Issue with Roon ARC readiness on Asus RT-AX88U connected to fibre ONT box (ref#WLHIO4)

Network Setup

· I use a single personal router not provided by my ISP

ARC Status

· ARC is *Not Ready*

Roon Error Code

· “natpmp_autoconfig”: {“status”:“NotFound”}, “upnp_autoconfig”: {“status”:“NotFound”} }

Have you successfully located and enabled the UPnP or NAT-PMP settings in your router's web UI?

· I've turned UPnP/ NAT-PMP on and ARC won't connect

Select the Diagnostic Keyword or Text String

· Something else

Don't give up yet.

· I'm stuck. I'd like to create a post to ask Roon Community for help.

Describe the issue

Roon ARC Not Ready. Asus RT-AX88U connected to fibre ONT box

Describe your network setup

ISP = Lightning Fibre (South East England)
Asus RT-AX88U connected to ONT Fibre box
Connected by Ethernet Cable
Roon running on Synology DS920+ using Roon server

Everything was working until last week. I was connected using port forwarding via the Router. The router is in wireless router mode as it’s connected directly to an ONT box.

If I switch UPNP on I get this as the diagnostics:
{
“ipv4_connectivity”: {“status”:“NetworkError”,“status_code”:504,“error”:“error: Error: ETIMEDOUT, response code: undefined, body: undefined connected? undefined”},
“external_ip”: {“actual_external_ip”:“212.aaa.bbb.ccc”,“actual_external_ipv6”:“null”,“router_external_ip”:“null”},
“natpmp_autoconfig”: {“status”:“NotFound”},
“upnp_autoconfig”: {“server_ip”:“192.168.1.1”,“found_upnp”:true,“error”:“<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/\” s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/\“><s:Body><s:Fault>s:ClientUPnPError<UPnPError xmlns="urn:schemas-upnp-org:control-1-0">606Action not authorized</s:Fault></s:Body></s:Envelope>”}
}

When I revert to port forwarding I get this diagnostic data:
{
“ipv4_connectivity”: {“status”:“NetworkError”,“status_code”:504,“error”:“error: Error: ETIMEDOUT, response code: undefined, body: undefined connected? undefined”},
“external_ip”: {“actual_external_ip”:“212.aaa.bbb.ccc”,“actual_external_ipv6”:“null”,“router_external_ip”:“null”},
“natpmp_autoconfig”: {“status”:“NotFound”},
“upnp_autoconfig”: {“server_ip”:“192.168.1.1”,“found_upnp”:true,“error”:“doaction request return statuscode: UnknownError”}
}

I have exactly the same setup with BT FTTP using an RT-AX88U. For me, ARC connectivity is solid. However, I do not use uPnP.

Here is the uPnP setting in the WAN setup:

And the Port forwarding rule (The other rules are associated with my VOIP phone servce and have no relevance here):

Note:

  1. I use Merlin Firmware on my RT-AX88U but I don’t think that that would make much difference either to the layout of the settings or their functionality.
  2. I have set the lan side ip address of my router to 10.212.153.1 (for historical reasons) and so the 10.212.153.202 ip address is the normal ip address of my Roon server.

With an explicit port forwarding rule, it is a good idea to make sure that the ip address of the Roon Server does not change. I have done that with a DHCP reservation:

I have done a quick search and it appears that Lightning Fibre no not use CG-NAT. However, my information may be out of date. It was obtained from:

You can find out whether CG-NAT is used by going to https://whatismyipaddress.com/

If the ip address that this web site reports is the same as the WAN side ip address of your ASUS router, then your ISP is not using CG-NAT.

If CG-NAT is used by Lightning Fibre, they offer a static ip address for an extra £6 per month.

1 Like

Thanks for your reply Wade.
So I have the same port forwarding rule


My Roon server is contained in my Nas which has a fixed ip address too.

Following that link reveals the same ip address as the Wan side of the router, so it looks like CG Nat is not in operation. So I’m puzzled as to why this happening and why it simply stopped working some time last week.

Thanks again

Stephen

When you say your Roon server is ‘contained’ on your NAS, do you mean that you are running Roon on your NAS or do you mean that you are running a docker container or even a full VM on your Synology NAS?

Does your Synology NAS employ one or both of its available lan connections?

Have you tried rebooting your router and then your NAS?

I can’t think of any reason why your port forwarding rules should not work.

Do your http, ssl and plex forwarding rules work?

Roon is running on the Synology using the Roon On Nas package. There have never been any issues with it and Roon itself runs very nicely.
I do use both Lan connections on the Synology. I have indeed rebooted both Nat and Router several times. I can’t remember the reason for the http and SSL port forwarding rules, but having read this I have now notice that access to Plex is no longer working outside of the local network either.

OK. Great.

Do you use one of the Synology link bonding options to bind the two ethernet connections into one logical link (with one ip address for the Synology as a consequence) or do you just use them separately (so the Synology NAS has two ip addresses)? I can’t see that it would make any difference - but more information never hurts.

Do you have a firewall enabled on your Synology NAS? If so, can you try disabling it - just for the purposes of testing. If disabling the Synology firewall allows ARC to work with an external connection, then you may need to add a firewall exception to the Synology device. Has the Synology DSM been updated recently? Is it possible that an update has changed the firewall state?

Yes it turned out to be the Synology firewall. I’d completely forgotten about it as a potential issue. I’ve now created an exception for the Roon ARC (and Plex) ports and it works great again. I have no idea why but there was also a firewall rule which blocked all ports. I have no idea how anything worked at all. That’s gone now. Anyway many, many thanks for this! I might have got there in the end but you’ve saved me a lot of time…

1 Like

Great. Hopefully, now, your ARC connection will be as reliable as mine.

I have found that the combination of FTTP, the RT-AX88U and the manual port forwarding rules and DHCP reservations work very well indeed.

One caviat: When reading around to find out whether or not Lightning Fibre used CG-NAT, I read that IPv6 support may be added at some point this year. ARC can use IPv6 if it is available on both the home network and the remote network. However, it needs pinholes to be added to the IPv6 firewall on the ASUS as shown below:

The strange ip address in the highlighted RoonArcV6 rule (leading with ‘::’) is because BT, my ISP, use a dynamic IPv6 prefix, which means that my actual Roon Server IPv6 address changes periodically. The format used in the firewall rule illustrated, leading with the ‘::’, allows the device specific IP suffix only to be specified so that the firewall exception will continue to work when the ISP issued IP prefix changes - so I don’t have to keep changing the IPv6 firewall rule!

WARNING: Don’t enable IPv6 ARC connectivity unless you want to be able to use it. If you do, then,at present, any failure in IPv4 connectivity will go unreported in Roon → setttings → Roon ARC whilst the IPv6 connectivity is working - so if you find that ARC is not working over IPv4, you have to turn off the IPv6 firewall exception before you can see what is wrong with the IPv4 connectivity.

Thanks for that info. My general position on IP6 is to leave well alone until such time as I’m forced to deal with it. I have it disabled on everything I have at present. Hopefully even though they’re introducing it they won’t force people to adopt it for a long while yet.

Thanks again!

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.