Is there a way to get ARC working over VPN?

You mean VPN to my router from the outside and use the regular Roon app?

Yes. I was able to connect the Roon app on a PC to a server in the cloud. It should also work from a phone to your router.

Roon standard over VPN is a little tricky, I think it needs layer 2. There is some advice here on the forum.

1 Like

I have VPN setup on my router and again on my phone.

I don’t need UPnP or port forwarding to use either normal Roon or Roon ARC.

Yes you can but as an endpoint it won’t work unless you can route the multicast and broadcast stuff required for discovery or it ends up a remote only. This stuff isn’t normally routed via VPN and needs some configuration on router to allow. It’s not for the layman.

Depends on your VPN, works fine from my Unifi routers VPN and I have port forwarding disabled on my router


Yes you can use TailScale running on the Synology NAS with subnet routing set up.
There is an active thread at the moment for this and having done it I can confirm it works well after being sceptical at the start.

1 Like

I might try this instead of the Tailscale option I have working then. Do you have any links to guides on how to set that up? I’m using a USG3.

What phone do you use? If it’s iPhone it will be ok but Android is 12 dropped the type of VPN it does. You on the latest Controller software? Create a radius server and new profile to set up a user account and password for the VPN. Set tunnel type to bee 3 - Layer Two Tunneling Protocol (L2TP) Then create a new VPN server. Using the account name and password you created in Radius profile and choose a preshared key. I have it for years but don’t use it much so can’t remember full details, it’s documented though Google will find it.

Thanks, that gives me a starting point. I’ll have a go. I’m on iPhone and latest controller software.

VPN’s not possible from behind a CGNAT according to the Unifi instructions for setting up a VPN. I was not able to use Teleport as it’s not supported on the USG3 but I think it has the same limitation.

I think I’m in the same situation. Just to be sure, I believe @Morbeas is asking how to bypass Synology’s own VPN connection to the internet and not VPN clients connecting to Synology’s VPN package. I haven’t found the solution yet.

To clarify, if you want your Synology to connect with the internet without using your internet provider’s IP address, you can setup a VPN connection on it. There’s a specific type of Synology package which can benefit a lot from this connection type. :wink: I’ve set my VPN connection up this way so this specific Synology package gets prioritized using the VPN connection, while other packages running on my Synology are still accessible via port-forwarding on my router through my public IP address.

With the mentioned VPN connection ON, the Roon ARC section under Settings shows the IP address of the VPN server, BUT every simple portcheck website visited though my public IP address says the specified Roon ARC port IS open on my public IP address (which is great and what I want).
But I can not get Roon ARC to work when the VPN is on, even though the port is still open/accessible as verified. Somehow Roon ARC / Core on my Synology prioritizes to see the VPN IP address instead of the normal public one, like other Synology packages do prioritize.

I haven’t found a workaround/script for on the Synology yet which get’s this sorted.

VPN doesn’t work when I am at my works office sadly. Not sure why but ARC would not connect.

Time to retire!

Are you an employee or the employee?

Chances are employees gaining access to the works WiFi has probably got restrictions in place

If your the employer, get you IT department to sort it out quickly. :grin:

1 Like

We have 3 different networks this is the open one doesn’t touch our internal network and has a different uplink. It’s for staff and clients much like you get in restaurants, Starbucks etc. My VPN connects as I could see it via the Unif app as being connected. I feel they might filter out vpn traffic though as they don’t want people using laptops to vpn to the secure network from this network. I’ll ask my systems guys. It works fine with out VPN and port forwarding as was using that for last few weeks.

I can wish but it ain’t happening for many reasons :frowning:

1 Like

I am the IT and I have shared the restrictions with myself (only seems fair), but Tailscale work’s from within the WiFi network like a dream.

Some people were streaming Plex servers so I locked us all out.

1 Like