iOS endpoint over VPN not working in 1.4

I listen to Roon on my iphone X over VPN a lot using iPeng while on the go. Got excited about 1.4 iOS native playback :hugs:

One problem - Roon remote doesn’t show iPhone endpoint when connected to the core over VPN. It shows my squeezbox devices and iPeng no problem under networked. Just not the iPhone itself as the endpoint. But it does show it over wifi connection though :+1:This is so strange.

Any idea why iPhone zone is not enabled if I’m connected over VPN? :exploding_head: As at the moment - a really exciting update for Apple users but ‘no cigar’ for me…

Also, I found that iPeng server discovery is way better over VPN. Whatever protocol and discovery scheme iPeng is using its able to find Roon’s core straight away. Roon remote takes ages to find the core even after entering the address manually.
It will be awesome if you can enable a similar discovery scheme in Roon.

Raat endpoint discovery from the server won’t work across different network segments. If the iPhone was capable of doing OpenVPN TAP it would work but the default multi segment TUN doesn’t work.

Stick with iPeng in this case.

Im using iOS native IPSec with both server and phone on the same VPN network. Regardless, once the phone is connected (which it is) to the core I expect it not only to browse the library but also have the playback on the device.
Squeezlite enabled devices have no playback problem on the same VPN network so why should an apple device have it If the feature is enabled for it?

Is the IPSec VPN server handing out the same IP address range as your internal network DHCP server? If it isn’t, that’s the problem.

RAAT endpoints are discovered by the server, they don’t connect the other way as you expect. The server has no way of knowing one exists or finding a playback device on a completely different custom routed network segment.

Squeezelite must register with Roon. I assume Roon is pretending to be that part of a real LMS server to accommodate it. So it’s working in the direction opposite of Roon and thus works with your VPN configuration.

OK. So the fact that Roon remote can initiate connection to the core and browse the library doesnt really mean that it can also play back audio natively on an iphone if dhcp server handing out different ips? If so maybe roon can enable the registering thing for its remote app as it does for the squeezebox also? I mean it’s already a feature… only not for an apple device. Is it apple’s limitation? Doesn look like if iPeng is working…

Correct, there are really 2 different things, the Roon remote app and RAAT endpoint, even though they are packaged together.

Maybe research if your IPSEC VPN server can be configured to bridge devices direct to your network similar to OpenVPN TAP. That should work, but again might not be supported by iOS.

I imagine there are good reasons why @brian and team designed it this way. I doubt they will change that temporarily with Roon having bigger mobile plans coming some time in the hopefully near future.

The server does the bridging otherwise it wont work altogether and there would be no connection to the core. It more looks like a limitation of the roon remote at the moment. @brian - will it be possible to include a similar feature to whatever iPeng is doing? I cant see it be difficult technically to do so…

There is a much bigger picture than a client simply connecting to the server. You might also want to note that an iPeng endpoint can’t be grouped into a synced zone with a RAAT endpoint. That should give you some indication that there are complexities in RAAT outside the scope of a client connecting to a server and keeping that connection alive to take the cross network complexity out of the picture.

The RAAT support on iOS acts like any other RAAT endpoint–it is discovered by the core via multicast or broadcast packets on the LAN, and then the core initiates connections to the endpoint.

Squeezebox endpoints work in the opposite direction–endpoints discover the server and make connections inwards. This is easier to bridge over the internet, but creates significant architectural/UX compromises elsewhere.

No we will not re-architect RAAT to make it more like Squeezebox. There are good reasons why we did it this way. When we do broader work on “the mobile problem”, we will address the remote streaming use case holistically.

2 Likes

OK Thanks all.

If anyone else reading this post got a successful native iOS device audio playback over IPSec in roon remote - please share the solution.:pray:

After some reasearch I don’t think iOS will do a layer 2 vpn at all so there probably is no way to do it.

Will try to setup IPSec and check out:)