instance, if I have my Roon Core running on my NAS and am using OpenVPN + udp-proxy-2020 on a RPi. Do I need to configure my (ASUS) router to forward any ports?

I

I’d assume you’d need to forward connections for OpenVPN to the RPi?

You don’t need to forward any ports for Roon on your router because the VPN client connections are terminating on the RPi.

Hi Francesco, Roon still works fine with you about dietpi? I have installed dietpi with WireGuard and it works. However, I don’t understand how to install udp-proxy- 2020 on this? I would be very grateful if you explain step by step what you have done. Kind regards, Joost

Hi Joost,

Late reply, sorry, busy period…
I am not using Roon over VPN since a while, thanks to the increased amount of home office, but have tried again a couple of days ago to check with the latest 1.8 updates and it still works.

I have placed the binaries of udp-proxy-2020 under /opt/udp-proxy-2020/udp-proxy-2020-current. The binaries are compiled from sources, as Aaron did not have a pre-compiled version for ARM at that time, but it should not matter.

The README file I put in that directory says:

From the server (iMac), the phone in the VPN must be reachable.
Try to ping it (i.e. ping 10.6.0.2). If not, add the route table with:

sudo route add -net 10.6.0.0/24 192.168.0.172

(where 192.168.0.172 is the IP of my RPi in my local network and 10.6.0.2 is the IP of my iPhone when in VPN).

Then I’ve created a service file for systemctl, just for convenience, so that I can treat udp-proxy-2020 as a system service. The file is called “udp-proxy-2020.service”, located in the same directory above (i.e., full path would be: /opt/udp-proxy-2020/udp-proxy-2020-current/udp-proxy-2020.service). This file contains:

[Unit]
Description=udp-proxy-2020 - Use Roon over VPN
Requires=network.target
After=network.target

[Service]
ExecStart=/opt/udp-proxy-2020/udp-proxy-2020-current/udp-proxy-2020 --port 9003 --interface eth0,wg0 --cachettl 500
Restart=on-abort

[Install]
WantedBy=multi-user.target

Note the arguments to the executable. They are exactly what you would use running it from command line, but I find the system service to be a cleaner way.
Then, in the systemd config directory I have added a link to the service file:

cd /etc/systemd/system
ln -s /opt/udp-proxy-2020/udp-proxy-2020-current/udp-proxy-2020.service .

Then, reload the systemctl daemon, so that it refreshes the list of available services:

systemctl daemon-reload

After that, you should see the service in the list of available ones:

root@rpi4:/etc/systemd/system# systemctl list-units |grep udp
udp-proxy-2020.service                  loaded active running   udp-proxy-2020 - Use Roon over VPN

If it is not active yet, simply start it and check its status:

root@rpi4:/etc/systemd/system# systemctl start udp-proxy-2020.service
root@rpi4:/etc/systemd/system# systemctl status udp-proxy-2020.service 
● udp-proxy-2020.service - udp-proxy-2020 - Use Roon over VPN
   Loaded: loaded (/opt/udp-proxy-2020/udp-proxy-2020-current/udp-proxy-2020.service; linked; 
   Active: active (running) since Mon 2021-03-29 13:58:20 CEST; 1 day 23h ago
 Main PID: 24727 (udp-proxy-2020)
    Tasks: 13 (limit: 3281)
   CGroup: /system.slice/udp-proxy-2020.service
           └─24727 /opt/udp-proxy-2020/udp-proxy-2020-current/udp-proxy-2020 --port 9003 --int

Mar 29 13:58:20 rpi4 systemd[1]: Started udp-proxy-2020 - Use Roon over VPN.

And that’s it in my case.

When I connect to VPN (I guess you can do it, as you said that WireGuard works. I only had to open and redirect a port on the router for that), I open Roon client from the iPhone and it sees the core running on my iMac.
The client crashes sometimes when it starts. In this case, closing it completely and reopening it usually helps.
At the beginning, the iPhone as endpoint might not be seen. Usually it shows up after a little while.

Hope this helps.

2 Likes

Thank you Francesco, I will be working on it soon.