In order to understand, please find below some info about my Roon implementation.
Roon Core Machine
Roon Rock based on Intel NUC8i5BEK2 with 250Go SSD for database
OS : Version 1.0 (build 254) production
ROCK version : Version 2.0 (build 1182) production
Roon ARC activated
Music library via SMB on SSD TrueNAS with 10Gbps interface
Networking Gear & Setup Details
Ubiquiti Unifi Network & WIFI
UDM Pro as router/firewall (provider modem in bridge mode)
10 Gbps SFP+ Aggregation switch
Main 1Gbps PoE 48 port switch
Connected Audio Devices
Main room : NAD M27 (wired)
Apple Macbook’s / Mac mini with USB DAC (wired)
Airplay domotics : Loxone (wired)
Sonos devices : One/OneSL (wifi)
Number of Tracks in Library
14 000 tracks
Description of Issue
Hello,
Since I activated Roon ARC (05 nov 2022) based on V2.0, my firewall detected 89 intrusions pointed to my Roon Core server. I wonder if these access are legitimate onces from Roon cloud services (and so I can allow it) or if these are portscanning bots that try to access It. If this is the case, I am a bit more worried about how these bots could find listing of Roon Core home servers with ARC.
If you open up a port to the internet, it is bound to get scanned and there will be many attempts to exploit that. I would only get worried if there’s a successful attempt (which wasn’t you).
Networking is somewhat part of my IT job. So, yes, I know that open ports can be scanned.
Here, as ARC is connected to Roon Cloud services. These cloud services must act as reverse proxy in order to redirect mobile clients towards the home server. So, I was wondering if these services have heartbeat check functions. This could be the reason why my firewall is detecting incoming data.
The purpose of my post is to know properties of these cloud services so we can whitelist it and block any other incoming communications.
ARC on your mobile device directly connects to your Roon Core. It knows how to connect, because the core registers / reports its IP and port into Roon’s cloud infrastructure.
There is no connection established from the internet to your core (not even from Roon’s cloud infrastructure), besides the ARC client itself. So no, there is no reverse proxy thing going on here.
Unless you know the exact ip address of your ARC, which is the only thing you may want to allow, and it doesn’t change over time (very unlikely when you’re out and about), you can’t really whitelist anything.
Only thing you could do perhaps is block entire countries, regions or continents I suppose.